Reliable way of generating unique hardware ID

Question: I have to come up with unique ID for each networked client, such that:

• it (ID) should persist once client software is installed on target computer, and should continue to persist if software is re-installed on same computer and same OS installment,
• it should not change if hardware configuration is modified in most ways (except changing the motherboard)
• When hard drive with client software installed is cloned to another computer with identical hardware configuration (or, as similar as possible), client software should be aware of that change.

A little bit of explanation and some back-story:

This question is basically age old question that also touches the topic of software copy-protection, as some of the mechanisms used in that area are mentioned here. I should be clear at this point that I'm not looking for a copy-protection scheme. Please, read on. :)

I'm working on a client-server software that is supposed to work in a local network. One of the problems I have to solve is to identify each unique client in the network (not so much of a problem), so that I can apply certain attributes to every specific client, retain and enforce those attributes during the deployment lifetime of a specific client.

While I was looking for a solution, I was aware of the following:

• Windows activation system uses some kind of heavy fingerprinting mechanism that is extremely sensitive to hardware modifications,
• Disk imaging software copies along all Volume IDs (tied to each partition when formatted), and custom, uniquely generated IDs during installation process, during first run, or in any other way, that is strictly software in its nature, and stored in registry or on hard drive, so it's very easy to confuse two.

The obvious choice for this kind of problem would be to find out BIOS identifiers (not 100% sure if this is unique through identical motherboard models, though), as that's the only thing I can rely on that isn't duplicated, transferred by cloning, and that can't be changed (at least not by using some user-space program). Everything else fails as either being not reliable (MAC cloning, anyone?), or too demanding (in terms that it's too sensitive to configuration changes).

Sub-question that I'd like to ask is, am I doing it correctly, architecture-wise? Perhaps there is a better tool for the task that I have to accomplish...

Another approach I had in mind is something similar to a handshake mechanism, where a server maintains an internal lookup table of connected client IDs (which can be even completely software-based and non-unique at any given moment), and tells the client to come up with a different ID during handshake, if a duplicate ID is provided upon connection. That approach, unfortunately, doesn't play nicely with one of the requirements to tie attributes to specific client during lifetime.

Correct, I didn't specify a language, because I find that specific language is irrelevant to the question at hand. I'm interested in a higher level way to accomplish this. I find your answer very precise. The only thing I have to find out is how backwards-compatible this interface is, ie. how old motherboard are supported using this method?

Software component is not reliable, as it can easily be cloned, right? Combination of two could be a better solution, as you proposed, since that could enable remote server to identify cloned clients, so to call them. Good idea. Thanks.

I'm pretty sure all BIOSs have been standardized since the early to mid 90s. The WMI has been around since Windows 2000 (and is available as a patch to Windows 95 and Windows NT). In short, you have nothing to worry about :) It's fully backwards-compatible unless you're installing your software on Windows 3.1 or computers that were built 30 years ago.

I mean, that you can produce a string or byte array with all information (concatenation of this information) which are important and are invariant during the cloning of computer. Then you calculate a hash from this array of bytes. This hash value will be your unique ID. You save such hash value during software installation. Every time as your software will be started you calculate the ID (hash) one more time and compare with the saved during installation value. Is that not what you want? How to read hardware information is not a problem. There are a lot of ways inclusive WMI.

Damn, early-to-mid 90s were 15-20 years ago... Talk about time flying! I was aware that in recent past (say, 10 years ago and onwards) most manufacturers had these standardized, and was interested in hearing how much in time it goes back. Now I have my answer. Thanks.

Although this is very close to what I'm looking for, another poster has provided more to-the-point answer. However, I must emphasize that I like your suggestion to build hash based on "information about software and hardware component". This led me to think of additional feature that I might incorporate, which is ability to detect cloned clients, by having separate hw and sw IDs - say that hw ID is truly unique, and sw ID might not be unique, in which case, it's clearly cloned instance.

If you don't know how to read BIOS or MAC information, you should asked this in your question. Moreover, you don't wrote whether you use .NET or unmanaged code, C/C++ or VB and so on. For C/C++ developer usage of WMI is not the easiest and not the best way, there are a lot of easy C-like Windows API which can give you information what you look for. Your question sound much more as you are looking for an idea for constructing of IDs like Microsoft and other this do. I just shortly explain the main idea of such implementations. Good luck.

Thanks, I was probably too descriptive, from best intent to explain what I want to accomplish. I didn't mean to say that I was looking for exact code solution, but I was looking for a piece of uniquely-identifiable information, such as BIOS and/or Motherboard ID string. How would I read it is another story (despite having gotten precise location where I can read it from). True, WMI might not be the way to go, as you have suggested. Sorry for confusion. To be perfectly honest, I was looking for a second opinion on the subject, which is exactly what I got from both of you. Thank you very much!

To be even more honest, both of you gave perfectly acceptable answers, but instead of not marking any answer as "the answer", I have figured it would be better to mark one that is IMO closer to what I was expecting, sort of.

It's not a problem. I have enough reputation points. You welcome. It is just funny if I find a question which I stay me some year ago. I know too exactly how to implement what you are searching for because of my previous experience. So you welcome and good luck!

I have returned with my findings, regarding support for unique, BIOS-related identifier. Unfortunately, none of 4-5 mainboards (all 1-2 years old) had BIOS SerialNumber. Am I doing something wrong? I was using mentioned property to generate unique IDs, but to no avail... Any ideas?

Anyhow, turns out that this is not a solution to my problem. I'll go with a generic answer.

Good thing about this project is that users don't have to go through an effort to change MAC, since they would gain absolutely nothing by doing it (as it's not form of software protection). But, due to nature of program, hard disk serial number is not an option, unfortunately :( MAC is troublesome, since even networked computers don't expose their MAC address when NIC is disabled... :( That leaves me with probability that majority of users won't mess with their NIC (as they shouldn't, since this program is closely tied with network).

Sorry but this doesn't answer the question - it simply links to a commercial web site with a supposed DLL that "solves the problem".

WMI is not available in all computers by default. Also, it breaks down quite a easily. I happen to me. Fortunately, there is a fix ( searchwindowsserver.techtarget.com/tip/Repairing-damaged-WMI ). Anyway, in these cases the license validation code may fail.

@robnick - It also shows which options are guaranteed NOT to work :)

@robnick ...and I haven't forced anyone to 'extract' money from their pocket to purchase that DLL. I merely suggested that IT IS possible to do it since others have done it. The person that asked the question can implement his own ASM code to get the ID from the IDE drive interface board. But one must be REALLY cheap if he'll start digging into advanced hardware documentation to write his own ASM code, in order to save 19€ :)

I could have sworn I replied to your recent comment. Look, you're replying to a comment from 4 years ago. Great work on updating your answer to make it clear.

DON'T YOU EVER RELY ON MAC. A user can google and download a free tool and change the MAC within 30 seconds! It is the most used and unfortunately the most unreliable "hardware" ID.