By this I mean retrieving a file of the net and reading it's content and matching up a username. If the username does not appear the application will shutdown. I will match the username upon the time the bot logs on to the username.

What I'd like to know is:
- How can make this better?
- How can I stop someone from using reverse engineering techniques and/or hexing?
- What other methods can I use that are possibly better.

https://davnit.net/bnet/vL/phpbbs/index.php?topic=9883.0

Thank you for searching before posting.

Just a note since he might not read all that, that is a really poor method of security.

[quote author=Soul Taker link=topic=10506.msg99177#msg99177 date=1108063404]
Just a note since he might not read all that, that is a really poor method of security.
[/quote]

Well, I'd say the average Battle.net bot user would not know how to get around it

Make the program required to be on disc?  :-\

I like trust's harddrive serial idea, that is what I used to do.

I'd make a CDkey based on the harddrive serial or something and require them to enter it, that way everything is done withought contacting a website. Like UserLoser said the average Battle.net use wont know how to bypass anything

Which makes connecting to a website just as secure, and requires 100% less work.

[quote author=JoeTheOdd link=topic=10506.msg99202#msg99202 date=1108075746]
Which makes connecting to a website just as secure, and requires 100% less work.
[/quote]It is less secure because there are SOME ppl on bnet that might get bored & break the authorization.  Also, 100% - 100% = 0%, nothing can take 0 effort/work to do.

[quote author=CrAz3D link=topic=10506.msg99184#msg99184 date=1108064331]
Make the program required to be on disc?  :-\

I like trust's harddrive serial idea, that is what I used to do.
[/quote]

You could have the most complex method of generating and verifying a key known to man, but if you have code like this then your program can be cracked in < 5 minutes.

[code]
If VerifyKey(key)
    ContinueLoad();
else
    InvalidKey();
[/code]

Here's an example of the above code in Assembly:

[code]
  push key
  call VerifyKey
  add esp, 4
  test al, al
  je abc
  call InvalidKey
abc:
  ContinueLoad
[/code]

Now you could do any number of simple things to crack this.  One of which being, changing je (jump if equal) to jne (jump if not equal) which will make all invalid keys, valid.

[quote author=LoRd[nK] link=topic=10506.msg99208#msg99208 date=1108079266]
[quote author=CrAz3D link=topic=10506.msg99184#msg99184 date=1108064331]
Make the program required to be on disc?  :-\

I like trust's harddrive serial idea, that is what I used to do.
[/quote]

You could have the most complex method of generating and verifying a key known to man, but if you have code like this then your program can be cracked in < 5 minutes.

[code]
If VerifyKey(key)
    ContinueLoad();
else
    InvalidKey();
[/code]

Here's an example of the above code in Assembly:

[code]
  push key
  call VerifyKey
  add esp, 4
  test al, al
  je abc
  call InvalidKey
abc:
  ContinueLoad
[/code]

Now you could do any number of simple things to crack this.  One of which being, changing je (jump if equal) to jne (jump if not equal) which will make all invalid keys, valid.
[/quote]

Or just make it 0xeb which solves everything

Yes, however it only takes one person to know how to bypass something like that to allow the entire bot community to get ahold of it.

Sorry I didn’t search but I had to leave my class because the bell rang so I just did it really quick.

Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.

[quote author=Warrior link=topic=10506.msg99242#msg99242 date=1108097254]
Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.
[/quote]
A test of honesty isn't very good security  :P

Yeah, just look at M$ ;)

[quote author=Warrior link=topic=10506.msg99242#msg99242 date=1108097254]
Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.
[/quote]

If it was a test of honesty, I would just tell everyone who has it, "Please don't leak it." I am going for more of a forceful approach.

[quote author=Networks link=topic=10506.msg99284#msg99284 date=1108140406]
[quote author=Warrior link=topic=10506.msg99242#msg99242 date=1108097254]
Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.
[/quote]

If it was a test of honesty, I would just tell everyone who has it, "Please don't leak it." I am going for more of a forceful approach.
[/quote]I remember that Fr0z3N (from exile) had created an authentication servery thing that checked a username/password & hd serial I think.  He ran the auth server on his computer & it was encrypted, how, I don't remember.

Changing the hosts file fixes that.  You can run your own server that returns a positive result, or just alter the JE/JNE/JZ/JNZ/JMP locations anyway.

Im speaking more of the people who actually know how to bypass it and them not leaking it out, not users in General.