.NET copy protection

Question

Is it possible to restrict a .NET executable to a specific machine somehow so that it can only be run on that machine.

Answer 1

Out of the box - no.

You can try generating a machine signature during installation and lock your application to not start when the signature file is not present or is not valid for this particular machine.

Answer 2

Yes, and I do that in my apps. It works wonderfully.

Getting the system info (CPUID, MacID, HDD details) is easy using WMI (highly recommended).

I created a system that's practically foolproof (unless you're a pro hacker).

When my apps are installed for the first time on the user's PC, they go back to my server using web services. They identify themselves using a password hash and look for an authorisation code/order id for the client.

If the client has the correct authorisation code the application encrypts and stores the system details on the client's computer and sends a hash of the info to my server where it is stored. The software is then activated on the client's computer using some hashed flags and every time the app is run the system info is compared with the hashed info in the files.

If the client re-formats the computer, all he needs is the order id to activate the software again automatically (when the program checks with my server, the system details are verified and approved if they match). If the client installs the software on another machine he must contact my support team to get approval.

-- All the information is encrypted and hashed (double encryption). -- All code is obfuscated and packed.

It's working pretty securely at the moment.

So yes, it's possible, it's been field tested and found working as well as any other protection system.

Answer 3

Can't use the processor id and check it everytime(?)

Here is a sample code which I wrote some time back.

Imports System.Management

Public Class Form1

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        'Declare following three object variables

        Dim objMOS As ManagementObjectSearcher
        Dim objMOC As Management.ManagementObjectCollection
        Dim objMO As Management.ManagementObject

        'Now, execute the query to get the results
        objMOS = New ManagementObjectSearcher("Select * From Win32_Processor")

        objMOC = objMOS.Get

        'Finally, get the CPU's id.
        For Each objMO In objMOC
            MessageBox.Show("CPU ID = " & objMO("ProcessorID"))
        Next

        'Dispose object variables

        objMOS.Dispose()
        objMOS = Nothing
        objMO.Dispose()
        objMO = Nothing

    End Sub
End Class

Answer 4

Assuming the machine has an NIC you can use the MAC address:

Read MAC Address from network adapter in .NET

Answer 5

If you want a ready-made license scheme which supports this scenario, see CryptoLicensing

This is not really true. CryptoLicensing only uses the computer name, not even CPU ID.

Answer 6

.NET is awful because it's so easy to reverse it back to source code with commonly-available tools. (We do a demo where we crack .NET in about 2 minutes). Cyril's solution sounds good because he's using encryption and a hash of fingerprints to the target machine. These solutions regrettably are vulnerable to some kinds of man-in-the-middle attacks although his solution sounds better than most. One problem with machine binding is that the fingerprinting tokens you want to use (like MAC address, CPU serial number, etc) must be retrieved with OS calls, which can be spoofed by a mid-level cracker.

Depending on the $ value of your software using a good dongle like CodeMeter, Hasp HL, or KeyLok will give you significant protection. Using a "bad" dongle won't help you a bit, though.