|
You last visited: Today at 15:17
Advertisement
[C#] Protecting a bot
Discussion on [C#] Protecting a bot within the .NET Languages forum part of the Coders Den category.
10/31/2014, 15:26
|
#1
|
elite*gold: 28
Join Date: Aug 2014
Posts: 4,096
Received Thanks: 2,649
|
[C#] Protecting a bot
#solved
|
|
|
10/31/2014, 15:48
|
#2
|
elite*gold: 2932
Join Date: Oct 2009
Posts: 6,966
Received Thanks: 1,097
|
first of all, everything is crackable.
in my opinion a custom obfuscator combined with a hwid system provides the best cost-benefit ratio
|
|
|
10/31/2014, 16:45
|
#3
|
dotCom
elite*gold: 12400
Join Date: Mar 2009
Posts: 15,884
Received Thanks: 4,386
|
+ check every x minutes if the user have the rights to use this tool or if anythink is wrong then close it.
|
|
|
10/31/2014, 17:10
|
#4
|
elite*gold: 3800
Join Date: Dec 2012
Posts: 13,039
Received Thanks: 8,243
|
Obfuscating the code, makes the code unreadable for a normal user. You have to deobfuscate it and if it's a custom obfuscator, he has to do it manually.
Then you can use a public packer, to avoid script kids. Mostly they give up after this
|
|
|
10/31/2014, 17:15
|
#5
|
elite*gold: 2932
Join Date: Oct 2009
Posts: 6,966
Received Thanks: 1,097
|
Quote:
Originally Posted by tolio
everything is crackable.
|
and there is nothing you can do about it.
but you can provide a good product and people will pay for it. dont invest to much time in trying to protect your bot, instead work on your bot to improve the product you sell.
and something more about the obfuscator topic, for every commercial one there exists a deobfuscator so get hands on a custom/privat one and you are good to go
|
|
|
10/31/2014, 21:00
|
#6
|
elite*gold: 50
Join Date: Sep 2012
Posts: 3,841
Received Thanks: 1,462
|
Quote:
Originally Posted by xExorcist
The problem is even after i obfuscated the executable files, what if they managed to decompile it and change the lines that checks the txt hwid files to another link maybe that contains their hwid or even they can remove the whole hwid checking
|
dont check a text file. set up a database with a php script or program a server that accept connections and manage all
|
|
|
11/02/2014, 21:26
|
#7
|
elite*gold: 0
Join Date: Jul 2012
Posts: 284
Received Thanks: 127
|
Make a web based account system. And the server only returns to the premium users in the database. For example through the forum system, just like other game hacks.
|
|
|
11/02/2014, 21:58
|
#8
|
elite*gold: 8
Join Date: Sep 2014
Posts: 625
Received Thanks: 177
|
Put as much as you can on a web server and not inside the software.
|
|
|
11/03/2014, 14:20
|
#9
|
dotCom
elite*gold: 12400
Join Date: Mar 2009
Posts: 15,884
Received Thanks: 4,386
|
Register(webpage) => Database
Login(program) => to php => database(if account exist,if payed,if already logged in)
Encrypt your program to php POST with username,password,hwid and someother **** thats only the same on the username,password.
Decrypt it in the PHP script(webpage) ,handel it and send some emcrypted specialchars back to the program.
After the right decrypted specialchar the user are successfully logged in and ready to use your program.
|
|
|
11/03/2014, 23:18
|
#10
|
elite*gold: 56
Join Date: Oct 2010
Posts: 3,409
Received Thanks: 1,219
|
The trick is to sell the result from the bot not the bot itself.
|
|
|
11/07/2014, 08:07
|
#11
|
elite*gold: 52
Join Date: Oct 2010
Posts: 1,998
Received Thanks: 389
|
Google for Confuser..
This tool has the following features:
Anti debugger
Anti memory dumping
Anti decompiler
Prevent any tampering of the assemblies
Encrypt codes
Encrypt constants (i.e. numbers & strings)
Encrypt resources
Control flow obfuscation
External/Internal reference proxy
Renaming
|
|
|
11/07/2014, 18:38
|
#12
|
elite*gold: 4
Join Date: Feb 2008
Posts: 3,847
Received Thanks: 1,267
|
Quote:
Originally Posted by BlackHybrid
Google for Confuser..
|
Google for DeConfuser..
|
|
|
11/07/2014, 22:00
|
#13
|
elite*gold: 0
Join Date: Apr 2011
Posts: 115
Received Thanks: 11
|
Easy to say: Web API.. That one which you are prefering.. PHP or c# server or what ever. I prefer socketservers, written in c# too
|
|
|
11/08/2014, 07:00
|
#14
|
elite*gold: 0
Join Date: Oct 2008
Posts: 680
Received Thanks: 337
|
If your bot is a dll that is going to get injected into a target process then I would recommend this method to you:
1) Use a backend web login with your loader which identifies a user
(The user has to register his HWID either through your website or first startup - up to you.)
2) Then you need a little script in your backend web app which streams your bot dll directly to your Loader (don't save it on disk just keep it in the RAM), encrypted with the users HWID saved in your database. (Just a simple download script)
PHP Code:
//Pseudocode $botModule = file_get_contents('bot.dll'); echo encrypt($botModule, $hwid);
3. The loader decrypts the dll which is only possible if the PC of the user has the HWID which is linked to his account he is using.
Your bot dll can still be extracted when it's injected though, so in case you want to protect the module itself you have to hide it. I think you have to rewrite the PEB or sth like that, can't remember -> research with google by urself. But it's important to notice that there is no 100% protection if someone want to crack your bot he is able to!!!
Sry for bed englando it's very late
|
|
|
11/08/2014, 11:16
|
#15
|
elite*gold: 100
Join Date: Aug 2005
Posts: 595
Received Thanks: 208
|
@Flyff_Service
This is a legit way when using nativ code,but in .NET this seems a bit like an overkill.
You will put quiet some work, adding Compatiblity iusses and in the end fetching the unlinked Dll is about 5 Lines of Code.
Ps. You dont need to fiddle with the PEB, this works for sure, but i guess loading and solving the Dll directly raw into memory without ever linking it serves the same purpouse without the risk of something monitoring the Linktables
In the end Tolios approach is in my opinion be the best, stop the total starters, and put enough effort into the further Development to show people that they are buying the service, not the programm himself.
|
|
|
|
|
Similar Threads
|
Protecting code / login
06/23/2014 - .NET Languages - 4 Replies
Hey,
so I have 2 question about security.
Im using visual studio 2010 (vb.net) and so far I have published only .exe files ('cause that way only one file needed to run the program)
Now I'm wondering how to increase programs security...
1) How can I block decomplining? or I mean I tried today decompliler I saw my project's source pretty accuracy. Is there way to hide "main functions", strings, saved settings?
2) Safe login system? Again with decompiler I was able to see all my sql...
|
Protecting EXE!
02/03/2013 - CO2 Private Server - 5 Replies
Hello Folks,
I am running a COPVPServer and i really pissed of the botters in my server.
I would like to know more about EnigmaProtector because i protected my conquer.exe lately and it can be replace by another so in that case they can use there hacks again.. I would like to know how do you link your Conquer.Exe to your Server(exe). Just like ClassicCo if you replace there exe you cant log on..
Help much appreciated ..
|
[HELP] Protecting .eix and .epk files againist unpacking
11/11/2010 - Metin2 Private Server - 13 Replies
I know... It's bad section. I'm VERY sorry. But... In Discussions & Questions are so noob questions. This information is very important for me.
I want to protect my files from /pack/ folder. They are very important and I don't want to someone steal it. But I don't know how. I know , that German Servers have that files protected ( Other encryption key in Your packer). Could you tell me how to do it ? Please do not delete this topic. If you want to answer , could You use english ? If you can't...
|
Protecting your Aion Account from theft
12/31/2009 - Gaming News - EN - 0 Replies
With an increase in Aion account thefts being reported, keeping game accounts safe has become a high priority for us all. What can you do to ensure the safety of your own account? NCsoft shares a few tips.
|
All times are GMT +2. The time now is 15:17.
|
|