Creating Authentication Systems

iago · December 14, 2004, 01:15 PM

The program has to necessarely decrypt itself to run, so there has to be a way to get around it.

R.a.B.B.i.T · December 14, 2004, 07:16 PM

Quote from: UserLoser on December 13, 2004, 10:09 PM
Quote from: R.a.B.B.i.T on December 13, 2004, 07:34 PM
My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet.

"ZakenNayo"?

[22:05:45.734] [AUTH] Decoding authorization key...
[22:05:45.734] [AUTH] Authorization key validated
[22:05:45.750] [AUTH] Verifying authorization database....
[22:05:45.750] [AUTH] Authorization database verified
[22:05:45.750] [AUTH] Sending authorization request...
[22:05:45.968] [AUTH] Authorization passed
[22:05:48.609] -- Error: Enter CD-Key
[22:05:48.609] -- Error: Enter home channel
[22:05:48.609] -- Error: Enter password
[22:05:48.609] -- Error: Enter username

/shrug

Swapped a few jz and jnz's~

No, that has a crappy auth system. FoFoBot, which I sadly lost due to harddrive reformat, had the serial encryption.
http://cold-chaos.net/rabbit/FF_Full.exe or http://cold-chaos.net/rabbit/FF_Lite.exe are the installers for the old FoFoBot.

PS: ZakenNayo is public now, so there's no point to even cracking the serial.

UserLoser. · December 14, 2004, 07:54 PM

[19:52:51] [AUTH] Failed (1): Serial not found. Request serial number with /reqser
[19:52:56] [AUTH] Passed (0): Serial request sent. Please wait for activation.
[19:53:36] [AUTH] Passed (1): Serial accepted.
[19:53:37] [AUTH] Passed (2): Your serial was accepted.
[19:53:37] BNET: Connecting...
[19:53:37] BNET: 10049: Address is not available from the local machine.
[19:53:37] BNET: Disconnected.

R.a.B.B.i.T · December 14, 2004, 08:31 PM

Ah..I turned off the auth system, which I just turned on again. Try now

[edit]
I also made this. It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.

[edit2]
Fixed.

UserLoser. · December 14, 2004, 08:57 PM

Quote from: R.a.B.B.i.T on December 14, 2004, 08:31 PM
Ah..I turned off the auth system, which I just turned on again. Try now

[edit]
I also made this. It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.

Broken link.

iago · December 14, 2004, 10:05 PM

Quote from: UserLoser on December 14, 2004, 08:57 PM
Quote from: R.a.B.B.i.T on December 14, 2004, 08:31 PM
Ah..I turned off the auth system, which I just turned on again. Try now

[edit]
I also made this. It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.

Broken link.

Looks ok here.

UserLoser. · December 14, 2004, 10:30 PM

What happens when you crack it? Does it append a ":)" to the end of the first textbox? How do we know when it's cracked?

Arta · December 15, 2004, 09:43 AM

As UserLoser points out, we lack some information here, but I think this is probably it:

R.a.B.B.i.T · December 15, 2004, 03:41 PM

Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

iago · December 15, 2004, 04:18 PM

Quote from: R.a.B.B.i.T on December 15, 2004, 03:41 PM
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

Why? You have to watch out for both. The best way is to encrypt a series of commands, and the only way to decrypt them is with a valid key. That why, they can't change a jump.

Arta · December 15, 2004, 04:21 PM

Quote from: R.a.B.B.i.T on December 15, 2004, 03:41 PM
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

Why would anyone go to that kind of trouble?

Adron · December 15, 2004, 04:32 PM

Quote from: Arta[vL] on December 15, 2004, 04:21 PM
Quote from: R.a.B.B.i.T on December 15, 2004, 03:41 PM
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

Why would anyone go to that kind of trouble?

I like doing that because it typically lets me install future upgrades of the program without any additional work....

iago · December 15, 2004, 05:25 PM

Quote from: Adron on December 15, 2004, 04:32 PM
Quote from: Arta[vL] on December 15, 2004, 04:21 PM
Quote from: R.a.B.B.i.T on December 15, 2004, 03:41 PM
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

Why would anyone go to that kind of trouble?

I like doing that because it typically lets me install future upgrades of the program without any additional work....

By fingerprinting the code, you can usually do that anyway, unless they make changes to the algorithm. And if they change the algorithm, your keygen won't work either.

R.a.B.B.i.T · December 16, 2004, 04:01 PM

I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked. I think I should start changing my aglorithims each release now -.-

Arta · December 16, 2004, 04:51 PM

Won't make any difference

Creating Authentication Systems

R.a.B.B.i.T

UserLoser.

R.a.B.B.i.T

UserLoser.

UserLoser.

R.a.B.B.i.T

R.a.B.B.i.T