• Welcome to Valhalla Legends Archive.
 

Creating Authentication Systems

Started by Mephisto, December 12, 2004, 05:49 PM

Previous topic - Next topic

iago

The program has to necessarely decrypt itself to run, so there has to be a way to get around it. 

This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


R.a.B.B.i.T

Quote from: UserLoser on December 13, 2004, 10:09 PM
Quote from: R.a.B.B.i.T on December 13, 2004, 07:34 PM
My method, now that I don't have the source, was based on this:
Serial length: 21

Digits 1-3: Harddrive serial number length
Digits 4-X: Harddrive serial number
X-20: Random digits based off of the harddrive serial number
21: Digit calculated by a modified UPC algorithm

Nobody has cracked it yet. :)

"ZakenNayo"?

[22:05:45.734] [AUTH] Decoding authorization key...
[22:05:45.734] [AUTH] Authorization key validated
[22:05:45.750] [AUTH] Verifying authorization database....
[22:05:45.750] [AUTH] Authorization database verified
[22:05:45.750] [AUTH] Sending authorization request...
[22:05:45.968] [AUTH] Authorization passed
[22:05:48.609] -- Error: Enter CD-Key
[22:05:48.609] -- Error: Enter home channel
[22:05:48.609] -- Error: Enter password
[22:05:48.609] -- Error: Enter username

/shrug

Swapped a few jz and jnz's~
No, that has a crappy auth system.  FoFoBot, which I sadly lost due to harddrive reformat, had the serial encryption.
http://cold-chaos.net/rabbit/FF_Full.exe or http://cold-chaos.net/rabbit/FF_Lite.exe are the installers for the old FoFoBot.

PS: ZakenNayo is public now, so there's no point to even cracking the serial.

UserLoser.

[19:52:51] [AUTH] Failed (1): Serial not found.  Request serial number with /reqser
[19:52:56] [AUTH] Passed (0): Serial request sent.  Please wait for activation.
[19:53:36] [AUTH] Passed (1): Serial accepted.
[19:53:37] [AUTH] Passed (2): Your serial was accepted.
[19:53:37] BNET: Connecting...
[19:53:37] BNET: 10049: Address is not available from the local machine.
[19:53:37] BNET: Disconnected.

R.a.B.B.i.T

#33
Ah..I turned off the auth system, which I just turned on again.  Try now :)

[edit]
I also made this.  It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.

[edit2]
Fixed.

UserLoser.

Quote from: R.a.B.B.i.T on December 14, 2004, 08:31 PM
Ah..I turned off the auth system, which I just turned on again.  Try now :)

[edit]
I also made this.  It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.


Broken link.

iago

Quote from: UserLoser on December 14, 2004, 08:57 PM
Quote from: R.a.B.B.i.T on December 14, 2004, 08:31 PM
Ah..I turned off the auth system, which I just turned on again.  Try now :)

[edit]
I also made this.  It's based off of a new serial system I am making, it'd be nice to see if any of you can crack it.


Broken link.

Looks ok here.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


UserLoser.

#36
What happens when you crack it?  Does it append a ":)" to the end of the first textbox? How do we know when it's cracked?

Arta

As UserLoser points out, we lack some information here, but I think this is probably it:


R.a.B.B.i.T

Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

iago

Quote from: R.a.B.B.i.T on December 15, 2004, 03:41 PM
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

Why? You have to watch out for both.  The best way is to encrypt a series of commands, and the only way to decrypt them is with a valid key.  That why, they can't change a jump.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Arta

Quote from: R.a.B.B.i.T on December 15, 2004, 03:41 PM
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

Why would anyone go to that kind of trouble?

Adron

Quote from: Arta[vL] on December 15, 2004, 04:21 PM
Quote from: R.a.B.B.i.T on December 15, 2004, 03:41 PM
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

Why would anyone go to that kind of trouble?

I like doing that because it typically lets me install future upgrades of the program without any additional work....

iago

Quote from: Adron on December 15, 2004, 04:32 PM
Quote from: Arta[vL] on December 15, 2004, 04:21 PM
Quote from: R.a.B.B.i.T on December 15, 2004, 03:41 PM
Yes, I know it can be cracked by changing a JMP or something, but I was aiming for you to make it work with valid serials by figuring out how the serials WORKED, not by changing a command.

Why would anyone go to that kind of trouble?

I like doing that because it typically lets me install future upgrades of the program without any additional work....

By fingerprinting the code, you can usually do that anyway, unless they make changes to the algorithm.  And if they change the algorithm, your keygen won't work either.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


R.a.B.B.i.T

I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-

Arta


|