Gangsta,
Yes, if you get a hash of the hardware specs and then the user changes them the program will not run.
This is the whole point. You want to detect if the user is installing the program on another system. You might want to make sure there is a handy dandy customer service email and phone number for those people who want to move the application to antoher machine or do major upgrades to their system.
Just take a snapshot of system information that usually doesn't change. Such as:
- Motherboard
- Primary Hard Drive
- Floppy Drive Model
You can get this information from the - Programs - Accessories - System Tools - System Information Tool...
There are some hardware identification keys in the registry that you can pull programitically if you need to. Also, I thought that the System Information utility had some exposed interfaces that you can access.... (I have usually done this type of thing through bios, but I am sure the Windows APIs would be much simpler to use.)
The Activation Web Service that I spoke of is very easy to make. Just make sure you have a working primary and public key pair.
To digitally sign your application us. sn -k to generate a key pair.
use the private key to sign your application. In the AssemblyInfo.vs file in your project, there is an attribute that you use to point to your key file.
[assembly: AssemblyKeyFile("\mykey.snk")]
Honestly, digitally signing your assemblies is not the hard part. (remember, this only ensures that your code can't be changed. Not pirated.) By digitially signing your app, you ensure that someone can not change your piracy protection code.
The hard parts are getting the hardware specs from the system.
Remember the steps:
[The client ]
- Get hardware specs of system.
- Serialize it. (Turn it into a string.)
- Run a sha1 hash on it. (.NET Cryptography namespace)
- Accesses Activation Web Service and submits product key and hardware hash.
[Activation Web Service]
- Confirms validity of product key
- Ensures that that the product key is not already assiciated with another hardware hash in the databae, (xml file?)
- Associates product key with hardware hash code in the database.
- Digitally signs an "Activation Response" response containing the Hash and Product Key.
[Client]
- Saves Response to application folder.
[Client upon startup]
- Looks for an "Activation Response" on the hard drive. (If not prompts the user for activation.)
- Verifies the "Activation Reponse" by:
1. Validating the digital signature by comparing it with a public key stored with the application or over the Internet.
2. Verifies the hash stored in the "Activation Response" with the actual hash of the system. This is done every time. This is essentially scanning for hardware changes.
- If everything is verified, then the application launches. (There might be a grace period to all for people who don't have internet access and have to activate by phone.
Hope this helps. You can do searches for almost everything I typed on google if you want a second opinion or cool ways to access hardware configuration information.
Hope this helps.