Hardware-locked feature has a big flaw and doesn’t work as it should!

(This post may be very important to many Excel Application developers that sell their applications to organizations)
Dear GDG,

I am selling a Excel Application to limit cheating in Excel courses. My client is a University with over 300 computers. Because all computers are the same brand and model I followed your recommendation (from your manual) of using either “hardware disk info or MAC address” (quote)

For that reason I compiled a trial version using hardware disk info. But guess:
EVERY computer in the organization gave me the same system ID (from the compiled workbook).
The same happened when I compiled the workbook using all of the other options (manufacture-allocated serial Number of the USB stick or first hard disk; CPU id and info; Combination of the two previous options)
And also happened with the MAC address option.
With this one I got very suspicious, because I know by myself that every computer in that organization has a different MAC address.
Here are some of system ID’s that I got personally from some computers of a room and their real MAC address:
Computer 1 C39H-5437-77EH 6C-62-6D-57-C8-10
Computer 2 C39H-5437-77EH 6C-62-6D-57-BA-3A
Computer 3 C39H-5437-77EH 6C-62-6D-57-BB-20
Computer 4 C39H-5437-77EH 6C-62-6D-57-C8-C8
Computer 5 C39H-5437-77EH 6C-62-6D-57-C7-61
Computer 6 C39H-5437-77EH 6C-62-6D-94-0A-14

I ask permission to use another room and fetched a couple more so I could give you GDG folks more information to fix it.

Computer 1 12EB-862A-AE5A 40-61-86-F3-76-87
Computer 2 12EB-862A-AE5A 40-61-86-F3-77-D4

The pattern is obvious:
Your software only gets the first 3 octates (the organizationally unique identifier) of the MAC address not the entire 6 octates (including the NIC) of the MAC address, leaving a HUGE breach of security.

I hope I can have a reply from you, since my last question about security hasn’t been answered over 12 days. And I can’t sell my software if with 1 copy of my application the organization to whom I sell can use it as in many computers as they like without buying new licenses.
I like the idea of your software but I has flaws(this one is a big one, not just a little bug) and I would like to have the confidence that at least what you say it works, works.
Hope this time you could answer me promptly because I need to sell my Excel Application. If you want more information about this issue I can help you.

Sincerely,
Gregory

Thank you for your report.

We checked the software code that gets the MAC address and it returns the entire 6 octates not the first 3 ones. So the error is somewhere else.

When the system ID is computed, if the MAC address can’t be read, it falls down to the system hard disk ID which in your case seems to be identical. Obviously we have to find out why the MAC address can’t be retrieved on such machines. Maybe some user restrictions but this is based on guess.
Would you be able to run a little utility on those computers so that we can get further information where the MAC address routine fails?

Thanks for your response: I surely can run an utility. I can ask permision and maybe I can run it as fast as tomorrow. I am very worried because I cannot distribute my application if any computer in the University can use it. You understand me. I dont know why it doesnt retrieve the serial number of the HDD as well (the unique manufacture-item serial), not just the disk partition serial number. Thats another proble.
You have my email. But in case I will send it to [email protected] so you can send me the utility. Give me precise instructions please so I do it right.
Gregory C.

Sure, we’ll send you the utility by email and we have your email address too.
Please allow up to 24 hours because we are going to add a diagnostic code to find out why it could not retrieve the HDD serial number too, and another way to retrieve it.