Sign in to follow this  
Followers 0
Queener

Login System addon

14 posts in this topic

#1 ·  Posted (edited)

Can someone tell me what's wrong with this code?

While 1
    Switch GUIGetMsg()
        Case $GUI_EVENT_CLOSE
        Exit
        Case $Button
$bPasswordHas="0x500bc8be770e05f5ec158a"

$sPassword=InputBox("Login", "Please type your correct password.","")

if _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHas Then
    MsgBox(64, "Access Granted", start())
Else
    MsgBox(16, "Access Denied","You entered the wrong password!")
EndIf
       
    EndSwitch
WEnd

Biggest question is this code here:

if _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHas Then
    MsgBox(64, "Access Granted", start())

Not sure if thats how you call a function.

The error that i'm getting is variable is used, but not declare on these lines:

$bPasswordHas="0x500bc8be770e05f5ec158a"

$sPassword=InputBox("Login", "Please type your correct password.","")

 

Help is much appreciated.

Edited by asianqueen

Msgbox(0, "Hate", "Just hate it when I post a question and find my own answer after a couple tries. But if I don't post the question, I can't seem to resolve it at all.")

Share this post


Link to post
Share on other sites



Where are you trying login to? I have never used _Crypt_HashData myself but see if _Crypt_HashData($sPassword,$CALG_MD5) gives you "0x500bc8be770e05f5ec158a"


edited

Share this post


Link to post
Share on other sites

my goal is, if the password is entered correctly, continue to start() function... Else exit program.


Msgbox(0, "Hate", "Just hate it when I post a question and find my own answer after a couple tries. But if I don't post the question, I can't seem to resolve it at all.")

Share this post


Link to post
Share on other sites

You know that a clever user can easily remove the password verification lines and use whatever function the script provides?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

what would be the best solution for this if they can actually remove the password verification?


Msgbox(0, "Hate", "Just hate it when I post a question and find my own answer after a couple tries. But if I don't post the question, I can't seem to resolve it at all.")

Share this post


Link to post
Share on other sites

If the service you want to provide is delivered by the AutoIt script then there is no save way.

Only save way is to have login verification and service delivery on another system (web server etc.)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

You know that a clever user can easily remove the password verification lines and use whatever function the script provides?

What, even when the script is compiled?

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

What, even when the script is compiled?

I guess he's right about it. People can use hexeditor if they're good. They can actually write 0s for the bytes that contain the variable to store the password. Second thing is even if they can do that; I don't really care as I'm not making this utitlies for anyone to use, but myself. I'm still interested in know the answer to my question. Just putting password on it so anyone who tries to get on my pc and accident open that program to not be able to modify any of my work loads.

Edited by asianqueen

Msgbox(0, "Hate", "Just hate it when I post a question and find my own answer after a couple tries. But if I don't post the question, I can't seem to resolve it at all.")

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

As source is compressed in exe it isn't that easy to modify code with hexeditor, however it is possible.  You can make it more difficult by using obfuscator that is included in scite's tools menu. That should meke breaking your code more time consuming than writing new from scratch.

But my guess is that average computer user who is not an specialist or amateur hacker/programmer doesnt even know what hex editor is.

Edited by E1M1

edited

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

I guess he's right about it. People can use hexeditor if they're good. They can actually write 0s for the bytes that contain the variable to store the password. Second thing is even if they can do that; I don't really care as I'm not making this utitlies for anyone to use, but myself. I'm still interested in know the answer to my question. Just putting password on it so anyone who tries to get on my pc and accident open that program to not be able to modify any of my work loads.

I suppose, but that could be said for any program really. If it's just for your personal use - I don't think it matters whatsoever. Even if you were putting it out for others to use, it's more likely that someone would decompile the program rather than figuring out what does what in Hex and then modifying it to work with out a password! I think the password protection is the least of your worries for the time being anyway, I hope you have all the code and registry keys needed to disable task manager. This is possible, or it was the last time I tried - I can try and find them if you want.

Getting back on topic, when I tried your code, well adapted a bit (very quickly too) because I couldn't run it as you posted it, it worked fine. Perhaps the error was to do with some of the code I removed, so if you could post your full program that may be helpful:

#include <Crypt.au3>
While 1
    Switch 1 + 1
        Case True
            $bPasswordHas="0x500bc8be770e05f5ec158a"
            $sPassword=InputBox("Login", "Please type your correct password.","")
            if _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHas Then
                MsgBox(64, "Access Granted", "Congrats")
            Else
                MsgBox(16, "Access Denied","You entered the wrong password!")
            EndIf
        EndSwitch
WEnd
Edited by meisandy

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

This is kinda shit... you better watch this. And you can use this for crypt an password 
 

Func _Crypt($strig)
    Local $password_for_crypt = "0045922@059939@00559$069949$395959$"
    Local $bAlgorithm = $CALG_AES_256

    $done_password = _Crypt_EncryptData($strig, $password_for_crypt, $bAlgorithm)

    Return $done_password

EndFunc   ;==>_Crypt

Func Decrypt_to_real($string)
    Local $password_to_decrypt = "0045922@059939@00559$069949$395959$"
    Local $bAlgorithm = $CALG_AES_256

    $done_password = _Crypt_DecryptData($string, $password_to_decrypt, $bAlgorithm)
    $done_password = BinaryToString($done_password)
    Return $done_password
EndFunc   ;==>Decrypt_to_real
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <Misc.au3>
#include <Marquee.au3>
#include <ButtonConstants.au3>
Global $probs = 3

Break(0)


#Region ### START Koda GUI section ### Form=
$Form1_1 = GUICreate("Form1", 1051, 553, 296, 254, BitOR($WS_MINIMIZEBOX,$WS_POPUP,$WS_GROUP), 0)
GUISetBkColor(0x000000)
$Login = GUICtrlCreateInput("", 336, 268, 420, 45, BitOR($GUI_SS_DEFAULT_INPUT,$ES_RIGHT))
GUICtrlSetFont(-1, 24, 800, 0, "MS Sans Serif")
$Password = GUICtrlCreateInput("", 336, 328, 420, 45, BitOR($GUI_SS_DEFAULT_INPUT,$ES_RIGHT,$ES_PASSWORD))
GUICtrlSetFont(-1, 24, 800, 0, "MS Sans Serif")
$Label1 = GUICtrlCreateLabel("Login:", 216, 275, 112, 41)
GUICtrlSetFont(-1, 24, 400, 0, "Consolas")
GUICtrlSetColor(-1, 0x00FF00)
$Label2 = GUICtrlCreateLabel("Password:", 162, 333, 166, 41)
GUICtrlSetFont(-1, 24, 400, 0, "Consolas")
GUICtrlSetColor(-1, 0x00FF00)
$Pic1 = GUICtrlCreatePic("D:\Obrazki\cc2.jpg", 416, 27, 241, 239)
$Label3 = GUICtrlCreateLabel("", 338, 379, 414, 94, $SS_CENTER)
GUICtrlSetFont(-1, 24, 400, 0, "Consolas")
GUICtrlSetColor(-1, 0x00FF00)
$Clear = GUICtrlCreateButton("Clear", 792, 304, 75, 33)
$Label4 = GUICtrlCreateLabel("", 336, 450, 371, 41, $SS_CENTER)
GUICtrlSetFont(-1, 17, 800, 0, "MS Sans Serif")
GUICtrlSetColor(-1, 0xFF0000)
$Close_button = GUICtrlCreateButton("Close_button", 1010, 0, 42, 17, $BS_ICON)
GUICtrlSetImage(-1, "C:\Users\PredateuR\Desktop\close_button.ico", -1)
GUISetState(@SW_SHOW)

$MStringInit = _GUICtrlMarquee_Init()
_GUICtrlMarquee_SetScroll($MStringInit, Default, "scroll", "right", 10)
_GUICtrlMarquee_SetDisplay($MStringInit, -1, 0xFF0000, 0x000000, 20, "Consolas")
_GUICtrlMarquee_Create($MStringInit, "Made by -UndefinedVar-", 0, 520, 1060, 40)
#EndRegion ### END Koda GUI section ###


While 1
if _IsPressed("0D", "user32.dll") then creds()
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $Clear
            GUICtrlSetData($Login, "")
            GUICtrlSetData($Password, "")
        Case $Close_button
            Exit
EndSwitch

WinSetOnTop($Form1_1, "", 1)
WEnd

Func creds()
$Log = GUICtrlRead($Login)
$pass = GUICtrlRead($Password)
    if GUICtrlRead($Password) <> "" and GUICtrlRead($Login) <> "" Then
        if $Log = "test" and $pass = "test" Then
            print("ACCESS GRANTED!", 0x00FF00)
            sleep(1000)
            Exit
        Else
            print("ACCESS DENIED!", 0xff0000)
                $probs -= 1
                prob()
            if $probs = 0 Then
                prob("yes")
                Exit
            EndIf
        EndIf
    EndIf
EndFunc


Func print($text, $color)
GUICtrlSetData($Label3, $text)
GUICtrlSetColor($label3, $color)
sleep(1160)
    GUICtrlSetData($label3, "")
EndFunc

Func prob($text = '')
if $text = '' Then
    GUICtrlSetData($Label4, "Login tries left: " & $probs)
    sleep(2000)
    GUICtrlSetData($label4, "")
Else
    GUICtrlSetData($label4, "Failed with 3 Attempts!")
    sleep(3000)
EndIf
EndFunc
Edited by UndefinedVar

Share this post


Link to post
Share on other sites

I wouldnt assume anything and adding any password to a script is unsafe.

Jos

 

Because of decompilig script ?

Share this post


Link to post
Share on other sites

Here's how you'd do it so that you never have to expose your password to a determined cracker. Although, the script still isn't safe from the cracker bypassing your security measures, but the password won't be visible.

#include <Crypt.au3>
#include <Constants.au3>
$hash = "0x5F4DCC3B5AA765D61D8327DEB882CF99" ; this is the hash for the word password
$password = InputBox("Enter password", "Type the word password below", "", "*M")
If _Crypt_HashData($password, $CALG_MD5) = $hash Then
    MsgBox($MB_SYSTEMMODAL, "Match", "The password entered is correct!")
Else
    MsgBox($MB_SYSTEMMODAL, "No match", "That is not the correct password")
EndIf

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0