All geek questions in one place

Get a unique computer id from PHP

I have created an application using PHP and I am going to sell it in the local market. I personally will go to their places to install / configure Apache and MySQL, as well as to install my own code.

I need a security system so that if someone tries to copy my code to an unauthorized computer, it will not work.

I know no one can prevent reverse engineering of the application. even .exe (binary) files are hacked and with PHP (source code) anyone can do it.

In my country, these reverse engineers are really hard to find, so I would like to offer minimal security settings, for example:

1) Create a class (say, Navigation ) that identifies system information, such as the CPU ID, computer name, or any combination of hardware identifiers, to make UNIQUE_ID and match my given UNIQUE_ID (to the one to whom I sold the application). If it is valid, it returns the navigation menu. Otherwise, it will simply destroy the database and stop execution by throwing an exception, perhaps, for example:

 class Navigation { public function d() { return current system UNIQUE_ID; } public function get() { $a = file_get_contents('hash'); $c = $this->d(); if (crypt($c) != $a) { //destory database throw new Exception(''); } else { return "<ul><li><a>home</a></li></ul>"; //navigation menu } } }

2) Then, during the installation process, I changed the UNIQUE_ID system in the "hash" file, create an object and save it in the file (nav.obj):

(install.php)

 <?php $a=new Navigation; $out=serialize($a); file_put_contents('nav.obj', $out);

3) in header.php (which is included in each file):

 <?php $menu=file_get_contents('nav.obj'); $menu=unserialize($a); echo $menu->get(); ?>

I know that this method is not a complete proof, but I'm sure that about 60% of PHP developers will not be able to crack it.

Now I only need to get the current UNIQUE_ID system.

+6
source share
2 answers

I created this function to get a unique identifier based on the hardware (UUID of the hard drive). Depending on your needs, you can use different resources, such as computer names, domains, or even the size of your hard drive.

  function UniqueMachineID($salt = "") { if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { $temp = sys_get_temp_dir().DIRECTORY_SEPARATOR."diskpartscript.txt"; if(!file_exists($temp) && !is_file($temp)) file_put_contents($temp, "select disk 0\ndetail disk"); $output = shell_exec("diskpart /s ".$temp); $lines = explode("\n",$output); $result = array_filter($lines,function($line) { return stripos($line,"ID:")!==false; }); if(count($result)>0) { $result = array_shift(array_values($result)); $result = explode(":",$result); $result = trim(end($result)); } else $result = $output; } else { $result = shell_exec("blkid -o value -s UUID"); if(stripos($result,"blkid")!==false) { $result = $_SERVER['HTTP_HOST']; } } return md5($salt.md5($result)); } echo UniqueMachineID();
+12
source

By http://man7.org/linux/man-pages/man5/machine-id.5.html

 $machineId = trim(shell_exec('cat /etc/machine-id 2>/dev/null'));

EDIT for Tito:

 [ ekerner@ **** ~]$ ls -l /etc/machine-id -r--r--r--. 1 root root 33 Jul 8 2016 /etc/machine-id

EDIT 2 for Tito: some things to consider and scenarios:

Is the user allowed to receive a new machine? Guess yes. Or run on multiple devices? It seems that the car may not be relevant in your case?

If only its user (without restrictions on the machine), then Id goes to the licensing service (depending on the network). There are many services for this: Google Play (for Android applications) is a good example: https://developer.android.com/google/play/licensing/index.html MS and Apple have similar services. However, simply search the Internet for the term “Software Licensing Service” or “Cloud Computing Software Licensing Service”.

If its user + one device, then you will need to transfer the device identifier to any service that you use or do , then allow the machine identifier to be updated, but not allow id to return to the previous machine (it will mean several devices). However, the services mentioned will provide you with a client code that should take care of this if necessary.

Two scenarios from experience: 1: A user on any device: we just created an API in the cloud (on a website) and an application login screen when a user authenticated via the API and saved a token, and whenever the device was connected to on the network, the application will request the API and update the login and / or token. Alternatively, you can use the login screen (for example, perhaps they have already entered the site for purchase), generate a key, pack it or associate it with it in the application.

2: User plus machine: The same, except when an API is requested, the machine identifier is transmitted. The machine ID can change as many times as the user updates their device, but we saved the machine ID record and forbade the rule: if we saw the old (previously used) machine ID, then a certain amount of time should have passed. Thus, the user can break his car and pull out the old one.

Also, to consider how you do this, how do you stop the application? Ppl is pretty smart, it needs to be compiled.

However, everyone says that the various licensing services are professional and can satisfy most needs. Plus, in their experience, they have already overcome the pitfalls of security. The identifier of the name that I like, except for its search to search.

It’s nice if you can return with positive or negative results from your paths.

0
source

Source: https://habr.com/ru/post/948927/

More articles:


All Articles