Jump to content
Sign in to follow this  
Xenobiologist

Loginwrapper Uds To Secure Mainscript

Recommended Posts

HI again,

thanks for you suggestions. But I think, that will beat-up the useablility of LoginWrapper, because you have to recompile the mainScript. I don't want that.

From my point of new, this is secure enough because:

The user has to...

1. notice that there is another exe started by the loginwrapper.

2. get the name of the second exe process

3. You can call it whatever you want e.g. svchost.exe so it will be hard to identify the process

4. kill the loginWrapper while the mainScript is running

5. find the exe (is hidden and can be stored elsewhere)

6. copy it somewhere else before starting the wrapper again

So long,

Mega

Edited by th.meger

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Very interesint idea :think: But a more secure way to do it, for a program that needs high security, would be to have it authenticate with php/mysql databases. Would be cool ^^

Share this post


Link to post
Share on other sites

Very interesint idea :( But a more secure way to do it, for a program that needs high security, would be to have it authenticate with php/mysql databases. Would be cool ^^

HI,

thanks for the reply. It wasn't made for very high security. :) Just a (as I think) good security for script.exe files you already wrote. Like a authentication feature for autoit-scripts.

And I wanted to do it with Autoit itself, because then you haven't to deploy other files. The user shouldn't notice that he is running a wrapper. :think:

So long,

Mega

Edited by th.meger

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

HI,

anybody out there who tried this excepting me? (Okay yes this is a bump :) )

So long,

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Hi Mega,

a very nice script! But - why shouldn't i use variables for fileinstall?

For me this works fine:

Line 24 : Dim $yourScriptExe = @TempDir & 'c:\MsgBox.exe'
Line 37 : FileInstall('c:\Downloads\AutoIt-Skripte\Entwicklung\Wrapper\MsgBox.exe', @TempDir & 'c:\MsgBox.exe', 1)

Give this a try! :whistle:

CU

Dizzy

Share this post


Link to post
Share on other sites

Hi,

thanks. Glad you like it. I haven't looked at it for a long time, cause I didn't see any reason for imrpoving. :whistle:

I said you cannot use variables, I never said you cannot use macros.

Have a look at the documentation in the help file.

The source file must be a string and not a variable so that the compiler can extract the filename to include. The source cannot contain wildcards.

That's what I meant.

So long,

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Hi Mega,

Very interesint idea, I like it a lot. I did a few minor changes...

1) Line 27

Dim $iniPath = @WindowsDir & '\' changed to Dim $iniPath = @UserProfileDir & '\Application Data\'

All users no matter what rights they have on the system, they always has full read and write access to @UserProfileDir & '\Application Data\'

2) Line 35

FileInstall('c:\Downloads\AutoIt-Skripte\Entwicklung\Wrapper\MsgBox.exe', 'c:\MsgBox.exe', 1) changed to FileInstall('MsgBox.exe', $yourScriptExe, 1)

Changing FileInstall this way, all you need is to have msgbox.exe or the .exe file that you want to use at the same folder as LoginWrapper1.3.au3

3) Line 91

Local $cryptWord = Random(0, 9, 1) changed to Local $cryptWord = Random(1, 9, 1)

As a random number you don't want 0 because $cryptWord[0] is a number and not any of the values assing to it Dim $cryptArray = StringSplit"2we4rf,adfi8,i9lp,we2ay,9o0pw,asdc4,1209i,tz573,98m3,6tg5", ",")

4) At the end of UDF createNewUser() added the following lines:

GUICtrlSetData($username_I, '')

GUICtrlSetData($password_I, '')

GUICtrlSetState($username_I, $Gui_FOCUS)

I'm kind of lazy, after adding a new user this will clear up the input field and set the cursor to the username field so you can add more users.

5) Now when you use the switch "newuser" the script will ask you to login before you can add any other user.


AutoIt Scripts:NetPrinter - Network Printer UtilityRobocopyGUI - GUI interface for M$ robocopy command line

Share this post


Link to post
Share on other sites

HI,

thanks for your feedback. I'll check that later and maybe I'll implement your ideas.

So long,

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Your welcome, I will advise you at least add suggestion number 5 from my preview post. Anybody that find out the switch "newuser" or where ever switch you set. They can add themself by running the script with the switch. In the other hand if you add suggestion 5, now they are force to login before the script allow them to add any user.


AutoIt Scripts:NetPrinter - Network Printer UtilityRobocopyGUI - GUI interface for M$ robocopy command line

Share this post


Link to post
Share on other sites

how did you change the icon to that guy with the hat? :whistle:

Hi,

that is a compile option. Have a look here : http://www.autoitscript.com/autoit3/docs/intro/compiler.htm

So long,

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Nice Work ! :whistle:

What's about : When the user authenticate, it fileinstall the mainscript and delete the login wrapper. That way, it make an initial protection but if the user have the correct login infos then he have access to the mainscript.

Share this post


Link to post
Share on other sites

Hi,

thanks!

Your concept is to protect the included file by one initial password. That can be done with e.g. winzip. Therefore you needn't to use LoginWrapper.

LoginWrapper follows another concept like mentioned above.

So long,

Mega

Edited by th.meger

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Testing code in first post needs tho change old _StringEncrypt function:

 

Changes would be:

#include <Crypt.au3>

Replace all '_StringEncrypt(1,' by 'StringEncrypt(True,' and delete third parameter

Replace all '_StringEncrypt(0,' by 'StringEncrypt(False,' also deleting third parameter

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...