Author | Message | Time |
---|---|---|
Networks | By this I mean retrieving a file of the net and reading it's content and matching up a username. If the username does not appear the application will shutdown. I will match the username upon the time the bot logs on to the username. What I'd like to know is: - How can make this better? - How can I stop someone from using reverse engineering techniques and/or hexing? - What other methods can I use that are possibly better. | February 10, 2005, 5:05 PM |
LoRd | https://davnit.net/bnet/vL/phpbbs/index.php?topic=9883.0 Thank you for searching before posting. | February 10, 2005, 6:57 PM |
Soul Taker | Just a note since he might not read all that, that is a really poor method of security. | February 10, 2005, 7:23 PM |
UserLoser. | [quote author=Soul Taker link=topic=10506.msg99177#msg99177 date=1108063404] Just a note since he might not read all that, that is a really poor method of security. [/quote] Well, I'd say the average Battle.net bot user would not know how to get around it | February 10, 2005, 7:36 PM |
CrAz3D | Make the program required to be on disc? :-\ I like trust's harddrive serial idea, that is what I used to do. | February 10, 2005, 7:38 PM |
Quarantine | I'd make a CDkey based on the harddrive serial or something and require them to enter it, that way everything is done withought contacting a website. Like UserLoser said the average Battle.net use wont know how to bypass anything | February 10, 2005, 8:43 PM |
JoeTheOdd | Which makes connecting to a website just as secure, and requires 100% less work. | February 10, 2005, 10:49 PM |
CrAz3D | [quote author=JoeTheOdd link=topic=10506.msg99202#msg99202 date=1108075746] Which makes connecting to a website just as secure, and requires 100% less work. [/quote]It is less secure because there are SOME ppl on bnet that might get bored & break the authorization. Also, 100% - 100% = 0%, nothing can take 0 effort/work to do. | February 10, 2005, 11:26 PM |
LoRd | [quote author=CrAz3D link=topic=10506.msg99184#msg99184 date=1108064331] Make the program required to be on disc? :-\ I like trust's harddrive serial idea, that is what I used to do. [/quote] You could have the most complex method of generating and verifying a key known to man, but if you have code like this then your program can be cracked in < 5 minutes. [code] If VerifyKey(key) ContinueLoad(); else InvalidKey(); [/code] Here's an example of the above code in Assembly: [code] push key call VerifyKey add esp, 4 test al, al je abc call InvalidKey abc: ContinueLoad [/code] Now you could do any number of simple things to crack this. One of which being, changing je (jump if equal) to jne (jump if not equal) which will make all invalid keys, valid. | February 10, 2005, 11:47 PM |
UserLoser. | [quote author=LoRd[nK] link=topic=10506.msg99208#msg99208 date=1108079266] [quote author=CrAz3D link=topic=10506.msg99184#msg99184 date=1108064331] Make the program required to be on disc? :-\ I like trust's harddrive serial idea, that is what I used to do. [/quote] You could have the most complex method of generating and verifying a key known to man, but if you have code like this then your program can be cracked in < 5 minutes. [code] If VerifyKey(key) ContinueLoad(); else InvalidKey(); [/code] Here's an example of the above code in Assembly: [code] push key call VerifyKey add esp, 4 test al, al je abc call InvalidKey abc: ContinueLoad [/code] Now you could do any number of simple things to crack this. One of which being, changing je (jump if equal) to jne (jump if not equal) which will make all invalid keys, valid. [/quote] Or just make it 0xeb which solves everything | February 10, 2005, 11:57 PM |
Networks | Yes, however it only takes one person to know how to bypass something like that to allow the entire bot community to get ahold of it. Sorry I didn’t search but I had to leave my class because the bell rang so I just did it really quick. | February 11, 2005, 3:51 AM |
Quarantine | Most people who are smart enough to bypass Auths arn't jackasses. So it's a test of honesty if you make it easy I guess. | February 11, 2005, 4:47 AM |
Soul Taker | [quote author=Warrior link=topic=10506.msg99242#msg99242 date=1108097254] Most people who are smart enough to bypass Auths arn't jackasses. So it's a test of honesty if you make it easy I guess. [/quote] A test of honesty isn't very good security :P | February 11, 2005, 1:13 PM |
Ban | Yeah, just look at M$ ;) | February 11, 2005, 3:37 PM |
Networks | [quote author=Warrior link=topic=10506.msg99242#msg99242 date=1108097254] Most people who are smart enough to bypass Auths arn't jackasses. So it's a test of honesty if you make it easy I guess. [/quote] If it was a test of honesty, I would just tell everyone who has it, "Please don't leak it." I am going for more of a forceful approach. | February 11, 2005, 4:46 PM |
CrAz3D | [quote author=Networks link=topic=10506.msg99284#msg99284 date=1108140406] [quote author=Warrior link=topic=10506.msg99242#msg99242 date=1108097254] Most people who are smart enough to bypass Auths arn't jackasses. So it's a test of honesty if you make it easy I guess. [/quote] If it was a test of honesty, I would just tell everyone who has it, "Please don't leak it." I am going for more of a forceful approach. [/quote]I remember that Fr0z3N (from exile) had created an authentication servery thing that checked a username/password & hd serial I think. He ran the auth server on his computer & it was encrypted, how, I don't remember. | February 11, 2005, 4:54 PM |
R.a.B.B.i.T | Changing the hosts file fixes that. You can run your own server that returns a positive result, or just alter the JE/JNE/JZ/JNZ/JMP locations anyway. | February 11, 2005, 7:05 PM |
Quarantine | Im speaking more of the people who actually know how to bypass it and them not leaking it out, not users in General. | February 11, 2005, 7:29 PM |