Get Computer Unique ID from PHP

php unique-id cpuid hardware-id

36,823

Solution 1

I have created this function to get an unique ID based on hardware (Hard disk UUID). It is possible to use different resources like machine names, domains or even hard disk size to get a better approach depending on your needs.

 function UniqueMachineID($salt = "") {
    if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
        $temp = sys_get_temp_dir().DIRECTORY_SEPARATOR."diskpartscript.txt";
        if(!file_exists($temp) && !is_file($temp)) file_put_contents($temp, "select disk 0\ndetail disk");
        $output = shell_exec("diskpart /s ".$temp);
        $lines = explode("\n",$output);
        $result = array_filter($lines,function($line) {
            return stripos($line,"ID:")!==false;
        });
        if(count($result)>0) {
            $result = array_shift(array_values($result));
            $result = explode(":",$result);
            $result = trim(end($result));       
        } else $result = $output;       
    } else {
        $result = shell_exec("blkid -o value -s UUID");  
        if(stripos($result,"blkid")!==false) {
            $result = $_SERVER['HTTP_HOST'];
        }
    }   
    return md5($salt.md5($result));
}


echo UniqueMachineID();

Solution 2

As per http://man7.org/linux/man-pages/man5/machine-id.5.html

$machineId = trim(shell_exec('cat /etc/machine-id 2>/dev/null'));

EDIT for Tito:

[ekerner@**** ~]$ ls -l /etc/machine-id
-r--r--r--. 1 root root 33 Jul  8  2016 /etc/machine-id

EDIT 2 for Tito: Some things to consider and scenarios:

Is the user allowed to get a new machine? Id guess yes. Or run on multiple devices? Sounds like the machine could be irrelevant in your case?

If its user only (no machine restrictions) then Id go for a licencing service (relies on network). There are many services for this: Google Play (for Android apps) is a good example: https://developer.android.com/google/play/licensing/index.html MS and Apple have similar services. However just search the web for the term "Software Licensing Service" or "Cloud Based Software Licensing Service".

If its user + single device, then youll need to pass up the device id to whatever service you use or make, then allow the machine id to be updated, but not allow revert to previous machine id (would mean multiple devices). However said services will give you the client code which should take care of that if its a requirement.

Two scenarios from experience: 1: User on any device: we simply made an API in the cloud (in a website) and a login screen in the app, when the user logged in it authenticated via the API and kept a token, and whenever the device was connected to the net the app would query the API and update the login and/or token. You could alternatively have the login screen in the purchase (like maybe they already logged into a site to purchase), generate a key and pack it with or bind it into the app.

2: User plus machine: Same thing except when the API is queried the machine id is passed up. The machine ID can change as many times as the user updates their device, but we kept a record of machine ids and made to ban rule on: if we saw an old (previously used) machine id then a certain amount of time had to have passed. Thus allowed the user to break their machine and pull out an old one.

Also to consider if you make one, how will you stop the app from working? Ppl are pretty clever it will need to be core compiled.

However that all being said, the various licensing services are pro at this and can cater for most needs. Plus in their experience theyve already overcome the security pitfalls. Id name one that I like except its yours to search out.

Nice if you can come on back with and positive or negative outcomes from your trails.

36,823

Author by

Tito

Updated on August 13, 2020

Comments

Tito over 3 years
I've created an application using PHP and I'm going to sell it to my local market. I will personally be going to their locations to install/configure Apache & MySQL as well as installing my own code.

I would like a security system so that if anyone attempts to copy my code to an unauthorized machine, it won't run.

I know no one can prevent reverse engineering an application. even .exe (binary) files are cracked and with PHP (source code) anyone can do.

In my country those reverse engineers are really hard to find, so I would like to propose minimal security options like:

1) Create class (say, Navigation) which identifies system information like CPU ID, Computer name or any combination of hardware ID to make a UNIQUE_ID and matches with my given UNIQUE_ID (to the individual to whom I sold the application). If it's valid, it returns the navigation menu. Otherwise it will simply destroy the database and halt the execution by throwing an exception, maybe like:
```
class Navigation {

    public function d() {
        return current system UNIQUE_ID;
    }

    public function get() {
        $a = file_get_contents('hash');
        $c = $this->d();
        if (crypt($c) != $a) {
            //destory database
            throw new Exception('');
        } else {
            return "<ul><li><a>home</a></li></ul>"; //navigation menu
        }
    }

}
```
2) Then during the installation process I'll change system UNIQUE_ID in "hash" file, create an object, and save it into a file (nav.obj):

(install.php)
```
<?php
      $a=new Navigation;
      $out=serialize($a);
      file_put_contents('nav.obj', $out);
```
3) in header.php (which gets included in every file):
```
<?php
     $menu=file_get_contents('nav.obj');
     $menu=unserialize($a);
     echo $menu->get();
 ?>
```
I know this method isn't full proof, but I'm pretty sure that around 60% of PHP developers won't be able to crack it!

Now I only need to get current system UNIQUE_ID.
Filipe Sá over 7 years

Do you have an alternative that doesn't use shell_exec?
Tito about 7 years

The /etc/machine-id file contains the unique machine ID of the local system that you can easily modify with the working ones.
user4271704 over 6 years

Machine-id can be changed on reboot. What is its purpose for licensing?
ekerner over 6 years

No, you cant easily modify the machine id file. It belongs to root and is readonly. No sensible sysadmin is going to change it. Ill edit above.
user4271704 over 6 years

@ekerner so is it something reliable for licensing purpose?
ekerner over 6 years

@user4271704 Depends what youre trying to license, and what youre trying to license it to. Licensing software/hardware/service? To software/hardware/user? Did you read the man page (above link).
user4271704 over 6 years

@ekerner I am trying to license a software to a software user. Is machine-id good beside mac address to license a software?
user4271704 over 6 years

Please give a sample diskpartscript.txt file for the code above. How should it look like?
ekerner over 6 years

Add to my above answer.
Chris Athanasiadis over 4 years

$result = shell_exec("blkid -o value -s UUID") on systems without the blkid command available, result will be an empty string, so the condition right below will not be satisfied. A possible fix would be to change the condition to if (stripos($result, 'blkid') !== FALSE || ! $result) {
Mahmoud Mohamed Ramadan over 2 years

thanks for your code, BUT what if I want to get the id of the visitors. here when the user visits the website it returns the id of my machine NOT him !! how I can fix this issue?
cardeol about 2 years

you can use the user agent combined with ip address, as an example