Fingerprinting an application so it runs on only a machine which has had it's hash whitelisted
Question
Basically this is the algorithm I'm thinking about:
- Get users MAC address.
- Get users hard drive ID.
- Get users motherboard ID.
- Get users RAM ID.
- Combine all these specifics into a single very long string.
- Apply some sort of Ceaser crypto.
Hash this very long mangled string.
User this hashed string as it's unique identifier and verify it against a webservice that will whitelist it for use.
Is this secure enough? I'm new to machine fingerprinting and would love to hear suggestions or pitfalls I might not be taking into consideration.
1 answers
solution1
0 2011-11-23 18:28:14
.net is very weak to decompiling and the methods of obsfusication that are easily implemented are also easily bypassed. Anything that you write as a security control that uses in-place security measures (meaning they perform no external checks) are easily reversed and bypassed by injection/altering of exec/ or absolute removal of the protection measure. There are alternatives such as verifying those id's against a closed data base when the program is launched. or issuing keys like cd's that are verified against a database that also checks server side values against the id's you listed and those are the simple methods.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.