Hello,

I want to 'hide' a username and password inside a program.
This program is created to run in batch mode on a lan (on different computers (NT4, 2k) on a windows nt domain).
For the moment the source code contain the username and password in plain text :oops: ... it's an administrator user... re :oops:

What can I do to hide these strings ?
encyphered the text ?
create a shared folder with ACL ?

Thank you in advance for your help.

Benxitd
Posted on 2004-12-02 11:37:20 by benxitd
May be you can ask user enter his name and password. This way, the program code will be empty. Example:


c:\>yourprog.exe user=Kecol pwd=none

or


c:\>yourprog.exe
user: Kecol
pwd: none
You are in!!!



Why are you login in like an administrator?
If this does not work, then give us some other details to let us help you.

Kecol.-
Posted on 2004-12-02 12:18:34 by Kecol
Thank you for your answer.

I need administrator level because my program has to go from PC to PC in a lan (in a certain way like a virus).
The program must contain the username and pwd : coded the first time when it is launch with the parameters user and pwd.
=> is there any simple algo to code a string ?

Benxitd
Posted on 2004-12-02 12:31:03 by benxitd
Use a password hash - not the actual password.
It could still be broke, but not very easily.
Posted on 2004-12-02 15:48:16 by bitRAKE
Try this.. (This site is not permenant since my domain is down temporary)

http://www.projectvisual.org/roticv/vodet.zip

I am not sure whether it works on XP, but I am very sure it could work on 2k. If it cannot work tell me, I will try to fix it.

Basically it just add a password dialog to the exe. Without the password you can never run the program.
Posted on 2004-12-05 08:48:34 by roticv
If you need the program to run automatically without the user entering a password, the best you can do is probably to use some form of encryption to keep people with hexeditors away. Something like TEA should suffice, if you're doing full auto you're not going to be able to keep reverse engineers at bay anyway.

Keep the decrypted user/pass combination in memory as short time as possible, to prevent a simple memory dump (or winhex memory edit) from sniffing it.

This is all from the assumption that you need to pass the user/pass string to some windows function to do authentication - if you're handling authentication in your own program, do as bitrake says and use password hashes.
Posted on 2004-12-05 11:44:00 by f0dder
its not hard to protect a password againts people with hexeditors, just use an existing algo like MD5 to encrypt the pass, store that and everytime someone try's to login, do MD5 on the pass and compare to the hash that is stored in the exe.

MD5 is a one-way encryption thus making it impossible to decrypt, but possible to brute-force though but that will certainly take some time.
Posted on 2004-12-05 12:56:49 by Scorpie
MD5 is a hash, not an encryption. And do have a google around for "rainbow tables".
Posted on 2004-12-05 13:01:19 by f0dder
roticv,

your idea for VODET is very good, because it's simple and efficient (just encrypt the first 512 bytes starting at entrypoint, and add a final section to decrypt them), but the section addition algorithm does not seem to work very well. Tried with (sorry, on XP):

(a) CALC.EXE - the last section info in PE header, for ".roticv1", overrides part of the imported libraries strings

(b) compilation of simple "C" program


#include <stdio.h>

void
main(void)
{
printf("pippo\n");
}

last original section ".data" has a rounded-up size of 1000 but a real size of 1DE8. Now the bytes in ".roticv1" section overwrite the last initial section!

Finally, I tried to encrypt VODET itself. Well... No success neither in this case. The reason is simple. You do not clear the space reserved on the stack for the password, so if the password is less than 16 bytes, some garbage is got at the end and the patterns 13371337 and DEADC0DE are no more extracted from the buffer.

Regards, bilbo
Posted on 2004-12-06 11:42:25 by bilbo
Most of the time I have used simply XORing to hide the strings. It will for sure hide the strings for the normal users just opening the exe with Hex Editor and looking up strings. If somebody knows what he is doing this is easy to break, but on the other hand he can break it anyways.

So you can do something like this:



Crypt proc Address :DWORD
mov ebx, Address
invoke lstrlen, Address
mov ecx, eax
mov eax, ebx
mov bl, 233
Plah:
mov dl, [eax]
xor dl, bl
mov [eax], dl
inc eax
loop Plah
ret
Crypt endp


Simply call this prog like this:


invoke Crypt, ADDR myText


And to DeCrypt call Crypt proc again, now with the pointer to crypted text as parameter.
Posted on 2004-12-07 04:13:55 by SamiP
md5 is sufficient, without a rainbow table, bruteforcing it is impossible, and collisions can't be generated given an arbituary string/hash.
Posted on 2004-12-07 22:46:11 by Drocon