Queener Posted June 26, 2013 Share Posted June 26, 2013 (edited) Can someone tell me what's wrong with this code? While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE Exit Case $Button $bPasswordHas="0x500bc8be770e05f5ec158a" $sPassword=InputBox("Login", "Please type your correct password.","") if _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHas Then MsgBox(64, "Access Granted", start()) Else MsgBox(16, "Access Denied","You entered the wrong password!") EndIf EndSwitch WEnd Biggest question is this code here: if _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHas Then MsgBox(64, "Access Granted", start()) Not sure if thats how you call a function. The error that i'm getting is variable is used, but not declare on these lines: $bPasswordHas="0x500bc8be770e05f5ec158a" $sPassword=InputBox("Login", "Please type your correct password.","") Help is much appreciated. Edited June 26, 2013 by asianqueen Msgbox(0, "Hate", "Just hate it when I post a question and find my own answer after a couple tries. But if I don't post the question, I can't seem to resolve it at all.") Link to comment Share on other sites More sharing options...
E1M1 Posted June 26, 2013 Share Posted June 26, 2013 Where are you trying login to? I have never used _Crypt_HashData myself but see if _Crypt_HashData($sPassword,$CALG_MD5) gives you "0x500bc8be770e05f5ec158a" edited Link to comment Share on other sites More sharing options...
Queener Posted June 26, 2013 Author Share Posted June 26, 2013 my goal is, if the password is entered correctly, continue to start() function... Else exit program. Msgbox(0, "Hate", "Just hate it when I post a question and find my own answer after a couple tries. But if I don't post the question, I can't seem to resolve it at all.") Link to comment Share on other sites More sharing options...
water Posted June 26, 2013 Share Posted June 26, 2013 You know that a clever user can easily remove the password verification lines and use whatever function the script provides? My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
Queener Posted June 26, 2013 Author Share Posted June 26, 2013 what would be the best solution for this if they can actually remove the password verification? Msgbox(0, "Hate", "Just hate it when I post a question and find my own answer after a couple tries. But if I don't post the question, I can't seem to resolve it at all.") Link to comment Share on other sites More sharing options...
water Posted June 26, 2013 Share Posted June 26, 2013 If the service you want to provide is delivered by the AutoIt script then there is no save way. Only save way is to have login verification and service delivery on another system (web server etc.) My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
meisandy Posted June 26, 2013 Share Posted June 26, 2013 You know that a clever user can easily remove the password verification lines and use whatever function the script provides? What, even when the script is compiled? Link to comment Share on other sites More sharing options...
Queener Posted June 26, 2013 Author Share Posted June 26, 2013 (edited) What, even when the script is compiled? I guess he's right about it. People can use hexeditor if they're good. They can actually write 0s for the bytes that contain the variable to store the password. Second thing is even if they can do that; I don't really care as I'm not making this utitlies for anyone to use, but myself. I'm still interested in know the answer to my question. Just putting password on it so anyone who tries to get on my pc and accident open that program to not be able to modify any of my work loads. Edited June 26, 2013 by asianqueen Msgbox(0, "Hate", "Just hate it when I post a question and find my own answer after a couple tries. But if I don't post the question, I can't seem to resolve it at all.") Link to comment Share on other sites More sharing options...
E1M1 Posted June 26, 2013 Share Posted June 26, 2013 (edited) As source is compressed in exe it isn't that easy to modify code with hexeditor, however it is possible. You can make it more difficult by using obfuscator that is included in scite's tools menu. That should meke breaking your code more time consuming than writing new from scratch. But my guess is that average computer user who is not an specialist or amateur hacker/programmer doesnt even know what hex editor is. Edited June 26, 2013 by E1M1 edited Link to comment Share on other sites More sharing options...
Developers Jos Posted June 26, 2013 Developers Share Posted June 26, 2013 I wouldnt assume anything and adding any password to a script is unsafe. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
meisandy Posted June 26, 2013 Share Posted June 26, 2013 (edited) I guess he's right about it. People can use hexeditor if they're good. They can actually write 0s for the bytes that contain the variable to store the password. Second thing is even if they can do that; I don't really care as I'm not making this utitlies for anyone to use, but myself. I'm still interested in know the answer to my question. Just putting password on it so anyone who tries to get on my pc and accident open that program to not be able to modify any of my work loads. I suppose, but that could be said for any program really. If it's just for your personal use - I don't think it matters whatsoever. Even if you were putting it out for others to use, it's more likely that someone would decompile the program rather than figuring out what does what in Hex and then modifying it to work with out a password! I think the password protection is the least of your worries for the time being anyway, I hope you have all the code and registry keys needed to disable task manager. This is possible, or it was the last time I tried - I can try and find them if you want. Getting back on topic, when I tried your code, well adapted a bit (very quickly too) because I couldn't run it as you posted it, it worked fine. Perhaps the error was to do with some of the code I removed, so if you could post your full program that may be helpful: #include <Crypt.au3> While 1 Switch 1 + 1 Case True $bPasswordHas="0x500bc8be770e05f5ec158a" $sPassword=InputBox("Login", "Please type your correct password.","") if _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHas Then MsgBox(64, "Access Granted", "Congrats") Else MsgBox(16, "Access Denied","You entered the wrong password!") EndIf EndSwitch WEnd Edited June 26, 2013 by meisandy Link to comment Share on other sites More sharing options...
UndefinedVar Posted June 26, 2013 Share Posted June 26, 2013 (edited) This is kinda shit... you better watch this. And you can use this for crypt an password Func _Crypt($strig) Local $password_for_crypt = "0045922@059939@00559$069949$395959$" Local $bAlgorithm = $CALG_AES_256 $done_password = _Crypt_EncryptData($strig, $password_for_crypt, $bAlgorithm) Return $done_password EndFunc ;==>_Crypt Func Decrypt_to_real($string) Local $password_to_decrypt = "0045922@059939@00559$069949$395959$" Local $bAlgorithm = $CALG_AES_256 $done_password = _Crypt_DecryptData($string, $password_to_decrypt, $bAlgorithm) $done_password = BinaryToString($done_password) Return $done_password EndFunc ;==>Decrypt_to_real expandcollapse popup#include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <Misc.au3> #include <Marquee.au3> #include <ButtonConstants.au3> Global $probs = 3 Break(0) #Region ### START Koda GUI section ### Form= $Form1_1 = GUICreate("Form1", 1051, 553, 296, 254, BitOR($WS_MINIMIZEBOX,$WS_POPUP,$WS_GROUP), 0) GUISetBkColor(0x000000) $Login = GUICtrlCreateInput("", 336, 268, 420, 45, BitOR($GUI_SS_DEFAULT_INPUT,$ES_RIGHT)) GUICtrlSetFont(-1, 24, 800, 0, "MS Sans Serif") $Password = GUICtrlCreateInput("", 336, 328, 420, 45, BitOR($GUI_SS_DEFAULT_INPUT,$ES_RIGHT,$ES_PASSWORD)) GUICtrlSetFont(-1, 24, 800, 0, "MS Sans Serif") $Label1 = GUICtrlCreateLabel("Login:", 216, 275, 112, 41) GUICtrlSetFont(-1, 24, 400, 0, "Consolas") GUICtrlSetColor(-1, 0x00FF00) $Label2 = GUICtrlCreateLabel("Password:", 162, 333, 166, 41) GUICtrlSetFont(-1, 24, 400, 0, "Consolas") GUICtrlSetColor(-1, 0x00FF00) $Pic1 = GUICtrlCreatePic("D:\Obrazki\cc2.jpg", 416, 27, 241, 239) $Label3 = GUICtrlCreateLabel("", 338, 379, 414, 94, $SS_CENTER) GUICtrlSetFont(-1, 24, 400, 0, "Consolas") GUICtrlSetColor(-1, 0x00FF00) $Clear = GUICtrlCreateButton("Clear", 792, 304, 75, 33) $Label4 = GUICtrlCreateLabel("", 336, 450, 371, 41, $SS_CENTER) GUICtrlSetFont(-1, 17, 800, 0, "MS Sans Serif") GUICtrlSetColor(-1, 0xFF0000) $Close_button = GUICtrlCreateButton("Close_button", 1010, 0, 42, 17, $BS_ICON) GUICtrlSetImage(-1, "C:\Users\PredateuR\Desktop\close_button.ico", -1) GUISetState(@SW_SHOW) $MStringInit = _GUICtrlMarquee_Init() _GUICtrlMarquee_SetScroll($MStringInit, Default, "scroll", "right", 10) _GUICtrlMarquee_SetDisplay($MStringInit, -1, 0xFF0000, 0x000000, 20, "Consolas") _GUICtrlMarquee_Create($MStringInit, "Made by -UndefinedVar-", 0, 520, 1060, 40) #EndRegion ### END Koda GUI section ### While 1 if _IsPressed("0D", "user32.dll") then creds() $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Clear GUICtrlSetData($Login, "") GUICtrlSetData($Password, "") Case $Close_button Exit EndSwitch WinSetOnTop($Form1_1, "", 1) WEnd Func creds() $Log = GUICtrlRead($Login) $pass = GUICtrlRead($Password) if GUICtrlRead($Password) <> "" and GUICtrlRead($Login) <> "" Then if $Log = "test" and $pass = "test" Then print("ACCESS GRANTED!", 0x00FF00) sleep(1000) Exit Else print("ACCESS DENIED!", 0xff0000) $probs -= 1 prob() if $probs = 0 Then prob("yes") Exit EndIf EndIf EndIf EndFunc Func print($text, $color) GUICtrlSetData($Label3, $text) GUICtrlSetColor($label3, $color) sleep(1160) GUICtrlSetData($label3, "") EndFunc Func prob($text = '') if $text = '' Then GUICtrlSetData($Label4, "Login tries left: " & $probs) sleep(2000) GUICtrlSetData($label4, "") Else GUICtrlSetData($label4, "Failed with 3 Attempts!") sleep(3000) EndIf EndFunc Edited June 26, 2013 by UndefinedVar Link to comment Share on other sites More sharing options...
UndefinedVar Posted June 26, 2013 Share Posted June 26, 2013 I wouldnt assume anything and adding any password to a script is unsafe. Jos Because of decompilig script ? Link to comment Share on other sites More sharing options...
BrewManNH Posted June 27, 2013 Share Posted June 27, 2013 Here's how you'd do it so that you never have to expose your password to a determined cracker. Although, the script still isn't safe from the cracker bypassing your security measures, but the password won't be visible. #include <Crypt.au3> #include <Constants.au3> $hash = "0x5F4DCC3B5AA765D61D8327DEB882CF99" ; this is the hash for the word password $password = InputBox("Enter password", "Type the word password below", "", "*M") If _Crypt_HashData($password, $CALG_MD5) = $hash Then MsgBox($MB_SYSTEMMODAL, "Match", "The password entered is correct!") Else MsgBox($MB_SYSTEMMODAL, "No match", "That is not the correct password") EndIf If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now