Raised This Month: $ Target: $400
 0% 

[Help] Socket protection


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-09-2011 , 16:57   [Help] Socket protection
Reply With Quote #1

Many people have recommended that I use sockets to prevent data from being hard-coded insider the plugin. I am creating a plugin to connect the user system of a web server to counter strike servers.

That was a great idea until I started asking myself on how secure socket connections can be?

Do you guys have any suggestions on securing http socket connection to a php file using GET method?

Someone, from my old resolved thread, told me to go for RSA encryption. However, still a newbie, I have nearly no clue on how to achieve this. Except, I remember he said I could create a c++ module out of it. Googling did not help me much either :s

Big thanks in advance,
__________________
No allowed!

johnally is offline
SonicSonedit
Veteran Member
Join Date: Nov 2008
Location: Silent Hill
Old 05-09-2011 , 23:38   Re: [Help] Socket protection
Reply With Quote #2

TEA is reliable enough. I doubt any reverse engineer will spend few weeks just to hack some CS plugin. TEA is also fast and easy to implement.
__________________

SonicSonedit is offline
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-10-2011 , 10:36   Re: [Help] Socket protection
Reply With Quote #3

I modded the TEA.inc .. Modded some values and encryption still work at different offsets

However, let say I encrypted "test" with a key[4] array values "1,2,3,4".

The value I get, as per my slightly edited version of tiny encryption algorithm in unicode, is "Ĉi→t".. Should I encode that data or is it transmissible via socket?

Thanks for your help,
__________________
No allowed!

johnally is offline
SonicSonedit
Veteran Member
Join Date: Nov 2008
Location: Silent Hill
Old 05-10-2011 , 14:43   Re: [Help] Socket protection
Reply With Quote #4

Quote:
The value I get, as per my slightly edited version of tiny encryption algorithm in unicode, is "Ĉi→t".. Should I encode that data or is it transmissible via socket?
Transmit. Then, after you receive this data, decode using same key, delta (default delta is 0x9e3779b9 in hex or 2654435769 in dec) and rounds count.
__________________

SonicSonedit is offline
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-10-2011 , 14:52   Re: [Help] Socket protection
Reply With Quote #5

Yeah.. thanks a lot.. I guess I'll use default delta.. When I use another delta, encryption goes well only for some few keys and data to be encrypted. BTW, I used this function to generate a new key every time plugin is initialized(started):
PHP Code:
public new_key()
{
    
// get password string
    
new password[4];
    
format(passwordsizeof(password), "%d%d%d%d"random(9), random(9), random(9), random(9))
    
    
// pack key
    
for(new i=0;i<4;i++){   
        
key[i] = password[i]
    }

Cheers and thanks SonicSonedit,
__________________
No allowed!

johnally is offline
SonicSonedit
Veteran Member
Join Date: Nov 2008
Location: Silent Hill
Old 05-10-2011 , 15:35   Re: [Help] Socket protection
Reply With Quote #6

No problem

Quote:
BTW, I used this function to generate a new key every time plugin is initialized(started):
That's a good idea
__________________

SonicSonedit is offline
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-10-2011 , 16:08   Re: [Help] Socket protection
Reply With Quote #7

Oh, thanks.. I use that technique with md5 salting a lot
__________________
No allowed!

johnally is offline
fysiks
Veteran Member
Join Date: Sep 2007
Location: Flatland, USA
Old 05-10-2011 , 19:54   Re: [Help] Socket protection
Reply With Quote #8

Quote:
Originally Posted by SonicSonedit View Post
No problem

That's a good idea
The quote button is very usefull and makes it easier to see who you are replying to/quoting .
__________________
fysiks is offline
SonicSonedit
Veteran Member
Join Date: Nov 2008
Location: Silent Hill
Old 05-11-2011 , 06:45   Re: [Help] Socket protection
Reply With Quote #9

fysiks
Quote:
The quote button is very usefull and makes it easier to see who you are replying to/quoting .
It makes new page to load, which takes about 5 seconds on my celeron 1700
And If I need to post multi-quotes that will take more time, obviously.
So I prefer just to use regular quote tag with posting user name I'm talking to. But when there is just 2 people in the thread it's pretty obviously I'm talking to
__________________

SonicSonedit is offline
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-11-2011 , 10:59   Re: [Help] Socket protection
Reply With Quote #10

I prefer using the @person system :S.. Quoting from my celeron 1500 will take more time

Anyway thanks for your answers..
__________________
No allowed!

johnally is offline
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:31.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode