Jump to content
Sign in to follow this  
miketh2005

Is going online with your program safe?

Recommended Posts

miketh2005

Hey guys, I'm wondering if making a program with autoit that goes online is safe from reverse engineers.

I have very sensitive material, and I want to limit the user to only 1 per 2 weeks. If some reverse engineer comes along and bypasses the part where it prevents them from getting anything if its not been 2 weeks, it could be fatal to my website the program is for.

So is this possible?

I wanted to make it so that the program connects to a server, and places the MAC ID (or IP) of the machine into a text file, as well as the date it was placed there.

Share this post


Link to post
Share on other sites
Fire

Defaultly Autoit compile your script 2 exe and pack it with Upx packer.

Unpack Upx packer and reverse your program is not very hard.

I recommend to you to do this:

After compilation your script 2exe Unpack it with upx(unpackers) and then ry pack it with strong packer for example asprotect or with armadillo.

+ after protect+pack autoit exe2aut is unable to decompile your *.exe.Bcuz pe headers wah changed and exe2au is unable to identify your exe.

I recommdn to you after unpack use res hacker and edit version section of your file.

Remove "Compiled Script" and version information string from your exe.

For reverse it Reverser can need professionalism.

But may be this way:

You are protected your *.exe and pack it with packers which i say.

There is another way to bypass all security for example hacker or reverser can may sniff traffic and catch your sensitive data...

Edited by Sh3llC043r

[size="5"] [/size]

Share this post


Link to post
Share on other sites
CodyBarrett

nothing client side is COMPLETELY secure... if your dedicated enough you can get to anything on your machine

Share this post


Link to post
Share on other sites
miketh2005

I know that, but:

My program can do this: the person presses "Go", the program connects to my server, reads a .txt file and then sends the .txt file (kinda) to the person. it FIRST checks to see if the person has already downloaded, and if so, when. if everything passes, it writes in another .txt file the mac ID of the machine, and the date it was placed.

I was wondering if a reverser can bypass the part where the program checks to see if they downloaded already within 2 weeks.

THANKS ALOT TO ANYONE THAT CAN TELL ME!

Edited by miketh2005

Share this post


Link to post
Share on other sites
qazwsx

One could just spoof his mac address and bypass the system.

Share this post


Link to post
Share on other sites
miketh2005

who would know it tracks by mac and not IP, though? :)

Share this post


Link to post
Share on other sites
IchBistTod

there are several ways you could protect against this, but most of them would need to be server side.

an effective way would be to create a hardware hash for their computer, store it, their mac address, and their ip address and compare ALL of it to authorize a download.

then it would be safe.


[center][/center][center]=][u][/u][/center][center][/center]

Share this post


Link to post
Share on other sites
Confuzzled

Anything can be spoofed. Your source code will be in local memory anyway, after all the layers of encryption, scrambling, packing and secrecy are unravelled, so that your code can run. Any traffic between your program and the remote website can be intercepted (it is anyway in most countries by central agencies - but you already know that).

Just try running your super secret, foolproof program on a virtual machine - you can move the environment to another physical machine, even while the program is still running. Try hiding it securely then!

What is it that is so important you keep it so very, very secure? The latest Iranian nuclear weapon firing codes? The recently revised wiring diagrams to Air Force One? A new game bot?

Share this post


Link to post
Share on other sites
miketh2005

Anything can be spoofed. Your source code will be in local memory anyway, after all the layers of encryption, scrambling, packing and secrecy are unravelled, so that your code can run. Any traffic between your program and the remote website can be intercepted (it is anyway in most countries by central agencies - but you already know that).

Just try running your super secret, foolproof program on a virtual machine - you can move the environment to another physical machine, even while the program is still running. Try hiding it securely then!

What is it that is so important you keep it so very, very secure? The latest Iranian nuclear weapon firing codes? The recently revised wiring diagrams to Air Force One? A new game bot?

well, i dunno if this is allowed, please remove it, if it is:

im creating a website that passes out porn passes every 2 weeks (thats when the passes expire). if someone could get unlimited passes it could ruin the website and basically shut it down. they could sell the passes for money, ad alot of other things. but i found a way to bypass this kinda. im gonna upload the pass to a .txt file to sharecash.org. that way if someone does get unlimited links to the passwords, i will make money from them...

well.. i was thinking i could partner that with a different idea. sharecash will only give you so much money from 1 IP address. so maybe i can make a built in serverside thing which tracks the IPs/mac IDs and if the same IP downloads twice before 2 weeks is up between the IDs, it will ban it. hows that? :) that seems pretty darn full proof since its serverside. 1 problem. i dont know how to code that xD any ideas? maybe i can use a generic script that tracks IPs so i can see if so many downloads are from a single IP?

Share this post


Link to post
Share on other sites
bo8ster

I think you need to read this. This has been discussed many times before.


Post your code because code says more then your words can. SciTe Debug mode - it's magic: #AutoIt3Wrapper_run_debug_mode=Y. Use Opt("MustDeclareVars", 1)[topic="84960"]Brett F's Learning To Script with AutoIt V3[/topic][topic="21048"]Valuater's AutoIt 1-2-3, Class... is now in Session[/topic]Contribution: [topic="87994"]Get SVN Rev Number[/topic], [topic="93527"]Control Handle under mouse[/topic], [topic="91966"]A Presentation using AutoIt[/topic], [topic="112756"]Log ConsoleWrite output in Scite[/topic]

Share this post


Link to post
Share on other sites
jvanegmond

IP can still be spoofed and people can use a proxy. You can forget about a single person downloading one password; It's not possible.

With that out of the way.. You can return the same password for the same IP over and over again. You store the IP and the password given in a database when someone visits the first time, on second visit you check the database again and find the matching password.

Edited by Manadar

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.