Machine ID for Mac OS?

Question

I need to calculate a machine id for computers running MacOS , but I don't know where to retrieve the informations - stuff like HDD serial numbers etc. The main requirement for my particular application is that the user mustn't be able to spoof it . Before you start laughing, I know that's far fetched, but at the very least , the spoofing method must require a reboot.

The best solution would be one in C/C++ , but I'll take Objective-C if there's no other way. The über-best solution would not need root privileges .

Any ideas? Thanks.

Answer 1

The tool /usr/sbin/system_profiler can provide you with a list of serial numbers for various hardware components. You might consider using those values as text to generate an md5 hash or something similar.

Answer 2

Erik's suggestion of system_profiler (and its underlying, but undocumented SystemProfiler.framework) is your best hope. Your underlying requirement is not possible, and any solution without hardware support will be pretty quickly hackable. But you can build a reasonable level of obfuscation using system_profiler and/or SystemProfiler.framework.

I'm not sure your actual requirements here, but these posts may be useful:

• Store an encryption key in Keychain while application installation process (this was related to network authentication, which sounds like your issue)
• Obfuscating Cocoa (this was more around copy-protection, which may not be your issue)

I'll repeat here what I said in the first posting: It is not possible, period, not possible, to securely ensure that only your client can talk to your server. If that is your underlying requirement, it is not a solvable problem. I will expand that by saying it's not possible to construct your program such that people can't take out any check you put in, so if the goal is licensing, that also is not a completely solvable problem. The second post above discusses how to think about that problem, though, from a business rather than engineering point of view.

EDIT: Regarding your request to require a reboot, remember that Mac OS X has kernel extensions. By loading a kernel extension, it is always possible to modify how the system sees itself at runtime without a reboot. In principle, this would be a Mac rootkit, which is not fundamentally any more complex than a Linux rootkit. You need to carefully consider who your attacker is, but if your attackers include Mac kernel hackers (which is not an insignificant group), then even a reboot requirement is not plausible. This isn't to say that you can't make spoofing annoying for the majority of users. It's just always possible by a reasonably competent attacker. This is true on all modern OSes; there's nothing special here about Mac.

Answer 3

如何使用ifconfig获取连接到计算机的网卡的MAC ID？