.NET copy protection

Question

Is it possible to restrict a .NET executable to a specific machine somehow so that it can only be run on that machine.

Answer 1

Yes, and I do that in my apps. It works wonderfully.

Getting the system info (CPUID, MacID, HDD details) is easy using WMI (highly recommended).

I created a system that's practically foolproof (unless you're a pro hacker).

When my apps are installed for the first time on the user's PC, they go back to my server using web services. They identify themselves using a password hash and look for an authorisation code/order id for the client.

If the client has the correct authorisation code the application encrypts and stores the system details on the client's computer and sends a hash of the info to my server where it is stored. The software is then activated on the client's computer using some hashed flags and every time the app is run the system info is compared with the hashed info in the files.

If the client re-formats the computer, all he needs is the order id to activate the software again automatically (when the program checks with my server, the system details are verified and approved if they match). If the client installs the software on another machine he must contact my support team to get approval.

-- All the information is encrypted and hashed (double encryption). -- All code is obfuscated and packed.

It's working pretty securely at the moment.

So yes, it's possible, it's been field tested and found working as well as any other protection system.

Answer 2

Can't use the processor id and check it everytime(?)

Here is a sample code which I wrote some time back.

Imports System.Management

Public Class Form1

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        'Declare following three object variables

        Dim objMOS As ManagementObjectSearcher
        Dim objMOC As Management.ManagementObjectCollection
        Dim objMO As Management.ManagementObject

        'Now, execute the query to get the results
        objMOS = New ManagementObjectSearcher("Select * From Win32_Processor")

        objMOC = objMOS.Get

        'Finally, get the CPU's id.
        For Each objMO In objMOC
            MessageBox.Show("CPU ID = " & objMO("ProcessorID"))
        Next

        'Dispose object variables

        objMOS.Dispose()
        objMOS = Nothing
        objMO.Dispose()
        objMO = Nothing

    End Sub
End Class

Answer 3

Assuming the machine has an NIC you can use the MAC address:

Read MAC Address from network adapter in .NET

Answer 4

Out of the box - no.

You can try generating a machine signature during installation and lock your application to not start when the signature file is not present or is not valid for this particular machine.

Answer 5

.NET is awful because it's so easy to reverse it back to source code with commonly-available tools. (We do a demo where we crack .NET in about 2 minutes). Cyril's solution sounds good because he's using encryption and a hash of fingerprints to the target machine. These solutions regrettably are vulnerable to some kinds of man-in-the-middle attacks although his solution sounds better than most. One problem with machine binding is that the fingerprinting tokens you want to use (like MAC address, CPU serial number, etc) must be retrieved with OS calls, which can be spoofed by a mid-level cracker.

Depending on the $ value of your software using a good dongle like CodeMeter, Hasp HL, or KeyLok will give you significant protection. Using a "bad" dongle won't help you a bit, though.

Answer 6

You could digitally sign your EXE and use certificates to aid some sort of protection, however if you truly want to prevent your EXE from running on a specific PC you might be better prompting the user for a password and using a key file?

.NET Encryption Examples http://aspnet.4guysfromrolla.com/articles/112002-1.aspx http://www.eggheadcafe.com/articles/20020630.asp

Answer 7

For this, you would need to embed your license code with some sort of machine-code generated from the machine's MAC ID, HDD ID, CPU ID, etc.

Then check this embedded code with the machine code generated when your software is run. If these do not match, it means that the software is being used on a different machine.

If you want a ready-made license scheme which supports this scenario, see CryptoLicensing

Answer 8

If you want a ready-made license scheme which supports this scenario, see CryptoLicensing

This is not really true. CryptoLicensing only uses the computer name, not even CPU ID.