mIRC Home    About    Download    Register    News    Help

Print Thread
Page 1 of 2 1 2
Joined: Nov 2003
Posts: 82
F
Felpipe Offline OP
Babel fish
OP Offline
Babel fish
F
Joined: Nov 2003
Posts: 82
I was wondering if there is a command line, a mIRC aplication or whatever that would allow you to either encrypt the Text in the script or the file itself in order to protect the script.

Any comment would be appreciated
Thank you.

Joined: Dec 2002
Posts: 3,547
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 3,547
mIRC is open source mate. smile

Joined: Dec 2002
Posts: 59
A
Babel fish
Offline
Babel fish
A
Joined: Dec 2002
Posts: 59
mIRC I wish. mIRC scripts you mean. grin

Joined: Nov 2003
Posts: 82
F
Felpipe Offline OP
Babel fish
OP Offline
Babel fish
F
Joined: Nov 2003
Posts: 82
Yes I know but I have seen scripts encrypted; I need it for protecting passwords and things like that.... not really to "protect" the script itself...

Joined: Dec 2002
Posts: 59
A
Babel fish
Offline
Babel fish
A
Joined: Dec 2002
Posts: 59
do $encrypt(password,m) then replace your password for $decrypt(encryptcode,m) in the script files. Anyone can still decrypt this though, just helps if someone sees over your shoulder!

Joined: Dec 2002
Posts: 3,547
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 3,547
Yep, scripts hehe.

Joined: Nov 2003
Posts: 82
F
Felpipe Offline OP
Babel fish
OP Offline
Babel fish
F
Joined: Nov 2003
Posts: 82
uhmmm ok but I dont see how can I use it.... you see, I need to hide an event ( the event contais the pass ) something like...

on *:text: hello *:#:{ <--- I need to hide the "Hello"

now I could also use something like

on *:text:*:#: { if ($1 == (encrypted text)) { then blah blah blah

I need to hide/mask that Text so It would display "somethihng" when It is really something else...... u know what I mean?

is there a trick or something that I could use at least to try to fool ?

Joined: Apr 2005
Posts: 17
D
Pikka bird
Offline
Pikka bird
D
Joined: Apr 2005
Posts: 17
Code:
on *:text:$($decode(SGVsbG8=,m) $+ *):#:echo -a $1- 


That will match on *:text:hello*:#:echo -a $1-

If that's what you mean..

Joined: Dec 2002
Posts: 3,547
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 3,547
Code:
on *:text:$($decode(SGVsbG8=,m)):#: echo -a $1-


No need for that $+ *

This will match just the word hello and not additional characters like..

hello..
hellop
hellap!

Etc.

Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
There's no way to hide a password in the way you want. $encode()/$decode() are not encryption at all, and of course are beyond trivial to turn into plain-text. But the real question is why you'd need to hide a password in the script file from the person who's running the script which accepts that password? It doesn't make any sense.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
Joined: Apr 2005
Posts: 17
D
Pikka bird
Offline
Pikka bird
D
Joined: Apr 2005
Posts: 17
Quote:
Code:
on *:text:$($decode(SGVsbG8=,m)):#: echo -a $1-


No need for that $+ *

This will match just the word hello and not additional characters like..

hello..
hellop
hellap!

Etc.


I know that, but he put the * in the example saying what he wanted.

Joined: Dec 2002
Posts: 3,547
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 3,547
Ahh right, ok. smile

Joined: Sep 2003
Posts: 4,230
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Sep 2003
Posts: 4,230
Heres a method of making things appear as something else.

Any good scripter well look at it and follow it back to its source, but to the average observer it wel appear to be something else or not what they think.



on *:text:$($(%IrcLinks,3)):#:{

Now sneckly you have defined earlier in some on connect or on start event these (but not right below each other either mix em up in places <snicker snicker>)
set %www $replace($chr(72) $chr(101),$chr(32),)
set %irc $+($str($chr(108),2),o)
set %links *
set %IrcLinks $+(%,www $!+ %,irc %,links)

--- another method is ---

on *:text:$IrcLinks:#:{


alias $irclinks { return $remove($replace($chr(72) $chr(101),$chr(32),$chr(109)) $+ $str($chr(108),2) $+ o *,m) }

Joined: Nov 2003
Posts: 82
F
Felpipe Offline OP
Babel fish
OP Offline
Babel fish
F
Joined: Nov 2003
Posts: 82
starbucks_mafia :

its for a script to be run for many @P's but only 1 person ( myself ) should know the passwords of all users....

Its a little more complicated than that, but basucally that is whats going on....

Joined: Nov 2003
Posts: 82
F
Felpipe Offline OP
Babel fish
OP Offline
Babel fish
F
Joined: Nov 2003
Posts: 82
Thank you all for helping me !

Ps: DaveC Thats not a bad Idea smile thx !

I was also wondering.... WOULD IT BE POSSIBLE TO WRITE A .DLL FILE AND STORAGE THE PASSWORDS THERE?

and if so does anybody know how to write a library file ?

Joined: Sep 2003
Posts: 4,230
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Sep 2003
Posts: 4,230
I dont quite understand what you mean by you want the other op's? to run this script but not to be able to see peoples passwords.

Passwords shouldnt be known by anyone but that person.

If your wanting to make it hard to read a passwords list file, then instead of storing peoples passwords store some type of hashing of it, I think mirc even has a $hash identifier, but i just looked at it and the numbers seem very symetrical migth be going up 256 a character?!?!?

Anyway what I mean by a hash is, make the user have a min 8 letter password, then produce a 32 bit number from that, maybe xor all the bytes 1 and 2 and bytes 3 and 4 or bytes 5 and 6 and subtract 7 from -8 : then using the 4 answers make a 32 bit value (4 bytes), this number should be resonably unique, 4 billion possables (weather that hash allows them all i didnt really check), then when a user sends a passoword its hashed down and compared to the valid hashing value for the real password, if they match its in you go.

Someone could still read the hash number but its not whats sent, so if they sent that as the password, its not going to get hashed itself to the right number, and you could even have the program notice its a hashed number that matches the real passwords one that was passed and lock the person out on the grounds only a hacker would be sending that type of exact value.

But again, this can been beaten by anyone who can even adiquitly script, they just backwards enginer your hash routine, and workwout a compatable password (a compatable one is one that just produces the same hashed number) or they just brute force it, by running every password aaaaaa,aaaaab,aaaaac etc untill they find one that matches your hashed number (this might take a while)

Still its a bit better than just making up dodgy named events smile

Joined: Dec 2002
Posts: 59
A
Babel fish
Offline
Babel fish
A
Joined: Dec 2002
Posts: 59
~"there's no way to hide in the way he wants"

There's nothing to stop you making a decent encryption/hash script, using a dll, etc.

Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
You can code the encryption techniques, but in order for the mIRC script to match the given password it must still have everything necessary to decrypt the text (ie. the key) in plain-text in the script.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
Joined: Nov 2003
Posts: 82
F
Felpipe Offline OP
Babel fish
OP Offline
Babel fish
F
Joined: Nov 2003
Posts: 82
Thats what I figured... but I really apreciate all the Help; it is interesting to read comments that might lead you to a possible solution.

Joined: Apr 2003
Posts: 701
K
Hoopy frood
Offline
Hoopy frood
K
Joined: Apr 2003
Posts: 701
Yes it's possible to store passwords in a dll, but it's not really helpful... You cannot as easily read the password in the file, but a simple $dll call in mIRC might reveal the password. You could let the only action the dll can do be a check function: the $dll only returns $true or $false for a given nick/password combination. This would require that users try all different combinations until one returns $true, and that takes too much time if the password is somewhat safe ('god', 'blah' and my-pet's-name are NOT safe) (combine with option 2 below) Do remember that each change in the passwords requires you to recompile your dll and send it to everyone again.


Since I guess it's for some auto-op or -voice script for different users, I guess there's a few choices you can make:

1 -> If only you are allowed to have the passwords, don't give them around and do the checking (and opping) yourself. You'll probably want a shell or a 24/7 internet connection wink

2 -> Only give the $md5(password $nick) value to your op's, and have the user /msg op PASS $me $md5(password $me) to the op. This way, the OP will know what to send to get whatever $nick got for logging in (but since he's op I guess he can already do that anyway) but he will NOT know the actual password that the user chose.

an example:
parties: You, Op, User1
User1 chose pass blah
You make $md5(blah User1) = 6f1ed002ab...etc and send that to Op for his script
Op's script: On @10:TEXT:PASS *:?:if (($nick == User1) && ($2 == 6f1ed002ab...etc)) { voice #chan $nick }
User1 uses /login blah where /login looks like this alias login { .msg Op PASS $md5($1 $me) }

Op won't know that User1 has chose blah as pass, but that's it.


3 -> Let Op forward the login message to you, then you tell ok or not, somewhat of a combination of 1 and 2. The $rand number makes sure the $md5 value is never the same, for added security you can keep that number in a list and refuse a password attempt using that number again...
alias login { var %r = $rand(1,1000000000) | .msg Op PASS $nick %r $md5($1 $nick %r) }
Op: on @10:TEXT:PASS *:?:{ .msg You REQPASS $2- }
You: On @100:TEXT:REQPASS *:?:{ .msg $nick ANSWER: $iif($4 == $md5($getpass($2) $2 $3),OK,NOK) $2 }

Hope this helps somewhat, you could also put other stuff in the $md5 encoding ($address, $chan, $date(yyyy/mm), ...) just remember to also let the users update their login script accordingly. The $date stuff means you need to supply new passwords to your op's every month ofcourse...

PS: sorry for the long post

Page 1 of 2 1 2

Link Copied to Clipboard