Creating an Auth

[Networks]

By this I mean retrieving a file of the net and reading it's content and matching up a username. If the username does not appear the application will shutdown. I will match the username upon the time the bot logs on to the username.

What I'd like to know is:
- How can make this better?
- How can I stop someone from using reverse engineering techniques and/or hexing?
- What other methods can I use that are possibly better.

[Eric]

http://forum.valhallalegends.com/phpbbs/index.php?topic=9883.0

Thank you for searching before posting.

[Soul Taker]

Just a note since he might not read all that, that is a really poor method of security.

[UserLoser.]

Just a note since he might not read all that, that is a really poor method of security.

Well, I'd say the average Battle.net bot user would not know how to get around it

[CrAz3D]

Make the program required to be on disc? 

I like trust's harddrive serial idea, that is what I used to do.

[Warrior]

I'd make a CDkey based on the harddrive serial or something and require them to enter it, that way everything is done withought contacting a website. Like UserLoser said the average Battle.net use wont know how to bypass anything

[Joe[x86]]

Which makes connecting to a website just as secure, and requires 100% less work.

[CrAz3D]

Which makes connecting to a website just as secure, and requires 100% less work.

It is less secure because there are SOME ppl on bnet that might get bored & break the authorization.  Also, 100% - 100% = 0%, nothing can take 0 effort/work to do.

[Eric]

Make the program required to be on disc? 

I like trust's harddrive serial idea, that is what I used to do.

You could have the most complex method of generating and verifying a key known to man, but if you have code like this then your program can be cracked in < 5 minutes.

Code Select Expand


If VerifyKey(key)
    ContinueLoad();
else
     InvalidKey();


Here's an example of the above code in Assembly:

Code Select Expand


   push key
   call VerifyKey
   add esp, 4
   test al, al
   je abc
   call InvalidKey
abc:
   ContinueLoad


Now you could do any number of simple things to crack this.  One of which being, changing je (jump if equal) to jne (jump if not equal) which will make all invalid keys, valid.

[UserLoser.]

Make the program required to be on disc? 

I like trust's harddrive serial idea, that is what I used to do.

You could have the most complex method of generating and verifying a key known to man, but if you have code like this then your program can be cracked in < 5 minutes.

Code Select Expand


If VerifyKey(key)
    ContinueLoad();
else
     InvalidKey();


Here's an example of the above code in Assembly:

Code Select Expand


   push key
   call VerifyKey
   add esp, 4
   test al, al
   je abc
   call InvalidKey
abc:
   ContinueLoad


Now you could do any number of simple things to crack this.  One of which being, changing je (jump if equal) to jne (jump if not equal) which will make all invalid keys, valid.

Or just make it 0xeb which solves everything

[Networks]

Yes, however it only takes one person to know how to bypass something like that to allow the entire bot community to get ahold of it.

Sorry I didn't search but I had to leave my class because the bell rang so I just did it really quick.

[Warrior]

Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.

[Soul Taker]

Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.

A test of honesty isn't very good security 

[Ban]

Yeah, just look at M$

[Networks]

Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.

If it was a test of honesty, I would just tell everyone who has it, "Please don't leak it." I am going for more of a forceful approach.