icu Posted August 5, 2012 Posted August 5, 2012 Dear AutoIt community, I want to create an AutoIt program that checks an Authentication Server via the internet for validity. I know about XProTec.au3 and it is not applicable for what I want to create because my AutoIt program is 'assisting' another program to authenticate. I also know that AutoIt can be decompiled and that nothing is 100% safe. I'm just looking to make it difficult for hackers by using a number of hurdles and the AutoIt program bit will be another hurdle for a cracker to get through. I've looked through the forums but haven't seen anything that answers my questions. Having never done anything like this I need some advice. Firstly, how should I go about this sort of authentication? How would I encrypt the internet traffic between AutoIt and the server (to avoid packet sniffers)? Also what sort of server implementation is recommended? I was thinking Ubuntu running SQL but I'm open to suggestions. And is there any learning resources the community can recommend like books/example code/video tutorials? Many thanks for your replies.
t0nZ Posted August 6, 2012 Posted August 6, 2012 HI, I had a similar problem, I had made an installer for a chat program, and this installer installs the chat program (yes..), set the preferences, set the proper user (based on the machine name) and retrieve the password .How ? it make a tcp communication, it send the username encrypted and a (very ) little (beta stage) server returns the password encryted.this is my little server:expandcollapse popup#region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Icon=IconeFull iconetworkoptions.ico #AutoIt3Wrapper_Res_requestedExecutionLevel=asInvoker #endregion ;**** Directives created by AutoIt3Wrapper_GUI **** #include "TCP.au3" #include "string.au3" #include <SQLite.au3> #include <SQLite.dll.au3> #include <GUIConstantsEx.au3> #include <ListViewConstants.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> Global $idlist[50], $idcounter = 0, $listLimit = 50, $semipass = "YourPasswordHere", $clientcounter = 0, $sending, $Arow, $Received, $hSocket #region ### START Koda GUI section ### Form=c:program files (x86)autoit3examplesnsc_testformsauraserver.kxf $Form1_1 = GUICreate("Aura Server V.0.3", 301, 401, 192, 124) GUISetBkColor(0xC0C0C0) $Label1 = GUICtrlCreateLabel("Client connessi: ", 5, 304, 112, 18) GUICtrlSetFont(-1, 9, 800, 0, "Verdana") $nclientconnessi = GUICtrlCreateLabel($clientcounter, 120, 302, 45, 20) GUICtrlSetFont(-1, 10, 800, 0, "Verdana") GUICtrlSetColor(-1, 0x00FF00) GUICtrlSetBkColor(-1, 0x000000) $ListView1 = GUICtrlCreateListView("time | event ", 5, 5, 290, 290) GUICtrlSetFont(-1, 8, 800, 0, "Verdana") GUICtrlSetColor(-1, 0xFFFF00) GUICtrlSetBkColor(-1, 0x000000) GUISetState(@SW_SHOW) #endregion ### END Koda GUI section ### $idlist[$idcounter] = GUICtrlCreateListViewItem(@YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & "|creazione server ", $ListView1) $idcounter += 1 $hServer = _TCP_Server_Create(2400); TCP socket server _TCP_RegisterEvent($hServer, $TCP_NEWCLIENT, "NewClient");this function called when a new client connects to the server. _TCP_RegisterEvent($hServer, $TCP_DISCONNECT, "Disconnect"); will get called when a client disconnects. _TCP_RegisterEvent($hServer, $TCP_RECEIVE, "Received"); NSC ;will get called when something is received While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit EndSwitch If $idcounter > ($listLimit - 5) Then GUICtrlDelete($ListView1) $ListView1 = GUICtrlCreateListView("time | event ", 5, 5, 290, 290) GUICtrlSetFont(-1, 8, 800, 0, "Verdana") GUICtrlSetColor(-1, 0xFFFF00) GUICtrlSetBkColor(-1, 0x000000) $idcounter = 0 EndIf ; sleep (500) ; serve WEnd Func NewClient($hSocket, $iError); $ipclient = _TCP_Server_ClientIP($hSocket) $idlist[$idcounter] = GUICtrlCreateListViewItem(@YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & "|NC " & $hSocket & " " & $ipclient, $ListView1) $idcounter += 1 $clientcounter += 1 GUICtrlSetData($nclientconnessi, $clientcounter) GUISetState() $hello = _StringEncrypt(1, "dtready", $semipass & @MDAY) _TCP_Send($hSocket, $hello); spedisco "dtready" per salutare il client EndFunc ;==>NewClient Func Disconnect($hSocket, $iError); Damn, we lost a client. Time of death: @Hour & @Min & @Sec :P $idlist[$idcounter] = GUICtrlCreateListViewItem(@YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & "|CC " & $hSocket & " ", $ListView1) $idcounter += 1 $clientcounter -= 1 GUICtrlSetData($nclientconnessi, $clientcounter) GUISetState() EndFunc ;==>Disconnect Func Received($hSocket, $sReceived, $iError); called when something is received. $Received = _StringEncrypt(0, $sReceived, $semipass & @MDAY) ;decrypt and show $idlist[$idcounter] = GUICtrlCreateListViewItem(@YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & "|RX " & $hSocket & " = " & $Received, $ListView1) $idcounter += 1 ; comprendo la richiesta... Select Case StringLeft($Received, 25) = "spark requesting password" $sending = trovapass() $sending = _StringEncrypt(1, $sending, $semipass & @MDAY) _TCP_Send($hSocket, $sending); spedisco la pass al client $idlist[$idcounter] = GUICtrlCreateListViewItem(@YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & "|TX psw to " & $hSocket & " ", $ListView1) $idcounter += 1 Case Else $idlist[$idcounter] = GUICtrlCreateListViewItem(@YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & "|? request unknown.. " & $hSocket & " ", $ListView1) $idcounter += 1 EndSelect EndFunc ;==>ReceivedI omitted only the function trovapass() , the function that returns the password to be encrypted and sended.You have to get the tcp.au3 UDF by Kip (thanx to the author!) from Creating the client is doable if you understand the server.Bye
nullschritt Posted August 7, 2012 Posted August 7, 2012 (edited) Look at this thread Look at my post there, if this is something like you want to do tell me, and I may be able to help both you, and this guy. Edited August 7, 2012 by nullschritt
icu Posted August 8, 2012 Author Posted August 8, 2012 @t0nZ: Thank you for the reply and advice. I need some time to dissect your code since I haven't coded in AutoIt for about a year. @nullschritt: Thank you for your reply and the link. Yes the other forum post is pretty much what I'm looking for (seems like it was posted after mine which is why I missed it). I've seen yours and others replies to that post and I'm going to see if I can collaborate or at least compare notes with 13ktuz. There is a lot of leads/hints given there and enough to make a start.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now