Crack My Password :)

[IanN1990]

This was simply an idea i came up with this morning. In the past i have seen a few topics of people asking how can they hide passwords, the normal answer being encrypting it. Ofc if a script is decomplied, then u can just decript the password.

So i wrote this.

expandcollapse popup

#include <Crypt.au3>
#include <String.au3>

$Input = StringRegExpReplace(_StringToHex(InputBox("Password Prompt", "Enter Password", "", "*", 125, 125, @DesktopWidth/2-125, @DesktopHeight/2-125)), "[^0-9]", '')
$Key = StringRegExpReplace(_GetHardwareID(7), "[^0-9]", '')

If StringTrimRight($Input * $key, 5) = '4.4603447081791' Then
ConsoleWrite('You cracked my password :(')
Else
ConsoleWrite('Better Luck Next Time' & @CRLF)
EndIf




; #FUNCTION# ====================================================================================================================
; Name ..........: _GetHardwareID
; Description ...: Generates a unique hardware identifier (ID) for the local computer.
; Syntax ........: _GetHardwareID([$iFlags = Default])
; Parameters ....: $iFlags - [optional] The flags that specifies what information would be used to generate ID.
; This parameter can be one or more of the following values.
;
; $UHID_MB (0)
; Uses information about your motherboard. This flag is used by default regardless of whether specified or not.
;
; $UHID_BIOS (1)
; Uses information about the BIOS.
;
; $UHID_CPU (2)
; Uses information about the processor(s).
;
; $UHID_HDD (4)
; Uses information about the installed hard drives. Any change in the configuration disks will change ID
; returned by this function. Taken into account only non-removable disks.
;
; $UHID_All (7)
; The sum of all the previous flags. Default is $UHID_MB (0).
;
; $fIs64Bit - [optional] Search the 64-bit section of the registry. Default is dependant on AutoIt bit version.
; Note: 64-bit can't be searched when running the 32-bit version of AutoIt.
; Return values..: Success - The string representation of the ID. @extended returns the value that contains a combination of flags
; specified in the $iFlags parameter. If flag is set, appropriate information is received successfully,
; otherwise fails. The function checks only flags that were specified in the $iFlags parameter.
; Failure - Empty string and sets @error to non-zero.
; Author.........: guinness with the idea by Yashied (_WinAPI_UniqueHardwareID - WinAPIEx.au3)
; Modified ......: Additional suggestions by SmOke_N.
; Remarks .......: The constants above can be found in APIConstants.au3. It also requires Crypt.au3 to be included.
; Example........: Yes
; ===============================================================================================================================


Func _GetHardwareID($iFlags = Default, $fIs64Bit = Default)
Local $sBit = ''
If @AutoItX64 Then
$sBit = '64'
EndIf
If Not ($fIs64Bit = Default) Then
$sBit = '' ; Reset to 32-bit.
If $fIs64Bit And @AutoItX64 Then
$sBit = '64' ; Use 64-bit if $fIs64Bit is True and AutoIt is a 64-bit process.
EndIf
EndIf

If $iFlags = Default Then
$iFlags = 0
EndIf
Local $aSystem[4] = [3, 'Identifier', 'VideoBiosDate', 'VideoBiosVersion'], _
$iResult = 0, _
$sHKLM = 'HKEY_LOCAL_MACHINE' & $sBit, $sOutput = '', $sText = ''

For $i = 1 To $aSystem[0]
$sOutput &= RegRead($sHKLM & '\HARDWARE\DESCRIPTION\System\', $aSystem[$i])
Next
$sOutput &= @CPUArch
$sOutput = StringStripWS($sOutput, 8)

If BitAND($iFlags, 0x0001) Then ; $UHID_BIOS
Local $aBIOS[6] = [5, 'BaseBoardManufacturer', 'BaseBoardProduct', 'BaseBoardVersion', 'BIOSVendor', 'BIOSReleaseDate']
$sText = ''
For $i = 1 To $aBIOS[0]
$sText &= RegRead($sHKLM & '\HARDWARE\DESCRIPTION\System\BIOS\', $aBIOS[$i])
Next
$sText = StringStripWS($sText, 8)
If $sText Then
$iResult += 0x0001
$sOutput &= $sText
EndIf
EndIf
If BitAND($iFlags, 0x0002) Then ; $UHID_CPU
Local $aProcessor[5] = [4, 'ProcessorNameString', '~MHz', 'Identifier', 'VendorIdentifier']
$sText = ''
For $i = 1 To $aProcessor[0]
$sText &= RegRead($sHKLM & '\HARDWARE\DESCRIPTION\System\CentralProcessor\0\', $aProcessor[$i])
Next
For $i = 1 To $aProcessor[0]
$sText &= RegRead($sHKLM & '\HARDWARE\DESCRIPTION\System\CentralProcessor\1\', $aProcessor[$i])
Next
$sText = StringStripWS($sText, 8)
If $sText Then
$iResult += 0x0002
$sOutput &= $sText
EndIf
EndIf
If BitAND($iFlags, 0x0004) Then ; $UHID_HDD
$sText = ''
Local $aDrives = DriveGetDrive('FIXED')
If @error = 0 Then
For $i = 1 To $aDrives[0]
$sText &= DriveGetSerial($aDrives[$i])
Next
EndIf
$sText = StringStripWS($sText, 8)
If $sText Then
$iResult += 0x0004
$sOutput &= $sText
EndIf
EndIf
Local $sHash = StringTrimLeft(_Crypt_HashData($sOutput, $CALG_MD5), 2)
If $sHash = '' Then
Return SetError(4, 0, '')
EndIf
Return SetExtended($iResult, StringRegExpReplace($sHash, '(\w{8})(\w{4})(\w{4})(\w{4})(\w{12})', '\{\1-\2-\3-\4-\5\}'))
EndFunc ;==>_GetHardwareID

So, is anyone able to crack this and figure out my password?

*Edit. I do ask no one flames this topic, i know secuirty topics are normally disliked due to the amount over time and the generally fruitfulless of them I also know if someone decomplies a script, they can simply remove any secuirty lines such as the "if" statement so it just runs but that is not the purpose Its to hide a password, so even if they get the script and can make it work. They dont get private data, at lest in theory

**Edit. If someone does figure out how to crack it, dont say how you did it Just post the password proving u have

Edited February 1, 2013 by IanN1990

[guinness]

Please would you kindly link to where you got that code please. Also retain the header that came with that function too, in case someone doesn't understand how to interpret the function.

Edited February 1, 2013 by guinness

[water]

Was it written by you, guinness

[IanN1990]

The top code is my work, The _GetHardwareID() is your work

Other functions are Autoit based. I would of perfered using _WinAPi_Hardware ID but installing WinApiEx is a little complex ^^ So i searched for the forums and found ur function in someone elses post. I cant remember the the topic it was in though, sry

Edited February 1, 2013 by IanN1990

[guinness]

Was it written by you, guinness

_GetHardwareID() was, but it was loosely based on the idea by Yashied and his API-like function (uses WMI.) I only asked for the link not because I want recognition even though it's polite,) but so people can check for updates if they come across this post in the future.

[Melba23]

IanN1990,

As your password check is based on the ID returned by your machine I very much doubt that anyone will be able to crack your password. You are essentially using a one time pad which is generally regarded as uncrackable. However, it does mean that this script will only work on your machine - unless you alter the result of the check for each different machine on which it is to be run.

Alas, I completely agree with your comment about this check being worthless in reality as a decompiled script could easily bypass the check. But I am rather at a loss to understand your other comment about "They dont get private data, at lest in theory" - what data are we talking about? Nothing in that script is secure - other than the user-inserted password itself.

M23

[IanN1990]

@Melba23

Truth be told i wasn't expecting this kind of result, as the general view is secuirty isn't worth it because everyone can bypass it. I just had the idea this , did the research and with the helpfile put the idea into pratice. My first attempt, failed a little because it was this.

$Input &= $Key

Meaning the "Password", contains the input from the password and the system key. I figured smart people could take the password, strip out the "key" part and from whats left figure out the password. Ego why i made this new one, as the password is a product of the two, and u know nethier. I figured it would be hard to revese engine the password. Though i never expected it to be this full proft.

So first part was just an idea, and learning The second part is. Lets say i have a RunAs command, to lauch a program with Admin rights. It would require my password. Meaning if someone got a hold of my exe, they could decomplie it, and get my system password. Thats what i mean by privite info *Thats the only example i could think off the top of my head, but i am sure others might thing of more creative uses for it.

Edited February 1, 2013 by IanN1990

[Melba23]

Lets say i have a RunAs command, to lauch a program with Admin rights. It would require my password. Meaning if someone got a hold of my exe, they could decomplie it, and get my system password. Thats what i mean by privite info

But you cannot hide the password inside the script. The user will still need to enter it manually as AutoIt (like pretty much all other langugages) is not secure against determined hackers and trying to store passwords in any form inside your script is to be discouraged - even if encrypted as the decryption code is necessarily inside the script as well! The best you can do is do is what you have done and make the password check independent of the actual password. You could do much the same sort of thing by hashing the user input and seeing if it matches a hash of the password stored within the script - and this would be machine-independent to boot.

Please do not take my comments as belittling your efforts. All I am trying to do is point out that you should not ever put the actual data into the script if you want it to remain secret.

M23