I have a software client that I am selling to a very niche market. I am offering a 30-day free trial and I wanted to make sure that people who haven't purchased a product activation key would not be able to use the software after 30 days from their first time using it. I looked around and saw that people were recommending using the MAC address of the machine's first NIC card as a unique identified of the machine.
I sold about a dozen copies of the software and all was working fine. Then this past week, two new buyers have been having problems. When the software checks with my website, it also deposits log files that tell me that the MAC address changed between sessions for these two clients.
For one machine, it changed once after the first session. For another, it seems to change every 3 or 4 times my software is invoked.
I now see articles on the net about being able to spoof the MAC address. Is it possible that their firewall or other security settings are changing this MAC address? I am using the following C# code to retrieve the MAC address, is this maybe giving me something I wasn't expecting?
NetworkInterface.GetAllNetworkInterfaces()[0].GetPhysicalAddress().ToString()
I just noticed that both of these clients are located in Canada. Don't know if that matters, it does seem quite a coincidence, though...
The one client is not running VMWare. Her machine is running "Trend Micro" security, if that matters...hhhmmm...
I used the technique from Reliable method to get machine's MAC address in C# to come up with a list of the devices on my machine.
Status NetworkInterfaceType Speed GetPhysicalAddress() Description
0 Down Wireless80211 0 XXXXXXXXXXXX Realtek RTL8188CUS Wireless LAN 802.11n USB Slim Solo
1 Down Wireless80211 0 XXXXXXXXXXXX Microsoft Wi-Fi Direct Virtual Adapter
2 Up Ethernet 100000000 XXXXXXXXXXXX Realtek PCIe GBE Family Controller
3 Down Ethernet 3000000 XXXXXXXXXXXX Bluetooth Device (Personal Area Network)
4 Up Loopback XXXXXXXXXXXX Software Loopback Interface 1
5 Up Tunnel 100000 00000000000000E0 Microsoft Teredo Tunneling Adapter
6 Down Tunnel 100000 00000000000000E0 Microsoft ISATAP Adapter
The problem is that I was always taking the first item in the list. Networks with Blackberry VPNs (and probably other things, including VMs) insert new devices whereever they see fit. Including the beginning of the list. For them, the order of the list changes a great deal.
So my resolution is to have my client send every Physical Address on the list in a pipe-separated field. The server will store one address, but will look against each item sent to it. If any match, then the client may start up.
This leaves one problem, how do I know at the time I register that I'm picking an address that will stay on the list (rather than one associated with a mobile unit that will likely walk away). I thought about storing the whole list on the server, but that gets complicated quickly. Instead, I'll store the first active one on the server (the first time it logs in). Then I'll monitor who is getting denied and update their address, try to catch patterns, then maybe see if I can code a self-heeling solution. The trick is doing so without negating all of the checks I've put in.