IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Whither Scripting? Forum / Encrypting scripts?
Post #4,259
by tablizer
8/8/01 4:06:27 PM
8/8/01 4:07:42 PM
Reply
New Encrypting scripts?
Does anybody know of any good resources, webpages, or tips for encrypting scripts, or even executables, such as for distributing demos?

It seems that any encryption scheme around for long enough eventually gets hacked and posted on the net for the world to see.

One can remove comments and replace internal variable names with jabberwocky, but with a little patience and experimentation a cheater can still make simple changes, such as removing demo nag messages. (This is essentially what compilers do: replace meaningful names with address slots.)

________________
oop.ismad.com
Expand Edited by tablizer Aug. 8, 2001, 04:07:42 PM EDT
Expand All History
Post #4,270
by jlalexander
Picture of jlalexander
8/8/01 4:42:16 PM
Reply
New Re: Encrypting scripts?
As my good friend Scott Anderson once told me:

You should look into Exchange Pair encryption (ie. private and public keys) where you have the users who download the demo register with you to receive a public key.

As for actual implementations, you'll have to do your own research. Though, I can offer that I recently did an implementation with M$'s CryptAPI set, and it works fairly well.


HTH,
-Jason
----

My pid is Inigo Montoya. You "killed -9" my parent process. Prepare to vi.
Post #4,274
by tablizer
8/8/01 4:48:26 PM
Reply
New and once they get the key?
>> You should look into Exchange Pair encryption (ie. private and public keys) where you have the users who download the demo register with you to receive a public key. <<

But once they unlock it, they can spread it on the web, no?

>> Though, I can offer that I recently did an implementation with M$'s CryptAPI set, and it works fairly well. <<

How do you know? One does not discover hacks until it it too late?

But, I will look into it. Does it work with scripts, or only VB and C?

Thanks



________________
oop.ismad.com
Post #4,276
by admin
Picture of admin
8/8/01 4:49:50 PM
Reply
New Public key encryption is currently very, very difficult
to break.

As computers get faster, this will change, but you have a few years for now.
Regards,

-scott anderson
Post #4,281
by jlalexander
Picture of jlalexander
8/8/01 4:59:28 PM
Reply
New Re: and once they get the key?
Sure, they can spread it.

But, just keep in mind that nothing is hackable. It's just a matter of finding that degree of security that you're comfortable with.

Like Scott mentioned, it's very difficult to hack the private key. Doable, but difficult. And, sure, they can dissimenate the public key if they wanted (see [link|http://astalavista.box.sk|http://astalavista.box.sk] to see how many *current* hacks for *very* expensive software are out there), but, again, it's just a degree of security.

CryptAPI will work with any M$ scripts (such as VBS/WSH scripts). It's just your basic COM DLL. Hunt a bit, though. We actually found a wrapper that someone had already written that helped make the native API a bit more friendly.


-Jason
----

My pid is Inigo Montoya. You "killed -9" my parent process. Prepare to vi.
Post #6,398
by inthane-chan
Picture of inthane-chan
8/22/01 11:02:52 PM
Reply
New They can spread the key.
And you include, as part of your customer agreement, that a broken key = loss of service.

And you keep an eye out for broken keys on the web, as well as unusual activity on your website. You get a broken key, you invalidate it in your updated version. All versions until that one work fine, but as soon as somebody tries to upgrade, the key no longer works.
"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." - Friedrich Nietzsche
Post #4,317
by boxley
8/8/01 10:02:16 PM
Reply
New cryptic spagetti code works fairly decent
put a gobbledegook section that makes little sense that places a file in a strange place and pops a stack every 24hrs removes one then removes the script when stack reaches zero.
thanx,
bill
Our bureaucracy and our laws have turned the world into a clean, safe work camp. We are raising a nation of slaves.
Chuck Palahniuk
Post #4,327
by tablizer
8/9/01 12:14:48 AM
Reply
New I'll use OO and protocol coupling. That'll F 'em up
re: "cryptic spagetti code works fairly decent"

>> put a gobbledegook section that makes little sense that places a file in a strange place and pops a stack every 24hrs removes one then removes the script when stack reaches zero.<<

That may not work since it is web software and writing files is something prohibited by the server settings. However, I suppose there are other tricks to try along the same line.

Thanks for the suggestions
________________
oop.ismad.com
     Encrypting scripts? - (tablizer) - (7) - Aug. 8, 2001, 04:07:42 PM EDT
         Re: Encrypting scripts? - (jlalexander) - (4) - Aug. 8, 2001, 04:42:16 PM EDT
             and once they get the key? - (tablizer) - (3) - Aug. 8, 2001, 04:48:26 PM EDT
                 Public key encryption is currently very, very difficult - (admin) - Aug. 8, 2001, 04:49:50 PM EDT
                 Re: and once they get the key? - (jlalexander) - Aug. 8, 2001, 04:59:28 PM EDT
                 They can spread the key. - (inthane-chan) - Aug. 22, 2001, 11:02:52 PM EDT
         cryptic spagetti code works fairly decent - (boxley) - (1) - Aug. 8, 2001, 10:02:16 PM EDT
             I'll use OO and protocol coupling. That'll F 'em up - (tablizer) - Aug. 9, 2001, 12:14:48 AM EDT

It's all fun and games until someone loses a lung.
189 ms