AlliedModders
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

AlliedModders (https://forums.alliedmods.net/index.php)
-   Code Snippets/Tutorials (https://forums.alliedmods.net/forumdisplay.php?f=83)
-   -   [INC] Md5 Security Plugin (https://forums.alliedmods.net/showthread.php?t=185491)

rak 05-18-2012 07:55
[INC] Md5 Security Plugin
 
1 Attachment(s)
Hi :3 I was making a plugin for the server and I figured I could make the .inc to avoid putting it every time that I wanted to protect a plugin, and I created this; no big deal; let's explain this out :P.

  • Description
It's really simple, a md5 is created from the server Ip (port included), adding a letter/number in any position you choose and making another md5 again; this is saved in a file, in "Configs" folder.
  • Change name file
We open the file security.inc and search for the constant called "ValidationFile" and we change the string;
  • Change error name
We open the file security.inc and search for the constant called "FailStateSay" and we change the string;
  • Create validation file
A really minmum amount of knowledge is needed to create the validation code. It's as simple as this
PHP Code:
#include <amxmodx>
#include <security>

#define PLUGIN "Create Validation Code"
#define VERSION "1.0"
#define AUTHOR "[R]ak"


public plugin_init() {
    register_plugin(PLUGINVERSIONAUTHOR)
    
    security_md5_create_file("7"17
    // "7" value to add to the first md5
    // 17 position where is alocated "7"
    // if you want create a custom validation key use the stock in this form
    // security_md5_create_file("7", 17, "192.168.1.1:27015")

After running this plugin we won't need it anymore; we just must remember the values used to add them to our plugin later
  • Protect our plugin
With the validation file created we just need to add to our plugin it's protection; this is so simple like attaching an include and set a stock.
PHP Code:
#include <amxmodx>
#include <security>

#define PLUGIN "Protected Plugin"
#define VERSION "1.0"
#define AUTHOR "[R]ak"


public plugin_init() {
    register_plugin(PLUGINVERSIONAUTHOR)
    
    security_md5("7"17// in the last example this parameter is explained.

Now, if the file doesn't exist, or de code is different, the message alocated in the constant "FailStateSay" will pop up; which in my case would be "Invalid Activation code".

Just a piece of cake (:,

Enjoy! :3

hornet 05-18-2012 08:17
Re: [INC] Md5 Security Plugin
 
Huh I don't get it. What are you actually hashing?

Edit: The IP? Can you please explain a bit more :)

rak 05-18-2012 08:20
Re: [INC] Md5 Security Plugin
 
Quote:
Originally Posted by hornet (Post 1711290)
Huh I don't get it. What are you actually hashing?

Edit: The IP? Can you please explain a bit more :)
if you want sell, gift or upload a plugin in your server.. if any steal your plugin this never work in other server.. only in a specific Ip

<VeCo> 05-18-2012 08:23
Re: [INC] Md5 Security Plugin
 
That's useless in a community that supports Open Source and posting open source plugins is a rule.
If you know how to script it won't be a problem to write a simple check... no need to feed n00bs to sell their editted plugins...

rak 05-18-2012 08:24
Re: [INC] Md5 Security Plugin
 
Quote:
Originally Posted by <VeCo> (Post 1711298)
That's useless in a community that supports Open Source and posting open source plugins is a rule.
If you know how to script it won't be a problem to write a simple check... no need to feed n00bs to sell their editted plugins...
it's useful for privete plugins

EDIT; And if any from your comunity or whatever try to steal your plugin

xPaw 05-18-2012 09:16
Re: [INC] Md5 Security Plugin
 
It won't take too long to bypass this.

In fact:
Code:
0x4B8                      PROC              ; public plugin_init()
0x4BC                    BREAK              ; test.sma:8
0x4C0                    BREAK              ; test.sma:9
0x4C4                    PUSH.C  0x438      ; "[R]ak"
0x4CC                    PUSH.C  0x428      ; "1.0"
0x4D4                    PUSH.C  0x3E4      ; "Protected Plugin"
0x4DC                    PUSH.C  0xC
0x4E4                  SYSREQ.C  0xA        ; register_plugin("Protected Plugin","1.0","[R]ak")
0x4EC                    STACK  0x10        ; free 4 cells
0x4F4                    BREAK              ; test.sma:11
0x4F8                    PUSH.C  0x458      ; "totally:secure:ip:address:here"
0x500                    PUSH.C  0x11        ; 0x63000000
0x508                    PUSH.C  0x450      ; 0x37
0x510                    PUSH.C  0xC
0x518                      CALL  0x15C      ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[])
0x520                  ZERO.pri
0x524                      RETN

hornet 05-18-2012 09:52
Re: [INC] Md5 Security Plugin
 
Quote:
Originally Posted by rak (Post 1711294)
if you want sell, gift or upload a plugin in your server.. if any steal your plugin this never work in other server.. only in a specific Ip
Oh I get it. So what makes this safer then checking the server IP with an IP hardcoded into the plugin ( and then set_fail_state() / watev ) ?

K.K.Lv 05-18-2012 10:00
Re: [INC] Md5 Security Plugin
 
Quote:
Originally Posted by xPaw (Post 1711334)
It won't take too long to bypass this.

In fact:
Code:
0x4B8                      PROC              ; public plugin_init()
0x4BC                    BREAK              ; test.sma:8
0x4C0                    BREAK              ; test.sma:9
0x4C4                    PUSH.C  0x438      ; "[R]ak"
0x4CC                    PUSH.C  0x428      ; "1.0"
0x4D4                    PUSH.C  0x3E4      ; "Protected Plugin"
0x4DC                    PUSH.C  0xC
0x4E4                  SYSREQ.C  0xA        ; register_plugin("Protected Plugin","1.0","[R]ak")
0x4EC                    STACK  0x10        ; free 4 cells
0x4F4                    BREAK              ; test.sma:11
0x4F8                    PUSH.C  0x458      ; "totally:secure:ip:address:here"
0x500                    PUSH.C  0x11        ; 0x63000000
0x508                    PUSH.C  0x450      ; 0x37
0x510                    PUSH.C  0xC
0x518                      CALL  0x15C      ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[])
0x520                  ZERO.pri
0x524                      RETN
how did you get it ?

<VeCo> 05-18-2012 10:01
Re: [INC] Md5 Security Plugin
 
Amxxdump or Abstract Machine eXecutive (AMX) file Disassembler.

rak 05-18-2012 14:23
Re: [INC] Md5 Security Plugin
 
Quote:
Originally Posted by xPaw (Post 1711334)
It won't take too long to bypass this.

In fact:
Code:
0x4B8                      PROC              ; public plugin_init()
0x4BC                    BREAK              ; test.sma:8
0x4C0                    BREAK              ; test.sma:9
0x4C4                    PUSH.C  0x438      ; "[R]ak"
0x4CC                    PUSH.C  0x428      ; "1.0"
0x4D4                    PUSH.C  0x3E4      ; "Protected Plugin"
0x4DC                    PUSH.C  0xC
0x4E4                  SYSREQ.C  0xA        ; register_plugin("Protected Plugin","1.0","[R]ak")
0x4EC                    STACK  0x10        ; free 4 cells
0x4F4                    BREAK              ; test.sma:11
0x4F8                    PUSH.C  0x458      ; "totally:secure:ip:address:here"
0x500                    PUSH.C  0x11        ; 0x63000000
0x508                    PUSH.C  0x450      ; 0x37
0x510                    PUSH.C  0xC
0x518                      CALL  0x15C      ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[])
0x520                  ZERO.pri
0x524                      RETN
Please, explain me more;

@hornet
because the probability to force the Validation Code without any knowledge in Hex is very low because you need a 24 positions with all the keys


All times are GMT -4. The time now is 09:28.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.