> Solutions based on hardware serial numbers and/or MAC addresses can > cause problems if external plug-in disks are attached or if the > machine is not connected to a network which causes some versions of > Windows to assign an arbitrary MAC address.
Many still use the MAC address of a primary adapter. It is unusual for a primary adapter to change MAC addresses. VPNs, software adapters, etc change all the time though. We don't use it or rather them mainly because it is a motable number. > >For the unique machine key we use the Windows Key, Hard Drive >> Serial No and BIOS Manu name. Some people like to use >the computer >> name and/or the MAC addresses for a machine. > > If there is a disk crash or the customer has to re-install the > operating system, this can not be carried over to the repaired > machine without re-licensing, something which costs time and is > irritating for everyone involved. Our keys expire annually anyway, so we rotate keys pretty consistently. None of our customers have ever complained about it being an issue and find it requires a very minimal amount of time. In the end it is how secure you want your product to be. I find the three keys above to be static, change very infrequently and are easily referenced. If their machine crashes, it really isn't a big deal to swap out a key. Besides, our users upgrade windows and change out the entire machine somewhat frequently. We even have some users who jockey around their VMWare sessions which require new key generations all of which has never been an issue for us or them. Takes about a minute to do it all. Most licensing requires some inconvinience, but if you make the process simple it usually isn't an issue. Windows Genuine licensing is far more sophisticated and relies on even more complicated key generations including the unique IDs assosiated with installed drivers. Often when someone changes out a harddrive, video card or sometimes even a keyboard, they have to relicense their Windows. It can be somewhat annoying but it is pretty infrequent for most users. > I've been including a CrC check in all my applications since I first > started using SysTools. Too many people today know how easy it is > otherwise > to alter an exe file! Make sure the check is threaded and somewhat random. It is far too easy to NOP or force a branch in a fixed check. Many authors just put it right behind or in front of the license check which makes for an easy disassemble. Disassembling threaded procedures on a random timer is a PIA. Even better to add a hit to your license check forcing a failure somewhere mid stream in the app. If someone has forced a branch, it will return true and you know someone has messed with your two startup checks. Also, don't hardcode that CRC number in the file since it makes changing the CRC a pretty easy thing to do as well. We fetch ours from three seperate encrypted memory spaces in the file. __________________________________________________ Delphi-Talk mailing list -> [email protected] http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-talk
