Let Say there are two identical systems. One of which has licence version of windows and I am ghosting entire drive into second computer's hdd. will windows ever come two know?
If that system is not connected to internet ?
Is CPU_ID unique Identifier or is it a cpu product ID.
I know mac address is unique in a system but I want to dig deeper in finding unique identifiers of system.
Take a look at this.
What should be the unique ID of a machine? Its motherboard ID? Windows Product ID?
I am working on visual C#.
The Kernel is compiled with specific drivers and the Kernel knows all the information about the hardware including their firmware version and hardware Ids. (one of the reason for BSOD)
If you install a windows and change the HDD to another same set-up, windows might try to repair and work. However if you have TPM chip and Bitlocker enabled, windows will ask you for the BitLocker recover key as soon as you've changed the hardware setup. That's because windows kernel knows each hardware and their ID's and therefor changes in them.
In order to answer you intended question, don't bother trying to prevent privacy you will never succeed and there will be someone to crack it. Instead spend that time on your actual product and marketing. People who want's to steal, they will steal anyway or won't use. Spend your time for those who would want to buy your product.
Having said that, move important code to web service if you really that much worried.
Related
I want to create an application or modify USB in a way so that, upon insertion into any PC, I can get the information that PC was inserted.
eg. upon insertion, I can read PC name and make an API call with this as post data so I'm able to know that my USB was inserted in some PC. But this should happen right away as USB is read by the machine, so even if the user formats it thereafter, it should not matter.
If it was earlier windows, I could write autorun and that would work. But I want this detection mechanism for Windows 7 and above.
I have done some research on the topic but could not find any reliable content. Some articles were related to USB based hacking attacks by changing wiring (USB hardware, to harm the computer) or something like that. But I totally don't want to do that. Just the detection, that USB was used.
I'm wondering about what the Windows UUID that you can get with "wmic path win32_computersystemproduct get uuid" really comes from and when it will change. Microsoft says, the UUID comes from the SMBIOS information (https://msdn.microsoft.com/en-us/library/aa394105(v=vs.85).aspx), what seems to me that the UUID only depends on the system's BIOS. So what when I do one of the following things:
(a) Reinstall Windows on the same system
(b) Install a second Windows on the same system
(c) Clone windows to another disk and then use this disk in the same system
Will any of this actions make the UUID to be changed? Or is it possible to have to different Windows systems with the same UUID (b)?
Thanks a lot
None of these actions will change the UUID. The UUID is a machine-unique ID, like a serial number. It is stored on the motherboard (typically in the system flash eeprom, along with the BIOS) and reported by the BIOS to the OS in an SMBIOS structure, as you guessed.
In theory Windows/SMBIOS UUID is designed to be constant and unique. So that, theoretically it won't change if you would do any of (a), (b) or (c).
However situation on practice is different, as many hardware vendors use the same UUID for bunch of boards, or just use dummy non-unique values like: 00020003000400050006000700080009.
Moreover, it was reported that UUID can change on every computer restart, see this post for more details: http://howtowriteaprogram.blogspot.jp/2012/06/smbios-uuid-fail.html
Can we find if our software has been copied in an OS image (windows) and then deployed in another machine. The hardware details do change but it may be due to hardware upgrade or change.
Is there anything at software level which indicates that the OS image has been installed.
P.S the OS install date doesnt change after image deployment.It shows the date of original OS installation date and time and not that of the imaged one.
For example i tried to detect this using service tag,uuid and os install date changes . I thought the hardware and software details combined would result in correct detection. But the os install date dint change and hardware details changed or showed junk value during hardware upgrade . My software will be installed in the os . Then OS will be imaged. I want to detect the imaged installation
If your software is connected to the Internet this is relatively easy to solve. You arrange to 'call home': send occasional packets to a known server address containing enough information to identify the instance.
For this purpose UDP packets serve quite well. You include information about the build of your software, the operating system it is running on, some simple hardware details such as how much memory and disk, the IP address and the MAC address. From the packets logged by your server you will easily be able to tell an original instance from a clone, or an original with updated hardware in almost every instance. You may also be able to obtain highly distinctive information by a detailed inspection of hardware if you have sufficient privilege.
Please note that Windows does exactly this. If an activated copy is found running on a machine that is sufficiently different then it must be re-activated. The definition of 'sufficiently different' is not made public.
Just to be clear, what I'm describing is a heuristic, not an algorithm. I'll assume the original installation creates a GUID, and that a clone carries the same GUID. When you receive packets from installations with the same GUID containing enough information, in practice you will be able to tell the original from the clone in virtually every case. Two clones may start identical but very soon something will diverge: a network IP address, disk free space, active devices.
This may not fill all the requirements of the original question but it will work (it already does) and it's better than nothing.
Generate a GUID each time the computer boots, and include both the current GUID and the history of GUIDs previously generated each time you report to the server.
If a machine's report has a GUID missing, then you know the machine has been cloned and at least one new instance should be generated. You can determine when the cloning took place by looking for the last GUID that is remembered by both instances.
To determine which instance to consider "the same machine" as the original, if this matters, look for changes in the MAC address or computer name. If there is exactly one instance where neither of these have changed since the machine was cloned, that can be assumed to be the original. (If there are multiple instances with the same MAC address, something is badly wrong; bring it to the attention of the system administrators and let them sort it out.)
If none of the current instances has a matching MAC address and computer name, this might mean that the original machine has not been powered back up yet but will be eventually, or that it has been destroyed, or that it is permanently offline and only being used as a template. It could also mean that, by coincidence, the computer name and/or MAC address were changed after the machine was cloned but before the next report.
How best to deal with this depends on the context, but in most cases it would probably be sensible to show the original machine as a separate instance, even if you haven't had a report from it since the cloning took place, and let the system administrator manually delete it if appropriate.
I'm in need of help. The situation is the following:
We have a software that runs on Windows Mobile 5 and 6. It is deployed in around 15 cities on different devices (Motorola MC35, MC55, MC65, MC75, MC75A, ES400). It works perfectly fine everywhere except in one city. They have MC75A devices and every once in a while we get a helpdesk about our software disappearing from the device.
The most interesting part is when we log in to check the device, all we can see is a damaged/corrupted file system and the OS, which is set back to default.
We tried to reconstruct the problem here at our company, but we find it impossible. I'm wondering if anyone has ever bumped into this.
I'm gonna attach two images of the corrupted file system.
We use custom windows settings and AppCenter to protect the operating system from our customers. (They shouldn't be able to modify any settings on their own).
In general such corruption happens when the driver is interupted saving changes to the file system.
That can happen, for example, when a high priority thread consumes all cpu times.
It may also happen, when the device is hard reset, for example by taking the battery out during thed river is writing to the file system.
A low battery normally cannot result in that corruption:
a) as the device shuts down itslef with critcal battery power
and
b) the file system is in flash RAM (in contrast to Windows Mobile 2003 and before) and does not need battery power to hold data.
It is also possible that there is a bad behaving process doing these corruptions.
As you say you see this only in one city: What is the main difference with the devices there?
Are others also using the same device? Maybe the device series itslef or there firmware is faulty (contact symbol/motorola for new firmware or patches to the 'disk' driver)
Are the users in that area doing special things to the devices that others do not? For example remove the battery when they mean the device does not react?
Is the MC75A used in other areas and there it does not show the corruption?
You see, you have some more items to examine a rule for the corruption?
I need to check which key the user must hit to boot their PC from a USB key or a CD.
Does it depend on the BIOS maker, or on the maker/model of the motherboard?
I was told about the nice, open-source Speccy to get some information on the hardware, but is there a library that I could use to get the same info from a (.Net) program and tell users precisely which key to hit on their very own computer?
Thank you.
There is no way you'll be able to find this out without building a comprehensive library of every single type of motherboard and manufacturer ever made, including any BIOS updates that might change it.
You should just ask the user to follow on-screen instructions when their computer to boots to select the boot device, and maybe offer some likely suggestions ("It will ask you to press a function key...")
At the stage you want to press enter or key, .NET will never be available.