Device fingerprinting is a complex topic if you want to cover the many edge cases (e.g. hardware upgrades, OS upgrades, etc.) and if you are worried about people expending energy to either forge a known-good device fingerprint (good meaning the fingerprint is known to you and receives some benefit such as software usage rights), or create a brand-new fingerprint you have no knowledge of (e.g. the fingerprint was on a blacklist of some sort, and the user wants to create a new Device ID for the device that is not on the blacklist).

如果您想涵盖许多边缘情况（例如硬件升级、操作系统升级等），并且如果您担心人们花费精力来伪造已知良好的设备指纹（很好的意思是指纹是您知道并获得一些好处，例如软件使用权），或者创建一个您不知道的全新指纹（例如，指纹在某种黑名单上，并且用户想要为该指纹创建一个新的设备 ID不在黑名单上的设备）。

Some things are fairly static and a reasonable basis for a simple fingerprint. MAC address best fits that category, but is also very easy to change. Also, some computers have several MAC addresses (including MAC's from virtual machines), so you need to deal with that complexity. Some network devices are ephemeral, e.g. tethered cell phone.

有些东西是相当静态的，是简单指纹的合理基础。MAC 地址最适合该类别，但也很容易更改。此外，某些计算机有多个 MAC 地址（包括来自虚拟机的 MAC），因此您需要处理这种复杂性。一些网络设备是短暂的，例如系留手机。

Other aspects of the computer are harder (but by no means impossible) to forge, such as CPU information, BIOS checksum, hard drive serial numbers, etc. Those things that tend to be harder to forge, however, are also more likely to change (BIOS upgrade, new hard drive, removable hard drives, etc).

计算机的其他方面更难（但并非不可能）伪造，例如 CPU 信息、BIOS 校验和、硬盘序列号等。 然而，那些往往更难伪造的东西也更有可能改变（BIOS 升级、新硬盘、可移动硬盘等）。

You also need to consider carefully protecting the code that actually generates the fingerprint. If that code is easy (enough) to hack, someone attempting to defeat your solution will simply insert whatever fingerprint they want directly in the code that gathers and evaluates components.

您还需要考虑仔细保护实际生成指纹的代码。如果该代码很容易（足够）破解，那么试图破解您的解决方案的人将直接在收集和评估组件的代码中插入他们想要的任何指纹。

Well what I do with my apps is usually create a special ID by taking the hash from the machine name found in Environment, concat it with a hash value of my app's name, and then apply a salt (probably not even necessary but it helps to be paranoid) to produce a "fingerprint" for an app/machine combo.

好吧，我对我的应用程序所做的通常是通过从 中找到的机器名称中获取哈希来创建一个特殊 ID，将Environment它与我的应用程序名称的哈希值连接起来，然后应用一个盐（可能甚至没有必要，但它有助于偏执）为应用程序/机器组合生成“指纹”。

This works in my situation because there is only one copy of my app on a machine at a time.

这适用于我的情况，因为一次在一台机器上只有一个我的应用程序副本。

Most machines have a NIC with a MAC Addresses now (if it isn't attached to the net then what do you need a unique id for the machine for?). Just make sure you are getting the physical NIC's MAC address and not a virtual mac (created by VMWare or Virtualbox). You may want to store the name of the device the MAC is coming from so that you always get the same MAC address when you are enumerating the MAC addresses. Also don't use this for security as it is always possible to fake a MAC address, it just provides a relatively unique identifier.

大多数机器现在都有一个带有 MAC 地址的 NIC（如果它没有连接到网络，那么你需要机器的唯一 ID 做什么？）。只需确保您获取的是物理网卡的 MAC 地址，而不是虚拟 mac（由 VMWare 或 Virtualbox 创建）。您可能希望存储 MAC 来自的设备的名称，以便在枚举 MAC 地址时始终获得相同的 MAC 地址。也不要为了安全而使用它，因为总是可以伪造 MAC 地址，它只是提供一个相对唯一的标识符。

You can use WMI and get NIC MAC address, HDD serial (not volume serial), CPU ID and BIOS ID. Downside of this method is that on some machines for several reasons some of this information are not available, but you can combine info from that 4 source and at least one will be there, but WMI on some machines simply doesn't work as expected and you must have some sort of fallback, something that surley work on all machines eg. volume serial number.

您可以使用 WMI 并获取 NIC MAC 地址、HDD 序列号（不是卷序列号）、CPU ID 和 BIOS ID。这种方法的缺点是，在某些机器上，由于多种原因，其中一些信息不可用，但是您可以结合来自 4 个来源的信息，并且至少有一个将在那里，但是某些机器上的 WMI 根本无法按预期工作，并且你必须有某种后备，一些萨利在所有机器上工作的东西，例如。卷序列号。

Another problem is that you must have administrator rights to get this info trough WMI, I solved that problem with windows service that uses WMI and send info to application(s).

另一个问题是您必须具有管理员权限才能通过 WMI 获取此信息，我使用使用 WMI 并将信息发送到应用程序的 Windows 服务解决了该问题。

Here are some of interesting WMI queries:

以下是一些有趣的 WMI 查询：

Hard discs serials:

硬盘系列：

SELECT SerialNumber FROM Win32_PhysicalMedia where SerialNumber <> null

BIOS serial:

BIOS 序列号：

SELECT SerialNumber FROM Win32_BIOS where SerialNumber <> null

CPU serial:

CPU系列：

SELECT ProcessorID FROM Win32_Processor

NIC MAC:

网卡MAC：

SELECT MACAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True

btw. you can test WMI with Paessler WMI Tester

顺便提一句。您可以使用Paessler WMI Tester测试 WMI

Some of what you want may depend on your visibility into the systems in question. For example, you may have personal and/or network firewalls and VLANs that prevent you from interrogating the devices themselves. I find that an SNMP query against devices in your network infrastructure (your switches for MAC address info, and your routers for IP addresses) gives a good fast picture. Otherwise, NMAP is your friend.

您想要的某些内容可能取决于您对相关系统的可见性。例如，您可能有个人和/或网络防火墙和 VLAN，以防止您询问设备本身。我发现针对网络基础设施中的设备（用于 MAC 地址信息的交换机和用于 IP 地址的路由器）的 SNMP 查询提供了一个很好的快速画面。否则，NMAP 就是你的朋友。