How can I get a host computer unique ID in PHP?

Question

I need to come up with a way to uniquely identify computers. Something like the system id or info from CPU that can't be hacked easily be obtained in php application run time and then sent over the internet to a central database to activate or validate license keys.

System Info:

• Web Shared Hosting or Local network
• Linux(can be any distribution)
• Apache
• PHP

Thanks in advance for any reply

Answer 1

There's no such thing as "can't be hacked". There are a lot of schemes for enforcing this, but most of them will anger legitimate customers rather than stop non-legitimate use. A MAC address is supposed to be unique, but most NICs allow them to be reconfigured quite easily, allowing your license key to be used on any other computer by just reconfiguring the MAC (it must simply be out of the subnet of the other computer, using the same MAC).

If you really want to go ahead, I suggest you look into cryptography and digital signing, that might get you going, but it most likely won't stop a determined hacker. Even you could find something within the system which is unique, and cannot be changed, there's still the layer between your php app (the OS, or whatever library you're using), or the php code itself that could be replaced to deliver predefined data matching that in the license key. Not to mention that a legitimate customer would be UNABLE to invest in new hardware, have a redundant system as a standby, or any other completely legitimate use of your software not bound to the particular system.

In my opinion, your best bet is to trust your customers not wanting to operate illegally. Any license 'enforcing' should merely be helping your customers to renew their license, I personally also don't think that an expired license should halt the operation of your software, it could nag about it, but not stop outright. Simply signing the customers name, and expiry date with your private key should be adequate. It can still be copied, as long as the copied system uses the same 'customer name', but then again, they could still hack your php-files not to display it.

Answer 2

Why don't you use the MAC address of a NIC? They are supposed to be unique.

You can get the MAC using the technique described here .

Please bear in mind that there isn't any silver bullet : if folks really want your (assumed to be server-side software), they will get it... it is just a question of time & effort.

Answer 3

使用php exec命令运行命令以获取MAC地址

Answer 4

As I recall, there was a company who accomplished such a feat but using a computer programing language. It seems that every installation of windows has a unique key entry in the registry which uniquely identifies said installation. Their program reported this key. It is however very difficult to do so without having such a reporting program on the end users computer.

Unless you happen to be extremely inventive and come up with something else, the only tools you have at your disposal as have been mentioned above are as follows.

• Session
• Cookie
• Username
• Password
• email address
• Question and Answer
• IP Address
• Browser
• Operating System
• Referer
• Browsing Habbits
• Request Time
• Request Method
• Request URI
• Port
• Connection
• Encoding
• Language
• http Accept

Well, I hope I got that all correct and didnt just make a jackass of myself.

All the above mentioned, involve either reading something off the users computer, putting something on the users computer, recording events or a combination of all three. In order to be absolutely assured that you are uniquely identifying a user, I would suggest using all of the above. However, when is enough enough?

The only things you really need to be concerned with when attempting to track a user is the following.

1. Will the users details change.
2. Will the cookie expire.
3. Will the user delete the cookie.
4. Will the user change browser windows rendering the session mute.

When one fails, the others take up the slack and you can then repair the damage.