An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#46687 - 10/25/17 07:31 AM Hard disk replacement. Sign out of services?
Urquhart Offline


Registered: 08/10/17
Loc: Netherlands
I’m planning on exchanging the hard drive (original Apple HGST) for an SSD (Samsung 850 EVO) in a MacBook Pro 2012, to give it another lease on life. (Not mine, for a family member.)
(Of course, I’ll make a TM backup first.) As the old drive will be erased, and probably discarded, should I sign out of all services (iTunes, iCloud, iMessages, paired BlueTooth devices, etc)? The computer should stay linked to the same Apple ID and such, but I expect such identification to be set somewhere on the drive. It is the kind of thing I would like to be prepared for, instead of fixing bad registrations the hard way afterwards. Any other advice on what I should do before the actual exchange?


Edited by Urquhart (10/25/17 07:33 AM)

Top
#46688 - 10/25/17 08:33 AM Re: Hard disk replacement. Sign out of services? [Re: Urquhart]
Ira L Offline


Registered: 08/13/09
Loc: California
If I understand you correctly, you are saying that after installing the SSD you want everything to be the same as it was before. Then why not, after installing the SSD, do a restore from the Time Machine backup? That will preserve everything as it was before, much like transferring an old Mac to a new one.

Signing out beforehand (but after the TM backup) will prevent access to the account on the old drive if someone should try to use it; but you say it will be erased, so signing out should not make a difference. Take a hammer or magnet to it to be extra certain. smirk
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#46690 - 10/25/17 08:51 AM Re: Hard disk replacement. Sign out of services? [Re: Urquhart]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Replacing an internal HD is no different than having a bootable external drive or porting a system to a new computer and having ported several systems to new computers, replaced internal drives on computers, and set up innumerable bootable external drives, I have never found it necessary to log out of any services in the process.

I have successfully used a Time Machine backup in several instances, but while a Time Machine restore works well a full Time Machine restore can take a LONG time. If you have a spare external drive handy, cloning the existing system to the external drive (don't forget to verify the clone will boot and Disk Utility's First Aid gives it a clean bill of health and any apps that might have registration problems such as Adobe CS work) then replacing the HD with the SSD and finally boot from the external drive and cloning from it to the SSD can take a lot less time. I have never encountered a problem with registrations either way, but then I don't have any Microsoft or Adobe apps.
_________________________
joemikeb • moderator

Top
#46699 - 10/26/17 10:50 AM Re: Hard disk replacement. Sign out of services? [Re: Urquhart]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
You should sign out of your Apple ID (in the AppStore, iCloud, and Find My Device) on any device before getting rid of it or replacing the hard drive. Otherwise you risk losing an activation count for apps you've downloaded.

I had to ask apple to do a reset on my count once somewhat recently because over the last five years I'd gone through two computers, plus a loaner, and two fresh reformats. That burned up all five of my Apple ID uses for the AppStore. They'll do a reset for you once a year iirc. That causes ALL devices signed into that Apple ID to get signed out, so you have to go to your devices that were supposed to be signed in and sign in again. (like your iPhone and iPad too) There's no way to force-sign-out a specific machine or machines that you no longer are using or that have ceased to exist, you have to whack all of them that are using your apple id all at once.

This would apply the same to any other service that requires you to sign in your device. (netflix? hulu? Adobe Creative Cloud for sure, etc)
_________________________
I work for the Department of Redundancy Department

Top
#46704 - 10/26/17 02:26 PM Re: Hard disk replacement. Sign out of services? [Re: Virtual1]
Ira L Offline


Registered: 08/13/09
Loc: California
Originally Posted By: Virtual1
You should sign out of your Apple ID (in the AppStore, iCloud, and Find My Device) on any device before getting rid of it or replacing the hard drive. Otherwise you risk losing an activation count for apps you've downloaded.


In the instance under discussion, isn't there a difference between device and hard drive for the purpose of Apple's counting? If the replaced hard drive is not used anywhere else, then the count has not changed. Otherwise, more users would be burning up their allocation just from restoring via clones or TM backups.

I don't know Apple's process here, but I would imagine that for counting they would look at some kind of hardware ID, and if that does not change, then the count does not change.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#46744 - 10/31/17 05:44 AM Re: Hard disk replacement. Sign out of services? [Re: Ira L]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Ira L
In the instance under discussion, isn't there a difference between device and hard drive for the purpose of Apple's counting? If the replaced hard drive is not used anywhere else, then the count has not changed. Otherwise, more users would be burning up their allocation just from restoring via clones or TM backups.

I don't know Apple's process here, but I would imagine that for counting they would look at some kind of hardware ID, and if that does not change, then the count does not change.

There's no fixed standard for how to do this, but most vendors take the same approach that has been refined over the ages with various software experiments:

Before activating, the software will at first launch generate some large random seed. It then record this information as well as any license code and some unique information from the computer's hardware. The serial number of the computer is commonly used, as is the MAC address on the default ethernet or wifi port. (often both) Microsoft Windows records a great deal of additional information including your graphics card and hard drive serial numbers. This information is combined together ("hashed") to create a globally-unique seed. When activating, this seed, along with all of the gathered information and credentials, are sent to the activation server as details in an unsigned certificate. (CSR file - a Certificate Signing Request)

After validating your credentials and license availability, the activation server signs this certificate and sends it back to your computer. The software saves this signed certificate. (commonly referred to as the "license file") Anytime it launches, it will verify the signature before it will run. If any information on your computer changes compared to what's in the certificate, the software may refuse to run. (windows will let you change a few minor components, or one major component, any more than that will fail the comparison) Most software doesn't record as much and will refuse to launch if any information differs from what's in the certificate.

You can't "hack" (edit) the certificate and change information in it to match your current configuration, because that will invalidate the signature. If your hardware changes, you have to submit a new activation request and get a new certificate that matches your hardware and is properly signed by the activation server. As with any asymmetrical key system, the software on your computer is easily able to verify a signature is valid (using its copy of the public key) without having the ability to create a new, valid signature, which requires the private key stored only on the activation server.

On the mac, the software doesn't even have to manage this certificate or its public key itself. It'll just hand it off to the user's keychain using the built-in certificate management system in OS X.

This prevents you from say, copying software and the license file (certificate) to another computer and running the software there. Or even moving the entire hard drive to another computer. It may also cause your software to deactivate if you change your hard drive (even if you DO klone the data over) or change the logic board in your computer, or the wifi card gets replaced. (when Apple replaces a logic board under warranty, they klone the serial number from your old board, BUT they DO NOT klone the MAC address on your ethernet port!)

Although I don't know for certain, it's reasonable to assume the AppStore computer-activation is done in the same way. I know every time I've had to restore from a time machine backup I've had to re-activate my computer for the AppStore. I assume this is because the GUID (random serial number created when you format a volume, and time machine DOES NOT klone the GUID of the volume when restoring) is part of their certificate information, seeing as my hardware and software did not change. But because Apple allows you to have up to five computers (and unlimited iOS devices - that actually have SOME limitations they don't publicly disclose) I only ran into a problem once and needed to use a once-a-year full reset of my count. (but then I had to reactivate my other computer and iPhone because their certificates got revoked when I reset)

So I urge you to sign out of any licensed services before making significant hardware changes or discarding your gear. Otherwise someone else may be able to use your services, or it may inconvenience you by making one of your granted activations inaccessible.
_________________________
I work for the Department of Redundancy Department

Top
#46747 - 10/31/17 08:09 AM Re: Hard disk replacement. Sign out of services? [Re: Virtual1]
Urquhart Offline


Registered: 08/10/17
Loc: Netherlands
Originally Posted By: Virtual1
So I urge you to sign out of any licensed services before making significant hardware changes or discarding your gear.

Thanks for your view on this subject. I see how it *could* matter for activations and certificates, but if Apple authorizes devices based on hardware IDs other than the drive, then one could exchange drives all that you want, and it wouldn’t make a difference. The point is, we don’t know how they do undisclosed things. But the drive (and ram) seem like easily exchangeable parts that *shouldn’t* be part of an identification protocol.

Apple doesn’t seem to mention any of this on their website, and I didn’t even find similar questions from others. Not how they register services and applications, and no advice on the matter of services and drives. The documentation routinely mentions “authorize this computer”, not “this drive”. As the laptop is out of regular AppleCare, Apple themselves won’t handle my tech support questions, except for AppleCare Pay-Per-Incident Support at $29 per question, I suppose.

I did contact the always helpful OWC, and their support person said on signing out of services “No, that would not be necessary to do before you go through the data transferring process.” (And I realize it will probably work just fine; but I wouldn’t know if an activation counter has gone up (or down), which might have been prevented.)

Besides Apple’s products, it might include MS Office as well. The previous one, so just out of support (Oct. 10). If something blocks, I suppose they could say “we can’t help you anymore”. I wonder if end-of-support also blocks re-activation?

Top
#46754 - 11/01/17 09:17 AM Re: Hard disk replacement. Sign out of services? [Re: Urquhart]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Urquhart
Originally Posted By: Virtual1
So I urge you to sign out of any licensed services before making significant hardware changes or discarding your gear.

Thanks for your view on this subject. I see how it *could* matter for activations and certificates, but if Apple authorizes devices based on hardware IDs other than the drive, then one could exchange drives all that you want, and it wouldn’t make a difference. The point is, we don’t know how they do undisclosed things. But the drive (and ram) seem like easily exchangeable parts that *shouldn’t* be part of an identification protocol.

it's been my experience that apple includes at least computer serial number and the volume id in the certificate. So either swapping the hard drive to another computer or reformatting the volume will cause licensing to break.

Quote:
Apple doesn’t seem to mention any of this on their website, and I didn’t even find similar questions from others. Not how they register services and applications, and no advice on the matter of services and drives. The documentation routinely mentions “authorize this computer”, not “this drive”. As the laptop is out of regular AppleCare, Apple themselves won’t handle my tech support questions, except for AppleCare Pay-Per-Incident Support at $29 per question, I suppose.

And you never will see them discuss it. It's SOP in the copy-protection market to NOT discuss any details of your protection with anyone, ever. It's considered partly a trade-secret, and partly a security secret. It's "security-by-obscurity" for sure, but although it's weak when its your only protection, it does offer a small amount of added insulation alongside the actual operation of the details that are being hidden. Same way you won't see the bank publishing their guard's schedule publicly - the vault should remain secure regardless of the public availability of the schedule, but knowing the schedule gives attackers information they may be able to use in combination with other weaknesses they find, to come up with a successful exploit. (funny enough I've seen that specific detail called out twice in the past, much to the embarrassment of the bank's security firm)

Quote:
I did contact the always helpful OWC, and their support person said on signing out of services “No, that would not be necessary to do before you go through the data transferring process.” (And I realize it will probably work just fine; but I wouldn’t know if an activation counter has gone up (or down), which might have been prevented.)

IF Apple is not including the hard drive's SN (and I'm not sure on this) and IF the cloning software they provide is duplicating the GUID of the volume, then no you don't have to worry about it. But time machine doesn't restore the GUID because it's bad practice to duplicate a GUID (Globally Unique IDentifier) and can cause problems for time machine and spotlight, just to name a few.

Quote:
Besides Apple’s products, it might include MS Office as well. The previous one, so just out of support (Oct. 10). If something blocks, I suppose they could say “we can’t help you anymore”. I wonder if end-of-support also blocks re-activation?

As long as the key remains valid, you should be okay. It can make matters difficult though. I spent an entire day at a newspaper trying to get 7 desktop and one server upgraded. One of the desktop macs would no longer boot, and it was not possible to deactivate quark on it. (failed logic board) I moved the hdd to another machine and though it would boot, the license was broke (logic board sn and ethernet mac changed) so it could not be DEactivated to recover the activation counter because it didn't think it was activated to begin with. Two hours (yes really) on the phone with Quark and they finally manually added an activation count to the shop's license so I could get that last desktop fully up. A call to adobe was also required, but they had us settled in under 20 minutes. So, "YMMV". (some software titles give you two or even three activations on a SN, to save everyone a headache)

And numerous times I've had activation on software break because I did an archive-and-install or full-on-reinstall of an OS over the top of an existing Users folder etc. It's very rare in those cases for me to be able to find something I can move from the archived system folder into the new one to satisfy the software.
_________________________
I work for the Department of Redundancy Department

Top

Moderator:  alternaut, dianne, MacManiac