Adobe Air unique id issue

1
votes

I created an AIR app which sends an ID to my server to verify the user's licence.

I created it using NetworkInfo.networkInfo.findInterfaces() and I use the first "name" value for "displayName" containing "LAN" (or first mac address I get if the user is on a MAC).

But I get a problem: sometime users connect to internet using an USB stick (given from a mobile phone company) and it changes the serial number I get; probably the USB stick becomes the first value in the vector of findInterfaces(). I could take the last value, but I think I could get similar problems too.

So is there a better way to identify the computer even with this small hardware changes? It would be nice to get motherboard or CPU serial, but it seems to be not possible. I've found some workaround to get it, but working on WIN and not on a MAC.

I don't want to store data on the user computer for authentication to set "a little" more difficult to hack the software.

Any idea?

Thanks

Nadia

2
actionscript-3airadobeserial-number
I think your approach is wrong. What if the user changes the network card or switches from Wifi to LAN ? You can use encrypted sqlite database to store your serials. I suggest also you google about known secure methods for storing credentials or serials... Good luck!Adrian Pirvulescu
I have to agree with Adrian, Digital Rights Management of this sort gives the Ownership of the licence to the card or chip instead of to the owner. It's important to remember anything about a computer can change even down the the CPU or Motherboard. If you don't want to store the licence as a file (understandable), the next best method would be to have the user log in, have your code produce a hash (include salt) or an encrypted string from that, transmit it to a server for validation. The server would just need to compare it to a key it would make using a similar method.CyanAngel
Thanks to both for your comment. Answering to various points: - switching form lan to Wifi is not a problem as both schedes are on the machine and AIR gets the serial of the first "LAN" found, even if the user is connecting by a wifi, the problem is the "USB key" as it is a new hardware and changes the first result from air script.Nadia
about the motherboard or CPU; they can be changed but are more rare situations. about the encription, sorry if I'm asking suomething stupid but I never worked on them: if the user copies the encripted file on another PC and launches the AIR app, does he get a valid serial?Nadia
about user login, I want a single licence on a single computer, with a login a user could launch the app from several computers... I googled a lot to find a good solution, but haven't found anything which could be easy for a not professional programmer but valid too.Nadia

2 Answers

0
votes

So is there a better way to identify the computer even with this small hardware changes?

No, there is no best practices to identify personal computer and build on this user licensing for the software. You should use server-side/licensing-manager to provide such functional. Also it will give your users flexibility with your desktop software. It's much easier as for product owner (You don't have call center that will respond on every call with changed Network card, hard drive, whatever) and for users to use such product.

Briefly speaking, user's personal computer is insecure (frankly speaking you don't have options to store something valuable) and very dynamic environment (There is very short cycle on the hardware to use it as part of licensing program).

0
votes

I am in much the same boat as you, and I am now finally starting to address this... I have researched this for over a year and there are a couple options out there.

The biggest thing to watch out for when using a 3rd party system is the leach effect. Nearly all of them want a percentage of your profit - which in my mind makes it nothing more than vampireware. This is on top of a percentage you WILL pay to paypal, merchant processor, etc.

The route I will end up taking is creating a secondary ANE probably written in Java because of 1) Transitioning my knowledge 2) Ability to run on various architectures. I have to concede this solution is not fool proof since reverse engineering of java is nearly as easy as anything running on FP. The point is to just make it harder, not bullet proof.

As a side note - any naysayers of changing CPU / Motherboard - this is extremely rare if not no longer even done. I work on a laptop and obviously once that hardware cycle is over, I need to reregister everything on a new one. So please...

Zarqon was developed by: Cliff Hall

This appears to be a good solution for small scale. The reason I do not believe it scales well based on documentation (say beyond a few thousand users) is it appears to be a completely manual process ie-no ability to tie into a payment system to then auto-gen / notify the user of the key (I could be wrong about this).

Other helpful resources:

http://www.adobe.com/devnet/flex/articles/flex_paypal.html