Sign in to follow this  
Followers 0
Michel Claveau

Store (hidden) User & Pass with your script.

17 posts in this topic

#1 ·  Posted (edited)

Hi!

Usage:

- Save (once) the script.

- Then, launch it.

- 1rst launch: the script store (hidden) User & Pass with the script (.au3 or .exe, not a problem).

- Other launch: verify User & Pass

Warning: User cannot be found by the normal tools of Windows. Lost, it's lost.

And, also: it's only a POC ; overwrite the (source) script for re-initialize.

For more details, see iii.

Summary: after having stored User & Pass, seek them

;
; same trick than iii.au3
;
; 1rst launch: the script store (hidden) User & Pass
; Other launch: verify  User & Pass
; It's only a POC; overwrite the (source) script for re-initialize
;

$utl = InputBox("User","(Please,  only  A-Z  or  0-9,  without spaces) ","","",250,125)
$pass = InputBox("Pass","(Please,  only  A-Z  or  0-9,  without spaces) ","","*",250,125)
If FileExists(@ScriptFullPath &":_") Then
    If FileExists(@ScriptFullPath &":"& $utl) Then
        If $pass=IniRead(@ScriptFullPath &":"& $utl, "_", "_", "'") Then
            $protect=0
        Else
            $protect=3
        EndIf
    Else
        $protect=2
    EndIf
Else
    $protect=1  
    IniWrite(@ScriptFullPath &":"& $utl, "_", "_", $pass)
    IniWrite(@ScriptFullPath &":_", "_", "_", "_")  
EndIf

Switch $protect
    Case 0 
        MsgBox(0,"Result : ", "User: OK;  Pass: OK")
    Case 1
        MsgBox(0,"Result : ", "1rst access; OK")
    Case 2
        MsgBox(0,"Result : ", "Incorrect User")
    Case 3
        MsgBox(0,"Result : ", "Incorrect Password")
EndSwitch
Exit

.

Edited by Michel Claveau

Share this post


Link to post
Share on other sites



@Michel Claveau

Sorry to disappoint you, but I found it right away.

I will not tell to others so far. Let's see if they can do it as well.

This concept (ADS) I was playing around with for a while. But it feels as if it is on the boundary of hacking ?!

I am curious to see who can do the same.

Regards

ptrex

Share this post


Link to post
Share on other sites

I found it aswell, only I needed a program for this.

Im still wondering how ptrex did this.

I think this could be usefull

AlmarM


Minesweeper

A minesweeper game created in autoit, source available.

_Mouse_UDF

An UDF for registering functions to mouse events, made in pure autoit.

2D Hitbox Editor

A 2D hitbox editor for quick creation of 2D sphere and rectangle hitboxes.

Share this post


Link to post
Share on other sites

Yes, I saw. But I cant find in the article how to find it without a program.

AlmarM


Minesweeper

A minesweeper game created in autoit, source available.

_Mouse_UDF

An UDF for registering functions to mouse events, made in pure autoit.

2D Hitbox Editor

A 2D hitbox editor for quick creation of 2D sphere and rectangle hitboxes.

Share this post


Link to post
Share on other sites

Yes, I saw. But I cant find in the article how to find it without a program.

AlmarM

Without an additional program, you'll have to know the name of the stream and the file in which the ADS is stored.

If you know that you can view it with either "type" or "more":

more < c:\file.txt:streamname

and write a stream with:

echo hello > c:\file.txt:streamname

I hope that helps.


You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time. Abraham Lincoln - http://www.ae911truth.org/ - http://www.freedocumentaries.org/

Share this post


Link to post
Share on other sites

its not really a good idea to rely on ADS for storing appsettings(or whatever) cause de stream gets dropped when copying to a fat fs for example.

If it was cross fs compatible it might be an option.

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

Hi, all!

Sorry for late, but I'm very busy, and the motherboard of my main computer is out...

The trick of my example is the storage in ADS. The usage with "User & Pass" is "to attract the reader". Because my example with .ini in ADS (iii) was slightly ignored...

Several remarks:

- if you don't know the name of the stream-file (User in the example), you can't see data, without externals (more than windows) tools/softwares. If you use this tech in a .exe, who will think to ADS?

- to crypt data is possible, because ADS accept binary

- the no-persistance when copy to FAT, to ZIP, by FTP, by HTTP, when burn a CD, etc. is a disadvantage, ... and an advantage. You can store data at installation. Lost data is proof an unforeseen or incorrect installation.

- you can also store data which do not require strong persistence. Examples: password of session ; last file opened ; last position on window ; opener mode ; last inputed (good english?) parameters ; etc.

- the example has write & read ; but, you can separate write in an "installer" (admin) script, and let only read in (client) script.

- you can use crypt on stream-filename

- you can come to drink the aperitif at home, this evening; because I have ice floes with the heat

- you can excuse me for my bad english.

Edited by Michel Claveau

Share this post


Link to post
Share on other sites

:/ I think this shall be the ADS example rather than "User & Pass" example... You actually gave me some pretty cool things to think about!


I can do signature me.

Share this post


Link to post
Share on other sites

...

- you can come to drink the aperitif at home, this evening; because I have ice floes with the heat

- you can excuse me for my bad english.

:P

I agree that ADS CAN be a nice way to store application settings and stuff, but I personally would never store a password in it.

Using passwords with AutoIt is a somewhat controversial issue anyway, cause it's never really safe. (except if you use software like Themida or similar)

But, nevertheless, thanks for sharing your code and idea with us!

greetz


You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time. Abraham Lincoln - http://www.ae911truth.org/ - http://www.freedocumentaries.org/

Share this post


Link to post
Share on other sites

And let's not forget, ADS is only supported on NTFS file systems. So once it copied to a USB stick (fat or fat32) or burned to CD the streams are lost.

Share this post


Link to post
Share on other sites

Hi!

And let's not forget, ADS is only supported on NTFS file systems. So once it copied to a USB stick (fat or fat32) or burned to CD the streams are lost.

Yes. But FAT or CD not support several things, who are supported by NTFS: filename greater than 256 ; filename with Unicode characters ; USN ; native file security ; quotas ; big files (video) ; etc.

Share this post


Link to post
Share on other sites

Hi!

Yes. But FAT or CD not support several things, who are supported by NTFS: filename greater than 256 ; filename with Unicode characters ; USN ; native file security ; quotas ; big files (video) ; etc.

True, but we're talking about streams. Thanks for pointing out that are are differences between filesystems. http://en.wikipedia.org/wiki/Comparison_of_file_systems

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0