• Welcome to Valhalla Legends Archive.
 

Creating an Auth

Started by Networks, February 10, 2005, 11:05 AM

Previous topic - Next topic

Networks

By this I mean retrieving a file of the net and reading it's content and matching up a username. If the username does not appear the application will shutdown. I will match the username upon the time the bot logs on to the username.

What I'd like to know is:
- How can make this better?
- How can I stop someone from using reverse engineering techniques and/or hexing?
- What other methods can I use that are possibly better.

Eric


Soul Taker

Just a note since he might not read all that, that is a really poor method of security.

UserLoser.

Quote from: Soul Taker on February 10, 2005, 01:23 PM
Just a note since he might not read all that, that is a really poor method of security.

Well, I'd say the average Battle.net bot user would not know how to get around it

CrAz3D

Make the program required to be on disc?  :-\

I like trust's harddrive serial idea, that is what I used to do.
rebundance - having or being in excess of sheer stupidity
(ré-bun-dance)
Quote from: Spht on June 22, 2004, 07:32 PMSlap.
Quote from: Adron on January 28, 2005, 09:17 AMIn a way, I believe that religion is inherently evil, which includes Christianity. I'd also say Christianity is eviller than Buddhism (has more potential for evil).
Quote from: iago on April 19, 2005, 01:06 PM
CrAz3D's ... is too big vertically, at least, too big with ... iago ...

Warrior

I'd make a CDkey based on the harddrive serial or something and require them to enter it, that way everything is done withought contacting a website. Like UserLoser said the average Battle.net use wont know how to bypass anything
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

Joe[x86]

Which makes connecting to a website just as secure, and requires 100% less work.
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

CrAz3D

Quote from: JoeTheOdd on February 10, 2005, 04:49 PM
Which makes connecting to a website just as secure, and requires 100% less work.
It is less secure because there are SOME ppl on bnet that might get bored & break the authorization.  Also, 100% - 100% = 0%, nothing can take 0 effort/work to do.
rebundance - having or being in excess of sheer stupidity
(ré-bun-dance)
Quote from: Spht on June 22, 2004, 07:32 PMSlap.
Quote from: Adron on January 28, 2005, 09:17 AMIn a way, I believe that religion is inherently evil, which includes Christianity. I'd also say Christianity is eviller than Buddhism (has more potential for evil).
Quote from: iago on April 19, 2005, 01:06 PM
CrAz3D's ... is too big vertically, at least, too big with ... iago ...

Eric

Quote from: CrAz3D on February 10, 2005, 01:38 PM
Make the program required to be on disc?  :-\

I like trust's harddrive serial idea, that is what I used to do.

You could have the most complex method of generating and verifying a key known to man, but if you have code like this then your program can be cracked in < 5 minutes.


If VerifyKey(key)
    ContinueLoad();
else
     InvalidKey();


Here's an example of the above code in Assembly:


   push key
   call VerifyKey
   add esp, 4
   test al, al
   je abc
   call InvalidKey
abc:
   ContinueLoad


Now you could do any number of simple things to crack this.  One of which being, changing je (jump if equal) to jne (jump if not equal) which will make all invalid keys, valid.

UserLoser.

Quote from: LoRd[nK] on February 10, 2005, 05:47 PM
Quote from: CrAz3D on February 10, 2005, 01:38 PM
Make the program required to be on disc?  :-\

I like trust's harddrive serial idea, that is what I used to do.

You could have the most complex method of generating and verifying a key known to man, but if you have code like this then your program can be cracked in < 5 minutes.


If VerifyKey(key)
    ContinueLoad();
else
     InvalidKey();


Here's an example of the above code in Assembly:


   push key
   call VerifyKey
   add esp, 4
   test al, al
   je abc
   call InvalidKey
abc:
   ContinueLoad


Now you could do any number of simple things to crack this.  One of which being, changing je (jump if equal) to jne (jump if not equal) which will make all invalid keys, valid.

Or just make it 0xeb which solves everything

Networks

Yes, however it only takes one person to know how to bypass something like that to allow the entire bot community to get ahold of it.

Sorry I didn't search but I had to leave my class because the bell rang so I just did it really quick.

Warrior

Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

Soul Taker

Quote from: Warrior on February 10, 2005, 10:47 PM
Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.
A test of honesty isn't very good security  :P

Ban


Networks

Quote from: Warrior on February 10, 2005, 10:47 PM
Most people who are smart enough to bypass Auths arn't jackasses.

So it's a test of honesty if you make it easy I guess.

If it was a test of honesty, I would just tell everyone who has it, "Please don't leak it." I am going for more of a forceful approach.