Sign in to follow this  
Followers 0
Tumulus

Help with Hash

6 posts in this topic

I am creating a script that changes important account information, including passwords and usernames, but I can't take the input from a user at runtime. I could get the script to work with the information included in variables, but that is a security risk we want to avoid. As far as I can tell, _Crypt_HashData or possible _Crypt_EncryptData are how I would go about this. I looked at the help file and I am struggling to understand the implementation. 

Do I need an external document with the info? That would present the same issue. Do I need to create the variable and then run the function in another script and then add it in? I am quite lost.

Could somone give me a basic step-by-step rundown? 

Share this post


Link to post
Share on other sites



You would use EncryptData to do what you want. What you're going to need is a crypt key that is used to encrypt and decrypt the information.

#include <Crypt.au3>

_Crypt_Startup()
Global $sCryptKey = "EncryptThisData"
Global $sUsername = _Crypt_EncryptData("FakeUsername2016", $sCryptKey, $CALG_AES_256)
Global $sPassword = _Crypt_EncryptData("!FakePassword2016", $sCryptKey, $CALG_AES_256)

MsgBox("", "Encrypted Data", "Username: " & $sUsername & @CRLF & "Password: " & $sPassword)

$sUsername = BinaryToString(_Crypt_DecryptData($sUsername, $sCryptKey, $CALG_AES_256))
$sPassword = BinaryToString(_Crypt_DecryptData($sPassword, $sCryptKey, $CALG_AES_256))

MsgBox("", "Decrypt Data", "Username: " & $sUsername & @CRLF & "Password: " & $sPassword)

_Crypt_Shutdown()

You could still store the information in encrypted variables and decrypt them when you need to check it. Your information will still be stored in variables but they'll at least be somewhat protected.

Another alternative is use a database to store all of your information (all of your account information). There is a way to use sqlite to encrypt all of your information and just have the script (user) access the database when it needs it. Prompting the user for the password to access the encrypted database. Wrong password should return an error. What this would mean is to access the database the user needs to give the proper password which is not saved inside of your program. I haven't used it before, I've only seen a couple of topics.

1 person likes this

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

@Tumulus if you search the forum you will find where this has been discussed ad nauseam. In short, you cannot completely protect you script from anyone determined enough (or even half-heatedly interested enough) to get it. If you need that level of security, AutoIt is not the way to go. See some of the threads below as examples:

 

 

 

 

That being said, if you are interested in the encrypting functions they all come with pretty decent examples in the help file. What have you tried on your own? What is not working for you?

 

Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

For password hashing:  secure is one-way encryption :sweating:

Currently I can not break it!
But it is not safe to check with AutoIt, it's too easy to be bypass!

Anyway, use MD5 or SHA1/512 to encryption for your password!


Regards,
 

Share this post


Link to post
Share on other sites

Thanks guys. @InunoTaishou That is a nice little example there. the syntax makes a lot more sense, and from that I can grasp the implementation.

Also, I understand that AutoIT isn't the most secure, and we will look at some other solutions. Really though, the big goal is to not have the passwords show up in various i house admin tools that run using administrator credentials and the security risk isn't so great as to stop using them. Those threads were really interesting though, and made me aware of some risks that I did not understand. Good links.

Share this post


Link to post
Share on other sites

Got it to work! Thanks @InunoTaishou the example was perfect.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • sree161
      By sree161
      Hi,
      i have a code which generates two numeric outputs.i have to save them in excel.
      Is there any way to export them to specific cells in excel???
    • TotalAuto
      By TotalAuto
      Howdy All
      I've gone around and around in circles wasting hours trying to fix this problem to no avail so I thought I would try posting for help given there are some real smart people in this forum.
      Background
      I have 5 separate .au3 scripts that all do different basic tasks. For example:
      1.au3 = opens Chrome browser to obtain information from a specific website then closes
      2.au3 = opens an Excel workbook to run a macro then saves and closes
      3.au3 = Open two seperate workbooks and transfers data from one to the other then saves and closes
      4.au3 = .......etc
      5.au3 = .......etc
      These 5 separate scripts, doing completely different tasks, need to each run once per day at 5 different designated times within a day and then close. For example:
      1.au3 = 10am
      2.au3 = 12pm
      3.au3 = 2pm
      4.au3 = 4pm
      5.au3 = 5pm
      Problem
      I can not get these different scripts to reliably run at their designated times. When I manually run these scripts individually by using 'Go F5' they work perfectly. If I convert these scripts to an .exe and manually run each one they work about 98% of time.
      How can I schedule these different .au3 files or associated .exe files to reliably run each day at different times?
      Attempts To Fix The Issue
      1. I have tried converting each .au3 script into their own .exe file and use Window's Task Scheduler to run these .exe files at their designated time but the success rate  of running each .exe in full, to completion, without error is very low at about 30%. Things that commonly go wrong include a browser not opening but movement still continues on the desk top. Other times things just do not happen at all.
      2. I have Windows 7 64 bit and have tried creating and running both (x86) and (x64) .exe files but again reliability problems exist;
      3. I have also tried moving each .exe file to the My Documents folder as I read someone that keeping your files on your desktop ties your files to individual Windows user profiles which can cause AutoIt operating errors. Not sure if this is correct but thought I would try it anyway. It did not fix my issue.
      4. I installed a program called AlwaysUp which supposedly always reliably runs in the background and will reliably execute your AutoIt script or .exe files. Still have significant reliability issues.
      Therefore, can someone please provide advice on how I can get my 5 different .au3 files to run at 5 designated times through the day, every day, without fail? Overtime I will be creating more and more different .au3 files to run certain tasks throughout the day and do not want to create one large AutoIt file that continually runs and attempts to do all the different tasks itself.
      Any help is very appreciated.
      Thanks
      Dan
       
       
    • hugomito
      By hugomito
      Hi all,
      I built an AutoIt application that interacts with several other applications/software. Now, it's turn to interfact with Visual Studio Team Services (VSTS).
      Does anyone has a blog, demo, script to share?
      Thanks!
    • Viki
      By Viki
      This is my first time here so please dont bombard me that what a silly question I am asking!!
      I have 500 rows (A1:A500) in a spreadsheet and I just want to copy one by one row and then paste into another application and then press enter, loop should repeat this until finishes all 500 rows.
      I have looked at clipget(), clip(put() but dont know how to select next row in next turn. I also looked at Array to store but again no luck. Can some guide me please..
    • RTFC
      By RTFC
      CodeCrypter enables you to encrypt scripts without placing the key inside the script.
      This is because this key is extracted from the user environment at runtime by, for example:
      password user query any macro (e.g., @username) any AutoIt function call any UDF call some permanent environment variable on a specific machine (and not created by your script) a server response a device response anything else you can think of, as long as it's not stored in the script any combination of the above You need several scripts to get this to work, and they are scattered over several threads, so here's a single bundle that contains them all (including a patched version of Ward's AES.au3; with many thanks to Ward for allowing me to include this script here):
      CodeScannerCrypter.bundle.v2.2.7z
      Note: if you experience issues under Win8/8.1 (as some users have reported), please upgrade to Win10 (or use Win7) if you can; as far as I can tell, the scripts in the bundle all work under Win7 & Win10 (and XP). Moreover, I have no access to a Win8 box, so these issues will not be fixed, at least not by yours truly.
       
      How the bits and pieces fit together:
      CodeCrypter is a front-end for the MCF UDF library (you need version 1.3 or later). Its thread is here:
      '?do=embed' frameborder='0' data-embedContent>>
      The MCF package (also contained in the CodeScannerCrypter bundle) contains MCF.au3 (the library itself) plus a little include file called MCFinclude.au3. The latter you have to include in any script you wish to encrypt. Any code preceding it will not be encrypted, any code following it will be encrypted. You define the dynamic key inside MCFinclude.au3, in the UDF: _MCFCC_Init().
      From the same post you can download an MCF Tutorial which I heartily recommend, because encrypting a script requires a number of steps in the right order, namely:
      In MCFinclude.au3, define and/or choose your dynamic key(s) (skip this step = use default setting) include MCFinclude.au3 in your target script Run CodeScanner (version 2.3+) on your target script, with setting WriteMetaCode=True (see '?do=embed' frameborder='0' data-embedContent>>), then close CodeScanner. Start CodeCrypter press the Source button to load your target file enable Write MCF0 (tick the first option in Main Settings) Enable "Encrypt" (last option in the Main Settings) Go to the Tab Encrypt and set up the encryption the way you want (skip this = use default settings) Return to Main Tab and press "Run" if all goes well, a new script called MCF0test.au3 is created in the same directory as your target. It has no includes and no redundant parts. Please check that it works as normal. (see Remarks if not) It all sounds far more complicated than it is, really.
      Not convinced? Check out this updated and extended Q & A pdf (FAQ, also included in the bundle) to help you get started:
      CodeCrypterFAQ.pdf
       
      BackTranslation is a test to check that the MetaCode translation worked. Skip it at your peril. It also turns your multi-include composite script into a single portable file without redundant parts (you can opt to leave the redundant parts in, if you want).
      CodeCrypter can also obfuscate (vars and UDF names) and replace strings, variable names and UDF names with anything else you provide, for  example, for language translation). After CodeScanner separates your target's structure from its contents, CodeCrypter (actually MCF, under the hood) can change any part, and then generate a new script from whichever pieces you define. See the MCF Tutorial for more explanation and examples.
       
      Important!
      You need the following additional scripts to get anything to work (now all included in the bundle):
      CodeScanner.au3 version 2.9+ (in the CodeScanner zip in the CodeScanner thread, link above) readCSdatadump.au3 (version 1.1+, in the CodeScanner zip) MCF.au3 (version 1.3+, in the MCF zip in the MCF thread, link above) MCFinclude.au3 (version 1.1+, in the MCF zip) AES.au3, by Ward (now also included in bundle, thanks to Ward), see '?do=embed' frameborder='0' data-embedContent>> As you can see, encryption currently relies on Ward excellent AES UDF, but you can replace this with any other algorithm you like; just edit MCFinclude.au3 UDF _MCFCC(), and MCF.au3 UDF _EncryptEntry().
      Going to lie down now...
      RT
      CodeCrypterFAQ.pdf