Page 1 of 2
Your strings are not safe!!!
Posted: Sun Sep 12, 2004 10:53 am
by KlintonWoo
I stumbled across a program called Textscan by AnalogX, which basically can read all the values, strings from your EXE's... a big problem for those creating near-simple security in their programs like registration keys etc...
http://www.analogx.com/contents/downloa ... xtscan.htm
Posted: Sun Sep 12, 2004 11:17 am
by GPI
You have this problem with *every* program-language.
Posted: Sun Sep 12, 2004 11:52 am
by thefool
thats why one of the most important rules of protecting valuable strings is
encrypting them. This is to be said for every programming language. so
PROTECT YOUR STRINGS! but only the valuable ones. and be ware of
using a word as password for unencrypting, that will be seen as well.
But i noticed that a lot of string finders wont notice your string and password,
if the encrypting makes a weird string out of it. non readable characters etc.
Low achii walues. And using 0 and 1 for password, most string listers wont
actually show it.
Posted: Sun Sep 12, 2004 11:55 am
by GedB
Posted: Sun Sep 12, 2004 1:16 pm
by Kale
Posted: Sun Sep 12, 2004 4:38 pm
by KlintonWoo
I have seen those MD5 etc commands in the documentation, but i have no idea how to use them, my idea of encryption/cipher is entering a string or data, a keyword or password and take the output as the encrypted form.
If someone could tell me how, i would appreciate it
Posted: Sun Sep 12, 2004 5:38 pm
by Dreglor
you don't need programs to see the strings in the program just open it in notpad and look at the end
Re: Your strings are not safe!!!
Posted: Sun Sep 12, 2004 11:04 pm
by PB
Compile this into an exe and take a look with a hex editor:
Code: Select all
a$=Chr('t')+Chr('h')+Chr('i')+Chr('s')+Chr(' ')
a$+Chr('i')+Chr('s')+Chr(' ')
a$+Chr('h')+Chr('i')+Chr('d')+Chr('d')+Chr('e')+Chr('n')+Chr(' ')
a$+Chr('i')+Chr('n')+Chr(' ')+Chr('a')+Chr('n')+Chr(' ')
a$+Chr('e')+Chr('x')+Chr('e')
MessageRequester("test",a$,0)
WARNING: This is NOT recommended for important data! You should always
use encryption for important data, as mentioned in this topic already. But this
method is fine for non-vital things such as Easter Egg messages and so on.
Re: Your strings are not safe!!!
Posted: Sun Sep 12, 2004 11:20 pm
by PB
> I stumbled across a program called Textscan by AnalogX, which basically
> can read all the values, strings from your EXE's
A better app is BinText:
http://tinyurl.com/4amuz
BinText is smaller, needs no installation, has filtering, and lets you maximize
the window to see more results.
Highly recommended.
Posted: Mon Sep 13, 2004 10:19 am
by GedB
Here's an exampel using MD5 hashing to check passwords.
Code: Select all
Password.s = "Purebasic"
MD5.s = MD5Fingerprint(@Password, Len(Password))
OpenConsole()
PrintN("Enter password or Q to quit")
finished = #False
Repeat
Entered.s = Input()
PrintN("")
If LCase(Entered) = "q"
finished = #True
ElseIf MD5Fingerprint(@Entered, Len(Entered)) = MD5
PrintN("Password is correct")
Else
PrintN("Incorrect Password")
EndIf
Until finished
CloseConsole()
Posted: Mon Sep 13, 2004 10:39 am
by GreenGiant
@GedB In your example you're still storing the password in a string. It's no more secure than not using the encryption at all. Open up your exe with a hex editor and you'll still find the password there, plain to see. I always thought the way to use those commands was like this (the password's still Purebasic)
Code: Select all
MD5.s="2747d19b44270f1e0e23bf32aca3a1f7"
OpenConsole()
PrintN("Enter password or Q to quit")
finished = #False
Repeat
Entered.s = Input()
PrintN("")
If LCase(Entered) = "q"
finished = #True
ElseIf MD5Fingerprint(@Entered, Len(Entered)) = MD5
PrintN("Password is correct")
Else
PrintN("Incorrect Password")
EndIf
Until finished
CloseConsole()
Posted: Mon Sep 13, 2004 12:03 pm
by GedB
GreenGiant,
The example was to show how to use the functions. :roll:
Originally I did put a comment at the end of the first line that said ';Of course, you don't want to do this' but I took it off to avoid being patronising.
Posted: Mon Sep 13, 2004 12:51 pm
by GreenGiant
Ahhhh ok. Woops
Posted: Mon Sep 13, 2004 2:03 pm
by GedB
To be honest, I didn't realise until after I'd posted it, and thought 'I really should have put a comment there.'
Didn't think anyone would notice. Next time I'll take the time to edit.
MD5 is ok for casual encryption
Posted: Mon Sep 13, 2004 9:58 pm
by ivory
I think MD5 has been cracked and is not considered suitable for any serious encryption, but it is CERTAINLY suitable for turning your strings unrecognizable sections of code.
