Jump to content
Sign in to follow this  
Tumulus

Help with Hash

Recommended Posts

Tumulus

I am creating a script that changes important account information, including passwords and usernames, but I can't take the input from a user at runtime. I could get the script to work with the information included in variables, but that is a security risk we want to avoid. As far as I can tell, _Crypt_HashData or possible _Crypt_EncryptData are how I would go about this. I looked at the help file and I am struggling to understand the implementation. 

Do I need an external document with the info? That would present the same issue. Do I need to create the variable and then run the function in another script and then add it in? I am quite lost.

Could somone give me a basic step-by-step rundown? 

Share this post


Link to post
Share on other sites
InunoTaishou

You would use EncryptData to do what you want. What you're going to need is a crypt key that is used to encrypt and decrypt the information.

#include <Crypt.au3>

_Crypt_Startup()
Global $sCryptKey = "EncryptThisData"
Global $sUsername = _Crypt_EncryptData("FakeUsername2016", $sCryptKey, $CALG_AES_256)
Global $sPassword = _Crypt_EncryptData("!FakePassword2016", $sCryptKey, $CALG_AES_256)

MsgBox("", "Encrypted Data", "Username: " & $sUsername & @CRLF & "Password: " & $sPassword)

$sUsername = BinaryToString(_Crypt_DecryptData($sUsername, $sCryptKey, $CALG_AES_256))
$sPassword = BinaryToString(_Crypt_DecryptData($sPassword, $sCryptKey, $CALG_AES_256))

MsgBox("", "Decrypt Data", "Username: " & $sUsername & @CRLF & "Password: " & $sPassword)

_Crypt_Shutdown()

You could still store the information in encrypted variables and decrypt them when you need to check it. Your information will still be stored in variables but they'll at least be somewhat protected.

Another alternative is use a database to store all of your information (all of your account information). There is a way to use sqlite to encrypt all of your information and just have the script (user) access the database when it needs it. Prompting the user for the password to access the encrypted database. Wrong password should return an error. What this would mean is to access the database the user needs to give the proper password which is not saved inside of your program. I haven't used it before, I've only seen a couple of topics.

  • Like 1

Share this post


Link to post
Share on other sites
JLogan3o13

@Tumulus if you search the forum you will find where this has been discussed ad nauseam. In short, you cannot completely protect you script from anyone determined enough (or even half-heatedly interested enough) to get it. If you need that level of security, AutoIt is not the way to go. See some of the threads below as examples:

 

 

 

 

That being said, if you are interested in the encrypting functions they all come with pretty decent examples in the help file. What have you tried on your own? What is not working for you?

 

Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
VIP

For password hashing:  secure is one-way encryption :sweating:

Currently I can not break it!
But it is not safe to check with AutoIt, it's too easy to be bypass!

Anyway, use MD5 or SHA1/512 to encryption for your password!


Regards,
 

Share this post


Link to post
Share on other sites
Tumulus

Thanks guys. @InunoTaishou That is a nice little example there. the syntax makes a lot more sense, and from that I can grasp the implementation.

Also, I understand that AutoIT isn't the most secure, and we will look at some other solutions. Really though, the big goal is to not have the passwords show up in various i house admin tools that run using administrator credentials and the security risk isn't so great as to stop using them. Those threads were really interesting though, and made me aware of some risks that I did not understand. Good links.

Share this post


Link to post
Share on other sites
Tumulus

Got it to work! Thanks @InunoTaishou the example was perfect.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • careca
      By careca
      Let's say you have some files you dont want anyone to know what they are,
      and you dont want anyone to be able to open them, you could encrypt them,
      but if the files are big it'll take a long time to do the operations for you to be able to open those files.
      I made this to make this process faster, and still not easy for someone to open the files, or even know what type they are.
      What it does is change the filename to a random number with 8 digits and .inc extension.
      The original filename is encrypted in the file itself, with a PIN provided by the user up to 4 digits, this PIN is also a number that's going to be used to split the file and change it internally, so the end result is a file with a header that's got the original filename encrypted, and the rest of the file scrambled a bit.
      The way it works is simple, place the application in a folder where you want to hide the files, it will ask for a pin, after you press ok, the application asks :
      Encrypt or decrypt?
      If encrypt, the files will become the 8 digit .inc files.
      The originals will stay, the user can delete the originals or do whatever.
      Then to open the files back, same process, but this time choose decrypt, and a listview will show the random filenames and the corresponding decrypted/original filenames and extension, uppon double click they open with whatever application is the default for them. There's a search feature, and an "extract all" button, to get all files back to original/unencrypted versions.
      Feedback is wellcome.
    • BogdanNicolescu
      By BogdanNicolescu
      While 1 / / / A whole bunch of codes found in help and here: https://www.autoitscript.com/autoit3/docs/ / / / WEnd OR:

       
      HotKeySet("{ESC}", "Terminate") While 1 MouseClick("Right",674,422) MouseClick("Left",673,447) Sleep(2000) / / / A whole bunch of codes found in help and here: https://www.autoitscript.com/autoit3/docs/ / / / MouseClick("Left",675,339) SLeep(3000) WEnd Func Terminate()     Exit 0 EndFunc  
      Sorry if i should't let this here to be found by newbies like me -.-'
    • santoshM
      By santoshM
      Dear friends i am facing a problem , i have created a window in autoit some time it is moving with the mouse curser even if iam not clicking the window 
    • sumanth1980
      By sumanth1980
      Here i am wrote a simple lines to install basic applications but when i clicked on one application/program to install it was working fine but when i cancel the program in the middle to install another program it was not working. I am not an expert in this but i want a solution for this ... Can any one help me on this....
      ORG-1.au3
    • PleaseHelpMEIWillLoveyou
      By PleaseHelpMEIWillLoveyou
      Is there a way to use a custom terminal or something from my pc and run a script on another pc.
      please let me know if its possible
      (not for anything bad just for a project im working on)
×