Page 1 of 2
EXE passwords are visible in plain
Posted: Wed Nov 07, 2018 10:32 pm
by Otto
Hello
I post this only for information.
I was not aware that the username and password are visible in plain text in the EXE.
Best regards,
Otto
My very simple obfuscator:
Code: Select all | Expand
function pw()
local cPassword1 := "m"
local cPassword3 := "P"
local cPassword2 := "y"
local cFiller := "xyz"
local cPassword5 := "0"
local cPassword6 := "0"
local cPassword7 := "7"
local cPassword4 := "W"
*----------------------------------------------------------
return ( cPassword1 + cPassword2 + cPassword3 + cPassword4 + cPassword5 + cPassword6 + cPassword7 )
Re: EXE passwords are visible in plain
Posted: Thu Nov 08, 2018 1:00 am
by Armando
Hello Otto:
Is not enough for you the ENCRYPT() and DECRYPT() Classes?
Here is a sample:
Code: Select all | Expand
Encrypted := ENCRYPT("Armando","1234aeb")
MsgInfo(Encrypted)
Decrypted := DECRYPT(Encrypted,"1234aeb")
MsgInfo(Decrypted)
Regards
Re: EXE passwords are visible in plain
Posted: Thu Nov 08, 2018 6:06 am
by Otto
Hello Armando,
thank you. But this is no solution.
Please look in the exe file:
Best regards,
Otto
Re: EXE passwords are visible in plain
Posted: Thu Nov 08, 2018 10:56 am
by Otto
Thank you Cristobal your solution is working fine.
Best regards
Otto
Code: Select all | Expand
Put al init of your code
#pragma TEXTHIDDEN( 1 )
#include "FiveWin.ch"
.../...
and at end of your code
#pragma TEXTHIDDEN( 0 )
Re: EXE passwords are visible in plain
Posted: Fri Nov 09, 2018 5:39 pm
by Rick Lipkin
Otto
You need a good .exe shrinker\compression utility .. I use
ASpack which is a commercial product .. never had any problems with the product .. prox 90 USD
http://www.aspack.com/aspack.htmlCompletely removes all text from the hex ..
Rick Lipkin
Re: EXE passwords are visible in plain
Posted: Fri Nov 09, 2018 6:38 pm
by Silvio.Falconi
Otto,
why you insert password on exe ?
for a sample I insert aes cript strings on a ini file sample : ( this is part of my license class)
Code: Select all | Expand
[License]
A1=dCfTZfLWOUdZPeAQ8TfcdVI=
B1=aB2bpXPVP0tU
C1=fyv7XdI2OsdDD9woMFbbcFAitQ==
D1=DJu+zxbevEtbD4zA0fTbek0IycPQk+psSk3Kwrei
F1=bC2bpYd3uUFPJw==
G1=VB3nbTY8L2wVk7WyNT1IXQOU8LE0WnlLBNHzsFNrb0xB0vLXYn1oCULTleZ0ei0KQ7Sk8HM/LgskhbL3NjwvbBWTtbI1PUhdA5TwsTRaeUs=
E1=GYu6N0YcvHgal4G6Nd3bek0IycPQk+psSk3Kwrei
H1=GYu6N0YcP2gal4G6Nd3D2QCK7KEw+znKSk3Kwrei
I1=Fsl2fg==
I challenge everyone to find the exact translation
Re: EXE passwords are visible in plain
Posted: Fri Nov 09, 2018 8:23 pm
by Otto
Silvio,
please post how you evaluate the passwords in your exe.
------------------------------------------------------------------
BTW the solution Cristobal posted works perfectly.
Best regards
Otto
Re: EXE passwords are visible in plain
Posted: Fri Nov 09, 2018 8:58 pm
by Iris Gesser
Good evening,
unfortunately I can not see the answer/post of Cristobal.
Kind regards
Iris
Re: EXE passwords are visible in plain
Posted: Fri Nov 09, 2018 9:01 pm
by Silvio.Falconi
oLicense:TLicense():New("test.lic")
oLicense:ReadLicense()
this give me an array with many variables
for a sample
LOCAL cFtp :=oLicense:cFtp
LOCAL cUser := oLicense:cUser
LOCAL cPW := oLicense:cPw
LOCAL cFtpDir :=oLicense:cFtpDir
LOCAL cUpdFile := "test.exe"
LOCAL cLocalDir :="c:\test\"
the I use tUpdate class of Haupt
on exe there is not password or words
the class read the file test.lic directly
Otto, try to converte the code I post into word correct !!
Re: EXE passwords are visible in plain
Posted: Fri Nov 09, 2018 10:10 pm
by cnavarro
Iris Gesser wrote:Good evening,
unfortunately I can not see the answer/post of Cristobal.
Kind regards
Iris
Iris
My answer was by mail, I did not publish it in the forum
Otto offered to publish it for me
https://github.com/harbour/core/blob/ma ... pragma.txt#pragma TEXTHIDDEN(1) / ( 0 )
This scrambles any text between TEXTHIDDEN( 1 ) and TEXTHIDDEN( 0 ) in your exe
This makes the text strings defined in their source impossible to see in their EXEs
You can put it at the beginning and end of your source programs or just in a piece of code
Re: EXE passwords are visible in plain
Posted: Fri Nov 09, 2018 11:15 pm
by Silvio.Falconi
Cristobal,
maybe the father Otto does not talk to his daughter Iris or they have a fight.....
I wanted to go and greet our friends in Sillian at Christmas but I saw that they have their hotel all busy
Greetings to Renate!!!
Re: EXE passwords are visible in plain
Posted: Fri Nov 09, 2018 11:39 pm
by Otto
Hello Silvio
can you please show
some lines how TLicense decrypt.
Do you have something like:
::cPw := DECRYPT(Encrypted,"1234aeb")
in your class.
Thank you
and best regards
Otto
Re: EXE passwords are visible in plain
Posted: Sat Nov 10, 2018 8:22 am
by Silvio.Falconi
For decript I not use decript/encript of fivewin
On oldest class I used decript and encript
on new class I use Aes cifrature ADVANCED ENCRYPTION STANDARD 128 bit
Re: EXE passwords are visible in plain
Posted: Sat Nov 10, 2018 7:10 pm
by Otto
>on new class I use Aes cifrature ADVANCED ENCRYPTION STANDARD 128 bit
Hello Silvio
how do you store the key.
c := aes256_Decrypt( c, @cKey )
Thank you and best regards
Otto
Re: EXE passwords are visible in plain
Posted: Sat Nov 10, 2018 8:09 pm
by Silvio.Falconi
wich function is aes256_Decrypt ?
where you found it ?
I Have
Un / protectstring for a string
Un /protectFile for a file
and these use a aes protocol 128/192/256
it'is build from this document
https://csrc.nist.gov/csrc/media/public ... ps-197.pdftype:
InitAes(128) //192/256 Load tables
string_text := "Antonio Linare from Fivetechsoft.com!" //ascii
Keychipher:= "2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c" //hexadecimal
cCifrated:= ProtectStringComplete(string_text,KeyChipher)
?cCifrated
cDecifrated:=UnProtectStringComplete(cCifrated,KeyChipher)
?cDecifrated