[rak]

Hi I was making a plugin for the server and I figured I could make the .inc to avoid putting it every time that I wanted to protect a plugin, and I created this; no big deal; let's explain this out .

• Description

It's really simple, a md5 is created from the server Ip (port included), adding a letter/number in any position you choose and making another md5 again; this is saved in a file, in "Configs" folder.

• Change name file

We open the file security.inc and search for the constant called "ValidationFile" and we change the string;

• Change error name

We open the file security.inc and search for the constant called "FailStateSay" and we change the string;

• Create validation file

A really minmum amount of knowledge is needed to create the validation code. It's as simple as this

PHP Code:

#include <amxmodx>
#include <security>

#define PLUGIN "Create Validation Code"
#define VERSION "1.0"
#define AUTHOR "[R]ak"


public plugin_init() {
    register_plugin(PLUGIN, VERSION, AUTHOR)
    
    security_md5_create_file("7", 17) 
    // "7" value to add to the first md5
    // 17 position where is alocated "7"
    // if you want create a custom validation key use the stock in this form
    // security_md5_create_file("7", 17, "192.168.1.1:27015")
} 


After running this plugin we won't need it anymore; we just must remember the values used to add them to our plugin later

• Protect our plugin

With the validation file created we just need to add to our plugin it's protection; this is so simple like attaching an include and set a stock.

PHP Code:

#include <amxmodx>
#include <security>

#define PLUGIN "Protected Plugin"
#define VERSION "1.0"
#define AUTHOR "[R]ak"


public plugin_init() {
    register_plugin(PLUGIN, VERSION, AUTHOR)
    
    security_md5("7", 17) // in the last example this parameter is explained.
} 


Now, if the file doesn't exist, or de code is different, the message alocated in the constant "FailStateSay" will pop up; which in my case would be "Invalid Activation code".

Just a piece of cake (:,

Enjoy!

[hornet]

Huh I don't get it. What are you actually hashing?

Edit: The IP? Can you please explain a bit more

[rak]

Quote:

Originally Posted by hornet Huh I don't get it. What are you actually hashing? Edit: The IP? Can you please explain a bit more

if you want sell, gift or upload a plugin in your server.. if any steal your plugin this never work in other server.. only in a specific Ip

[<VeCo>]

That's useless in a community that supports Open Source and posting open source plugins is a rule.
If you know how to script it won't be a problem to write a simple check... no need to feed n00bs to sell their editted plugins...

[rak]

Quote:

Originally Posted by <VeCo> That's useless in a community that supports Open Source and posting open source plugins is a rule. If you know how to script it won't be a problem to write a simple check... no need to feed n00bs to sell their editted plugins...

it's useful for privete plugins

EDIT; And if any from your comunity or whatever try to steal your plugin

[xPaw]

It won't take too long to bypass this.

In fact:

Code:

0x4B8                      PROC              ; public plugin_init()
0x4BC                     BREAK              ; test.sma:8
0x4C0                     BREAK              ; test.sma:9
0x4C4                    PUSH.C  0x438       ; "[R]ak"
0x4CC                    PUSH.C  0x428       ; "1.0"
0x4D4                    PUSH.C  0x3E4       ; "Protected Plugin"
0x4DC                    PUSH.C  0xC
0x4E4                  SYSREQ.C  0xA         ; register_plugin("Protected Plugin","1.0","[R]ak")
0x4EC                     STACK  0x10        ; free 4 cells
0x4F4                     BREAK              ; test.sma:11
0x4F8                    PUSH.C  0x458       ; "totally:secure:ip:address:here"
0x500                    PUSH.C  0x11        ; 0x63000000
0x508                    PUSH.C  0x450       ; 0x37
0x510                    PUSH.C  0xC
0x518                      CALL  0x15C       ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[])
0x520                  ZERO.pri
0x524                      RETN

[hornet]

Quote:

Originally Posted by rak if you want sell, gift or upload a plugin in your server.. if any steal your plugin this never work in other server.. only in a specific Ip

Oh I get it. So what makes this safer then checking the server IP with an IP hardcoded into the plugin ( and then set_fail_state() / watev ) ?

[K.K.Lv]

Quote:

Originally Posted by xPaw It won't take too long to bypass this. In fact: Code: 0x4B8 PROC ; public plugin_init() 0x4BC BREAK ; test.sma:8 0x4C0 BREAK ; test.sma:9 0x4C4 PUSH.C 0x438 ; "[R]ak" 0x4CC PUSH.C 0x428 ; "1.0" 0x4D4 PUSH.C 0x3E4 ; "Protected Plugin" 0x4DC PUSH.C 0xC 0x4E4 SYSREQ.C 0xA ; register_plugin("Protected Plugin","1.0","[R]ak") 0x4EC STACK 0x10 ; free 4 cells 0x4F4 BREAK ; test.sma:11 0x4F8 PUSH.C 0x458 ; "totally:secure:ip:address:here" 0x500 PUSH.C 0x11 ; 0x63000000 0x508 PUSH.C 0x450 ; 0x37 0x510 PUSH.C 0xC 0x518 CALL 0x15C ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[]) 0x520 ZERO.pri 0x524 RETN

how did you get it ?

[<VeCo>]

Amxxdump or Abstract Machine eXecutive (AMX) file Disassembler.

[rak]

Quote:

Originally Posted by xPaw It won't take too long to bypass this. In fact: Code: 0x4B8 PROC ; public plugin_init() 0x4BC BREAK ; test.sma:8 0x4C0 BREAK ; test.sma:9 0x4C4 PUSH.C 0x438 ; "[R]ak" 0x4CC PUSH.C 0x428 ; "1.0" 0x4D4 PUSH.C 0x3E4 ; "Protected Plugin" 0x4DC PUSH.C 0xC 0x4E4 SYSREQ.C 0xA ; register_plugin("Protected Plugin","1.0","[R]ak") 0x4EC STACK 0x10 ; free 4 cells 0x4F4 BREAK ; test.sma:11 0x4F8 PUSH.C 0x458 ; "totally:secure:ip:address:here" 0x500 PUSH.C 0x11 ; 0x63000000 0x508 PUSH.C 0x450 ; 0x37 0x510 PUSH.C 0xC 0x518 CALL 0x15C ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[]) 0x520 ZERO.pri 0x524 RETN

Please, explain me more;

@hornet
because the probability to force the Validation Code without any knowledge in Hex is very low because you need a 24 positions with all the keys