Jump to content

setting a password on my script and EXE (Resolved)


DssLexius
 Share

Recommended Posts

Just whipped this up. If you are only worried about checking the password when compiled, look at the @compiled macro.

$correctPassword = False
For $i = 0 To 2
$password = InputBox("Password", "What is the password?", "xxxx", "*")
If $password == "My Secret Password" Then 
    $correctPassword = True
    ExitLoop
Else
    MsgBox(0,"","Wrong Password")
EndIf
Next

If Not $correctPassword Then Exit

MsgBox(0,"","Your entered the correct password, so your program is running")
Link to comment
Share on other sites

try this

Password_Protect()
; Dated: Sep-23-2008
; WB: ChromeFan
Func Password_Protect()
    $Total_Counts = 3
    $Try = 1
    $File_Access =  "Disallowd"
    $Your_Password =  "ChromeFan"
    ConsoleWrite(""    & @CRLF)
    $InputBox_1 = InputBox( "Access Protected",  "Please Enter your password (Case sensitive)" & @CRLF & @CRLF & "My Program Name (Example)"& @CRLF & @CRLF &"Author: Your Name",  "",  "*")
    If $InputBox_1 == $Your_Password Then
        $File_Access =  "Granted"
        MsgBox(64,  "Password Accepted",  "Welcome," & @CRLF & @CRLF & @UserName & @CRLF & @CRLF & @ComputerName)
    Else
        Do
            $InputBox_2 = InputBox( "Access Denied",  "The Password provided by you is wrong."& @CRLF & @CRLF &"Please Reinter your password."& @CRLF & @CRLF &"Author: Your Name",  "",  "*")
            If $Your_Password = $InputBox_2 Then
                $File_Access =  "Granted"
                MsgBox(64,  "Password Accepted",  "Welcome," & @CRLF & @CRLF & @UserName & @CRLF & @CRLF & @ComputerName)
                ExitLoop
            EndIf
            $Try += 1
        Until $Try = $Total_Counts
    EndIf
    If $File_Access =  "Allowed" Then
        MsgBox(48, "Access Granted", "Some Text")
    Else
        MsgBox(48, "You can not access this program!",  "You have tried more then 3 times to enter the correct password."&@CRLF&"But the password was always wrong."&@CRLF&"Sorry! Program will now close.")
        Exit
    Return
    endif  
EndFunc ;==>_Password_Protect()
Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, ‘What happened?’” –Casey Stengel
Link to comment
Share on other sites

It's gonna be more work, but if you want to store the password in the script then I recommend creating a hash of the pwd and storing that. That means of course you'll have to implement a hash mechanism of some sort, but there are plenty of examples on this forum.

Edited by spudw2k
Link to comment
Share on other sites

It's gonna be more work, but if you want to store the password in the script then I recommend creating a hash of the pwd and storing that. That means of course you'll have to implement a hash mechanism of some sort, but there are plenty of examples on this forum.

i dont know anything about hash mechanism because i am new to coding...
Link to comment
Share on other sites

thanks for your efforts but the customer want to use multiple passwords or any better way of protection like generating new keys for each user.

i hope some of you will give the same support as both of you gave me.

If users launch this from a network or have access to a common folder on the network, you could store individual user keys in a config (INI) file and authenticate it. Of course you would need to encrypt the key before writing to config and decrypt while running the application to challenge casual hackers.
Link to comment
Share on other sites

Here's an example of using a hash to store an encypted password using mrRevoked's Hashing using mahine code and the example above from Prab.

#include <md5.au3>

$pass = "0x78C5D6797011323278C9D593AB0A37D7" ; <-- = "This is my password!"

$correctPassword = False
For $i = 0 To 2
$password = InputBox("Password", "What is the password?", "xxxx", "*")
If _MD5($password) = $pass Then
    $correctPassword = True
    ExitLoop
Else
    MsgBox(0,"","Wrong Password")
EndIf
Next

If Not $correctPassword Then Exit

MsgBox(0,"","Your entered the correct password, so your program is running")
Edited by spudw2k
Link to comment
Share on other sites

Expanding spudw2k's suggestion to include (mine) for a config file on a shared drive:

#include <md5.au3>

$IniFile = @WorkingDir & "\config.Ini"
If NOT FileExists($IniFile) Then $IniFile = @ScriptDir & "\config.Ini"
If NOT FileExists($IniFile) Then 
   MsgBox(4096, "Problem", "Could NOT Find Application's Configuration File !")
   Exit
EndIf

$UserPwd = IniRead($IniFile, @UserName, "PWD", "")
If StringLen($UserPwd) < 1 Then
   MsgBox(4096, "Problem", "You are NOT authorized to use this Application" & @CRLF & "Contact Application's Administrator to Authorize you")
   Exit
EndIf

$UserPwd = _MD5($UserPwd)

Local $I, $Response
For $I = 0 to 2
      $Response = InputBox("Password", "Enter Application Password", "", "*")
      If StringLen($Response) < 1 Then Exit
      If $Response = $UserPwd Then ExitLoop
Next;$I
If $Response <> $UserPwd Then Exit

; The rest of your Application Code...

You would create a separate App. to generate and Store Passwords for every User and store it on a shared drive

#include <md5.au3>
$IniFile = @WorkingDir & "\config.Ini"; Or Make it Interactive so you can select the INI File name/location
$UserID = "JoeUser"; Again an example, make it an input box
$UserPwd = "JoesPassword"; Give Joe this unhashed Password
IniWrite($IniFile, $UserID, "PWD", _MD5($UserPwd))
Link to comment
Share on other sites

thanks to all of you who helped me but this is not what i am trying to achieve.

i want a protection something like KeyGen's. my program will create new user name and password for each user. and the password will only work if it is used on correct pc which have same userName and on other computers this u/password should not work at all.

i will create a KeyGen which will create new keys for each user. anyone can help me? any ideas? any links? any code? any example?

Link to comment
Share on other sites

thanks to all of you who helped me but this is not what i am trying to achieve.

i want a protection something like KeyGen's. my program will create new user name and password for each user. and the password will only work if it is used on correct pc which have same userName and on other computers this u/password should not work at all.

i will create a KeyGen which will create new keys for each user. anyone can help me? any ideas? any links? any code? any example?

You can implement a check against the computer for unique info. i.e. Hostname, HD Serial, MacAddress, etc.

_MD5($password & @ComputerName & DriveGetSerial("C:"))

Edited by spudw2k
Link to comment
Share on other sites

no, i want to create a KeyGen for it but i have no idea about it.

how can i get HDD serial? (Not Drive Serial)

I thought DriveGetSerial did that. The DriveGetSerial for c: is not he same as the volume serial (at least on my pc) Edited by spudw2k
Link to comment
Share on other sites

You might also want to check out http://www.autoitscript.com/forum/index.ph...mp;#entry570458. It doesn't have the stuff about locking a login to a computer(you could add that), but it works well enough for a home application.

Gotta love that UDF... :) >_< :idiot:

LOL anyway. You could easily restrict it to a single computer by changing:

_StringEncrypt(1, $loginPS, $loginUN & $EncryptionPassword & $loginPS, $EncryptionLevel)oÝ÷ Ù:ºÚ"µÍÔÝ[Ñ[Ü
K   ÌÍÛÙÚ[Ë   ÌÍÛÙÚ[S    [È ÌÍÑ[Ü[ÛÜÝÛÜ    [È ÌÍÛÙÚ[È   [ÈÙ[YK    ÌÍÑ[Ü[Û][
oÝ÷ ØêÚ*¶¢YhÂ)àrwjëh×6@OSType
@OSVersion
@ProcessorArch
@ComputerName

This IMO is the best way to secure a file because even if the hacker decompiles the EXE he still needs your password you entered to decrypt it.

Link to comment
Share on other sites

You could try something like this, but obviously leave the generating function out of the script.

If somebody figures out how the pass is generated (in this case a SHA1 hash of a md5 hash of the username) they could create their own passwords for any username.

You may thank Siao for his wonderful hash UDF.

#include <GUIConstants.au3>
$Form1 = GUICreate("TEST LOGIN", 450, 180)
$InputName = GUICtrlCreateInput("", 40, 32, 313, 21)
$InputPass = GUICtrlCreateInput("", 40, 80, 313, 21)
$Label1 = GUICtrlCreateLabel("Username", 136, 8, 50, 17)
$Label2 = GUICtrlCreateLabel("Password", 136, 56, 50, 17)
$Label3 = GUICtrlCreateLabel("Generated Pass 4 new users", 100, 125, 200, 17)
$Button1 = GUICtrlCreateButton("Login", 368, 32, 65, 73, 0)
$GenPass = GUICtrlCreateInput("", 40, 144, 313, 21)
GUISetState(@SW_SHOW)

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $Button1
            Authenticate(GUICtrlRead($InputName), GUICtrlRead($InputPass))
    EndSwitch
    If GUICtrlRead( $GenPass ) <> GenPassword(GUICtrlRead($InputName)) Then GUICtrlSetData($GenPass, GenPassword(GUICtrlRead($InputName)))
WEnd

Func Authenticate($Name, $Pass)
    If $Pass = _Crypt_HashData(_Crypt_HashData($Name), 0x8004) Then
        MsgBox(0, "TEST", "ALLOWED")
    Else
        MsgBox(0, "TEST", "DENIED")
    EndIf
EndFunc   ;==>Authenticate
Func GenPassword($UName)
    Return _Crypt_HashData(_Crypt_HashData($UName), 0x8004)
EndFunc   ;==>GenPassword

;===============================================================================
; Function Name:    _Crypt_HashData()
; Description:      Calculate hash from data
; Syntax:
; Parameter(s):  $vData - data to hash, can be binary or a string
;               $iAlgID - hash algorithm identifier, can be one of the following:
;                  0x8001 = MD2
;                  0x8002 = MD4
;                  0x8003 = MD5 (default)
;                  0x8004 = SHA1
;                  also see http://msdn.microsoft.com/en-us/library/aa375549(VS.85).aspx
; Requirement(s):
; Return Value(s):  Success = Returns hash string
;               Failure = Returns empty string and sets error:
;                  @error -1 = error opening advapi32.dll
;                  @error 1 = failed CryptAcquireContext
;                  @error 2 = failed CryptCreateHash
;                  @error 3 = failed CryptHashData
; Author(s):   Siao
; Modification(s):
;===============================================================================
Func _Crypt_HashData($vData, $iAlgID = 0x8004)
    Local $hDll = DllOpen('advapi32.dll'), $iLen = BinaryLen($vData), $hContext, $hHash, $aRet, $sRet = "", $iErr = 0, $tDat = DllStructCreate("byte[" & $iLen+1 & "]"), $tBuf
    DllStructSetData($tDat, 1, $vData)
    If $hDll = -1 Then Return SetError($hDll,0,$sRet)
    $aRet = DllCall($hDll,'int','CryptAcquireContext', 'ptr*',0, 'ptr',0, 'ptr',0, 'dword',1, 'dword',0xF0000000) ;PROV_RSA_FULL = 1; CRYPT_VERIFYCONTEXT = 0xF0000000
    If Not @error And $aRet[0] Then
        $hContext = $aRet[1]
        $aRet = DllCall($hDll,'int','CryptCreateHash', 'ptr',$hContext, 'dword',$iAlgID, 'ptr',0, 'dword',0, 'ptr*',0)
        If $aRet[0] Then
            $hHash = $aRet[5]
            $aRet = DllCall($hDll,'int','CryptHashData', 'ptr',$hHash, 'ptr',DllStructGetPtr($tDat), 'dword',$iLen, 'dword',0)
            If $aRet[0] Then
                $aRet = DllCall($hDll,'int','CryptGetHashParam', 'ptr',$hHash, 'dword',2, 'ptr',0, 'int*',0, 'dword',0) ;HP_HASHVAL = 2
                $tBuf = DllStructCreate("byte[" & $aRet[4] & "]")
                DllCall($hDll,'int','CryptGetHashParam', 'ptr',$hHash, 'dword',2, 'ptr',DllStructGetPtr($tBuf), 'int*',$aRet[4], 'dword',0)
                $sRet = Hex(DllStructGetData($tBuf, 1))
            Else
                $iErr = 3
            EndIf
            DllCall($hDll,'int','CryptDestroyHash', 'ptr',$hHash)
        Else
            $iErr = 2
        EndIf
        DllCall($hDll,'int','CryptReleaseContext', 'ptr',$hContext, 'dword',0)
    Else
        $iErr = 1
    EndIf
    DllClose($hDll)
    Return SetError($iErr,0,$sRet)
EndFuncoÝ÷ Ø@ÈLêâ*.Á©íjÉW«éÞ­«^v¬³
+u«­¢+Ø¥¹±Õ±ÐíU%
½¹ÍѹÑ̹ÔÌÐì(ÀÌØí½É´ÄôU%
ÉÑ ÅÕ½ÐíQMP1=%8ÅÕ½Ðì°ÐÔÀ°ÄàÀ¤(ÀÌØí%¹ÁÕÑ9µôU%
Ñɱ
ÉÑ%¹ÁÕÐ ÅÕ½ÐìÅÕ½Ðì°ÐÀ°ÌÈ°ÌÄÌ°ÈĤ(ÀÌØí%¹ÁÕÑAÍÌôU%
Ñɱ
ÉÑ%¹ÁÕÐ ÅÕ½ÐìÅÕ½Ðì°ÐÀ°àÀ°ÌÄÌ°ÈĤ(ÀÌØí1°ÄôU%
Ñɱ
ÉÑ1° ÅÕ½ÐíUÍɹµÅÕ½Ðì°ÄÌØ°à°ÔÀ°Äܤ(ÀÌØí1°ÈôU%
Ñɱ
ÉÑ1° ÅÕ½ÐíAÍÍݽÉÅÕ½Ðì°ÄÌØ°ÔØ°ÔÀ°Äܤ(ÀÌØí1°ÌôU%
Ñɱ
ÉÑ1° ÅÕ½Ðí¹ÉÑAÍÌйÜÕÍÉÌÅÕ½Ðì°ÄÀÀ°ÄÈÔ°ÈÀÀ°Äܤ(ÀÌØí  ÕÑѽ¸ÄôU%
Ñɱ
ÉÑ    ÕÑѽ¸ ÅÕ½Ðí1½¥¸ÅÕ½Ðì°ÌØà°ÌÈ°ØÔ°ÜÌ°À¤(ÀÌØí¹AÍÌôU%
Ñɱ
ÉÑ%¹ÁÕÐ ÅÕ½ÐìÅÕ½Ðì°ÐÀ°ÄÐаÌÄÌ°ÈĤ)U%MÑMÑÑ¡M]}M!=¤()]¡¥±Ä($ÀÌØí¹5ÍôU%Ñ5Í ¤(%MÝ¥Ñ ÀÌØí¹5Í($%
ÍÀÌØíU%}Y9Q}
1=M($$%á¥Ð($%
ÍÀÌØí  ÕÑѽ¸Ä($$%ÕÑ¡¹Ñ¥Ñ¡U%
ÑɱI ÀÌØí%¹ÁÕÑ9µ¤°U%
ÑɱI ÀÌØí%¹ÁÕÑAÍ̤¤(%¹MÝ¥Ñ (%%U%
ÑɱI ÀÌØí¹AÍ̤±ÐìÐì¹AÍÍݽɡU%
ÑɱI ÀÌØí%¹ÁÕÑ9µ¤¤Q¡¸U%
ÑɱMÑÑ ÀÌØí¹AÍÌ°¹AÍÍݽɡU%
ÑɱI ÀÌØí%¹ÁÕÑ9µ¤¤¤)]¹()Õ¹ÕÑ¡¹Ñ¥Ñ ÀÌØí9µ°ÀÌØíAÍ̤($ÀÌØí9µô}
ÉåÁÑ}!Í¡Ñ¡}
ÉåÁÑ}!Í¡Ñ ÀÌØí9µ¤°ÁààÀÀФ($ÀÌØí9µôMÑÉ¥¹1Ð ÀÌØí9µ°Ð¤µÀìMÑÉ¥¹I¥¡Ð ÀÌØí9µ°Ð¤(%%ÀÌØíAÍÌôÀÌØí9µQ¡¸($%5Í ½à À°ÅÕ½ÐíQMPÅÕ½Ðì°ÅÕ½Ðí11=]ÅÕ½Ðì¤(%±Í($%5Í    ½à À°ÅÕ½ÐíQMPÅÕ½Ðì°ÅÕ½Ðí9%ÅÕ½Ðì¤(%¹%)¹Õ¹ìôôÐíÕÑ¡¹Ñ¥Ñ)Õ¹¹AÍÍÝ½É ÀÌØíU9µ¤($ÀÌØí¡Í ô}
ÉåÁÑ}!Í¡Ñ¡}
ÉåÁÑ}!Í¡Ñ ÀÌØíU9µ¤°ÁààÀÀФ($ÀÌØí¡Í ôMÑÉ¥¹1Ð ÀÌØí¡Í °Ð¤µÀìMÑÉ¥¹I¥¡Ð ÀÌØí¡Í °Ð¤(%IÑÕɸÀÌØí¡Í )¹Õ¹ìôôÐí¹AÍÍݽÉ((ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô(ìչѥ½¸9µè}
ÉåÁÑ}!Í¡Ñ ¤(ìÍÉ¥ÁÑ¥½¸è
±Õ±Ñ¡Í ɽ´Ñ(ìMå¹Ñàè(ìAɵÑȡ̤èÀÌØíÙÑ´ÑѼ¡Í °¸¥¹Éä½ÈÍÑÉ¥¹(ìÀÌØí¥±%´¡Í ±½É¥Ñ¡´¥¹Ñ¥¥È°¸½¹½Ñ¡½±±½Ý¥¹è(ìÁààÀÀÄô5È(ìÁààÀÀÈô5Ð(ìÁààÀÀÌô5ԡձФ(ìÁààÀÀÐôM!Ä(ì±Í¼Í¡ÑÑÀè¼½µÍ¸¹µ¥É½Í½Ð¹½´½¸µÕ̽±¥ÉÉä½ÌÜÔÔÐä¡YL¸àÔ¤¹ÍÁà(ìIÅեɵ¹Ð¡Ì¤è(ìIÑÕɸY±Õ¡Ì¤èMÕÍÌôIÑÕÉ¹Ì¡Í ÍÑÉ¥¹(쥱ÕÉôIÑÕɹ̵ÁÑäÍÑÉ¥¹¹ÍÑÌÉɽÈè(ìÉɽȴÄôÉɽȽÁ¹¥¹ÙÁ¤Ìȹ±°(ìÉɽÈÄô¥±
ÉåÁÑÅÕ¥É
½¹ÑáÐ(ìÉɽÈÈô¥±
ÉåÁÑ
ÉÑ!Í (ìÉɽÈÌô¥±
ÉåÁÑ!Í¡Ñ(ìÕÑ¡½È¡Ì¤èM¥¼(ì5½¥¥Ñ¥½¸¡Ì¤è(ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô)Õ¹}
ÉåÁÑ}!Í¡Ñ ÀÌØíÙÑ°ÀÌØí¥±%ôÁààÀÀФ(1½°ÀÌØí¡±°ô±±=Á¸ ÌäíÙÁ¤Ìȹ±°Ìä줰ÀÌØí¥1¸ô ¥¹Éå1¸ ÀÌØíÙѤ°ÀÌØí¡
½¹ÑáаÀÌØí¡!Í °ÀÌØíIаÀÌØíÍIÐôÅÕ½ÐìÅÕ½Ðì°ÀÌØí¥ÉÈôÀ°ÀÌØíÑÐô±±MÑÉÕÑ
ÉÑ ÅÕ½ÐíåÑlÅÕ½ÐìµÀìÀÌØí¥1¸¬ÄµÀìÅÕ½ÐítÅÕ½Ð줰ÀÌØíÑ  Õ(±±MÑÉÕÑMÑÑ ÀÌØíÑаİÀÌØíÙѤ(%ÀÌØí¡±°ô´ÄQ¡¸IÑÕɸMÑÉÉ½È ÀÌØí¡±°°À°ÀÌØíÍIФ(ÀÌØíIÐô±±
±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí
ÉåÁÑÅÕ¥É
½¹ÑáÐÌäì°ÌäíÁÑȨÌäì°À°ÌäíÁÑÈÌäì°À°ÌäíÁÑÈÌäì°À°ÌäíݽÉÌäì°Ä°ÌäíݽÉÌäì°ÁáÀÀÀÀÀÀÀ¤íAI=Y}IM}U10ôÄì
IeAQ}YI%e
=9QaPôÁáÀÀÀÀÀÀÀ(%9½ÐÉɽȹÀÌØíIÑlÁtQ¡¸(ÀÌØí¡
½¹ÑáÐôÀÌØíIÑlÅt(ÀÌØíIÐô±±
±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí
ÉåÁÑ
ÉÑ!Í Ìäì°ÌäíÁÑÈÌäì°ÀÌØí¡
½¹ÑáаÌäíݽÉÌäì°ÀÌØí¥±%°ÌäíÁÑÈÌäì°À°ÌäíݽÉÌäì°À°ÌäíÁÑȨÌäì°À¤(%ÀÌØíIÑlÁtQ¡¸(ÀÌØí¡!Í ôÀÌØíIÑlÕt(ÀÌØíIÐô±±
±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí
ÉåÁÑ!Í¡ÑÌäì°ÌäíÁÑÈÌäì°ÀÌØí¡!Í °ÌäíÁÑÈÌäì±±±MÑÉÕÑÑAÑÈ ÀÌØíÑФ°ÌäíݽÉÌäì°ÀÌØí¥1¸°ÌäíݽÉÌäì°À¤(%ÀÌØíIÑlÁtQ¡¸(ÀÌØíIÐô±±
±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí
ÉåÁÑÑ!Í¡AÉ´Ìäì°ÌäíÁÑÈÌäì°ÀÌØí¡!Í °ÌäíݽÉÌäì°È°ÌäíÁÑÈÌäì°À°Ìäí¥¹Ð¨Ìäì°À°ÌäíݽÉÌäì°À¤í!A}!M!Y0ôÈ(ÀÌØíÑ Õô±±MÑÉÕÑ
ÉÑ ÅÕ½ÐíåÑlÅÕ½ÐìµÀìÀÌØíIÑlÑtµÀìÅÕ½ÐítÅÕ½Ðì¤(±±
±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí
ÉåÁÑÑ!Í¡AÉ´Ìäì°ÌäíÁÑÈÌäì°ÀÌØí¡!Í °ÌäíݽÉÌäì°È°ÌäíÁÑÈÌäì±±±MÑÉÕÑÑAÑÈ ÀÌØíÑ Õ¤°Ìäí¥¹Ð¨Ìäì°ÀÌØíIÑlÑt°ÌäíݽÉÌäì°À¤(ÀÌØíÍIÐô!ࡱ±MÑÉÕÑÑÑ ÀÌØíÑ  հĤ¤(±Í(ÀÌØí¥ÉÈôÌ(¹%(±±
±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí
ÉåÁÑÍÑɽå!Í Ìäì°ÌäíÁÑÈÌäì°ÀÌØí¡!Í ¤(±Í(ÀÌØí¥ÉÈôÈ(¹%(±±
±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí
ÉåÁÑI±Í
½¹ÑáÐÌäì°ÌäíÁÑÈÌäì°ÀÌØí¡
½¹ÑáаÌäíݽÉÌäì°À¤(±Í(ÀÌØí¥ÉÈôÄ(¹%(±±
±½Í ÀÌØí¡±°¤(IÑÕɸMÑÉÉ½È ÀÌØí¥ÉÈ°À°ÀÌØíÍIФ)¹Õ¹
Edited by danwilli
Link to comment
Share on other sites

You could try something like this, but obviously leave the generating function out of the script.

If somebody figures out how the pass is generated (in this case a SHA1 hash of a md5 hash of the username) they could create their own passwords for any username.

You may thank Siao for his wonderful hash UDF.

#include <GUIConstants.au3>
$Form1 = GUICreate("TEST LOGIN", 450, 180)
$InputName = GUICtrlCreateInput("", 40, 32, 313, 21)
$InputPass = GUICtrlCreateInput("", 40, 80, 313, 21)
$Label1 = GUICtrlCreateLabel("Username", 136, 8, 50, 17)
$Label2 = GUICtrlCreateLabel("Password", 136, 56, 50, 17)
$Label3 = GUICtrlCreateLabel("Generated Pass 4 new users", 100, 125, 200, 17)
$Button1 = GUICtrlCreateButton("Login", 368, 32, 65, 73, 0)
$GenPass = GUICtrlCreateInput("", 40, 144, 313, 21)
GUISetState(@SW_SHOW)

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $Button1
            Authenticate(GUICtrlRead($InputName), GUICtrlRead($InputPass))
    EndSwitch
    If GUICtrlRead( $GenPass ) <> GenPassword(GUICtrlRead($InputName)) Then GUICtrlSetData($GenPass, GenPassword(GUICtrlRead($InputName)))
WEnd

Func Authenticate($Name, $Pass)
    If $Pass = _Crypt_HashData(_Crypt_HashData($Name), 0x8004) Then
        MsgBox(0, "TEST", "ALLOWED")
    Else
        MsgBox(0, "TEST", "DENIED")
    EndIf
EndFunc   ;==>Authenticate
Func GenPassword($UName)
    Return _Crypt_HashData(_Crypt_HashData($UName), 0x8004)
EndFunc   ;==>GenPassword

;===============================================================================
; Function Name:    _Crypt_HashData()
; Description:      Calculate hash from data
; Syntax:
; Parameter(s):  $vData - data to hash, can be binary or a string
;               $iAlgID - hash algorithm identifier, can be one of the following:
;                  0x8001 = MD2
;                  0x8002 = MD4
;                  0x8003 = MD5 (default)
;                  0x8004 = SHA1
;                  also see http://msdn.microsoft.com/en-us/library/aa375549(VS.85).aspx
; Requirement(s):
; Return Value(s):  Success = Returns hash string
;               Failure = Returns empty string and sets error:
;                  @error -1 = error opening advapi32.dll
;                  @error 1 = failed CryptAcquireContext
;                  @error 2 = failed CryptCreateHash
;                  @error 3 = failed CryptHashData
; Author(s):   Siao
; Modification(s):
;===============================================================================
Func _Crypt_HashData($vData, $iAlgID = 0x8004)
    Local $hDll = DllOpen('advapi32.dll'), $iLen = BinaryLen($vData), $hContext, $hHash, $aRet, $sRet = "", $iErr = 0, $tDat = DllStructCreate("byte[" & $iLen+1 & "]"), $tBuf
    DllStructSetData($tDat, 1, $vData)
    If $hDll = -1 Then Return SetError($hDll,0,$sRet)
    $aRet = DllCall($hDll,'int','CryptAcquireContext', 'ptr*',0, 'ptr',0, 'ptr',0, 'dword',1, 'dword',0xF0000000) ;PROV_RSA_FULL = 1; CRYPT_VERIFYCONTEXT = 0xF0000000
    If Not @error And $aRet[0] Then
        $hContext = $aRet[1]
        $aRet = DllCall($hDll,'int','CryptCreateHash', 'ptr',$hContext, 'dword',$iAlgID, 'ptr',0, 'dword',0, 'ptr*',0)
        If $aRet[0] Then
            $hHash = $aRet[5]
            $aRet = DllCall($hDll,'int','CryptHashData', 'ptr',$hHash, 'ptr',DllStructGetPtr($tDat), 'dword',$iLen, 'dword',0)
            If $aRet[0] Then
                $aRet = DllCall($hDll,'int','CryptGetHashParam', 'ptr',$hHash, 'dword',2, 'ptr',0, 'int*',0, 'dword',0) ;HP_HASHVAL = 2
                $tBuf = DllStructCreate("byte[" & $aRet[4] & "]")
                DllCall($hDll,'int','CryptGetHashParam', 'ptr',$hHash, 'dword',2, 'ptr',DllStructGetPtr($tBuf), 'int*',$aRet[4], 'dword',0)
                $sRet = Hex(DllStructGetData($tBuf, 1))
            Else
                $iErr = 3
            EndIf
            DllCall($hDll,'int','CryptDestroyHash', 'ptr',$hHash)
        Else
            $iErr = 2
        EndIf
        DllCall($hDll,'int','CryptReleaseContext', 'ptr',$hContext, 'dword',0)
    Else
        $iErr = 1
    EndIf
    DllClose($hDll)
    Return SetError($iErr,0,$sRet)
EndFunc
thanks for it. this is what i was looking for.
Link to comment
Share on other sites

Just because I'm lost on this one...

1) How do you leave the generating function out of the script? You have 2? Or do you use another language to compile it?

2) How is there security in AutoIt it all?

I've asked/searched this for quite a while and it came down to this:

ALL AutoIt scripts can be decompiled (Thus getting how a password is generated)

ALL scripts can be de-obfuscated.

Thanks for explaining it to me :) I'm to stupid to figure out how using HASH instead of some other encrypting algorithm is more secure >_<

Link to comment
Share on other sites

Just because I'm lost on this one...

1) How do you leave the generating function out of the script? You have 2? Or do you use another language to compile it?

2) How is there security in AutoIt it all?

I've asked/searched this for quite a while and it came down to this:

ALL AutoIt scripts can be decompiled (Thus getting how a password is generated)

ALL scripts can be de-obfuscated.

Thanks for explaining it to me :) I'm to stupid to figure out how using HASH instead of some other encrypting algorithm is more secure >_<

1) Just pull the generating function out... You could still figure it out rather easily from the source if you decompiled.

2) You are correct... As far as I have seen as well, the only security offered is security by obscurity, which is not very effective.

And yes, ALL autoit scripts CAN be decompiled, and de-obfuscated. This will only keep honest people honest... anybody that goes looking for a way to break it, will indeed.

The script I posted was simply an example of what the OP was looking for. I posted simply to get some greater minds thinking on the right track and creating a better method hopefully... but still, since all autoit scripts can be decompiled, I don't know how to make it truly secure.

EDIT: Forgot to answer this one:

Thanks for explaining it to me idiot.gif I'm to stupid to figure out how using HASH instead of some other encrypting algorithm is more secure

Well... it isn't. This was just a way to have a unique "password" for a unique username. I was trying to go off of the CD-Key idea the OP was trying to accomplish, where there would be multiple possibilities of acceptable usernames and passwords. Edited by danwilli
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...