Valhalla Legends Forums Archive | General Programming | Creating Authentication Systems

AuthorMessageTime
Mephisto
What are some good ways to create authentication systems for applications you want to keep private but are at risk of being leaked by other people?
December 12, 2004, 11:49 PM
St0rm.iD
In short: there aren't any.
December 13, 2004, 1:11 AM
Mephisto
Omit the "good" then.

I have an idea that I haven't fully thought through, but it invovles taking a value which is unique for each user, but never changes and have that value sent to a Website which will encrypt it and come up with some sort of "key."  The user takes that key and puts it into a file, and the application decrypts the key and checks it against their unique value that never changes, and if it passes, the application proceeds.
December 13, 2004, 1:27 AM
hismajesty
Base it on harddrive serial.
December 13, 2004, 1:52 AM
Eibro
[quote author=Banana fanna fo fanna link=topic=9883.msg92116#msg92116 date=1102900295]
In short: there aren't any.
[/quote]That is a horrible answer.

[quote] Base it on harddrive serial.[/quote]
Base what on hard drive serial?


"Good" is a relative term. No matter how great your protection scheme is, it can always be broken. You want to find some middle ground-- there isn't much point in spending a lot of time on a elaborate scheme if no one has any reason to want to break it. If there is a reason for someone to want to break it, you need to implement something which will require a significant amount of time/skill to defeat. You can create protection which will defeat the average user. You can create protection which will defeat an amateur hacker. You can create protection which will defeat an experienced hacker. However, will there be such a demand for your application that an experienced hacker will ever take a look at it?
December 13, 2004, 3:41 AM
Mephisto
The protection need not warrant an experienced hacker, but it needs to be sufficient enough to prevent people from just using the application without permission granted, and made to where they can't just get a key without actually doing some hacking, and that hacking they do do shouldn't be as easy as 123 to get break the protection, but it doesn't need to be extensive protection as I said.
December 13, 2004, 4:44 AM
hismajesty
[quote]Base what on hard drive serial?[/quote]

Use the persons harddrive serial number for authorization. Or maybe generate a key based on their serial number.

Rabbit did his authorization using a haddrive serial number, I don't remember the exact method though.

[quote]The protection need not warrant an experienced hacker[/quote]

It doesn't take much experience to map the address where your auth file is stored to a point to a different one, or nop out a few lines after disassembling it. However, as Eibro said, would anybody care?
December 13, 2004, 11:46 AM
iago
Doing it based on harddrive serial is useless, because they can just bypass that part of the code. 

The best way is just to make your software opensource, and release the entire thing publicly, encouraging others to work on it, and provide patches if they find a bug.  It works surprisingly well.  Think about the REASON you want it to be closed.  The only one I can think of is so that people who don't have it say, "I want it! I'm going to be friends with the person who wrote it so that he'll give ME a copy!" and anybody who does it for that reason is pathetic.

Look at Skywing's BinaryChat: it had amazing protection on it, since we all know that Skywing is totally elite, and somebody has broken it.  There isn't a lot you can do to prevent a serious hacker from getting at your code, short of not giving it to them.  And even that doesn't always work (see also: half life 2).
December 13, 2004, 2:27 PM
Kp
[quote author=iago link=topic=9883.msg92167#msg92167 date=1102948072]Think about the REASON you want it to be closed.  The only one I can think of is so that people who don't have it say, "I want it! I'm going to be friends with the person who wrote it so that he'll give ME a copy!" and anybody who does it for that reason is pathetic.[/quote]

There's also the reasoning that it's simply too dangerous for public consumption.  Consider what a mess it would wreak on BW public gaming if the sum total of SCRL (Adron's SC HDL), SCE (Sky/Grok's SC HDL), and my BW work were merged into an open source project and released.  Obviously a special case, but it is another reason against release. :)
December 13, 2004, 4:30 PM
iago
[quote author=Kp link=topic=9883.msg92176#msg92176 date=1102955404]
[quote author=iago link=topic=9883.msg92167#msg92167 date=1102948072]Think about the REASON you want it to be closed.  The only one I can think of is so that people who don't have it say, "I want it! I'm going to be friends with the person who wrote it so that he'll give ME a copy!" and anybody who does it for that reason is pathetic.[/quote]

There's also the reasoning that it's simply too dangerous for public consumption.  Consider what a mess it would wreak on BW public gaming if the sum total of SCRL (Adron's SC HDL), SCE (Sky/Grok's SC HDL), and my BW work were merged into an open source project and released.  Obviously a special case, but it is another reason against release. :)
[/quote]

Indeed, I should have mentioned that.  The only thing that I've made that I haven't released with source is my Starcraft/Diablo hacks.  I completely agree, some things are destructive.  But in general, my statements stand :P

On a sidenote, to be technical, there is a lot of code that I've never made public for the sole reaason that I don't think anybody would care.  Of course, if somebody asked me for it (for example, my Java Huffman implementation), I'd happily give it to them.
December 13, 2004, 5:26 PM
hismajesty
[quote author=iago link=topic=9883.msg92167#msg92167 date=1102948072]
Doing it based on harddrive serial is useless, because they can just bypass that part of the code.
[/quote]

That applies to a lot of current methods. Think of those games that we cracked when you were teaching me to read Assembly.

[quote]The best way is just to make your software opensource, and release the entire thing publicly, encouraging others to work on it, and provide patches if they find a bug. It works surprisingly well.[/quote]

Despite his reason, making it open source/freely available kinda defeats the point which is to keep it private...
December 13, 2004, 7:48 PM
UserLoser.
[quote author=iago link=topic=9883.msg92167#msg92167 date=1102948072]
Look at Skywing's BinaryChat: it had amazing protection on it, since we all know that Skywing is totally elite, and somebody has broken it.
[/quote]

You forgot ZeroBot (binary version)! *;)*  But I'm pretty sure Sky doesn't use that same method anymore
December 13, 2004, 7:55 PM
iago
[quote author=hismajesty[yL] link=topic=9883.msg92197#msg92197 date=1102967300]
[quote author=iago link=topic=9883.msg92167#msg92167 date=1102948072]
Doing it based on harddrive serial is useless, because they can just bypass that part of the code.
[/quote]

That applies to a lot of current methods. Think of those games that we cracked when you were teaching me to read Assembly.
[/quote]
I know, you can bypass ANY protection.  There's nothing at all that you can do to stop it, just slow it down.

[quote]
[quote]The best way is just to make your software opensource, and release the entire thing publicly, encouraging others to work on it, and provide patches if they find a bug. It works surprisingly well.[/quote]

Despite his reason, making it open source/freely available kinda defeats the point which is to keep it private...
[/quote]
My point is that keeping stuff private is stupid.
December 13, 2004, 10:02 PM
Mephisto
Regardless of your guy's opinions which I appreciate, not one person here has provided me with an authentication/protection method.  If someone has a public one and wishes to share, please do so.
December 14, 2004, 1:00 AM
UserLoser.
[quote author=Mephisto link=topic=9883.msg92273#msg92273 date=1102986053]
Regardless of your guy's opinions which I appreciate, not one person here has provided me with an authentication/protection method.  If someone has a public one and wishes to share, please do so.
[/quote]

Strong encryption based off of certain values returned from querying the user's system info
December 14, 2004, 1:02 AM
hismajesty
[quote author=Mephisto link=topic=9883.msg92273#msg92273 date=1102986053]
Regardless of your guy's opinions which I appreciate, not one person here has provided me with an authentication/protection method. If someone has a public one and wishes to share, please do so.
[/quote]

I gave you a method.
December 14, 2004, 1:18 AM
Eibro
[quote author=Mephisto link=topic=9883.msg92273#msg92273 date=1102986053]
Regardless of your guy's opinions which I appreciate, not one person here has provided me with an authentication/protection method.  If someone has a public one and wishes to share, please do so.
[/quote]What have you come up with so far?
December 14, 2004, 1:20 AM
Mephisto
I explained it in an earlier post; HisMajesty, you gave me an idea to base it off of, not really a method of doing it.  :)
December 14, 2004, 1:26 AM
R.a.B.B.i.T
My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet. :)
December 14, 2004, 1:34 AM
UserLoser.
[quote author=R.a.B.B.i.T link=topic=9883.msg92293#msg92293 date=1102988068]
My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet. :)
[/quote]

Send the app to userloser@gmail.com
December 14, 2004, 1:48 AM
Arta
or arta@valhallalegends.com, if I have time :P
December 14, 2004, 2:07 AM
Kp
Or post it somewhere and I'll take a crack at it.  I have some downtime coming up.
December 14, 2004, 2:11 AM
Mephisto
Isn't it fairly easy to crack applications that use a harddrive serial number?
December 14, 2004, 2:27 AM
UserLoser.
[quote author=Mephisto link=topic=9883.msg92299#msg92299 date=1102991265]
Isn't it fairly easy to crack applications that use a harddrive serial number?
[/quote]

Fairly easy to crack anything that's non-encrypted

[quote author=Kp link=topic=9883.msg92297#msg92297 date=1102990265]
Or post it somewhere and I'll take a crack at it.  I have some downtime coming up.
[/quote]

Hmm, inproc is where now? :p
December 14, 2004, 2:28 AM
UserLoser.
[quote author=R.a.B.B.i.T link=topic=9883.msg92293#msg92293 date=1102988068]
My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet. :)
[/quote]

"ZakenNayo"?

[color=#FFFFFF] [22:05:45.734] [/color][color=#FFFF00][AUTH] Decoding authorization key...
[/color][color=#FFFFFF] [22:05:45.734] [/color][color=#00FF00][AUTH] Authorization key validated
[/color][color=#FFFFFF] [22:05:45.750] [/color][color=#FFFF00][AUTH] Verifying authorization database....
[/color][color=#FFFFFF] [22:05:45.750] [/color][color=#00FF00][AUTH] Authorization database verified
[/color][color=#FFFFFF] [22:05:45.750] [/color][color=#FFFF00][AUTH] Sending authorization request...
[/color][color=#FFFFFF] [22:05:45.968] [/color][color=#00FF00][AUTH] Authorization passed
[/color][color=#FFFFFF] [22:05:48.609] [/color][color=#FF0000] -- Error: Enter CD-Key
[/color][color=#FFFFFF] [22:05:48.609] [/color][color=#FF0000] -- Error: Enter home channel
[/color][color=#FFFFFF] [22:05:48.609] [/color][color=#FF0000] -- Error: Enter password
[/color][color=#FFFFFF] [22:05:48.609] [/color][color=#FF0000] -- Error: Enter username[/color]

/shrug

Swapped a few jz and jnz's~
December 14, 2004, 4:09 AM
LW-Falcon
haha  ;D
December 14, 2004, 4:18 AM
kamakazie
You could create something like bnls with authentication and encrypt the stream using RSA.  If this has nothing to do with a bot, then you could do the same thing but  with the critical functions server-side.
December 14, 2004, 4:36 AM
iago
Storing critical functions on a server will slow you down.  In fact, why don't you store the entire program online? Just make the bot a series of encrypted calls to the server?

What is stopping somebody from breaking the authentication, and using your server for themselves, though?  If you are using an encrypted stream, the client still has the ability to decrypt and use it, so that decryption code can be taken.
December 14, 2004, 3:48 PM
Kp
[quote author=iago link=topic=9883.msg92382#msg92382 date=1103039291]Storing critical functions on a server will slow you down.  In fact, why don't you store the entire program online? Just make the bot a series of encrypted calls to the server?

What is stopping somebody from breaking the authentication, and using your server for themselves, though?  If you are using an encrypted stream, the client still has the ability to decrypt and use it, so that decryption code can be taken.[/quote]

Ah, but if each client has its own unique authentication to the server, you can revoke individual clients when you realize what they're doing (similar to how CDkeys can be revoked from battle.net if they're caught causing too much trouble).  Incidentally, I agree with your implication that this is taking it to an extreme.
December 14, 2004, 4:46 PM
kamakazie
[quote author=iago link=topic=9883.msg92382#msg92382 date=1103039291]
Storing critical functions on a server will slow you down.  In fact, why don't you store the entire program online? Just make the bot a series of encrypted calls to the server?
[/quote]

Depends on the application I suppose.  But is a worthwhile and difficult measure to get past without alerting the creator someone is trying to break their application.  This thread reminds of what when MousePad and the Javascript dude (forgot is name, he attached a javascript engine to D2) had this neeto encryption that they thought couldn't be broken and eventually it did.
December 14, 2004, 6:49 PM
iago
The program has to necessarely decrypt itself to run, so there has to be a way to get around it. 

December 14, 2004, 7:15 PM
R.a.B.B.i.T
[quote author=UserLoser link=topic=9883.msg92329#msg92329 date=1102997371]
[quote author=R.a.B.B.i.T link=topic=9883.msg92293#msg92293 date=1102988068]
My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet. :)
[/quote]

"ZakenNayo"?

[color=#FFFFFF] [22:05:45.734] [/color][color=#FFFF00][AUTH] Decoding authorization key...
[/color][color=#FFFFFF] [22:05:45.734] [/color][color=#00FF00][AUTH] Authorization key validated
[/color][color=#FFFFFF] [22:05:45.750] [/color][color=#FFFF00][AUTH] Verifying authorization database....
[/color][color=#FFFFFF] [22:05:45.750] [/color][color=#00FF00][AUTH] Authorization database verified
[/color][color=#FFFFFF] [22:05:45.750] [/color][color=#FFFF00][AUTH] Sending authorization request...
[/color][color=#FFFFFF] [22:05:45.968] [/color][color=#00FF00][AUTH] Authorization passed
[/color][color=#FFFFFF] [22:05:48.609] [/color][color=#FF0000] -- Error: Enter CD-Key
[/color][color=#FFFFFF] [22:05:48.609] [/color][color=#FF0000] -- Error: Enter home channel
[/color][color=#FFFFFF] [22:05:48.609] [/color][color=#FF0000] -- Error: Enter password
[/color][color=#FFFFFF] [22:05:48.609] [/color][color=#FF0000] -- Error: Enter username[/color]

/shrug

Swapped a few jz and jnz's~
[/quote]No, that has a crappy auth system.  FoFoBot, which I sadly lost due to harddrive reformat, had the serial encryption.
http://cold-chaos.net/rabbit/FF_Full.exe or http://cold-chaos.net/rabbit/FF_Lite.exe are the installers for the old FoFoBot.

PS: ZakenNayo is public now, so there's no point to even cracking the serial.
December 15, 2004, 1:16 AM
UserLoser.
[color=#FFFFFF] [19:52:51] [/color][color=#FF0000][AUTH] Failed (1): Serial not found.  Request serial number with /reqser
[/color][color=#FFFFFF] [19:52:56] [/color][color=#4D9F63][AUTH] Passed (0): Serial request sent.  Please wait for activation.
[/color][color=#FFFFFF] [19:53:36] [/color][color=#4D9F63][AUTH] Passed (1): Serial accepted.
[/color][color=#FFFFFF] [19:53:37] [/color][color=#4D9F63][AUTH] Passed (2): Your serial was accepted.
[/color][color=#FFFFFF] [19:53:37] [/color][color=#C0C000]BNET: Connecting...
[/color][color=#FFFFFF] [19:53:37] [/color][color=#FF0000]BNET: 10049: Address is not available from the local machine.
[/color][color=#FFFFFF] [19:53:37] [/color][color=#FF0000]BNET: Disconnected.[/color]
December 15, 2004, 1:54 AM
R.a.B.B.i.T
Ah..I turned off the auth system, which I just turned on again.  Try now :)

[edit]
I also made this.  It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.

[edit2]
Fixed.
December 15, 2004, 2:31 AM
UserLoser.
[quote author=R.a.B.B.i.T link=topic=9883.msg92457#msg92457 date=1103077880]
Ah..I turned off the auth system, which I just turned on again.  Try now :)

[edit]
I also made this.  It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.
[/quote]


Broken link.
December 15, 2004, 2:57 AM
iago
[quote author=UserLoser link=topic=9883.msg92465#msg92465 date=1103079471]
[quote author=R.a.B.B.i.T link=topic=9883.msg92457#msg92457 date=1103077880]
Ah..I turned off the auth system, which I just turned on again.  Try now :)

[edit]
I also made this.  It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.
[/quote]


Broken link.
[/quote]

Looks ok here.
December 15, 2004, 4:05 AM
UserLoser.
What happens when you crack it?  Does it append a ":)" to the end of the first textbox? How do we know when it's cracked?
December 15, 2004, 4:30 AM
Arta
As UserLoser points out, we lack some information here, but I think this is probably it:

[img]http://www.valhallalegends.com/arta/CrackMe.jpg[/img]
December 15, 2004, 3:43 PM
R.a.B.B.i.T
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.
December 15, 2004, 9:41 PM
iago
[quote author=R.a.B.B.i.T link=topic=9883.msg92527#msg92527 date=1103146898]
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.
[/quote]

Why? You have to watch out for both.  The best way is to encrypt a series of commands, and the only way to decrypt them is with a valid key.  That why, they can't change a jump.
December 15, 2004, 10:18 PM
Arta
[quote author=R.a.B.B.i.T link=topic=9883.msg92527#msg92527 date=1103146898]
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.
[/quote]

Why would anyone go to that kind of trouble?
December 15, 2004, 10:21 PM
Adron
[quote author=Arta[vL] link=topic=9883.msg92534#msg92534 date=1103149285]
[quote author=R.a.B.B.i.T link=topic=9883.msg92527#msg92527 date=1103146898]
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.
[/quote]

Why would anyone go to that kind of trouble?
[/quote]

I like doing that because it typically lets me install future upgrades of the program without any additional work....
December 15, 2004, 10:32 PM
iago
[quote author=Adron link=topic=9883.msg92538#msg92538 date=1103149924]
[quote author=Arta[vL] link=topic=9883.msg92534#msg92534 date=1103149285]
[quote author=R.a.B.B.i.T link=topic=9883.msg92527#msg92527 date=1103146898]
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.
[/quote]

Why would anyone go to that kind of trouble?
[/quote]

I like doing that because it typically lets me install future upgrades of the program without any additional work....
[/quote]

By fingerprinting the code, you can usually do that anyway, unless they make changes to the algorithm.  And if they change the algorithm, your keygen won't work either.
December 15, 2004, 11:25 PM
R.a.B.B.i.T
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-
December 16, 2004, 10:01 PM
Arta
Won't make any difference :)
December 16, 2004, 10:51 PM
Myndfyr
[quote author=R.a.B.B.i.T link=topic=9883.msg92631#msg92631 date=1103234512]
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-
[/quote]

It wouldn't make a difference if the hacker figured out how to bypass the algo altogether.
December 16, 2004, 11:04 PM
UserLoser.
[quote author=R.a.B.B.i.T link=topic=9883.msg92631#msg92631 date=1103234512]
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-
[/quote]

Should look into your own encryption/scrambling system if you want it to be more secure.  By secure, I mean take more effort to crack; rather than modifying about 3 bytes of your code in the executable
December 16, 2004, 11:06 PM
iago
Is it possible to do encryptions like that for VB programs?  I'm assuming that RaBBiT is using VB, and I know VB is really limited (much like Java) for low level stuff like that.
December 16, 2004, 11:31 PM
Myndfyr
[quote author=iago link=topic=9883.msg92649#msg92649 date=1103239864]
Is it possible to do encryptions like that for VB programs?  I'm assuming that RaBBiT is using VB, and I know VB is really limited (much like Java) for low level stuff like that.
[/quote]

You could do a simple encryption with a stub program, I imagine: encrypt the entire program by doing something simple like XORing each byte with an arbitrary byte such as 0x6f or something.  Then prepend a stub that loads the data, decrypts it, and jumps to where the actual entry point *should* be.
December 16, 2004, 11:33 PM
Eibro
[quote author=MyndFyre link=topic=9883.msg92650#msg92650 date=1103240017]
[quote author=iago link=topic=9883.msg92649#msg92649 date=1103239864]
Is it possible to do encryptions like that for VB programs?  I'm assuming that RaBBiT is using VB, and I know VB is really limited (much like Java) for low level stuff like that.
[/quote]

You could do a simple encryption with a stub program, I imagine: encrypt the entire program by doing something simple like XORing each byte with an arbitrary byte such as 0x6f or something.  Then prepend a stub that loads the data, decrypts it, and jumps to where the actual entry point *should* be.
[/quote]A system like that is equally as weak. I could just convert the descrambling code into an IDC script and run it on scrambled sections.
December 17, 2004, 12:28 AM
Myndfyr
[quote author=Eibro[yL] link=topic=9883.msg92655#msg92655 date=1103243296]
A system like that is equally as weak. I could just convert the descrambling code into an IDC script and run it on scrambled sections.
[/quote]

Yes I know.  That's why I said "You could do a simple encryption."  The point was that it would be possible, not the strength of the scheme of protection.
December 17, 2004, 12:32 AM
St0rm.iD
Should encrypt the exe on disk, and use code modification in-memory to randomly scramble around program flow.
December 17, 2004, 1:24 AM
R.a.B.B.i.T
[quote author=MyndFyre link=topic=9883.msg92644#msg92644 date=1103238286]
[quote author=R.a.B.B.i.T link=topic=9883.msg92631#msg92631 date=1103234512]
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-
[/quote]

It wouldn't make a difference if the hacker figured out how to bypass the algo altogether.
[/quote]It would change the place where the jump occured, however!
December 20, 2004, 3:56 AM
UserLoser.
[quote author=R.a.B.B.i.T link=topic=9883.msg92988#msg92988 date=1103514995]
[quote author=MyndFyre link=topic=9883.msg92644#msg92644 date=1103238286]
[quote author=R.a.B.B.i.T link=topic=9883.msg92631#msg92631 date=1103234512]
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-
[/quote]

It wouldn't make a difference if the hacker figured out how to bypass the algo altogether.
[/quote]It would change the place where the jump occured, however!
[/quote]

So?  Then all someone has to do is disassemble it or do what they did the first time to find it
December 20, 2004, 4:14 AM
R.a.B.B.i.T
True, but it does get annoying to decompile and change the program every time.  Cracking the serial would work until the algorithm would change.
December 21, 2004, 12:04 AM
St0rm.iD
it would take prolly 5 min to crack that protection.
December 21, 2004, 12:06 AM
R.a.B.B.i.T
I never said it was the best, or even GOOD.  It was just an example.
December 21, 2004, 2:21 AM
TheMinistered
Yes, it is possible-- although quite ugly!  The key to doing it is a v-table hack & signatures.  We use the v-table hack so that we can write our scramble/descramble encrypt/decrypt in assembly.  Then the assembly needs signatures, since we can't do inline assembly we give the scramble/descramble encrypt/decrypt a dummy parameter and we pass something obvious like 0x12345678 or 0xBADBEEF, something our routines can scan for to know where to stop at.  It also requires a bit more for signatures using this method because the signatures will be pushed onto the stack before the call, etc.

[code]
Dim m_objProtection as new clsProtection

Private Sub Form_Load()
    Set m_objProtection = new clsProtection
End Sub

Private Sub DoMath()
  Dim lngX as long, lngY as long   

    Call m_objProtection.Decramble(&H12345678)
        lngX = 1
        lngY = 1
        lngX = lngX + lngY
    Call m_objProtection.Scramble(&H87654321)
End Sub

Private Sub Form_Unload(ByRef Cancel as Integer)
    Set m_objProtection = Nothing
End Sub
[/code]
January 8, 2005, 4:46 PM
Arta
Nice to see you got that working in the end :)
January 9, 2005, 8:04 AM
Newby
Nice to see I didn't have to write the scrambling part after all. :)
January 9, 2005, 5:48 PM
JoeTheOdd
Four things. EDIT: Five.

iago: [quote]I completely agree, some things are destructive.
My point is that keeping stuff private is stupid.[/quote]
I think he forgets pretty fast, if you ask me.

UserLoser: [quote]"ZakenNayo"?[/quote]
FoFoBot, although RaBBiT already said. ^^

Mephisto: I would have a list of authorized names somewhere and then access that list, and if CrLf, the name, and then CrLf is in the list, then their authorized. I know its easily crackable, but its what Stealth uses, plus checking for the end of his lines. I haven't tried, but from seeing the StealthLock code, you could pass the authorization by using the middle of an authorized name as your name, unless he upgraded it to check for vbCrLf's too.

RaBBiT: I'm guessing your saying "Heres FoFoBot, now crack it. See if I care.", right?

EDIT:
Fifth and finally, page break!
January 28, 2005, 11:46 PM
R.a.B.B.i.T
Pretty much, considering I set the auth to a BNLS similar way (before BNLS converted).  If your info works, you get a valid logon response.  If it doesn't or is just completely absent you get the "I don't give a fuck, logon anyways" message.
January 29, 2005, 11:54 PM
Adron
[quote author=rabbit link=topic=9883.msg97331#msg97331 date=1107042858]
Pretty much, considering I set the auth to a BNLS similar way (before BNLS converted).  If your info works, you get a valid logon response.  If it doesn't or is just completely absent you get the "I don't give a fuck, logon anyways" message.
[/quote]

Which means that to "hack" your bot, you'd make an entry in the hosts file?
January 30, 2005, 9:53 AM
R.a.B.B.i.T
And people always tried decompiling.  The simplist method usually works best :)
February 1, 2005, 1:49 PM
QwertyMonster
There is one way, making a seperate bot connect on form_load with the user not knowing, and if you see its somebody you dont know, make it shutdown, and the way you can do that is

Make the bot look at a website with a txtdocument with something like "DOWN", if its there, bot will stay up, if it isnt the bot will shutdown, easy ?
February 4, 2005, 2:32 PM
Soul Taker
[quote author=QwertyMonster link=topic=9883.msg98199#msg98199 date=1107527557]
There is one way, making a seperate bot connect on form_load with the user not knowing, and if you see its somebody you dont know, make it shutdown, and the way you can do that is

Make the bot look at a website with a txtdocument with something like "DOWN", if its there, bot will stay up, if it isnt the bot will shutdown, easy ?
[/quote]
Then all someone has to do is change their hosts file so the bot will use a text document on localhost rather than your website.
February 4, 2005, 4:20 PM
UserLoser.
Hmm, this may be a bad method since it will consume bandwidth and time, but to me it surely sounds safe if you understand what I'm trying to say :)

User gets the executable which is scrambled based off of a unique key decided from program which gets info about the user's computer.  The executable is compiled like normal & server adds this version of executable into it's database, then using another application it scrambles all of the contents except the code which grabs the unique key for the user's system.  The executable contains no decryption, unscrambling, scrambling, or encryption code at all.  The executable is forced to connect to the "auth server" which everything is done.  The executable sends the server the key, and the server unscrambles the defined executable (gets the file contents from the database) based on the key sent, and then the server sends back all of the unscrambled data (valid or not) to the program and it just writes over the useless scrambled junk.  Continue execution of program.

So pretty much there is no way to unscramble any of the code (it's basically just dummy bytes that will get overwritten) unless you connect to the correct server.  [u]The server cannot be rerouted (nobody will know how to write a server which performs the required tasks), modifying hosts file will not help in anyway[/u], so that's good i guess.
February 5, 2005, 5:52 AM
Arta
Write a hook function that intercepts the area of the executable where the decrypted code is received and written to memory. Save the decrypted code along with an offset that defines where it goes. Start replacing encrypted sections with the decrypted data, without removing the decryption mechanism on areas that are still encrypted. Use the program thoroughly. Eventually, all sections should be decrypted.

Alternatively, make a list of all encrypted sections and the encrypted data, write a client for the auth server, request that it decrypt all of them, write them to the .exe, and bingo.
February 5, 2005, 8:14 AM
Soul Taker
If your secure executable is being replaced, UL, wouldn't the original leaker just leak the already descrambled version?
February 5, 2005, 10:22 AM
St0rm.iD
How about this:

Your app is a device driver. When it smells trouble (debugger etc), it does some whacko hardware error so you can't debug it. Ensure it's always in memory and locked in the filesystem, too.
February 5, 2005, 8:28 PM
Soul Taker
[quote author=Banana fanna fo fanna link=topic=9883.msg98360#msg98360 date=1107635323]
How about this:

Your app is a device driver. When it smells trouble (debugger etc), it does some whacko hardware error so you can't debug it. Ensure it's always in memory and locked in the filesystem, too.
[/quote]
Lots of games do something similar to foil people using virtual drives to play the games.  All of them that I've played have been cracked irregardless though, and most Softice detecting stuff has been foiled too.
February 6, 2005, 1:18 PM
QwertyMonster
Hmm i have another idea.

Ask Stealth How he makes hes bot show its time for update when outdated, but switch it around to see when an invalid user connects (One you dont know) and make it shutdown.

But maybe Stealth will be mean and not tell you, but worth a try? :/
February 6, 2005, 6:45 PM
Twix
i am pretty sure they already know how to do that if they know winsock and it be pretty easy to bi-pass it all u need to do is put a jump where it checks the website
February 6, 2005, 7:07 PM
Stealth
[quote author=QwertyMonster link=topic=9883.msg98493#msg98493 date=1107715556]
Hmm i have another idea.

Ask Stealth How he makes hes bot show its time for update when outdated, but switch it around to see when an invalid user connects (One you dont know) and make it shutdown.

But maybe Stealth will be mean and not tell you, but worth a try? :/
[/quote]

That system and the beta authorization system have almost no security at all to them. They can be hijacked with a simple hosts-file redirect or a variety of other methods.
February 7, 2005, 12:20 AM
Quarantine
The fact that non beta users dont have SB Beta and he only picks honest people is  most likely the reason he wont break his back writing a good Authentication system.
February 7, 2005, 1:36 AM
QwertyMonster
Lol, well an easy Authentication that can be hijacked easy seems to be working good. To me it looked good, until now you told me!  :P
February 7, 2005, 5:24 PM
Quarantine
Most Auths can be bypassed by jumping where it comes out incorrect to where it comes out correct by editing a few bytes. But like stated earlier it depends who are the people who use your Bots and if they know how to bypass your Authentication, unless you plan on distributing your product to the masses and have alot of smart enemies I dont think you need to have a super secure Authentication
February 7, 2005, 6:00 PM
Mephisto
Well, as I have learned, generally any authentication which does not use encryption can be easily bypassed (though there are certain things you can do to make it very tedius work for the hacker to bypass your authentication such as having 50 checks made in different ways and in different places; though the user could just figure out your authentication method and bypass all those, but you could make your authentication via a server instead of locally which cancels out that idea).
February 7, 2005, 7:18 PM
tA-Kane
What you people might be missing is that everything needed to make a successful connection to the server is there in the executable. Whether it's just a simple data encryption handshake, or the code necessary to download an alternate program to be stored in memory, all it takes is time before someone will crack it.
February 7, 2005, 10:16 PM

Search