Home/ Questions/Q 6622977
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T21:28:35+00:00

I have an RCP application build on Java 1.6. I am using Virtual Machine

  • 0

I have an RCP application build on Java 1.6. I am using Virtual Machine Unique ID on a machine as a number to identify a machine uniquely and generate license key based on this number.

I have done basic testing and it seems to work pretty good. I am able to uniquely identify each machine and VMId remains same for multiple sessions (restarts, log off etc). Also if I copy my software installation to a different machine, it doesnt work.

The only apprehension I have is that if this is perfect way to build a licensing algo for an RCP application. Are their any border edge scenarios where this can fail. I am very worried if somebody updates their java software, will that change VMId.

Waiting for expert opinions,

Naveen

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you see the default constructor of java.rmi.dgc.VMID 

    public VMID() 
{
    addr = localAddr;
    uid = new UID();
}

    then you will find that it depends on the hash of the IP address (which will be same for all the machine using the localhost or 127.0.0.1). But (and its a big but), it also depends on the java.rmi.server.UID.

    Now as per javadoc:

    An independently generated UID instance is unique over time with
    respect to the host it is generated on as long as the host requires
    more than one millisecond to reboot and its system clock is never set
    backward.

    Now there is no machine which is available which reboots in less than one millisecond. The fastest one I have seen are MS-DOS (not sure about the boot time) and Google OS (takes 3-4 seconds, as per their promo).

    So, I will feel safe if it is the only factor but I will still test the setting the system clock backward factor.

    If I have to use your product on multiple machine but paying only for the one then I would install it on a OS running on VMPlayer or VirtualBox. This way I could distribute multiple copies of your tool. Have you checked this scenario.

    Also, on my dev machine I normally have two differnt JDK (a latest one for playing around and a second one for client specific development). The VMID and UID classes are known have some issues earlier with multiple JVMs. Check this: http://www.velocityreviews.com/forums/t131825-can-we-generate-unique-id-from-java.html.

    Also, have a look at this javadoc: http://fuseyism.com/classpath/doc/java/rmi/dgc/VMID.html

    Normally, the licensing strategies I have seen are much more involved. Like (on windows machine) creating/using some registry key values, backed by some web service for one time registration, asking user for some salt value (like his/her name, age) and then generating license key from that.

    So, finally if you are sure that your products user are not gonna use any virtualization technology (like vmplayer etc), there is no multiple JVM related issue and they might not have internet available for one time activation then go for it.

    But keep in mind that for a determined attacker no software is too hard to break as it is evident from the number of pirated/cracked games and softwares available in market.

    • 0