is there an easy way to get either/or the Bios ID and Motherboad ID from kernal/driver code? Or if not, what do others use to uniquely identify their driver install on a particular pc?
Bernie
Those things are available through WMI, sourced from the SMBIOS. See
cimv2\Win32.… Simple WMI stuff is available from kernel mode.
Jake Oshins
Hyper-V I/O Architect
Windows Kernel Group
This post implies no warranties and confers no rights.
wrote in message news:xxxxx@ntdev…
is there an easy way to get either/or the Bios ID and Motherboad ID from
kernal/driver code? Or if not, what do others use to uniquely identify their
driver install on a particular pc?
Bernie
xxxxx@hotmail.com wrote:
is there an easy way to get either/or the Bios ID and Motherboad ID from kernal/driver code?
In the general case, there is no such thing as a “unique identifier” for
a given PC. Intel tried that and got roasted in the press. Remember?
You can find a BIOS name, and maybe a motherboard model, but not a
serial number.
Or if not, what do others use to uniquely identify their driver install on a particular pc?
They don’t. Why would you need to?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Well our minifilter is ‘the’ product. Although there are associated win32 apps to do admin, they only get run when user starts them. Wanted to check something when minifilter started for the first time at every boot.
I heard that wmi was available from the kernel but assumed it was pretty messy as in wind32 world, I’ll check it out in kernel land.
Thanks,
Bernie
> -----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-477529-
xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: 05 October 2011 15:37
To: Windows System Software Devs Interest List
Subject: [ntdev] License protection and Bios/Motherboard IDis there an easy way to get either/or the Bios ID and Motherboad ID from
kernal/driver code? Or if not, what do others use to uniquely identify their
driver install on a particular pc?
Bernie
I’m guessing you don’t have a real hardware device on the other end of the driver, because if you did you would be using the device’s unique ID/serial number for licensing.
Windows licensing appears to use a number of IDs in a system including hard disk serial number, network MAC address, etc. Would that help?
Tim.
You might want to look at checking the disk ID of the underlying device
you are filtering. As was pointed out by Tim, you can’t rely on things
like a BIOS ID, but most drives do have a disk ID and you are in the
stack already so you can get it.
I’ve worked with licensing folks a few times, and you need to understand
the balance between locking things down completely and allowing the user
to work. Most companies seem to hit a balance where for the average
user the product can’t be moved but for the person who tries hard enough
(such as a kernel programmer) there are ways to get there.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@hotmail.com” wrote in message
news:xxxxx@ntdev:
> Well our minifilter is ‘the’ product. Although there are associated win32 apps to do admin, they only get run when user starts them. Wanted to check something when minifilter started for the first time at every boot.
>
> I heard that wmi was available from the kernel but assumed it was pretty messy as in wind32 world, I’ll check it out in kernel land.
>
> Thanks,
> Bernie
> You can find a BIOS name, and maybe a motherboard model, but not a serial number.
Sure you can, and SMBIOS provides a mechanism for it (check SMBIOS specs for more info). The “only” problem is that it may be as meaningful as MB123456789 (no, I am not making it up - this is exactly the value I had on my previous desktop with ASUS motherboard)…
Anton Bassov
Most amateur copy-protection schemes fail catastrophically; either they
can be defeated trivially or they screw the legitimate user. One thing
you can be sure of: anyone who asks how to get a motherboard serial number
knows so little about the problem that their efforts will be a waste of
time and money, and ultimately will fail. I’ve had to evaluate user-level
copy protection schemes, and unless you talk to people who build these
products for a living, you don’t understand other than the most
superficial concepts, and that is not enough to build a good copy
protection system.
Most software-only schemes take experts in this art single-digit hours to
break, and once broken, the mechanism can be broken with script-kiddie
skills within seconds. When I was researching this, I used an anonymous
service and hung out in cracker boards for a couple months, and what I
learned was that the only robust schemes were those that used
challenge-response, PKI-based algorithms with external dongles. Anything
else was considered trivial.
Look into Hasp and Rainbow, as just two examples. There are many others,
but I’m 400 miles from my notes.
joe
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:bounce-477529-
> xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
> Sent: 05 October 2011 15:37
> To: Windows System Software Devs Interest List
> Subject: [ntdev] License protection and Bios/Motherboard ID
>
> is there an easy way to get either/or the Bios ID and Motherboad ID from
> kernal/driver code? Or if not, what do others use to uniquely identify
> their
> driver install on a particular pc?
> BernieI’m guessing you don’t have a real hardware device on the other end of the
driver, because if you did you would be using the device’s unique
ID/serial number for licensing.Windows licensing appears to use a number of IDs in a system including
hard disk serial number, network MAC address, etc. Would that help?Tim.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Just to add to what Joseph said: even for the cases where the protection itself can’t be beat (challenge-response encryption, external dongles, etc.) keep in mind that *even then* nothing is guaranteed as crackers have been known to simply work around your code instead of cracking it.
I came to terms a long time ago with this. Legitimate users will pay even when there is zero protection. Crackers, script kiddies, and teenagers won’t pay regardless of whatever kind of protection you use, and trivial protection methods will make everyone else pay up.
Joseph,
Did you get any numbers on the efforts by the Trusted Computer Group and using a TPM (Trusted Program Module)?
Gary Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
On Oct 5, 2011, at 4:25 PM, xxxxx@flounder.com wrote:
Most amateur copy-protection schemes fail catastrophically; either they
can be defeated trivially or they screw the legitimate user. One thing
you can be sure of: anyone who asks how to get a motherboard serial number
knows so little about the problem that their efforts will be a waste of
time and money, and ultimately will fail. I’ve had to evaluate user-level
copy protection schemes, and unless you talk to people who build these
products for a living, you don’t understand other than the most
superficial concepts, and that is not enough to build a good copy
protection system.Most software-only schemes take experts in this art single-digit hours to
break, and once broken, the mechanism can be broken with script-kiddie
skills within seconds. When I was researching this, I used an anonymous
service and hung out in cracker boards for a couple months, and what I
learned was that the only robust schemes were those that used
challenge-response, PKI-based algorithms with external dongles. Anything
else was considered trivial.Look into Hasp and Rainbow, as just two examples. There are many others,
but I’m 400 miles from my notes.
joe>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com [mailto:bounce-477529-
>> xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
>> Sent: 05 October 2011 15:37
>> To: Windows System Software Devs Interest List
>> Subject: [ntdev] License protection and Bios/Motherboard ID
>>
>> is there an easy way to get either/or the Bios ID and Motherboad ID from
>> kernal/driver code? Or if not, what do others use to uniquely identify
>> their
>> driver install on a particular pc?
>> Bernie
>
> I’m guessing you don’t have a real hardware device on the other end of the
> driver, because if you did you would be using the device’s unique
> ID/serial number for licensing.
>
> Windows licensing appears to use a number of IDs in a system including
> hard disk serial number, network MAC address, etc. Would that help?
>
> Tim.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Part of the problem I see with TPM is that it is focused on solving one
particular–but important–problem. eCommerce to be successful in the
future will need it. DRM in the sense of copy protection may or may not
work…what happens if you lose the key stash (as in, my disk died)?
While I have not followed it as closely as I once did, I have also not
seen any impact of this technology. It may comprise the hardware
component of future DRM systems, but we are far from having enough
TPM-capable machines out there to consider it a viable solution today.
But home-grown DRM solutions are usually invented by people who don’t know
how trivial they are to crack, and therefore they don’t even achieve being
“toy” solutions.
Sadly, even today I talk to people who have heard of the TCG efforts, and
tell me that we will soon have an uncrackable linux (which is apparently
(a) the only system that could be made uncrackable and/or (b) the only
system that exists)
joe
Joseph,
Did you get any numbers on the efforts by the Trusted Computer Group and
using a TPM (Trusted Program Module)?Gary Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.netOn Oct 5, 2011, at 4:25 PM, xxxxx@flounder.com wrote:
> Most amateur copy-protection schemes fail catastrophically; either they
> can be defeated trivially or they screw the legitimate user. One thing
> you can be sure of: anyone who asks how to get a motherboard serial
> number
> knows so little about the problem that their efforts will be a waste of
> time and money, and ultimately will fail. I’ve had to evaluate
> user-level
> copy protection schemes, and unless you talk to people who build these
> products for a living, you don’t understand other than the most
> superficial concepts, and that is not enough to build a good copy
> protection system.
>
> Most software-only schemes take experts in this art single-digit hours
> to
> break, and once broken, the mechanism can be broken with script-kiddie
> skills within seconds. When I was researching this, I used an anonymous
> service and hung out in cracker boards for a couple months, and what I
> learned was that the only robust schemes were those that used
> challenge-response, PKI-based algorithms with external dongles.
> Anything
> else was considered trivial.
>
> Look into Hasp and Rainbow, as just two examples. There are many
> others,
> but I’m 400 miles from my notes.
> joe
>
>>
>>> -----Original Message-----
>>> From: xxxxx@lists.osr.com [mailto:bounce-477529-
>>> xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
>>> Sent: 05 October 2011 15:37
>>> To: Windows System Software Devs Interest List
>>> Subject: [ntdev] License protection and Bios/Motherboard ID
>>>
>>> is there an easy way to get either/or the Bios ID and Motherboad ID
>>> from
>>> kernal/driver code? Or if not, what do others use to uniquely identify
>>> their
>>> driver install on a particular pc?
>>> Bernie
>>
>> I’m guessing you don’t have a real hardware device on the other end of
>> the
>> driver, because if you did you would be using the device’s unique
>> ID/serial number for licensing.
>>
>> Windows licensing appears to use a number of IDs in a system including
>> hard disk serial number, network MAC address, etc. Would that help?
>>
>> Tim.
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
The goal here is to prevent the casual user. I know that many kernel driver delopers could get around anything but they are few. Having multiple layers of internal protection is the key as the cracker never kows if he has gotten everything epecially if the failure of the license doesn’t show up immediately. Changing these methods in minor ways over time, wo uld discourage crackers and also confuse end users because which crack script to I use with which version.
I’m familiar with challenge response, phone home etc. Also remember there are a lot of things a minifilter driver can do to protect itself and informaton it keeps. Also watching patterns of what gets sent back home can show trends or problems. We don’t want to use boot drive serial as the hard drive is something that the user may change more easily. It’s more unlikely that they would change the mother board.
Thanks for your inputs.