AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   [Help] Socket protection (https://forums.alliedmods.net/showthread.php?t=156637)

johnally 05-09-2011 16:57

[Help] Socket protection
 
Many people have recommended that I use sockets to prevent data from being hard-coded insider the plugin. I am creating a plugin to connect the user system of a web server to counter strike servers.

That was a great idea until I started asking myself on how secure socket connections can be?

Do you guys have any suggestions on securing http socket connection to a php file using GET method?

Someone, from my old resolved thread, told me to go for RSA encryption. However, still a newbie, I have nearly no clue on how to achieve this. Except, I remember he said I could create a c++ module out of it. Googling did not help me much either :s

Big thanks in advance,

SonicSonedit 05-09-2011 23:38

Re: [Help] Socket protection
 
TEA is reliable enough. I doubt any reverse engineer will spend few weeks just to hack some CS plugin. TEA is also fast and easy to implement.

johnally 05-10-2011 10:36

Re: [Help] Socket protection
 
I modded the TEA.inc .. Modded some values and encryption still work at different offsets :)

However, let say I encrypted "test" with a key[4] array values "1,2,3,4".

The value I get, as per my slightly edited version of tiny encryption algorithm in unicode, is "Ĉi→t".. Should I encode that data or is it transmissible via socket?

Thanks for your help,

SonicSonedit 05-10-2011 14:43

Re: [Help] Socket protection
 
Quote:

The value I get, as per my slightly edited version of tiny encryption algorithm in unicode, is "Ĉi→t".. Should I encode that data or is it transmissible via socket?
Transmit. Then, after you receive this data, decode using same key, delta (default delta is 0x9e3779b9 in hex or 2654435769 in dec) and rounds count.

johnally 05-10-2011 14:52

Re: [Help] Socket protection
 
Yeah.. thanks a lot.. I guess I'll use default delta.. When I use another delta, encryption goes well only for some few keys and data to be encrypted. BTW, I used this function to generate a new key every time plugin is initialized(started):
PHP Code:

public new_key()
{
    
// get password string
    
new password[4];
    
format(passwordsizeof(password), "%d%d%d%d"random(9), random(9), random(9), random(9))
    
    
// pack key
    
for(new i=0;i<4;i++){   
        
key[i] = password[i]
    }


Cheers and thanks SonicSonedit,

SonicSonedit 05-10-2011 15:35

Re: [Help] Socket protection
 
No problem :)

Quote:

BTW, I used this function to generate a new key every time plugin is initialized(started):
That's a good idea :)

johnally 05-10-2011 16:08

Re: [Help] Socket protection
 
Oh, thanks.. I use that technique with md5 salting a lot :P

fysiks 05-10-2011 19:54

Re: [Help] Socket protection
 
Quote:

Originally Posted by SonicSonedit (Post 1467004)
No problem :)

That's a good idea :)

The quote button is very usefull and makes it easier to see who you are replying to/quoting :).

SonicSonedit 05-11-2011 06:45

Re: [Help] Socket protection
 
fysiks
Quote:

The quote button is very usefull and makes it easier to see who you are replying to/quoting :).
It makes new page to load, which takes about 5 seconds on my celeron 1700 :)
And If I need to post multi-quotes that will take more time, obviously.
So I prefer just to use regular quote tag with posting user name I'm talking to. But when there is just 2 people in the thread it's pretty obviously I'm talking to :D

johnally 05-11-2011 10:59

Re: [Help] Socket protection
 
I prefer using the @person system :S.. Quoting from my celeron 1500 will take more time :P

Anyway thanks for your answers.. :)


All times are GMT -4. The time now is 04:31.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.