DataBase Connecting

PaiD · February 22, 2003, 09:27 AM

ok My old clan (Clan BNU) did it and I wanted to know how they did it.They had it connect to a database and check to see if your registration key(a key code) was in The Database. If it wants then the bot wouldnt connect and just say. Verifcation Failed. How would I do that too? I have a database server on my site. I just need to know what to do. I am useing an Access database with Visual Studio EnterPrise Edition.

Yoni · February 22, 2003, 09:36 AM

Just a note: If all the server does is verify your registration key, then it's pointless. The client can easily (usually) be cracked.

If the server does something else, but requires a valid registration key to do this, then it's pointful, and a client-sided crack is not possible.

PaiD · February 22, 2003, 10:03 AM

yea
what it does is it checks the key (even if they cracked it) and sees if it is real.LIke If i gave it to them. If they didnt get it from me then it will not be in the database as an active key. Then the bot wouldnt work. I would like help on that problem. Also the key cant be cracked easyly b/c it is like the RaiBot Private editions and like Reaper Bot.

Camel · February 22, 2003, 11:21 AM

what i did:
when you run the bot, you enter a username and a password. it sends that to the site, which matches the username and password against its ip. if all 3 match up, it sends back a string. client parses that string, determining if it should allow the user to use the bot, quit, or ask the user to update to a more recent version of the bot.

Etheran · February 22, 2003, 11:39 AM

eww, I wouldn't use that bot because my username / password are being sent to your site. BNLS is the same way, but I trust skywing and vL.

PaiD · February 22, 2003, 12:41 PM

no1 has answered me

Camel · February 22, 2003, 01:43 PM

Quoteeww, I wouldn't use that bot because my username / password are being sent to your site. BNLS is the same way, but I trust skywing and vL.

nononono, it doesnt send the username and password you use for bnet, its a seperate login...

Grok · February 22, 2003, 03:21 PM

Quoteeww, I wouldn't use that bot because my username / password are being sent to your site. BNLS is the same way, but I trust skywing and vL.

Trust, etc.

Skywing is someone you can trust or not trust, depending on your feelings. I've known him 3 years, and know him to be of the highest integrity.

I'm sure you already know this, but 'vL' is not a group which puts any bindings on its members. The only thing you can trust about vL is that everyone will do whatever they want.

BNLS -- is on its own drive on vl.com, only server administrators (Grok, Skywing, Adron have virtual access to it. The server admin has physical and virtual access to it.

If I were new to this situation, wondering about BNLS, I'd ask "how many reports of security breaches are there from BNLS users?" To my knowledge, no information trusted to BNLS has ever been given out.

Kp · February 22, 2003, 11:43 PM

Quoteyea
what it does is it checks the key (even if they cracked it) and sees if it is real.LIke If i gave it to them. If they didnt get it from me then it will not be in the database as an active key. Then the bot wouldnt work. I would like help on that problem. Also the key cant be cracked easyly b/c it is like the RaiBot Private editions and like Reaper Bot.

As Yoni tried to explain to you, if the server does nothing more than a boolean as to whether the client may run, it's pointless. The client could be modified either to: a) treat all responses as "Yes, you are legitimate", b) contact a server which will always answer "Yes, you're fine", or c) not contact anything at all and skip the authorization entirely.

Now, if you plan on having the server supply some information which is both crucial to operation and not easily forceable, it might have some point. Of course, the first paragraph relies on you having a program good enough that at least one decent software engineer will take a crack at breaking it. :p

Camel · February 23, 2003, 06:13 AM

sort of, kp

the main reason that it was created was to keep the bot up to date
for example, an outdated version of the bot might request something like http://www.clanbnu.net/bnubotcheck.php?ver1=1&ver2=0&ver3=0. it would be told by that first byte that it's out of date. following that is the url of the update. then then is (should be?) another byte telling it if it is so far out of date that it must update, or if it can run without updating. the changelog follows that.

Banana fanna fo fanna · February 23, 2003, 06:40 AM

No see...

You need to add an authorization key and checksumming type of thing into your bot, which is obfuscated (sp?) and hopefully dynamically encrypted. Then you contact the authorization server, send your version and hashed authorization key. With that sent, the server knows exactly what executable you're using and has its checksum. All the communication for the rest of the transaction should be encrypted with that checksum. The rest of the transaction should be something similar to sending the game CD key to the server and having it return the hash that will be sent to Battle.net.

My 2cents.

Camel · February 23, 2003, 07:42 AM

thats too difficult when all they need to do is open their hosts file and map www.clanbnu.net to somewhere else

Kp · February 23, 2003, 09:55 AM

Quotesort of, kp

the main reason that it was created was to keep the bot up to date
for example, an outdated version of the bot might request something like http://www.clanbnu.net/bnubotcheck.php?ver1=1&ver2=0&ver3=0. it would be told by that first byte that it's out of date. following that is the url of the update. then then is (should be?) another byte telling it if it is so far out of date that it must update, or if it can run without updating. the changelog follows that.

I was under the impression that the primary intent was to prevent unauthorized copies from functioning at all. If you only want to be able to notify people of upgrades and suggest that they take it, that's another matter. Which is the case, Paid?

PaiD · February 23, 2003, 10:18 AM

Well, All I wanted to do was give the ppl a 46 long key code(not easly cracked)and have it connect to a database I have made. It would get the key code they used and then it would have a list of key codes(that I have gave out).If there key code isn't in the database then it would send the bot a false for the verification.When it gets the False for verification then it would say like "You're not approved for the key code. Please contact PaiD for more info". Something like that. I want to make it unable to connect(To Battle.Net)without the verification from the database.

Grok · February 23, 2003, 10:51 AM

So it's something like this?

Code Select

int ret = completely_uncrackable_authentication(..params..);
switch(ret) {
case E_DENIED:
    YouCantRunThis();
    break;
case E_UPDATE:
    YouMustUpdateFirst();
    break;
case E_OK:
    RunBot();
    break;
default:
    WTF_YOU_HACKER();
    break;
};

Like Kp said -- then there's no point. People will just jump to the RunBot() address directly.

DataBase Connecting

PaiD

PaiD

Camel

PaiD

Camel

Camel

Camel

PaiD