windows 生成唯一硬件 ID 的可靠方法
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2842116/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Reliable way of generating unique hardware ID
提问by mr.b
Question:I have to come up with unique ID for each networked client, such that:
问题:我必须为每个联网客户端提供唯一的 ID,例如:
- it (ID) should persist once client software is installed on target computer, and should continue to persist if software is re-installed on same computer and same OS installment,
- it should not change if hardware configuration is modified in most ways (except changing the motherboard)
- When hard drive with client software installed is cloned to another computer with identical hardware configuration (or, as similar as possible), client software should be aware of that change.
- 一旦客户端软件安装在目标计算机上,它(ID)应该持续存在,如果在同一台计算机和相同的操作系统安装上重新安装软件,它应该继续存在,
- 大多数方式修改硬件配置应该不会改变(除了更换主板)
- 当安装了客户端软件的硬盘被克隆到另一台具有相同硬件配置(或尽可能相似)的计算机时,客户端软件应该知道这种变化。
A little bit of explanation and some back-story:
一些解释和一些背景故事:
This question is basically age old question that also touches the topic of software copy-protection, as some of the mechanisms used in that area are mentioned here. I should be clear at this point that I'm not looking for a copy-protection scheme. Please, read on. :)
这个问题基本上是一个古老的问题,也涉及软件复制保护的主题,因为这里提到了该领域使用的一些机制。在这一点上我应该清楚我不是在寻找复制保护方案。请继续阅读。:)
I'm working on a client-server software that is supposed to work in a local network. One of the problems I have to solve is to identify each unique client in the network (not so much of a problem), so that I can apply certain attributes to every specific client, retain and enforce those attributes during the deployment lifetime of a specific client.
我正在开发一个应该在本地网络中工作的客户端 - 服务器软件。我必须解决的问题之一是识别网络中的每个唯一客户端(问题不大),以便我可以将某些属性应用于每个特定客户端,在特定客户端的部署生命周期内保留并强制执行这些属性客户。
While I was looking for a solution, I was aware of the following:
在寻找解决方案时,我意识到以下几点:
- Windows activation system uses some kind of heavy fingerprinting mechanism that is extremely sensitive to hardware modifications,
- Disk imaging software copies along all Volume IDs (tied to each partition when formatted), and custom, uniquely generated IDs during installation process, during first run, or in any other way, that is strictly software in its nature, and stored in registry or on hard drive, so it's very easy to confuse two.
- Windows 激活系统使用某种对硬件修改极为敏感的重指纹机制,
- 磁盘映像软件沿所有卷 ID(格式化时绑定到每个分区)和自定义的、在安装过程中、首次运行期间或以任何其他方式生成的唯一 ID 进行复制,这在本质上是严格的软件,并存储在注册表或在硬盘上,所以很容易混淆两者。
The obvious choice for this kind of problem would be to find out BIOS identifiers (not 100% sure if this is unique through identical motherboard models, though), as that's the only thing I can rely on that isn't duplicated, transferred by cloning, and that can't be changed (at least not by using some user-space program). Everything else fails as either being not reliable (MAC cloning, anyone?), or too demanding (in terms that it's too sensitive to configuration changes).
解决此类问题的明显选择是找出 BIOS 标识符(不过,不能 100% 确定这是否通过相同的主板型号是唯一的),因为这是我唯一可以依赖的不重复、通过克隆传输的东西,并且无法更改(至少不能通过使用某些用户空间程序来更改)。其他一切都失败了,要么不可靠(MAC 克隆,有人吗?),要么要求太高(因为它对配置更改太敏感)。
Sub-question that I'd like to ask is, am I doing it correctly, architecture-wise? Perhaps there is a better tool for the task that I have to accomplish...
我想问的子问题是,我在架构方面做得对吗?也许有更好的工具来完成我必须完成的任务......
Another approach I had in mind is something similar to a handshake mechanism, where a server maintains an internal lookup table of connected client IDs (which can be even completely software-based and non-unique at any given moment), and tells the client to come up with a different ID during handshake, if a duplicate ID is provided upon connection. That approach, unfortunately, doesn't play nicely with one of the requirements to tie attributes to specific client during lifetime.
我想到的另一种方法类似于握手机制,其中服务器维护一个连接客户端 ID 的内部查找表(它甚至可以完全基于软件并且在任何给定时刻都是非唯一的),并告诉客户端如果在连接时提供了重复的 ID,则在握手期间提出不同的 ID。不幸的是,这种方法不能很好地满足在生命周期中将属性绑定到特定客户端的要求之一。
采纳答案by Oleg
It seems to me that you should construct the unique ID corresponding to your requirements. This ID can be constructed as a hash(like MD5, SHA1 or SHA512) from the information which is important for you (some information about software and hardware component).
在我看来,您应该构建与您的要求相对应的唯一 ID。该 ID 可以根据对您很重要的信息(有关软件和硬件组件的一些信息)构造为散列(如 MD5、SHA1 或 SHA512)。
You can make your solution more secure if you sign such hash with your private key and your software verify during the starting, that the key (signed hash value) is signed (only public key must be installed together with your software). One can expand such kind of solution with different online services, but corporate clients could find online services not so nice.
如果您使用您的私钥签署此类哈希,并且您的软件在启动期间验证密钥(签名哈希值)是否已签名(只有公钥必须与您的软件一起安装),您可以使您的解决方案更加安全。可以通过不同的在线服务来扩展这种解决方案,但企业客户可能会发现在线服务不是很好。
回答by David Titarenco
What you're looking for is the Windows WMI. You can get the motherboard ID (which isunique across the same type of motherboard) or many many other types of unique identifiers and come up with some clever seeded function to generate a UHID. Whoa did I just make up an acronym?
您正在寻找的是Windows WMI。您可以获得主板 ID(在同一类型的主板中是唯一的)或许多其他类型的唯一标识符,并提出一些巧妙的种子函数来生成 UHID。哇,我刚刚编了一个首字母缩略词?
And if you're looking specifically for getting the Motherboard (BIOS) ID:
如果您专门寻找获取主板 (BIOS) ID:
WMI class: Win32_BIOS
Namespace: \Root\Cimv2
Documentation: http://msdn.microsoft.com/en-us/library/aa394077(VS.85).aspx
Sample code: http://msdn.microsoft.com/en-us/library/aa390423%28VS.85%29.aspx
文档:http
: //msdn.microsoft.com/en-us/library/aa394077(VS.85) .aspx示例代码:http: //msdn.microsoft.com/en-us/library/aa390423%28VS.85 %29.aspx
Edit: You didn't specify a language (and I assumed C++), but this can be done in Java (with a COM driver), and any .NET language, as well.
编辑:您没有指定语言(我假设是 C++),但这可以在 Java(使用 COM 驱动程序)和任何 .NET 语言中完成。
回答by SystematicFrank
Many programs use the hostId in order to build a license code (like those based on FlexLM). Have a look at what Matlab does depending on the operative system:
许多程序使用 hostId 来构建许可证代码(如基于 FlexLM 的程序)。看看 Matlab 根据操作系统做了什么:
http://www.mathworks.com/support/solutions/en/data/1-171PI/index.html
http://www.mathworks.com/support/solutions/en/data/1-171PI/index.html
Also have a look at this question:
也看看这个问题:
Getting a unique id from a unix-like system
Once I also saw some programs basing their licenses on the serial number of the hard drive, an maybe that is the less likely thing to change. Some would suggest to use the MAC of your ethernet card, but that can be reprogrammed.
一旦我还看到一些程序的许可证基于硬盘驱动器的序列号,也许这不太可能改变。有些人会建议使用以太网卡的 MAC,但这可以重新编程。
回答by Migrate2Lazarus see my profile
MAC
DON'T RELY ON MAC! EVER. It is not permanent. The user can easily change it (under 30 seconds).
MAC
不要依赖 MAC!曾经。它不是永久性的。用户可以轻松更改它(在 30 秒内)。
Volume ID
DON'T RELY ON Volume ID! EVER. It is not permanent. The user can easily change it. It also changes by simply formatting the drive.
卷 ID
不要依赖卷 ID!曾经。它不是永久性的。用户可以轻松更改它。它也可以通过简单地格式化驱动器来改变。
WMI
WMI is a service. Can be easily disabled. Actually, I tried that and I find out that on many computers is disabled or broken (yes, quite often broken).
WMI
WMI 是一种服务。可以很容易地禁用。实际上,我尝试过,我发现在许多计算机上都被禁用或损坏(是的,经常损坏)。
License server
Connection to a validation server may cause you also lots of troubles because:
* your customers may not always be connected to the Internet.
* your customers may connect with special settings (router/NAT/proxy/gateway) that they need to input into your program in order to let it connect to the validation server.
* they may be behind a firewall that will block all programs except a few (my case). In some cases the firewall may not be under their control (valid for MOST corporate users)!
* it is super easyto redirect your program to a local fake webserver that emulates your licensing server.
许可证服务器
连接到验证服务器可能会给您带来很多麻烦,因为:
* 您的客户可能并不总是连接到 Internet。
* 您的客户可能会使用特殊设置(路由器/NAT/代理/网关)进行连接,他们需要将这些设置输入您的程序以使其连接到验证服务器。
*它们可能位于防火墙后面,该防火墙会阻止除少数程序之外的所有程序(我的情况)。在某些情况下,防火墙可能不受他们的控制(对大多数企业用户有效)!
*将您的程序重定向到模拟许可服务器的本地虚假网络服务器非常容易。
Hardware data
If you need strong protection you need to rely on hardware. Something that cannot be edited by the user. Something like CPU ID instruction available in the Intel/AMD CPUs and the serial number written into the drive's IDE interface.
The CPU ID and HDD ID are permanent. They will never change, not even after you format the computer and reinstall Windows.
硬件数据
如果您需要强大的保护,则需要依靠硬件。用户无法编辑的内容。类似于 Intel/AMD CPU 中可用的 CPU ID 指令和写入驱动器 IDE 接口的序列号。
CPU ID 和 HDD ID 是永久性的。它们永远不会改变,即使在您格式化计算机并重新安装 Windows 之后也是如此。
It is doable. For example this libraryreads the hardware ID of a computer. There is a compiled demo and also sourcecode/DLL. Disclaimer: the link leads to a commercial product (19/no royalties).
这是可行的。例如,这个库读取计算机的硬件 ID。有一个编译的演示和源代码/ DLL。免责声明:该链接指向商业产品(19/无版税)。
