Raised This Month: $128 Target: $400
 32% 

[INC] Md5 Security Plugin


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
rak
Veteran Member
Join Date: Oct 2011
Location: banned country
Old 05-18-2012 , 08:55   [INC] Md5 Security Plugin
Reply With Quote #1

Hi I was making a plugin for the server and I figured I could make the .inc to avoid putting it every time that I wanted to protect a plugin, and I created this; no big deal; let's explain this out .

  • Description
It's really simple, a md5 is created from the server Ip (port included), adding a letter/number in any position you choose and making another md5 again; this is saved in a file, in "Configs" folder.
  • Change name file
We open the file security.inc and search for the constant called "ValidationFile" and we change the string;
  • Change error name
We open the file security.inc and search for the constant called "FailStateSay" and we change the string;
  • Create validation file
A really minmum amount of knowledge is needed to create the validation code. It's as simple as this
PHP Code:
#include <amxmodx>
#include <security>

#define PLUGIN "Create Validation Code"
#define VERSION "1.0"
#define AUTHOR "[R]ak"


public plugin_init() {
    
register_plugin(PLUGINVERSIONAUTHOR)
    
    
security_md5_create_file("7"17
    
// "7" value to add to the first md5
    // 17 position where is alocated "7"
    // if you want create a custom validation key use the stock in this form
    // security_md5_create_file("7", 17, "192.168.1.1:27015")

After running this plugin we won't need it anymore; we just must remember the values used to add them to our plugin later
  • Protect our plugin
With the validation file created we just need to add to our plugin it's protection; this is so simple like attaching an include and set a stock.
PHP Code:
#include <amxmodx>
#include <security>

#define PLUGIN "Protected Plugin"
#define VERSION "1.0"
#define AUTHOR "[R]ak"


public plugin_init() {
    
register_plugin(PLUGINVERSIONAUTHOR)
    
    
security_md5("7"17// in the last example this parameter is explained.

Now, if the file doesn't exist, or de code is different, the message alocated in the constant "FailStateSay" will pop up; which in my case would be "Invalid Activation code".

Just a piece of cake (:,

Enjoy!
Attached Files
File Type: inc security.inc (2.2 KB, 378 views)
__________________

www.amxmodx-es.com

Steam: Luchokoldo
rak is offline
Send a message via MSN to rak Send a message via Skype™ to rak
hornet
AMX Mod X Plugin Approver
Join Date: Mar 2010
Location: Australia
Old 05-18-2012 , 09:17   Re: [INC] Md5 Security Plugin
Reply With Quote #2

Huh I don't get it. What are you actually hashing?

Edit: The IP? Can you please explain a bit more
__________________
Quote:
vBulletin Tip #42: Not much would be accomplished by merging this item with itself.

Last edited by hornet; 05-18-2012 at 09:18.
hornet is offline
rak
Veteran Member
Join Date: Oct 2011
Location: banned country
Old 05-18-2012 , 09:20   Re: [INC] Md5 Security Plugin
Reply With Quote #3

Quote:
Originally Posted by hornet View Post
Huh I don't get it. What are you actually hashing?

Edit: The IP? Can you please explain a bit more
if you want sell, gift or upload a plugin in your server.. if any steal your plugin this never work in other server.. only in a specific Ip
__________________

www.amxmodx-es.com

Steam: Luchokoldo
rak is offline
Send a message via MSN to rak Send a message via Skype™ to rak
<VeCo>
Veteran Member
Join Date: Jul 2009
Location: Bulgaria
Old 05-18-2012 , 09:23   Re: [INC] Md5 Security Plugin
Reply With Quote #4

That's useless in a community that supports Open Source and posting open source plugins is a rule.
If you know how to script it won't be a problem to write a simple check... no need to feed n00bs to sell their editted plugins...
__________________

Last edited by <VeCo>; 05-18-2012 at 09:23.
<VeCo> is offline
rak
Veteran Member
Join Date: Oct 2011
Location: banned country
Old 05-18-2012 , 09:24   Re: [INC] Md5 Security Plugin
Reply With Quote #5

Quote:
Originally Posted by <VeCo> View Post
That's useless in a community that supports Open Source and posting open source plugins is a rule.
If you know how to script it won't be a problem to write a simple check... no need to feed n00bs to sell their editted plugins...
it's useful for privete plugins

EDIT; And if any from your comunity or whatever try to steal your plugin
__________________

www.amxmodx-es.com

Steam: Luchokoldo

Last edited by rak; 05-18-2012 at 09:28.
rak is offline
Send a message via MSN to rak Send a message via Skype™ to rak
xPaw
Retired AMX Mod X Moderator
Join Date: Jul 2008
Old 05-18-2012 , 10:16   Re: [INC] Md5 Security Plugin
Reply With Quote #6

It won't take too long to bypass this.

In fact:
Code:
0x4B8                      PROC              ; public plugin_init()
0x4BC                     BREAK              ; test.sma:8
0x4C0                     BREAK              ; test.sma:9
0x4C4                    PUSH.C  0x438       ; "[R]ak"
0x4CC                    PUSH.C  0x428       ; "1.0"
0x4D4                    PUSH.C  0x3E4       ; "Protected Plugin"
0x4DC                    PUSH.C  0xC
0x4E4                  SYSREQ.C  0xA         ; register_plugin("Protected Plugin","1.0","[R]ak")
0x4EC                     STACK  0x10        ; free 4 cells
0x4F4                     BREAK              ; test.sma:11
0x4F8                    PUSH.C  0x458       ; "totally:secure:ip:address:here"
0x500                    PUSH.C  0x11        ; 0x63000000
0x508                    PUSH.C  0x450       ; 0x37
0x510                    PUSH.C  0xC
0x518                      CALL  0x15C       ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[])
0x520                  ZERO.pri
0x524                      RETN
__________________

Last edited by xPaw; 05-18-2012 at 10:22.
xPaw is offline
hornet
AMX Mod X Plugin Approver
Join Date: Mar 2010
Location: Australia
Old 05-18-2012 , 10:52   Re: [INC] Md5 Security Plugin
Reply With Quote #7

Quote:
Originally Posted by rak View Post
if you want sell, gift or upload a plugin in your server.. if any steal your plugin this never work in other server.. only in a specific Ip
Oh I get it. So what makes this safer then checking the server IP with an IP hardcoded into the plugin ( and then set_fail_state() / watev ) ?
__________________
Quote:
vBulletin Tip #42: Not much would be accomplished by merging this item with itself.

Last edited by hornet; 05-18-2012 at 10:53.
hornet is offline
K.K.Lv
Veteran Member
Join Date: Aug 2008
Location: GameFolder
Old 05-18-2012 , 11:00   Re: [INC] Md5 Security Plugin
Reply With Quote #8

Quote:
Originally Posted by xPaw View Post
It won't take too long to bypass this.

In fact:
Code:
0x4B8                      PROC              ; public plugin_init()
0x4BC                     BREAK              ; test.sma:8
0x4C0                     BREAK              ; test.sma:9
0x4C4                    PUSH.C  0x438       ; "[R]ak"
0x4CC                    PUSH.C  0x428       ; "1.0"
0x4D4                    PUSH.C  0x3E4       ; "Protected Plugin"
0x4DC                    PUSH.C  0xC
0x4E4                  SYSREQ.C  0xA         ; register_plugin("Protected Plugin","1.0","[R]ak")
0x4EC                     STACK  0x10        ; free 4 cells
0x4F4                     BREAK              ; test.sma:11
0x4F8                    PUSH.C  0x458       ; "totally:secure:ip:address:here"
0x500                    PUSH.C  0x11        ; 0x63000000
0x508                    PUSH.C  0x450       ; 0x37
0x510                    PUSH.C  0xC
0x518                      CALL  0x15C       ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[])
0x520                  ZERO.pri
0x524                      RETN
how did you get it ?
__________________
QQ:116268742
K.K.Lv is offline
Send a message via MSN to K.K.Lv
<VeCo>
Veteran Member
Join Date: Jul 2009
Location: Bulgaria
Old 05-18-2012 , 11:01   Re: [INC] Md5 Security Plugin
Reply With Quote #9

Amxxdump or Abstract Machine eXecutive (AMX) file Disassembler.
__________________
<VeCo> is offline
rak
Veteran Member
Join Date: Oct 2011
Location: banned country
Old 05-18-2012 , 15:23   Re: [INC] Md5 Security Plugin
Reply With Quote #10

Quote:
Originally Posted by xPaw View Post
It won't take too long to bypass this.

In fact:
Code:
0x4B8                      PROC              ; public plugin_init()
0x4BC                     BREAK              ; test.sma:8
0x4C0                     BREAK              ; test.sma:9
0x4C4                    PUSH.C  0x438       ; "[R]ak"
0x4CC                    PUSH.C  0x428       ; "1.0"
0x4D4                    PUSH.C  0x3E4       ; "Protected Plugin"
0x4DC                    PUSH.C  0xC
0x4E4                  SYSREQ.C  0xA         ; register_plugin("Protected Plugin","1.0","[R]ak")
0x4EC                     STACK  0x10        ; free 4 cells
0x4F4                     BREAK              ; test.sma:11
0x4F8                    PUSH.C  0x458       ; "totally:secure:ip:address:here"
0x500                    PUSH.C  0x11        ; 0x63000000
0x508                    PUSH.C  0x450       ; 0x37
0x510                    PUSH.C  0xC
0x518                      CALL  0x15C       ; stock security_md5_create_file(NewLetter[],Poss,CustomIp[])
0x520                  ZERO.pri
0x524                      RETN
Please, explain me more;

@hornet
because the probability to force the Validation Code without any knowledge in Hex is very low because you need a 24 positions with all the keys
__________________

www.amxmodx-es.com

Steam: Luchokoldo

Last edited by rak; 05-18-2012 at 15:24.
rak is offline
Send a message via MSN to rak Send a message via Skype™ to rak
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 14:46.


Powered by vBulletin®
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Theme made by Freecode