Is there a unique computer identifier that can be used reliably even in a virtual machine?

c# .net security macos vmware
16,093

Solution 1

By design, uniquely identifying a virtual machine is difficult; anything that allowed you to uniquely identify it would imply that it was not fully virtual (because cloning a virtual machine should produce an identical machine).

  1. Create a heartbeat application on the host machine that communicates with the VM via a loopback network adapter.
  2. Have the heartbeat application refuse to run if it is not able to uniquely identify the host machine.
  3. Have the main application refuse to run if the heartbeat application is not running.

You will need to find a way to ensure that the heartbeat application cannot be spoofed too easily.

It is not possible to protect the terminal program 100%. This question is equivalent to trying to prevent software piracy.

Solution 2

The best thing I've found is the BIOS UUID - but it's far from perfect for your use case.

The SMBIOS UUID available inside the VM is also used by the VMware hypervisor and management tools as VirtualMachine.config.uuid (See: the uuid property on this page). This means it is guaranteed to be unique on a particular host, or in a particular vCenter. However, it can be duplicated on separate hosts or separate vCenter installations.

Also, the BIOS UUID on a virtual machine is mutable. It can be changed through the API (though not easily through the client).

This probably approaches your 95% mark, as it would take some special effort and setup to duplicate the VM exactly.

However, from a virtualization-enablement perspective (including things like VM disaster recovery, and future upgrades of virtualization software): using a hardware ID like the UUID or MAC address causes all sorts of problems. When they want to rev the OS version underneath your software, usually by creating a new virtual machine, they would need to manually edit the VM config for both servers to change the UUID to match. Using the MAC, if they change the network architecture, your software requires that VM to be a special case. These things just cause headaches for a virtual admin (but they might be the exact headaches you're trying to cause - only you know for sure).

I'd recommend using the permissions-based approach you mention, or even a concurrent-licensing server if necessary. But I'm coming from a heavily-virtual background where hardware-tied licenses are a headache already.

Solution 3

Simplest solution is to use the mac address, but note that it is easily changed on Windows by editing the registry. I'd say less than 5% of people know how to do that though.

Here's how to get the mac address in C#:

System.Net.NetworkInformation.NetworkInterface.GetPhysicalAddress();

Solution 4

You can tie the license to the MAC address of the network card (or cards, if there are several).

Of course, changing the network card would then stop your software from working.

If/When TPM becomes standard on servers, you should be able to use it to authenticate the server.

Solution 5

You can get the PC's MAC Address as shown here: http://www.java2s.com/Code/CSharp/Network/GetMacAddress.htm

Of course, this approach is not without flaws. There are other approaches listed in this post, which is similar, but not an exact duplicate: What's a good way to uniquely identify a computer?

Share:
16,093
Admin
Author by

Admin

Updated on June 09, 2022

Comments

  • Admin
    Admin about 2 years

    I'm writing a small client program to be run on a terminal server. I'm looking for a way to make sure that it will only run on specified server and in case it is removed from the server it will stop functioning.

    I understand that there are no methods to make it 100% secure, none the less I want to make it difficult for most power users to be able to do it.

    I was looking at different Unique Identifiers like Processor ID, Windows Product ID, Computer GUID and other UIs. Because the terminal server is a virtual machine, I cannot locate anything that is completely unique to this machine.

    Any ideas on what I should look into to make this mostly secure. I do not have time or the need to make it as secure as possible, because it will defeat the purpose of the application itself.

    I do not want to user MAC address. Even though it is unique to each machine it can be spoofed by following instructions found on internet.

    As far as Microsoft Product ID, because our system team clones VM servers and we use corporate volume key, I found already two servers that I have access to that have same Product ID Number. I have no Idea how many others out there that have same Product ID

    Alternatively instead of trying to identify the machine, I might be better off by identifying the user and create group based permission handled through AD for access to this software.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

dcomcnfg functionality programmatically
How to install MSBuild on OS X and Linux?
HttpWebRequest + Windows Auth - NetworkCredential just doesn't work
How to present credentials in order to open file?
C# - Securely storing a password locally
X509 guide/tutorial in C#
Building an ASP.NET MVC Master Page Menu Dynamically, Based on the current User's "Role"
MD5 hash with salt for keeping password in DB in C#
What is the best way to protect sensitive data in the code?
.NET Development on a Mac Tips