More about the HardwareToken RRS feed

  • Question

  • Hi,

    In my app, for licensing reasons, I need to track devices as a user cannot link more than 3 devices to his account.

    Therefore I need a consistent way to identitfy a Windows 8 device, hence I'm using the HardwareToken.

    Here's how I'm using it:

    string deviceSerial = string.Empty;
    Windows.System.Profile.HardwareToken hardwareToken = Windows.System.Profile.HardwareIdentification.GetPackageSpecificToken(null);
    using (DataReader dataReader = DataReader.FromBuffer(hardwareToken.Id))
        int offset = 0;
        while (offset < hardwareToken.Id.Length)
            // The first two bytes contain the type of the component and the next two bytes contain the value.
            byte[] hardwareEntry = new byte[4];
            // CPU ID of the processor || Size of the memory || Serial number of the disk device || Mobile broadband ID || BIOS
            if ((hardwareEntry[0] == 1 || hardwareEntry[0] == 2 || hardwareEntry[0] == 3 || hardwareEntry[0] == 7 || hardwareEntry[0] == 9) && hardwareEntry[1] == 0)
                if (!string.IsNullOrEmpty(deviceSerial))
                    deviceSerial += ",";
                deviceSerial += string.Format(CultureInfo.InvariantCulture, "{0}_{1}", hardwareEntry[2], hardwareEntry[3]);
            offset += 4;

    As you can see I'm only using 5 info out of the 9 available ones:

    1. CPU Id of the processor,
    2. Size of the memory,
    3. Serial number of the disk,
    4. Mobile broadband ID,
    5. BIOS id

    I'm not using the 4 remaining ones (Network adapters, Audio adapters, docking station, bluetooth address) as those result in a hardware token changing too much (id is going to be different if bluetooth is on/off, or a network adapter is enabled/disabled).

    This works fine for computers but I'm rather concerned about tablets as if I compare the hardware token I get on two different Microsoft Surface:

    • CPU id of the processor is the same,
    • Size of the memory is the same,
    • Serial number of the disk varies,
    • Mobile broadband device ID isn't available,
    • BIOS id varies

    This means that this unique id will be computed on two times 2 bytes (2 using the serial number of the disk, and 2 more for the BIOS id) which corresponds to 65,536 x 65,536 = 429,654,016 possibilities, which isn't that much.

    Collision risk seems to be pretty high on tablets and if we add information to the token, the token will change too much and won't actually represent a device but rather a device configuration.

    I could also generate a guid and store that in that application data, but uninstalling and reinstalling the app would delete that guid.

    Could you think of extra information I could combine that token with, or another way to get a unique device id?



    Wednesday, January 22, 2014 10:14 AM


  • There isn't anything else provided specifically for this. As you note, adding other likely unique items risks drift. I can't think of anything else to add that wouldn't either risk drift or have the same uninstall problem as storing a GUID.

    That said, barring a bad hash algorithm for the serial numbers and BIOS IDs the collision likelihood seems fairly low for most purposes.


    Wednesday, January 22, 2014 4:18 PM