DssLexius Posted September 22, 2008 Share Posted September 22, 2008 (edited) how can i set password on my compiled exe? when the user will open it then it should ask for a password but if the user will give wrong password for three times then the program will exit. can someone assist me? Edited September 23, 2008 by DssLexius Link to comment Share on other sites More sharing options...
Prab Posted September 22, 2008 Share Posted September 22, 2008 Just whipped this up. If you are only worried about checking the password when compiled, look at the @compiled macro. $correctPassword = False For $i = 0 To 2 $password = InputBox("Password", "What is the password?", "xxxx", "*") If $password == "My Secret Password" Then $correctPassword = True ExitLoop Else MsgBox(0,"","Wrong Password") EndIf Next If Not $correctPassword Then Exit MsgBox(0,"","Your entered the correct password, so your program is running") FolderLog GuiSpeech Assist Link to comment Share on other sites More sharing options...
ChromeFan Posted September 22, 2008 Share Posted September 22, 2008 try this Password_Protect() ; Dated: Sep-23-2008 ; WB: ChromeFan Func Password_Protect() $Total_Counts = 3 $Try = 1 $File_Access = "Disallowd" $Your_Password = "ChromeFan" ConsoleWrite("" & @CRLF) $InputBox_1 = InputBox( "Access Protected", "Please Enter your password (Case sensitive)" & @CRLF & @CRLF & "My Program Name (Example)"& @CRLF & @CRLF &"Author: Your Name", "", "*") If $InputBox_1 == $Your_Password Then $File_Access = "Granted" MsgBox(64, "Password Accepted", "Welcome," & @CRLF & @CRLF & @UserName & @CRLF & @CRLF & @ComputerName) Else Do $InputBox_2 = InputBox( "Access Denied", "The Password provided by you is wrong."& @CRLF & @CRLF &"Please Reinter your password."& @CRLF & @CRLF &"Author: Your Name", "", "*") If $Your_Password = $InputBox_2 Then $File_Access = "Granted" MsgBox(64, "Password Accepted", "Welcome," & @CRLF & @CRLF & @UserName & @CRLF & @CRLF & @ComputerName) ExitLoop EndIf $Try += 1 Until $Try = $Total_Counts EndIf If $File_Access = "Allowed" Then MsgBox(48, "Access Granted", "Some Text") Else MsgBox(48, "You can not access this program!", "You have tried more then 3 times to enter the correct password."&@CRLF&"But the password was always wrong."&@CRLF&"Sorry! Program will now close.") Exit Return endif EndFunc ;==>_Password_Protect() Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, What happened? Casey Stengel Link to comment Share on other sites More sharing options...
spudw2k Posted September 22, 2008 Share Posted September 22, 2008 (edited) It's gonna be more work, but if you want to store the password in the script then I recommend creating a hash of the pwd and storing that. That means of course you'll have to implement a hash mechanism of some sort, but there are plenty of examples on this forum. Edited September 22, 2008 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
DssLexius Posted September 22, 2008 Author Share Posted September 22, 2008 thanks for your efforts but the customer want to use multiple passwords or any better way of protection like generating new keys for each user. i hope some of you will give the same support as both of you gave me. Link to comment Share on other sites More sharing options...
DssLexius Posted September 22, 2008 Author Share Posted September 22, 2008 It's gonna be more work, but if you want to store the password in the script then I recommend creating a hash of the pwd and storing that. That means of course you'll have to implement a hash mechanism of some sort, but there are plenty of examples on this forum.i dont know anything about hash mechanism because i am new to coding... Link to comment Share on other sites More sharing options...
DaRam Posted September 22, 2008 Share Posted September 22, 2008 thanks for your efforts but the customer want to use multiple passwords or any better way of protection like generating new keys for each user.i hope some of you will give the same support as both of you gave me.If users launch this from a network or have access to a common folder on the network, you could store individual user keys in a config (INI) file and authenticate it. Of course you would need to encrypt the key before writing to config and decrypt while running the application to challenge casual hackers. Link to comment Share on other sites More sharing options...
spudw2k Posted September 22, 2008 Share Posted September 22, 2008 (edited) Here's an example of using a hash to store an encypted password using mrRevoked's Hashing using mahine code and the example above from Prab.#include <md5.au3> $pass = "0x78C5D6797011323278C9D593AB0A37D7" ; <-- = "This is my password!" $correctPassword = False For $i = 0 To 2 $password = InputBox("Password", "What is the password?", "xxxx", "*") If _MD5($password) = $pass Then $correctPassword = True ExitLoop Else MsgBox(0,"","Wrong Password") EndIf Next If Not $correctPassword Then Exit MsgBox(0,"","Your entered the correct password, so your program is running") Edited September 22, 2008 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
DaRam Posted September 22, 2008 Share Posted September 22, 2008 Expanding spudw2k's suggestion to include (mine) for a config file on a shared drive: #include <md5.au3> $IniFile = @WorkingDir & "\config.Ini" If NOT FileExists($IniFile) Then $IniFile = @ScriptDir & "\config.Ini" If NOT FileExists($IniFile) Then MsgBox(4096, "Problem", "Could NOT Find Application's Configuration File !") Exit EndIf $UserPwd = IniRead($IniFile, @UserName, "PWD", "") If StringLen($UserPwd) < 1 Then MsgBox(4096, "Problem", "You are NOT authorized to use this Application" & @CRLF & "Contact Application's Administrator to Authorize you") Exit EndIf $UserPwd = _MD5($UserPwd) Local $I, $Response For $I = 0 to 2 $Response = InputBox("Password", "Enter Application Password", "", "*") If StringLen($Response) < 1 Then Exit If $Response = $UserPwd Then ExitLoop Next;$I If $Response <> $UserPwd Then Exit ; The rest of your Application Code... You would create a separate App. to generate and Store Passwords for every User and store it on a shared drive #include <md5.au3> $IniFile = @WorkingDir & "\config.Ini"; Or Make it Interactive so you can select the INI File name/location $UserID = "JoeUser"; Again an example, make it an input box $UserPwd = "JoesPassword"; Give Joe this unhashed Password IniWrite($IniFile, $UserID, "PWD", _MD5($UserPwd)) Link to comment Share on other sites More sharing options...
DssLexius Posted September 22, 2008 Author Share Posted September 22, 2008 thanks to all of you who helped me but this is not what i am trying to achieve. i want a protection something like KeyGen's. my program will create new user name and password for each user. and the password will only work if it is used on correct pc which have same userName and on other computers this u/password should not work at all. i will create a KeyGen which will create new keys for each user. anyone can help me? any ideas? any links? any code? any example? Link to comment Share on other sites More sharing options...
spudw2k Posted September 22, 2008 Share Posted September 22, 2008 Nice Example DaRam Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
spudw2k Posted September 22, 2008 Share Posted September 22, 2008 (edited) thanks to all of you who helped me but this is not what i am trying to achieve.i want a protection something like KeyGen's. my program will create new user name and password for each user. and the password will only work if it is used on correct pc which have same userName and on other computers this u/password should not work at all.i will create a KeyGen which will create new keys for each user. anyone can help me? any ideas? any links? any code? any example?You can implement a check against the computer for unique info. i.e. Hostname, HD Serial, MacAddress, etc._MD5($password & @ComputerName & DriveGetSerial("C:")) Edited September 22, 2008 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
DssLexius Posted September 22, 2008 Author Share Posted September 22, 2008 no, i want to create a KeyGen for it but i have no idea about it. how can i get HDD serial? (Not Drive Serial) Link to comment Share on other sites More sharing options...
spudw2k Posted September 22, 2008 Share Posted September 22, 2008 (edited) no, i want to create a KeyGen for it but i have no idea about it.how can i get HDD serial? (Not Drive Serial)I thought DriveGetSerial did that. The DriveGetSerial for c: is not he same as the volume serial (at least on my pc) Edited September 22, 2008 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Prab Posted September 23, 2008 Share Posted September 23, 2008 You might also want to check out http://www.autoitscript.com/forum/index.ph...mp;#entry570458. It doesn't have the stuff about locking a login to a computer(you could add that), but it works well enough for a home application. FolderLog GuiSpeech Assist Link to comment Share on other sites More sharing options...
Szhlopp Posted September 23, 2008 Share Posted September 23, 2008 You might also want to check out http://www.autoitscript.com/forum/index.ph...mp;#entry570458. It doesn't have the stuff about locking a login to a computer(you could add that), but it works well enough for a home application. Gotta love that UDF... >_< LOL anyway. You could easily restrict it to a single computer by changing: _StringEncrypt(1, $loginPS, $loginUN & $EncryptionPassword & $loginPS, $EncryptionLevel)oÝ÷ Ù:ºÚ"µÍÔÝ[Ñ[Ü K ÌÍÛÙÚ[Ë ÌÍÛÙÚ[S [È ÌÍÑ[Ü[ÛÜÝÛÜ [È ÌÍÛÙÚ[È [ÈÙ[YK ÌÍÑ[Ü[Û][ oÝ÷ ØêÚ*¶¢YhÂ)àrwjëh×6@OSType @OSVersion @ProcessorArch @ComputerName This IMO is the best way to secure a file because even if the hacker decompiles the EXE he still needs your password you entered to decrypt it. RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
DW1 Posted September 23, 2008 Share Posted September 23, 2008 (edited) You could try something like this, but obviously leave the generating function out of the script. If somebody figures out how the pass is generated (in this case a SHA1 hash of a md5 hash of the username) they could create their own passwords for any username. You may thank Siao for his wonderful hash UDF. expandcollapse popup#include <GUIConstants.au3> $Form1 = GUICreate("TEST LOGIN", 450, 180) $InputName = GUICtrlCreateInput("", 40, 32, 313, 21) $InputPass = GUICtrlCreateInput("", 40, 80, 313, 21) $Label1 = GUICtrlCreateLabel("Username", 136, 8, 50, 17) $Label2 = GUICtrlCreateLabel("Password", 136, 56, 50, 17) $Label3 = GUICtrlCreateLabel("Generated Pass 4 new users", 100, 125, 200, 17) $Button1 = GUICtrlCreateButton("Login", 368, 32, 65, 73, 0) $GenPass = GUICtrlCreateInput("", 40, 144, 313, 21) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button1 Authenticate(GUICtrlRead($InputName), GUICtrlRead($InputPass)) EndSwitch If GUICtrlRead( $GenPass ) <> GenPassword(GUICtrlRead($InputName)) Then GUICtrlSetData($GenPass, GenPassword(GUICtrlRead($InputName))) WEnd Func Authenticate($Name, $Pass) If $Pass = _Crypt_HashData(_Crypt_HashData($Name), 0x8004) Then MsgBox(0, "TEST", "ALLOWED") Else MsgBox(0, "TEST", "DENIED") EndIf EndFunc ;==>Authenticate Func GenPassword($UName) Return _Crypt_HashData(_Crypt_HashData($UName), 0x8004) EndFunc ;==>GenPassword ;=============================================================================== ; Function Name: _Crypt_HashData() ; Description: Calculate hash from data ; Syntax: ; Parameter(s): $vData - data to hash, can be binary or a string ; $iAlgID - hash algorithm identifier, can be one of the following: ; 0x8001 = MD2 ; 0x8002 = MD4 ; 0x8003 = MD5 (default) ; 0x8004 = SHA1 ; also see http://msdn.microsoft.com/en-us/library/aa375549(VS.85).aspx ; Requirement(s): ; Return Value(s): Success = Returns hash string ; Failure = Returns empty string and sets error: ; @error -1 = error opening advapi32.dll ; @error 1 = failed CryptAcquireContext ; @error 2 = failed CryptCreateHash ; @error 3 = failed CryptHashData ; Author(s): Siao ; Modification(s): ;=============================================================================== Func _Crypt_HashData($vData, $iAlgID = 0x8004) Local $hDll = DllOpen('advapi32.dll'), $iLen = BinaryLen($vData), $hContext, $hHash, $aRet, $sRet = "", $iErr = 0, $tDat = DllStructCreate("byte[" & $iLen+1 & "]"), $tBuf DllStructSetData($tDat, 1, $vData) If $hDll = -1 Then Return SetError($hDll,0,$sRet) $aRet = DllCall($hDll,'int','CryptAcquireContext', 'ptr*',0, 'ptr',0, 'ptr',0, 'dword',1, 'dword',0xF0000000) ;PROV_RSA_FULL = 1; CRYPT_VERIFYCONTEXT = 0xF0000000 If Not @error And $aRet[0] Then $hContext = $aRet[1] $aRet = DllCall($hDll,'int','CryptCreateHash', 'ptr',$hContext, 'dword',$iAlgID, 'ptr',0, 'dword',0, 'ptr*',0) If $aRet[0] Then $hHash = $aRet[5] $aRet = DllCall($hDll,'int','CryptHashData', 'ptr',$hHash, 'ptr',DllStructGetPtr($tDat), 'dword',$iLen, 'dword',0) If $aRet[0] Then $aRet = DllCall($hDll,'int','CryptGetHashParam', 'ptr',$hHash, 'dword',2, 'ptr',0, 'int*',0, 'dword',0) ;HP_HASHVAL = 2 $tBuf = DllStructCreate("byte[" & $aRet[4] & "]") DllCall($hDll,'int','CryptGetHashParam', 'ptr',$hHash, 'dword',2, 'ptr',DllStructGetPtr($tBuf), 'int*',$aRet[4], 'dword',0) $sRet = Hex(DllStructGetData($tBuf, 1)) Else $iErr = 3 EndIf DllCall($hDll,'int','CryptDestroyHash', 'ptr',$hHash) Else $iErr = 2 EndIf DllCall($hDll,'int','CryptReleaseContext', 'ptr',$hContext, 'dword',0) Else $iErr = 1 EndIf DllClose($hDll) Return SetError($iErr,0,$sRet) EndFuncoÝ÷ Ø@ÈLêâ*.Á©íjÉW«éÞ«^v¬³ +u«¢+Ø¥¹±Õ±ÐíU% ½¹ÍѹÑ̹ÔÌÐì(ÀÌØí½É´ÄôU% ÉÑ ÅÕ½ÐíQMP1=%8ÅÕ½Ðì°ÐÔÀ°ÄàÀ¤(ÀÌØí%¹ÁÕÑ9µôU% Ñɱ ÉÑ%¹ÁÕÐ ÅÕ½ÐìÅÕ½Ðì°ÐÀ°ÌÈ°ÌÄÌ°ÈĤ(ÀÌØí%¹ÁÕÑAÍÌôU% Ñɱ ÉÑ%¹ÁÕÐ ÅÕ½ÐìÅÕ½Ðì°ÐÀ°àÀ°ÌÄÌ°ÈĤ(ÀÌØí1°ÄôU% Ñɱ ÉÑ1° ÅÕ½ÐíUÍɹµÅÕ½Ðì°ÄÌØ°à°ÔÀ°Äܤ(ÀÌØí1°ÈôU% Ñɱ ÉÑ1° ÅÕ½ÐíAÍÍݽÉÅÕ½Ðì°ÄÌØ°ÔØ°ÔÀ°Äܤ(ÀÌØí1°ÌôU% Ñɱ ÉÑ1° ÅÕ½Ðí¹ÉÑAÍÌйÜÕÍÉÌÅÕ½Ðì°ÄÀÀ°ÄÈÔ°ÈÀÀ°Äܤ(ÀÌØí ÕÑѽ¸ÄôU% Ñɱ ÉÑ ÕÑѽ¸ ÅÕ½Ðí1½¥¸ÅÕ½Ðì°ÌØà°ÌÈ°ØÔ°ÜÌ°À¤(ÀÌØí¹AÍÌôU% Ñɱ ÉÑ%¹ÁÕÐ ÅÕ½ÐìÅÕ½Ðì°ÐÀ°ÄÐаÌÄÌ°ÈĤ)U%MÑMÑÑ¡M]}M!=¤()]¡¥±Ä($ÀÌØí¹5ÍôU%Ñ5Í ¤(%MÝ¥Ñ ÀÌØí¹5Í($% ÍÀÌØíU%}Y9Q} 1=M($$%á¥Ð($% ÍÀÌØí ÕÑѽ¸Ä($$%ÕÑ¡¹Ñ¥Ñ¡U% ÑɱI ÀÌØí%¹ÁÕÑ9µ¤°U% ÑɱI ÀÌØí%¹ÁÕÑAÍ̤¤(%¹MÝ¥Ñ (%%U% ÑɱI ÀÌØí¹AÍ̤±ÐìÐì¹AÍÍݽɡU% ÑɱI ÀÌØí%¹ÁÕÑ9µ¤¤Q¡¸U% ÑɱMÑÑ ÀÌØí¹AÍÌ°¹AÍÍݽɡU% ÑɱI ÀÌØí%¹ÁÕÑ9µ¤¤¤)]¹()Õ¹ÕÑ¡¹Ñ¥Ñ ÀÌØí9µ°ÀÌØíAÍ̤($ÀÌØí9µô} ÉåÁÑ}!Í¡Ñ¡} ÉåÁÑ}!Í¡Ñ ÀÌØí9µ¤°ÁààÀÀФ($ÀÌØí9µôMÑÉ¥¹1Ð ÀÌØí9µ°Ð¤µÀìMÑÉ¥¹I¥¡Ð ÀÌØí9µ°Ð¤(%%ÀÌØíAÍÌôÀÌØí9µQ¡¸($%5Í ½à À°ÅÕ½ÐíQMPÅÕ½Ðì°ÅÕ½Ðí11=]ÅÕ½Ðì¤(%±Í($%5Í ½à À°ÅÕ½ÐíQMPÅÕ½Ðì°ÅÕ½Ðí9%ÅÕ½Ðì¤(%¹%)¹Õ¹ìôôÐíÕÑ¡¹Ñ¥Ñ)Õ¹¹AÍÍÝ½É ÀÌØíU9µ¤($ÀÌØí¡Í ô} ÉåÁÑ}!Í¡Ñ¡} ÉåÁÑ}!Í¡Ñ ÀÌØíU9µ¤°ÁààÀÀФ($ÀÌØí¡Í ôMÑÉ¥¹1Ð ÀÌØí¡Í °Ð¤µÀìMÑÉ¥¹I¥¡Ð ÀÌØí¡Í °Ð¤(%IÑÕɸÀÌØí¡Í )¹Õ¹ìôôÐí¹AÍÍݽÉ((ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô(ìչѥ½¸9µè} ÉåÁÑ}!Í¡Ñ ¤(ìÍÉ¥ÁÑ¥½¸è ±Õ±Ñ¡Í ɽ´Ñ(ìMå¹Ñàè(ìAɵÑȡ̤èÀÌØíÙÑ´ÑѼ¡Í °¸¥¹Éä½ÈÍÑÉ¥¹(ìÀÌØí¥±%´¡Í ±½É¥Ñ¡´¥¹Ñ¥¥È°¸½¹½Ñ¡½±±½Ý¥¹è(ìÁààÀÀÄô5È(ìÁààÀÀÈô5Ð(ìÁààÀÀÌô5ԡձФ(ìÁààÀÀÐôM!Ä(ì±Í¼Í¡ÑÑÀè¼½µÍ¸¹µ¥É½Í½Ð¹½´½¸µÕ̽±¥ÉÉä½ÌÜÔÔÐä¡YL¸àÔ¤¹ÍÁà(ìIÅեɵ¹Ð¡Ì¤è(ìIÑÕɸY±Õ¡Ì¤èMÕÍÌôIÑÕÉ¹Ì¡Í ÍÑÉ¥¹(쥱ÕÉôIÑÕɹ̵ÁÑäÍÑÉ¥¹¹ÍÑÌÉɽÈè(ìÉɽȴÄôÉɽȽÁ¹¥¹ÙÁ¤Ìȹ±°(ìÉɽÈÄô¥± ÉåÁÑÅÕ¥É ½¹ÑáÐ(ìÉɽÈÈô¥± ÉåÁÑ ÉÑ!Í (ìÉɽÈÌô¥± ÉåÁÑ!Í¡Ñ(ìÕÑ¡½È¡Ì¤èM¥¼(ì5½¥¥Ñ¥½¸¡Ì¤è(ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô)Õ¹} ÉåÁÑ}!Í¡Ñ ÀÌØíÙÑ°ÀÌØí¥±%ôÁààÀÀФ(1½°ÀÌØí¡±°ô±±=Á¸ ÌäíÙÁ¤Ìȹ±°Ìä줰ÀÌØí¥1¸ô ¥¹Éå1¸ ÀÌØíÙѤ°ÀÌØí¡ ½¹ÑáаÀÌØí¡!Í °ÀÌØíIаÀÌØíÍIÐôÅÕ½ÐìÅÕ½Ðì°ÀÌØí¥ÉÈôÀ°ÀÌØíÑÐô±±MÑÉÕÑ ÉÑ ÅÕ½ÐíåÑlÅÕ½ÐìµÀìÀÌØí¥1¸¬ÄµÀìÅÕ½ÐítÅÕ½Ð줰ÀÌØíÑ Õ(±±MÑÉÕÑMÑÑ ÀÌØíÑаİÀÌØíÙѤ(%ÀÌØí¡±°ô´ÄQ¡¸IÑÕɸMÑÉÉ½È ÀÌØí¡±°°À°ÀÌØíÍIФ(ÀÌØíIÐô±± ±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí ÉåÁÑÅÕ¥É ½¹ÑáÐÌäì°ÌäíÁÑȨÌäì°À°ÌäíÁÑÈÌäì°À°ÌäíÁÑÈÌäì°À°ÌäíݽÉÌäì°Ä°ÌäíݽÉÌäì°ÁáÀÀÀÀÀÀÀ¤íAI=Y}IM}U10ôÄì IeAQ}YI%e =9QaPôÁáÀÀÀÀÀÀÀ(%9½ÐÉɽȹÀÌØíIÑlÁtQ¡¸(ÀÌØí¡ ½¹ÑáÐôÀÌØíIÑlÅt(ÀÌØíIÐô±± ±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí ÉåÁÑ ÉÑ!Í Ìäì°ÌäíÁÑÈÌäì°ÀÌØí¡ ½¹ÑáаÌäíݽÉÌäì°ÀÌØí¥±%°ÌäíÁÑÈÌäì°À°ÌäíݽÉÌäì°À°ÌäíÁÑȨÌäì°À¤(%ÀÌØíIÑlÁtQ¡¸(ÀÌØí¡!Í ôÀÌØíIÑlÕt(ÀÌØíIÐô±± ±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí ÉåÁÑ!Í¡ÑÌäì°ÌäíÁÑÈÌäì°ÀÌØí¡!Í °ÌäíÁÑÈÌäì±±±MÑÉÕÑÑAÑÈ ÀÌØíÑФ°ÌäíݽÉÌäì°ÀÌØí¥1¸°ÌäíݽÉÌäì°À¤(%ÀÌØíIÑlÁtQ¡¸(ÀÌØíIÐô±± ±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí ÉåÁÑÑ!Í¡AÉ´Ìäì°ÌäíÁÑÈÌäì°ÀÌØí¡!Í °ÌäíݽÉÌäì°È°ÌäíÁÑÈÌäì°À°Ìäí¥¹Ð¨Ìäì°À°ÌäíݽÉÌäì°À¤í!A}!M!Y0ôÈ(ÀÌØíÑ Õô±±MÑÉÕÑ ÉÑ ÅÕ½ÐíåÑlÅÕ½ÐìµÀìÀÌØíIÑlÑtµÀìÅÕ½ÐítÅÕ½Ðì¤(±± ±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí ÉåÁÑÑ!Í¡AÉ´Ìäì°ÌäíÁÑÈÌäì°ÀÌØí¡!Í °ÌäíݽÉÌäì°È°ÌäíÁÑÈÌäì±±±MÑÉÕÑÑAÑÈ ÀÌØíÑ Õ¤°Ìäí¥¹Ð¨Ìäì°ÀÌØíIÑlÑt°ÌäíݽÉÌäì°À¤(ÀÌØíÍIÐô!ࡱ±MÑÉÕÑÑÑ ÀÌØíÑ Õ°Ä¤¤(±Í(ÀÌØí¥ÉÈôÌ(¹%(±± ±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí ÉåÁÑÍÑɽå!Í Ìäì°ÌäíÁÑÈÌäì°ÀÌØí¡!Í ¤(±Í(ÀÌØí¥ÉÈôÈ(¹%(±± ±° ÀÌØí¡±°°Ìäí¥¹ÐÌäì°Ìäí ÉåÁÑI±Í ½¹ÑáÐÌäì°ÌäíÁÑÈÌäì°ÀÌØí¡ ½¹ÑáаÌäíݽÉÌäì°À¤(±Í(ÀÌØí¥ÉÈôÄ(¹%(±± ±½Í ÀÌØí¡±°¤(IÑÕɸMÑÉÉ½È ÀÌØí¥ÉÈ°À°ÀÌØíÍIФ)¹Õ¹ Edited September 23, 2008 by danwilli AutoIt3 Online Help Link to comment Share on other sites More sharing options...
DssLexius Posted September 23, 2008 Author Share Posted September 23, 2008 You could try something like this, but obviously leave the generating function out of the script. If somebody figures out how the pass is generated (in this case a SHA1 hash of a md5 hash of the username) they could create their own passwords for any username. You may thank Siao for his wonderful hash UDF. expandcollapse popup#include <GUIConstants.au3> $Form1 = GUICreate("TEST LOGIN", 450, 180) $InputName = GUICtrlCreateInput("", 40, 32, 313, 21) $InputPass = GUICtrlCreateInput("", 40, 80, 313, 21) $Label1 = GUICtrlCreateLabel("Username", 136, 8, 50, 17) $Label2 = GUICtrlCreateLabel("Password", 136, 56, 50, 17) $Label3 = GUICtrlCreateLabel("Generated Pass 4 new users", 100, 125, 200, 17) $Button1 = GUICtrlCreateButton("Login", 368, 32, 65, 73, 0) $GenPass = GUICtrlCreateInput("", 40, 144, 313, 21) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button1 Authenticate(GUICtrlRead($InputName), GUICtrlRead($InputPass)) EndSwitch If GUICtrlRead( $GenPass ) <> GenPassword(GUICtrlRead($InputName)) Then GUICtrlSetData($GenPass, GenPassword(GUICtrlRead($InputName))) WEnd Func Authenticate($Name, $Pass) If $Pass = _Crypt_HashData(_Crypt_HashData($Name), 0x8004) Then MsgBox(0, "TEST", "ALLOWED") Else MsgBox(0, "TEST", "DENIED") EndIf EndFunc ;==>Authenticate Func GenPassword($UName) Return _Crypt_HashData(_Crypt_HashData($UName), 0x8004) EndFunc ;==>GenPassword ;=============================================================================== ; Function Name: _Crypt_HashData() ; Description: Calculate hash from data ; Syntax: ; Parameter(s): $vData - data to hash, can be binary or a string ; $iAlgID - hash algorithm identifier, can be one of the following: ; 0x8001 = MD2 ; 0x8002 = MD4 ; 0x8003 = MD5 (default) ; 0x8004 = SHA1 ; also see http://msdn.microsoft.com/en-us/library/aa375549(VS.85).aspx ; Requirement(s): ; Return Value(s): Success = Returns hash string ; Failure = Returns empty string and sets error: ; @error -1 = error opening advapi32.dll ; @error 1 = failed CryptAcquireContext ; @error 2 = failed CryptCreateHash ; @error 3 = failed CryptHashData ; Author(s): Siao ; Modification(s): ;=============================================================================== Func _Crypt_HashData($vData, $iAlgID = 0x8004) Local $hDll = DllOpen('advapi32.dll'), $iLen = BinaryLen($vData), $hContext, $hHash, $aRet, $sRet = "", $iErr = 0, $tDat = DllStructCreate("byte[" & $iLen+1 & "]"), $tBuf DllStructSetData($tDat, 1, $vData) If $hDll = -1 Then Return SetError($hDll,0,$sRet) $aRet = DllCall($hDll,'int','CryptAcquireContext', 'ptr*',0, 'ptr',0, 'ptr',0, 'dword',1, 'dword',0xF0000000) ;PROV_RSA_FULL = 1; CRYPT_VERIFYCONTEXT = 0xF0000000 If Not @error And $aRet[0] Then $hContext = $aRet[1] $aRet = DllCall($hDll,'int','CryptCreateHash', 'ptr',$hContext, 'dword',$iAlgID, 'ptr',0, 'dword',0, 'ptr*',0) If $aRet[0] Then $hHash = $aRet[5] $aRet = DllCall($hDll,'int','CryptHashData', 'ptr',$hHash, 'ptr',DllStructGetPtr($tDat), 'dword',$iLen, 'dword',0) If $aRet[0] Then $aRet = DllCall($hDll,'int','CryptGetHashParam', 'ptr',$hHash, 'dword',2, 'ptr',0, 'int*',0, 'dword',0) ;HP_HASHVAL = 2 $tBuf = DllStructCreate("byte[" & $aRet[4] & "]") DllCall($hDll,'int','CryptGetHashParam', 'ptr',$hHash, 'dword',2, 'ptr',DllStructGetPtr($tBuf), 'int*',$aRet[4], 'dword',0) $sRet = Hex(DllStructGetData($tBuf, 1)) Else $iErr = 3 EndIf DllCall($hDll,'int','CryptDestroyHash', 'ptr',$hHash) Else $iErr = 2 EndIf DllCall($hDll,'int','CryptReleaseContext', 'ptr',$hContext, 'dword',0) Else $iErr = 1 EndIf DllClose($hDll) Return SetError($iErr,0,$sRet) EndFunc thanks for it. this is what i was looking for. Link to comment Share on other sites More sharing options...
Szhlopp Posted September 23, 2008 Share Posted September 23, 2008 Just because I'm lost on this one... 1) How do you leave the generating function out of the script? You have 2? Or do you use another language to compile it? 2) How is there security in AutoIt it all? I've asked/searched this for quite a while and it came down to this: ALL AutoIt scripts can be decompiled (Thus getting how a password is generated) ALL scripts can be de-obfuscated. Thanks for explaining it to me I'm to stupid to figure out how using HASH instead of some other encrypting algorithm is more secure >_< RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
DW1 Posted September 23, 2008 Share Posted September 23, 2008 (edited) Just because I'm lost on this one...1) How do you leave the generating function out of the script? You have 2? Or do you use another language to compile it?2) How is there security in AutoIt it all? I've asked/searched this for quite a while and it came down to this:ALL AutoIt scripts can be decompiled (Thus getting how a password is generated)ALL scripts can be de-obfuscated.Thanks for explaining it to me I'm to stupid to figure out how using HASH instead of some other encrypting algorithm is more secure >_<1) Just pull the generating function out... You could still figure it out rather easily from the source if you decompiled.2) You are correct... As far as I have seen as well, the only security offered is security by obscurity, which is not very effective.And yes, ALL autoit scripts CAN be decompiled, and de-obfuscated. This will only keep honest people honest... anybody that goes looking for a way to break it, will indeed.The script I posted was simply an example of what the OP was looking for. I posted simply to get some greater minds thinking on the right track and creating a better method hopefully... but still, since all autoit scripts can be decompiled, I don't know how to make it truly secure.EDIT: Forgot to answer this one:Thanks for explaining it to me idiot.gif I'm to stupid to figure out how using HASH instead of some other encrypting algorithm is more secureWell... it isn't. This was just a way to have a unique "password" for a unique username. I was trying to go off of the CD-Key idea the OP was trying to accomplish, where there would be multiple possibilities of acceptable usernames and passwords. Edited September 23, 2008 by danwilli AutoIt3 Online Help Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now