The Daily Click ::. Forums ::. Klik Coding Help ::. Try and hack this.
 

Post Reply  Post Oekaki 
 

Posted By Message

Chris Burrows



Registered
  14/09/2002
Points
  2396

GOTW WINNER OCT. 2011
11th April, 2011 at 02:38:08 -

Hello,

I am working on a program that encrypts important information using the AES object.

On START OF LEVEL i set the key of the AES object to a 128 bit key I've picked myself
This key would not be listed anywhere else apart from this one event.

The user is required to enter a password before decryption is allowed.
This password would also be only stored in a single condition: On user clicks button, test if EDIT BOX = "password"

Using this method, both the encryption key and the password are only stored in 1 single event each.
Not in any ini file or anything like that.
I'm pretty sure that once a mfa file is compiled to an EXE file it is close to impossible to access the source code.


I've made an example.

At the beginning of the frame, the program loads the text, from the already encrypted file; data.txt

Can somebody try and hack it for me?

http://www.whenthereisnoroominhellthedeadwalktheearth.com/MMF/hackme.zip

Besides brute forcing the password it seems pretty secure to me.

I have left the source code open incase you need to see the key or password.

Let me know what you think.


THANKS!!!!!

 
n/a

UrbanMonk

BRING BACK MITCH

Registered
  07/07/2008
Points
  49667

Has Donated, Thank You!Little Pirate!ARGH SignKliktober Special Award TagPicture Me This Round 33 Winner!The Outlaw!VIP MemberHasslevania 2!I am an April FoolKitty
Picture Me This Round 32 Winner!Picture Me This Round 42 Winner!Picture Me This Round 44 Winner!Picture Me This Round 53 Winner!
11th April, 2011 at 16:35:02 -

You should be fine, as long as the data isn't some sort of military secret I don't think anyone would care enough to try.

Brute-forcing the password, or keylogging is prolly your only concern.

 
n/a

Chris Burrows



Registered
  14/09/2002
Points
  2396

GOTW WINNER OCT. 2011
11th April, 2011 at 19:27:00 -

Yeah I think I'll replace the typed password with a bunch of numbers you have to click.
Sort of like a keypad. Then all I have to worry about is someone using video capture software. Very unlikely!

Thanks for taking the time to check it out. PEACE!

 
n/a

Cecilectomy

noPE

Registered
  19/03/2005
Points
  305

Has Donated, Thank You!VIP MemberWeekly Picture Me This Winner!Cardboard BoxGhostbuster!Pokemon Ball!ComputerBox RedSanta HatSnowman
I am an April Fool
11th April, 2011 at 20:59:48 -

lol gonna go maplestory on this bitch? random layout keypad?

maplestory has an onscreen keypad. all the keys on it are randomly placed. yet somehow hackers still get a hold of peoples accounts? LOL

 
n/a

Phredreeke

Don't listen to this idiot

Registered
  03/08/2002
Points
  4504

You've Been Circy'd!VIP MemberPS3 Owner
11th April, 2011 at 21:02:34 -

Well that would reduce the keysize. You'd go from 36^x (assuming lower case letters and numbers) different passwords to 10^x, where x is equal to the number of digits in the password.

Consider keyloggers scanning the program's memory range. The string's content has to be stored somewhere you know?

I can't check this (no MMF2) but from your description it sounds like you've stored the encryption key and the password in the application itself. I would instead make the application derive the encryption key from the password. (hash the password and use the hash as an encryption key)

 
- Ok, you must admit that was the most creative cussing this site have ever seen -

Make some more box arts damnit!
http://create-games.com/forum_post.asp?id=285363

UrbanMonk

BRING BACK MITCH

Registered
  07/07/2008
Points
  49667

Has Donated, Thank You!Little Pirate!ARGH SignKliktober Special Award TagPicture Me This Round 33 Winner!The Outlaw!VIP MemberHasslevania 2!I am an April FoolKitty
Picture Me This Round 32 Winner!Picture Me This Round 42 Winner!Picture Me This Round 44 Winner!Picture Me This Round 53 Winner!
11th April, 2011 at 22:51:29 -


Originally Posted by The Cecilizer
maplestory has an onscreen keypad. all the keys on it are randomly placed. yet somehow hackers still get a hold of peoples accounts? LOL



Any decent keylogger takes a screenshot everytime the user clicks. lol

 
n/a

Chris Burrows



Registered
  14/09/2002
Points
  2396

GOTW WINNER OCT. 2011
12th April, 2011 at 03:13:25 -

Well what about this!

Instead of typing a password, or clicking numbers, the user has to navigate a character through a really difficult maze in a really short time.
Taking the correct turn at every fork in the road. Kinda like the castle in world 6 on Super Mario Lost Levels.

Have you played it?
http://www.youtube.com/watch?v=XZcRMfNGBbo

It's hard!

 
n/a

Phredreeke

Don't listen to this idiot

Registered
  03/08/2002
Points
  4504

You've Been Circy'd!VIP MemberPS3 Owner
12th April, 2011 at 14:30:57 -

First of all, what is it that's so sensitive that it has to be encrypted and mustn't be keylogged?

Second, you're ignoring the possibility of someone getting it that AFTER encryption. It might be easier to persuade someone with the password/maze solution/whatever to just copy the decrypted content rather than try to break the encryption itself.

 
- Ok, you must admit that was the most creative cussing this site have ever seen -

Make some more box arts damnit!
http://create-games.com/forum_post.asp?id=285363
   

Post Reply



 



Advertisement

Worth A Click