• Welcome to Valhalla Legends Archive.
 

Creating Authentication Systems

Started by Mephisto, December 12, 2004, 05:49 PM

Previous topic - Next topic

hismajesty

Quote from: Mephisto on December 13, 2004, 07:00 PM
Regardless of your guy's opinions which I appreciate, not one person here has provided me with an authentication/protection method. If someone has a public one and wishes to share, please do so.

I gave you a method.

Eibro

Quote from: Mephisto on December 13, 2004, 07:00 PM
Regardless of your guy's opinions which I appreciate, not one person here has provided me with an authentication/protection method.  If someone has a public one and wishes to share, please do so.
What have you come up with so far?
Eibro of Yeti Lovers.

Mephisto

I explained it in an earlier post; HisMajesty, you gave me an idea to base it off of, not really a method of doing it.  :)

R.a.B.B.i.T

My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet. :)

UserLoser.

Quote from: R.a.B.B.i.T on December 13, 2004, 07:34 PM
My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet. :)

Send the app to [email protected]

Arta


Kp

Or post it somewhere and I'll take a crack at it.  I have some downtime coming up.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

Mephisto

Isn't it fairly easy to crack applications that use a harddrive serial number?

UserLoser.

Quote from: Mephisto on December 13, 2004, 08:27 PM
Isn't it fairly easy to crack applications that use a harddrive serial number?

Fairly easy to crack anything that's non-encrypted

Quote from: Kp on December 13, 2004, 08:11 PM
Or post it somewhere and I'll take a crack at it.  I have some downtime coming up.

Hmm, inproc is where now? :p

UserLoser.

Quote from: R.a.B.B.i.T on December 13, 2004, 07:34 PM
My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet. :)

"ZakenNayo"?

[22:05:45.734] [AUTH] Decoding authorization key...
[22:05:45.734] [AUTH] Authorization key validated
[22:05:45.750] [AUTH] Verifying authorization database....
[22:05:45.750] [AUTH] Authorization database verified
[22:05:45.750] [AUTH] Sending authorization request...
[22:05:45.968] [AUTH] Authorization passed
[22:05:48.609] -- Error: Enter CD-Key
[22:05:48.609] -- Error: Enter home channel
[22:05:48.609] -- Error: Enter password
[22:05:48.609] -- Error: Enter username

/shrug

Swapped a few jz and jnz's~

Falcon[anti-yL]


dxoigmn

You could create something like bnls with authentication and encrypt the stream using RSA.  If this has nothing to do with a bot, then you could do the same thing but  with the critical functions server-side.

iago

Storing critical functions on a server will slow you down.  In fact, why don't you store the entire program online? Just make the bot a series of encrypted calls to the server?

What is stopping somebody from breaking the authentication, and using your server for themselves, though?  If you are using an encrypted stream, the client still has the ability to decrypt and use it, so that decryption code can be taken.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Kp

Quote from: iago on December 14, 2004, 09:48 AMStoring critical functions on a server will slow you down.  In fact, why don't you store the entire program online? Just make the bot a series of encrypted calls to the server?

What is stopping somebody from breaking the authentication, and using your server for themselves, though?  If you are using an encrypted stream, the client still has the ability to decrypt and use it, so that decryption code can be taken.

Ah, but if each client has its own unique authentication to the server, you can revoke individual clients when you realize what they're doing (similar to how CDkeys can be revoked from battle.net if they're caught causing too much trouble).  Incidentally, I agree with your implication that this is taking it to an extreme.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

dxoigmn

Quote from: iago on December 14, 2004, 09:48 AM
Storing critical functions on a server will slow you down.  In fact, why don't you store the entire program online? Just make the bot a series of encrypted calls to the server?

Depends on the application I suppose.  But is a worthwhile and difficult measure to get past without alerting the creator someone is trying to break their application.  This thread reminds of what when MousePad and the Javascript dude (forgot is name, he attached a javascript engine to D2) had this neeto encryption that they thought couldn't be broken and eventually it did.

|