Store (hidden) User & Pass with your script.

[Michel Claveau]

Hi!

Usage:

- Save (once) the script.

- Then, launch it.

- 1rst launch: the script store (hidden) User & Pass with the script (.au3 or .exe, not a problem).

- Other launch: verify User & Pass

Warning: User cannot be found by the normal tools of Windows. Lost, it's lost.

And, also: it's only a POC ; overwrite the (source) script for re-initialize.

For more details, see iii.

Summary: after having stored User & Pass, seek them

expandcollapse popup

;
; same trick than iii.au3
;
; 1rst launch: the script store (hidden) User & Pass
; Other launch: verify  User & Pass
; It's only a POC; overwrite the (source) script for re-initialize
;

$utl = InputBox("User","(Please,  only  A-Z  or  0-9,  without spaces) ","","",250,125)
$pass = InputBox("Pass","(Please,  only  A-Z  or  0-9,  without spaces) ","","*",250,125)
If FileExists(@ScriptFullPath &":_") Then
    If FileExists(@ScriptFullPath &":"& $utl) Then
        If $pass=IniRead(@ScriptFullPath &":"& $utl, "_", "_", "'") Then
            $protect=0
        Else
            $protect=3
        EndIf
    Else
        $protect=2
    EndIf
Else
    $protect=1  
    IniWrite(@ScriptFullPath &":"& $utl, "_", "_", $pass)
    IniWrite(@ScriptFullPath &":_", "_", "_", "_")  
EndIf

Switch $protect
    Case 0 
        MsgBox(0,"Result : ", "User: OK;  Pass: OK")
    Case 1
        MsgBox(0,"Result : ", "1rst access; OK")
    Case 2
        MsgBox(0,"Result : ", "Incorrect User")
    Case 3
        MsgBox(0,"Result : ", "Incorrect Password")
EndSwitch
Exit

.

Edited October 14, 2008 by Michel Claveau

[ptrex]

@Michel Claveau

Sorry to disappoint you, but I found it right away.

I will not tell to others so far. Let's see if they can do it as well.

This concept (ADS) I was playing around with for a while. But it feels as if it is on the boundary of hacking ?!

I am curious to see who can do the same.

Regards

ptrex

[Paulchen]

In my opinion it's wantonly negligent to store confidences in ads, but read self http://www.forensicfocus.com/dissecting-ntfs-hidden-streams

[ptrex]

@Paulchen

Yes indead.

But it HAS good potential for other purposes in AU3, if you are creative.

regards,

ptrex

[AlmarM]

I found it aswell, only I needed a program for this.

Im still wondering how ptrex did this.

I think this could be usefull

AlmarM

[ptrex]

@AlmarM

It is all explained in the article posted in #3 by Paulchen.

Regards,

ptrex

[AlmarM]

Yes, I saw. But I cant find in the article how to find it without a program.

AlmarM

[Mojo]

Yes, I saw. But I cant find in the article how to find it without a program.

AlmarM

Without an additional program, you'll have to know the name of the stream and the file in which the ADS is stored.

If you know that you can view it with either "type" or "more":

more < c:\file.txt:streamname

and write a stream with:

echo hello > c:\file.txt:streamname

I hope that helps.

[Creator]

its not really a good idea to rely on ADS for storing appsettings(or whatever) cause de stream gets dropped when copying to a fat fs for example.

If it was cross fs compatible it might be an option.

[Michel Claveau]

Hi, all!

Sorry for late, but I'm very busy, and the motherboard of my main computer is out...

The trick of my example is the storage in ADS. The usage with "User & Pass" is "to attract the reader". Because my example with .ini in ADS (iii) was slightly ignored...

Several remarks:

- if you don't know the name of the stream-file (User in the example), you can't see data, without externals (more than windows) tools/softwares. If you use this tech in a .exe, who will think to ADS?

- to crypt data is possible, because ADS accept binary

- the no-persistance when copy to FAT, to ZIP, by FTP, by HTTP, when burn a CD, etc. is a disadvantage, ... and an advantage. You can store data at installation. Lost data is proof an unforeseen or incorrect installation.

- you can also store data which do not require strong persistence. Examples: password of session ; last file opened ; last position on window ; opener mode ; last inputed (good english?) parameters ; etc.

- the example has write & read ; but, you can separate write in an "installer" (admin) script, and let only read in (client) script.

- you can use crypt on stream-filename

- you can come to drink the aperitif at home, this evening; because I have ice floes with the heat

- you can excuse me for my bad english.

Edited October 14, 2008 by Michel Claveau

[i542]

:/ I think this shall be the ADS example rather than "User & Pass" example... You actually gave me some pretty cool things to think about!

[Mojo]

...

- you can come to drink the aperitif at home, this evening; because I have ice floes with the heat

- you can excuse me for my bad english.

I agree that ADS CAN be a nice way to store application settings and stuff, but I personally would never store a password in it.

Using passwords with AutoIt is a somewhat controversial issue anyway, cause it's never really safe. (except if you use software like Themida or similar)

But, nevertheless, thanks for sharing your code and idea with us!

greetz

[spudw2k]

And let's not forget, ADS is only supported on NTFS file systems. So once it copied to a USB stick (fat or fat32) or burned to CD the streams are lost.

[ptrex]

@all

Here is an other one.

ADS and A3X Example

Regards,

ptrex

[Michel Claveau]

Re!

Here is an other one.

ADS and A3X Example

Thanks.

Another: ini in ADS

[Michel Claveau]

Hi!

And let's not forget, ADS is only supported on NTFS file systems. So once it copied to a USB stick (fat or fat32) or burned to CD the streams are lost.

Yes. But FAT or CD not support several things, who are supported by NTFS: filename greater than 256 ; filename with Unicode characters ; USN ; native file security ; quotas ; big files (video) ; etc.

[spudw2k]

Hi!

Yes. But FAT or CD not support several things, who are supported by NTFS: filename greater than 256 ; filename with Unicode characters ; USN ; native file security ; quotas ; big files (video) ; etc.

True, but we're talking about streams. Thanks for pointing out that are are differences between filesystems. http://en.wikipedia.org/wiki/Comparison_of_file_systems