Sign in to follow this  
Followers 0
Tumulus

Help with Hash

6 posts in this topic

I am creating a script that changes important account information, including passwords and usernames, but I can't take the input from a user at runtime. I could get the script to work with the information included in variables, but that is a security risk we want to avoid. As far as I can tell, _Crypt_HashData or possible _Crypt_EncryptData are how I would go about this. I looked at the help file and I am struggling to understand the implementation. 

Do I need an external document with the info? That would present the same issue. Do I need to create the variable and then run the function in another script and then add it in? I am quite lost.

Could somone give me a basic step-by-step rundown? 

Share this post


Link to post
Share on other sites



You would use EncryptData to do what you want. What you're going to need is a crypt key that is used to encrypt and decrypt the information.

#include <Crypt.au3>

_Crypt_Startup()
Global $sCryptKey = "EncryptThisData"
Global $sUsername = _Crypt_EncryptData("FakeUsername2016", $sCryptKey, $CALG_AES_256)
Global $sPassword = _Crypt_EncryptData("!FakePassword2016", $sCryptKey, $CALG_AES_256)

MsgBox("", "Encrypted Data", "Username: " & $sUsername & @CRLF & "Password: " & $sPassword)

$sUsername = BinaryToString(_Crypt_DecryptData($sUsername, $sCryptKey, $CALG_AES_256))
$sPassword = BinaryToString(_Crypt_DecryptData($sPassword, $sCryptKey, $CALG_AES_256))

MsgBox("", "Decrypt Data", "Username: " & $sUsername & @CRLF & "Password: " & $sPassword)

_Crypt_Shutdown()

You could still store the information in encrypted variables and decrypt them when you need to check it. Your information will still be stored in variables but they'll at least be somewhat protected.

Another alternative is use a database to store all of your information (all of your account information). There is a way to use sqlite to encrypt all of your information and just have the script (user) access the database when it needs it. Prompting the user for the password to access the encrypted database. Wrong password should return an error. What this would mean is to access the database the user needs to give the proper password which is not saved inside of your program. I haven't used it before, I've only seen a couple of topics.

1 person likes this

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

@Tumulus if you search the forum you will find where this has been discussed ad nauseam. In short, you cannot completely protect you script from anyone determined enough (or even half-heatedly interested enough) to get it. If you need that level of security, AutoIt is not the way to go. See some of the threads below as examples:

 

 

 

 

That being said, if you are interested in the encrypting functions they all come with pretty decent examples in the help file. What have you tried on your own? What is not working for you?

 

Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

For password hashing:  secure is one-way encryption :sweating:

Currently I can not break it!
But it is not safe to check with AutoIt, it's too easy to be bypass!

Anyway, use MD5 or SHA1/512 to encryption for your password!


Regards,
 

Share this post


Link to post
Share on other sites

Thanks guys. @InunoTaishou That is a nice little example there. the syntax makes a lot more sense, and from that I can grasp the implementation.

Also, I understand that AutoIT isn't the most secure, and we will look at some other solutions. Really though, the big goal is to not have the passwords show up in various i house admin tools that run using administrator credentials and the security risk isn't so great as to stop using them. Those threads were really interesting though, and made me aware of some risks that I did not understand. Good links.

Share this post


Link to post
Share on other sites

Got it to work! Thanks @InunoTaishou the example was perfect.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • RoundChecker
      By RoundChecker
      Hi everyone,

      Is there a way to determine whether the script that is running, is already running, without using;
       
      If WinExists ?

      Or is there a way to use "If WinExists" to determine the script itself?

      The reason I am asking this is because if I want someone to run the .Exe I have and they rename it to whatever they want, how could I then determine in the script to check if there's already an .Exe open, or the script itself is already open?

      Should I use Class, or how do I achieve this?

      Thanks in advance.
    • svenjatzu
      By svenjatzu
      Id like to build a little helpertool for my boss in office but i dont know how to sart it.
      thats no complicated task. im working for an insurancecenter and have to search the customers in different orders and different tags.
      due to my boss is old and not really commen with pc he saves the customers without system.
      eg, customer andreas statham got an insurenca for his car then i got to search for
      andreas statham car, andreas car statham, car andreas statham, statham andreas car, statham car andreas, car statham andreass etc to find all the files from this customer in the harddrive.
      some customers also are fmiliarnamed in one file like andreas statam and monika rog are married an both got a carinsurance then i got to earch for
      andreas statham monika rog car, andreas statham monika car rog,.... this can take real long to find the right customer if i do it from hand.
      how can i realise this someone in here got an excamlple script or has any sugestion?
       
       
    • X_xkijux_x
      By X_xkijux_x
      Ok so im using this program. clarify for school. I would like to have a program that takes every word i type in microsoft word and searches on it in claryfi. is this possible. I would like to have the program not stopping me from typing more after that word. Like when i type a word it auto search it on clarify without making me stop typing and if i want to change i can do that and if im fine that word i can just keep typing and it will search after the next word. 
    • Miliardsto
      By Miliardsto
      Is this possible to make program works like in diagram? There is so much encryption methods and UDFs are they give security? If the $Address will be crypted with some encryption algorithm could be possible to get the value of $Address in easy way? Of course We know its easy too look into autoit code and get value of variable and so We dont want to anyone see $Address value - there are functions Could func1.au3, func2.au3.. be for example func1.php or other type of file? As we know .php files are unnable to see. For example func1 would be read by FileRead() and then Execute() Is this generally possible to do?
      Will it give secure?
      What do you think about? Maybe there is something wrong in this concept or missed.

    • JaredStroeb
      By JaredStroeb
      I need to open an application and send it keys in Session 0.  I have exe's working locally, I can see the application open in session 0 through interactive services, but my send commands do not go to the application.  The following article running-autoit-session-0, directs me to use ControlSend() however my application has no controls that can be identified by AutoIt v3 Window Info.  Get All Windows Controls also returned nothing for the application's handle.  
      What are my options?  
      Can this be done with AutoIt?
      Is there a different "relatively simple" library/tool to use? (I am familiar with C# if there is a viable library there )