Your strings are not safe!!!

[KlintonWoo]

I stumbled across a program called Textscan by AnalogX, which basically can read all the values, strings from your EXE's... a big problem for those creating near-simple security in their programs like registration keys etc...


http://www.analogx.com/contents/downloa ... xtscan.htm

[GPI]

You have this problem with *every* program-language.

[thefool]

thats why one of the most important rules of protecting valuable strings is
encrypting them. This is to be said for every programming language. so
PROTECT YOUR STRINGS! but only the valuable ones. and be ware of
using a word as password for unencrypting, that will be seen as well.
But i noticed that a lot of string finders wont notice your string and password,
if the encrypting makes a weird string out of it. non readable characters etc.
Low achii walues. And using 0 and 1 for password, most string listers wont
actually show it.

[GedB]

http://www.purebasic.com/documentation/ ... index.html

[Kale]

http://inner-smile.com/nocrack.phtml

[KlintonWoo]

I have seen those MD5 etc commands in the documentation, but i have no idea how to use them, my idea of encryption/cipher is entering a string or data, a keyword or password and take the output as the encrypted form.

If someone could tell me how, i would appreciate it

[Dreglor]

you don't need programs to see the strings in the program just open it in notpad and look at the end

[PB]

Compile this into an exe and take a look with a hex editor:

Code: Select all

a$=Chr('t')+Chr('h')+Chr('i')+Chr('s')+Chr(' ')
a$+Chr('i')+Chr('s')+Chr(' ')
a$+Chr('h')+Chr('i')+Chr('d')+Chr('d')+Chr('e')+Chr('n')+Chr(' ')
a$+Chr('i')+Chr('n')+Chr(' ')+Chr('a')+Chr('n')+Chr(' ')
a$+Chr('e')+Chr('x')+Chr('e')
MessageRequester("test",a$,0)

WARNING: This is NOT recommended for important data! You should always
use encryption for important data, as mentioned in this topic already. But this
method is fine for non-vital things such as Easter Egg messages and so on.

[PB]

> I stumbled across a program called Textscan by AnalogX, which basically
> can read all the values, strings from your EXE's

A better app is BinText: http://tinyurl.com/4amuz

BinText is smaller, needs no installation, has filtering, and lets you maximize
the window to see more results. Highly recommended.

[GedB]

Here's an exampel using MD5 hashing to check passwords.

Code: Select all

Password.s = "Purebasic" 
MD5.s = MD5Fingerprint(@Password, Len(Password))
OpenConsole()
PrintN("Enter password or Q to quit")
finished = #False
Repeat
  Entered.s = Input()
  PrintN("")
  If LCase(Entered) = "q"
    finished = #True
  ElseIf MD5Fingerprint(@Entered, Len(Entered)) = MD5
    PrintN("Password is correct")
  Else
    PrintN("Incorrect Password")
  EndIf
Until finished
CloseConsole()

[GreenGiant]

@GedB In your example you're still storing the password in a string. It's no more secure than not using the encryption at all. Open up your exe with a hex editor and you'll still find the password there, plain to see. I always thought the way to use those commands was like this (the password's still Purebasic)

Code: Select all

MD5.s="2747d19b44270f1e0e23bf32aca3a1f7"
OpenConsole() 
PrintN("Enter password or Q to quit") 
finished = #False 
Repeat 
  Entered.s = Input() 
  PrintN("") 
  If LCase(Entered) = "q" 
    finished = #True 
  ElseIf MD5Fingerprint(@Entered, Len(Entered)) = MD5 
    PrintN("Password is correct") 
  Else 
    PrintN("Incorrect Password") 
  EndIf 
Until finished 
CloseConsole() 

[GedB]

GreenGiant,

The example was to show how to use the functions. :roll:

Originally I did put a comment at the end of the first line that said ';Of course, you don't want to do this' but I took it off to avoid being patronising.

[GreenGiant]

Ahhhh ok. Woops

[GedB]

To be honest, I didn't realise until after I'd posted it, and thought 'I really should have put a comment there.'

Didn't think anyone would notice. Next time I'll take the time to edit.

[ivory]

I think MD5 has been cracked and is not considered suitable for any serious encryption, but it is CERTAINLY suitable for turning your strings unrecognizable sections of code.