Jump to content

How to hide password within script?

AliceDemetri
 Share

Recommended Posts

AliceDemetri Seeker

AliceDemetri

Posted
Posted

I'm working on a script that requires two passwords. A system password, and a user password. The issue I'm having is preventing the user or a third party from viewing this password. I was trying to come up with ways of encrypting the password to store in a file, but what it to prevent somebody from decompiling my script and viewing the code to extract the password? I have used Obfuscator in the past, but my understanding is with enough knowledge somebody can reverse this. Does anybody have any other ideas on ways to hide my passwords? They will be generated on the users first run. I was trying to think of ways to use the hardware profile to decrypt, but again if they just decompile the script they could potentially bypass this.

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
Posted

You can use _Crypt functions to encrypt the passwords, but the usage of them is only as secure as the protection of the key used. Depending how you are generating the keys this may not provide much security.  The best way to protect it would be to keep the key external from the script (and away from non-privs users) then have it input at runtime.

Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetreive SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

Don't store the actual password in the script, hash the text and store the hash value in the script. Then when the user inputs the password, you hash that and compare the hashes. If they match the password was correct, if not it wasn't.

This isn't foolproof because hashes can be bypassed because of hash collisions (two different words or phrases that have the same hash results) but for something simple like an AutoIt script it's probably one of the better ways to do it.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
computergroove Universalist

computergroove

Posted
Posted

Perhaps autoit isnt a great solution for this. There are decompilers on the net that are free and easy to get for autoit scripts. I believe C# or VB.Net would prove to be a more difficult to decompile.

Get Scite to add a popup when you use a 3rd party UDF -> http://www.autoitscript.com/autoit3/scite/docs/SciTE4AutoIt3/user-calltip-manager.html

Link to comment
Share on other sites
AliceDemetri Seeker

AliceDemetri

Posted
  • Author
Posted

thanks I will look into all these options and hopefully come back with some sample code. I was thinking I might have to work with another language but wasn't sure where too start with that. I have a little experience with C so I will probably go that route.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...