|
You last visited: Today at 19:35
Advertisement
[RELEASE]Crypted login data
Discussion on [RELEASE]Crypted login data within the Metin2 PServer Guides & Strategies forum part of the Metin2 Private Server category.
10/02/2012, 07:34
|
#1
|
elite*gold: 0 
Join Date: Jun 2011
Posts: 75
Received Thanks: 178
|
[RELEASE]Crypted login data
hi,
I'm here today to present a little work I did yesterday in a few hours, it is a method of storing login data encrypted
this system with a few small changes can help save secure data and prevent account theft.
just change the code to create a random key the first time that is saved in a configuration file, other than the login details it will serve to generate the encrypted data that it will vary from client to client.
Also I am attaching the new libraries necessary to add to the path "Lib" in client some of them have been modified by me to make them compatible with the functions applied, for my test I used an updated version of them.
### add it in intrologin.py ###
Code:
import base64
import string
def __encrypt(self, string):
try:
a = string
new_string = ''
for x in a:
new_string = new_string+str(int(ord(x)+127)*32)+' '
encrypt_string = base64.encodestring(new_string)
return encrypt_string
except:
print "LoginWindow.__encrypt - EncryptError"
return -1
def __decrypt(self, string):
try:
a = string
data = base64.decodestring(a)
new_string = ''
b = data.split()
for x in b:
new_string = new_string+chr((int(x)/32)-127)
return new_string
except:
print "LoginWindow.__decrypt - DecryptError"
return -1
def __SaveAccountInfo(self, user, passw):
try:
file=open("login.inf", "w+")
userid = self.__encrypt(user).strip('\n')
passwd = self.__encrypt(passw).strip('\n')
file.write("%s#%s" % (userid, passwd))
file.close()
except:
print "LoginWindow.__SaveAccountInfo - SaveError"
def __LoadAccountInfo(self):
try:
file=open("login.inf")
lines=file.readlines()
if len(lines)>0:
data=lines[0].replace('#', ' ')
tokens=data.split()
user=self.__decrypt(tokens[0].strip('\n'))
passw=self.__decrypt(tokens[1].strip('\n'))
return user, passw
except:
print "LoginWindow.__LoadAccountInfo - OpenError"
return -1, -1
def __OnClickSaveButton(self):
id = self.idEditLine.GetText()
pwd = self.pwdEditLine.GetText()
self.__SaveAccountInfo(id, pwd)
self.PopupNotifyMessage("Dati di Login Salvati!")
data stored is like this:
Code:
NzI2NCA1Njk2IDc1NTIgNTYwMCA3NTg0IDU2OTYg#Nzc3NiA3Mjk2IDc3NDQgNzc3NiA3Nzc2IDcyOTYgNzc0NCA3Nzc2IA==
i hope be useful 
enjoy
d3m0n3
|
|
|
|
10/02/2012, 10:48
|
#2
|
elite*gold: 0
Join Date: Jan 2010
Posts: 1,916
Received Thanks: 538
|
Ich check nicht was es bringen soll..
|
|
|
|
|
10/02/2012, 11:11
|
#3
|
elite*gold: 0
Join Date: Jun 2011
Posts: 75
Received Thanks: 178
|
Quote:
Originally Posted by 'oShet
Ich check nicht was es bringen soll..
|
in english please
|
|
|
|
|
10/02/2012, 11:21
|
#4
|
elite*gold: 0
Join Date: Sep 2010
Posts: 1,219
Received Thanks: 278
|
What it does
|
|
|
|
|
10/02/2012, 11:21
|
#5
|
elite*gold: 0
Join Date: Jul 2012
Posts: 132
Received Thanks: 50
|
Quote:
Originally Posted by 'oShet
Ich check nicht was es bringen soll..
|
Diese funktion verschlüsselt die Login Daten, die z.B. über den Button "Login-Daten Speichern" generiert wurden und in den Client Ordner gespeichert wurden (Loginsetting.cfg/Loginsettinginfo.cfg (Oder sonnst irgendwelche Dateien wo diese Gespeichert werden können). 
|
|
|
|
|
10/02/2012, 11:42
|
#6
|
elite*gold: 29
Join Date: Jul 2009
Posts: 2,826
Received Thanks: 7,423
|
Base64 ist NICHT sicher.. Damit kann man die Datein vielleicht vor Freunden verstecken, die sich an eurem PC bedienen, verstecken, das wars dann aber auch.
Base64 is not safe.. You can hide your passwords from friends that make use of your PC, that's it!
|
|
|
|
|
10/02/2012, 11:47
|
#7
|
elite*gold: 0
Join Date: Jun 2011
Posts: 75
Received Thanks: 178
|
Quote:
Originally Posted by .Infinity
Base64 ist NICHT sicher.. Damit kann man die Datein vielleicht vor Freunden verstecken, die sich an eurem PC bedienen, verstecken, das wars dann aber auch.
Base64 is not safe.. You can hide your passwords from friends that make use of your PC, that's it!
|
if you look at the code is not only base64
but are used in addition to other methods without knowing the code you can not decrypt
this is login and password try to decode without read code 
Code:
NzI2NCA1Njk2IDc1NTIgNTYwMCA3NTg0IDU2OTYg#Nzc3NiA3Mjk2IDc3NDQgNzc3NiA3Nzc2IDcyOTYgNzc0NCA3Nzc2IA ==
|
|
|
|
|
10/02/2012, 12:27
|
#8
|
elite*gold: 50
Join Date: Nov 2009
Posts: 865
Received Thanks: 1,228
|
So dumm iss das System nicht. Zumal es nicht nur Base64 ist. Ich finds schön.
|
|
|
|
|
10/02/2012, 12:57
|
#9
|
elite*gold: 0
Join Date: Jun 2011
Posts: 75
Received Thanks: 178
|
Quote:
Originally Posted by .Belius
how about to add additional information like an SALT key generated by your installation date of your OS??
PHP Code:
def __LoadAccountList(self, initialOpen=0):
self.accountCombo.ClearItem()
global LOGINLIST, PASSWDLIST
LOGINLIST = []
PASSWDLIST = []
installDate = '2736492r7022354222'
try:
for s in os.popen('reg QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "InstallDate"').readlines():
if s.find('InstallDate') != -1:
installDate = s
print str(installDate)
except:
pass
md5sum = md5.new(installDate).hexdigest()
installDate = md5sum[-8:]
desObj = des(str(installDate), padmode=PAD_PKCS5)
id = 0
selectId = 0
try:
loginSettings = open('uls.dll', 'r')
for st in loginSettings.readlines():
loginString = base64.decodestring(st.split(' ')[0])
passwordString = base64.decodestring(st.split(' ')[1])
keyString = base64.decodestring(st.split(' ')[2])
if desObj.decrypt(keyString).replace('\n', '') == installDate.replace('\n', ''):
self.accountCombo.InsertItem(id, desObj.decrypt(loginString))
if desObj.decrypt(loginString) == serverInfo.LOGIN and initialOpen == 1:
selectId = id
LOGINLIST.append(desObj.decrypt(loginString))
PASSWDLIST.append(desObj.decrypt(passwordString))
id = id + 1
except:
print "load account data error"
if id == 0:
self.accountCombo.SetCurrentItem("Account")
else:
self.accountCombo.SelectItem(selectId)
def __OnSaveAccount(self):
installDate = '2736492r7022354222'
try:
for s in os.popen('reg QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "InstallDate"').readlines():
if s.find('InstallDate') != -1:
installDate = s
except:
pass
if self.pwdEditLine.GetText() == '' or self.idEditLine.GetText() == '':
self.PopupNotifyMessage('Please input account id and password!')
return
try:
global LOGINLIST
if LOGINLIST.index(self.idEditLine.GetText()) > -1:
self.PopupNotifyMessage('This account already saved!')
return
except:
pass
md5sum = md5.new(installDate).hexdigest()[-8:]
installDate = md5sum
desObj = des(str(installDate), padmode=PAD_PKCS5)
loginSettings = open('uls.dll', 'a')
loginSettings.write(base64.encodestring(desObj.encrypt(self.idEditLine.GetText())).replace('\n', '') + ' ' + base64.encodestring(desObj.encrypt(self.pwdEditLine.GetText())).replace('\n', '') + ' ' + base64.encodestring(desObj.encrypt(installDate)).replace('\n', '') + "\n")
loginSettings.close()
self.idEditLine.SetText('')
self.pwdEditLine.SetText('')
self.__LoadAccountList()
it's way better and more secure |
I do not see what's best in this system there are checks md5 useless on a static key(have no sense)
was hidden in a false dll the login data but I do not see things better rather see some unnecessary functions
|
|
|
|
|
10/02/2012, 16:08
|
#10
|
elite*gold: 0
Join Date: Feb 2008
Posts: 2,754
Received Thanks: 1,748
|
You don't get what he meant, right?
You should just check the way he did the base64 thing. Plain base64 is more than unsecure because its not an encryption but an encoding. There is a huge difference.
|
|
|
|
|
10/02/2012, 17:11
|
#11
|
elite*gold: 0
Join Date: Jun 2011
Posts: 75
Received Thanks: 178
|
Quote:
Originally Posted by Computerfreek
You don't get what he meant, right?
You should just check the way he did the base64 thing. Plain base64 is more than unsecure because its not an encryption but an encoding. There is a huge difference.
|
As I wrote in the first post in my example I used a key example to facilitate the understanding of this key code used is "32" I also suggested to create a configuration file in which to set a random key so as not to be able to exchange files from client to client but if people read only half can do nothing ...
P.S.: in other way you can use a second key value between "1-127" (set in post 127) so we have created an asymmetric algorithm
Code:
def __encrypt(self, string):
try:
a = string
new_string = ''
for x in a:
new_string = new_string+str(int(ord(x)+127)*[B]32[/B])+' '
encrypt_string = base64.encodestring(new_string)
return encrypt_string
except:
print "LoginWindow.__encrypt - EncryptError"
return -1
def __decrypt(self, string):
try:
a = string
data = base64.decodestring(a)
new_string = ''
b = data.split()
for x in b:
new_string = new_string+chr((int(x)/[B]32[/B])-127)
return new_string
except:
print "LoginWindow.__decrypt - DecryptError"
return -1
|
|
|
|
|
10/02/2012, 21:51
|
#12
|
elite*gold: 0
Join Date: Jun 2012
Posts: 15
Received Thanks: 19
|
Nice Work, it's so usefull and complete. I will learn some more about PY and UI in Metin2
|
|
|
|
|
10/03/2012, 07:48
|
#13
|
elite*gold: 0
Join Date: Jun 2011
Posts: 75
Received Thanks: 178
|
Quote:
Originally Posted by .Belius
You don't understand python obviously....
PHP Code:
installDate = '2736492r7022354222'
try:
for s in os.popen('reg QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "InstallDate"').readlines():
if s.find('InstallDate') != -1:
installDate = s
print str(installDate)
If he detects the installation date then it's unique and encrypted in md5 as SALT key
Sooo yea...if you would have any knowledge from python, you would understand what i'm talking about here and not telling me such bullshit like it's useless...
Soo again for your slow mind:
In my version it detects the installation date and generate an md5 hash as SALT key, then from username and password it encrypt with DES and then all this shit again in Base64....
SALT+DES+DES = BASE64+BASE64+BASE64 = german python king xD
yours is just crap^^
cheers |
welcome python's hacker....
speak so much of the installation date but actually the variable used is static and does not have anything to do with the date of installation
moreover, in your code standard encryption algorithms are used and that in itself has nothing to do with the security the only thing I liked is the storage of a variable on the System but in your case it really hurt because you use a constant key
would have some sense if it were stored in a random variable different for each client used as the encryption key
Now you can sit back down on your golden toilet... king
have a nice day
d3m0n3
P.S.: ok I reread carefully your code in a first reading I had not noticed the apices that question if the variable is present and not the value of it
I now have a better understanding of the operation of your code and I think it's good
this does not give you the right to come here to offend also do not understand why this constant despise the work of others... this post is created to present my work and not to discuss the work of others, you too can create your own without coming to exalt here
|
|
|
|
|
10/03/2012, 09:56
|
#14
|
elite*gold: 5
Join Date: Oct 2010
Posts: 1,692
Received Thanks: 1,772
|
I think you dont need a crypted login data ,because he saves a file on your PC.
I must say its a nice work ,but in in my view i think its useless.
|
|
|
|
|
10/03/2012, 13:12
|
#15
|
elite*gold: 73
Join Date: Jul 2012
Posts: 387
Received Thanks: 433
|
|
|
|
|
 |
|
Similar Threads
|
[TUTORIAL] how login new acc without loading new client, or hacked data
10/27/2011 - Dekaron Exploits, Hacks, Bots, Tools & Macros - 22 Replies
1.Go to character selection screen.
2.turn of internet
3.login to any server (and u go to login screent)
4.here you go :) now you are at login screen
5.put back cabel and login with other account
:p
+wideo tutorial :D
|
Db bot crackloader have crypted trojan
09/26/2010 - SRO Private Server - 13 Replies
Db bot crackloader have a trojan that remote adminstrator
crack for 1.1 and 1.3 have same virus
look
http://img827.imageshack.us/img827/5800/hacko.png
I downloaded the crack and the bot from elitepvpers posted by jamuluta aka noex
|
LastChaosUSA crypted? anti-dbug?
08/06/2009 - General Coding - 2 Replies
Hi guys =)
after writing alot of memory hacks of LastChaos i try to debug it with ollydb
..but right after attaching to de process of LC "nksp.exe"
olly pauses at "ntdll.DbgBreakPoint" <- is this something like anti-debug routine
how can i bypass this?
pls help :)
thx oggs
Two screens of olly:
Imageshack - 22268185
|
what does HEUR/Crypted mean ?
02/21/2007 - Conquer Online 2 - 5 Replies
what does HEUR/Crypted mean ?
sorry for the lame questions but am trying to learn ,cant knock anyone for that :eek:
|
All times are GMT +1. The time now is 19:36.
|
|
![[RELEASE]Crypted login data](https://www.elitepvpers.com/forum/iconimages/metin2-pserver-guides-strategies/release-crypted-login-data_ltr.gif){kind=small}
