I'm deploying software that is licensed based on uniquely identifiable computer characteristics. I am wondering about the Manufacturer-assigned serial number of an internal fixed hard-disk.
To be clear, I am not referring to the Volume Serial Number which changes every time you format a Windows hard drive. I mean the manufacturer-specific number that corresponds (usually) to what is physically written on label on the outside of the drive. My software uses low level APIs (e.g. DeviceIoControl
on Windows) to read it.
Is it possible for software to "spoof" this ID? My understanding is that while software can query it, it cannot change it because it comes from firmware. Is that correct? (I've avoided using MAC addresses for this very reason, among others)