(01-13-2018 - 04:34 AM)Estivan Wrote:Hi, this is just something someone wanted me to make for them a while back, I want to contribute to the community so I decided to share this.
Note: I got some of the code from online, but I can't remember where I got it from, but, credits to whoever wrote it.
Oh, btw, remember to import System.Management (using System.Management;)
Code:public string GetHDDSerial() // Public string that contains the variable of the hardware id string from URL.txt
{
ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT * FROM Win32_PhysicalMedia");
foreach (ManagementObject wmi_HD in searcher.Get())
{
if (wmi_HD["SerialNumber"] != null)
return wmi_HD["SerialNumber"].ToString();
}
return string.Empty;
}
private void lgnhwid_Click(object sender, EventArgs e)
{
System.Net.WebClient Wc = new System.Net.WebClient();
string pplbanned = Wc.DownloadString("Web URL"); // Banned Hardware ID's from server
string pplallowed = Wc.DownloadString("Web URL"); // Whitelisted Hardware ID's from server
if (pplbanned.Contains(GetHDDSerial())) // this if statement checks if the System Hardware ID matches with the string from the server
{
MessageBox.Show("You have been banned from '[name]'!", Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
Environment.Exit(-1);
}
else if (pplallowed.Contains(GetHDDSerial()))
{
MessageBox.Show("You're allowed to use '[name]', Welcome.", Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
HWDI_Login frm = new HWDI_Login();
frm.Show();
this.Hide();
}
else
{
MessageBox.Show("You're not whitelisted, make sure you sent Your" +
" Hwid to [name] and you bought our [product].", Text, MessageBoxButtons.OK, MessageBoxIcon.Warning);
Environment.Exit(-1);
}
}
private void HWDI_Login_Load(object sender, EventArgs e)
{
var mbs = new ManagementObjectSearcher("Select ProcessorId From Win32_processor"); // Get System Hardware id
ManagementObjectCollection mbsList = mbs.Get();
string id = "";
foreach (ManagementObject mo in mbsList)
{
id = mo["ProcessorId"].ToString();
break;
}
System_HWDI.Text = "System Hardware ID: " + id;
}
As already saw in comments, DO NOT TRUST WMI as it can be 'easily' spoffed.
And there is also other things, like user can modify the sending HWID to get inside.
Please use USERNAME + custom things, like windows's username, computer name, CPU, Battery's ID and hash it, then obfuscate your app.
And host the most you can in your webserver, and use it runtime, so if you see something wrong, you can stop them stealing your job ! ;)