i want make program, generate same string each time, , must different on each pc. hwid. after have string send php file on remote host, php handle it, , store in database.
on first run make new row in table, after 2nd run, select row post-ed hash = hash in table, , has banned - not banned function. if give 0 pc not banned, program start run, if give 1 program close.
this made, problem is, generate hwid processorid, , send php. processorid can same on different computers sometimes. if give fake ban, users angry me...
the question is:
how generate hash, same on pc run application, different on each pc?
i know can make if store special id on pc example in registry, if reinstall pc, can use again service. if generate hwid, takes him more time find out how access again service.
i dont think has php, entirely client side steps.
to sounds want, want use hardware signature made of several things if 1 or 2 unavailable, result still valid. use form of wmi polling procedure answer on last question:
private shared function gethardwareiteminfo(item string, wmiclass string) string dim data string = "" dim query string = string.format("select {0} {1}", item, wmiclass) using mbs managementobjectsearcher = new managementobjectsearcher(query) each mo managementobject in mbs.get each pd propertydata in mo.properties ' should 1 if string.compare(pd.name, item, stringcomparison.invariantcultureignorecase) = 0 ' value object, test nothing if pd.value isnot nothing data = pd.value.tostring end if exit end if next next end using return data end function
this allows poll different items in different wmi classes using same code. example:
' serialnumber item baseboard class: answer = gethardwareiteminfo("serialnumber", "win32_baseboard")
for hardware signature:
- get , store info each item
- combine them 1 string
- convert string byte array
- use crypto hash byte array
- convert result base64 string
there other ways. instance encode result hex string, above code shows. first, these namespaces need:
imports system.security.cryptography imports system.management imports system.text
then procedure stuff using gethardwareiteminfo
method above:
' place store bits of data dim hwstuff new list(of string) dim answer string ' , store info answer = gethardwareiteminfo("serialnumber", "win32_baseboard") hwstuff.add(answer) answer = gethardwareiteminfo("uuid", "win32_computersystemproduct") hwstuff.add(answer) answer = gethardwareiteminfo("serialnumber", "win32_operatingsystem") hwstuff.add(answer) '...etc ' glue bits 1 string dim hwsig = string.join("", hwstuff) dim bytehash byte() ' create crypto hasher using hasher = new sha1managed() ' convert string bytes dim tmpbytes = encoding.utf8.getbytes(hwsig) 'hash bytes bytehash = hasher.computehash(tmpbytes) end using ' encode b64 string. dim hwhash = convert.tobase64string(bytehash) console.writeline(hwhash)
result:
mujeleztbtq3rc8zgfqubkowfza=
you glue string answers. during development helps see candidate info before decide use or not.
notes:
- there many many things choose from. see wmi win32 classes.
- not needs come wmi. localmachine name might 1 (i have no idea of context this) windows activation key.
- other crypto hashers produce longer hashes
- this far foolproof.
- some things can spoofed - win os serial number can changed in registry. dont care if values right, not change.
- this not copy protection. sniff out token(s) sent legitimate system(s), patch app send token only.
if store special id...
no. not write down. impossible keep secret user on own pc. dont store hash either - generate every time. if write down easier copy value different machine.
i give fake ban, users angry me...
since sounds working blacklist rather whitelist, dont have worry hash failing. worst happen system should denied access access. if want further reduce chance of match, use sha512managed
; produce longer hash though.
if user changes 1 of parts polling, still in - quite unlikely hash 2 systems match (one white, 1 black).
Comments
Post a Comment