Raised This Month: $ Target: $400
 0% 

Any good encryption?


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-08-2011 , 12:25   Any good encryption?
Reply With Quote #1

I'm a newly registered user to alliedmodders but NOT a new visitor.

I personally wish to thanks every amx coders here that helped advance this wonderful metamod plugin.


Ok, lets jump in.

My issue is quite simple to understand. I got a plugin I'm working on that connects the user management system of a website to the cs server the plugin is on. [I just wish users to have same nick and steamID as on the website.]..

As such, the plugin will contain some data as SQL query string or SQL db infos.

Code:
#define SQL_DB "amxsys_db"
#define SQL_USRN "johnally"
#define SQL_TBL "amxsys_tbl"
How can I protect that information(mostly the strings) from being seen if ever the plugin is decompiled.

I did some research here:
[unsecure] ROT13
[ONE way hash] MD5
[unsecure] xTea
[very unsecure] Base64

How should I tackle that issue?. Even when I handle a socket connection from the plugin I wish to encrypt the transmitted data to prevent anyone from tampering it.


Any suggestions highly appreciated,

Last edited by johnally; 05-08-2011 at 12:32.
johnally is offline
fysiks
Veteran Member
Join Date: Sep 2007
Location: Flatland, USA
Old 05-08-2011 , 12:31   Re: Any good encryption?
Reply With Quote #2

1. Don't give out the plugin.
2. Use cvars for those values.

(this was posted recently and should have been found easily via a search)

Encrypting during transmission is another story. Wouldn't you have to use a secure connection?
__________________
fysiks is offline
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-08-2011 , 12:34   Re: Any good encryption?
Reply With Quote #3

I found that. But I NEED TO DISTRIBUTE IT.

Reasons:
Hosters in my community need to download that plugin and install on their servers. This is not a private plugin but only close-source with sensitive data.

And use cvar's for so much strings and hardcorded data?


Thanks,
__________________
No allowed!


Last edited by johnally; 05-08-2011 at 12:39.
johnally is offline
Clauu
Senior Member
Join Date: Feb 2008
Location: RO
Old 05-08-2011 , 12:48   Re: Any good encryption?
Reply With Quote #4

Quote:
Originally Posted by fysiks View Post
2. Use cvars for those values.
Cvars can't help, the same result event if using cvars(decompiled plugin) - http://forums.alliedmods.net/showpos...84&postcount=1
Clauu is offline
fysiks
Veteran Member
Join Date: Sep 2007
Location: Flatland, USA
Old 05-08-2011 , 12:59   Re: Any good encryption?
Reply With Quote #5

Quote:
Originally Posted by Clauu View Post
Cvars can't help, the same result event if using cvars(decompiled plugin) - http://forums.alliedmods.net/showpos...84&postcount=1
A decompiler can't get info that's not in the source code. When using a cvar for these items, the info is NOT in the source code and hence cannot be retrieved via decompilation.

Quote:
Originally Posted by johnally View Post
I found that. But I NEED TO DISTRIBUTE IT.

Reasons:
Hosters in my community need to download that plugin and install on their servers. This is not a private plugin but only close-source with sensitive data.
Honestly, it's probably not possible to completely protect the info if you are handing out the plugin and require them to connect to your DB.


Quote:
Originally Posted by johnally View Post
And use cvar's for so much strings and hardcorded data?
It's only 3 strings. That's not many. (or maybe I have no clue what this sentence means )
__________________

Last edited by fysiks; 05-08-2011 at 13:02.
fysiks is offline
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-08-2011 , 13:05   Re: Any good encryption?
Reply With Quote #6

Anything NOT hardcoded in the plugin cannot be decompiled obviously . However, let's say I have the md5 of a file. How do I prevent it from being hardcoded? Do I use socket? Should I always use socket and retrieve the data from a php file?

Exolent said that a custom base64 encryption can be made. How much secure is that? Enough to discourage intermediate crackers?

I'm only looking for if hardcoded strings can be encrypted and still, be decrypted with a key if needed. A key-enc system is highly appreciated.

I'm NOT asking for prefabs or anything, just looking in if there was another good encryption method under pawn scripting than the one I found [in my first post]..

It's not only 3 strings however, It is a lot of strings . The above 3 strings are only example of how important the information is.

Cheers,
__________________
No allowed!


Last edited by johnally; 05-08-2011 at 13:10.
johnally is offline
Clauu
Senior Member
Join Date: Feb 2008
Location: RO
Old 05-08-2011 , 13:06   Re: Any good encryption?
Reply With Quote #7

@fysiks Yes but that cvars must be defined somewhere right? So its just a matter of time until that sensitive data will be founded and then used in a negative way.
@johnally the best way is to retrive that data from a .php file using sockets and then deny any browser acces to that file, this is how i will do it for plugins with a sql connection.

Last edited by Clauu; 05-08-2011 at 13:09.
Clauu is offline
fysiks
Veteran Member
Join Date: Sep 2007
Location: Flatland, USA
Old 05-08-2011 , 13:09   Re: Any good encryption?
Reply With Quote #8

Quote:
Originally Posted by Clauu View Post
Yes but that cvars must be defined somewhere right? So its just a matter of time until that sensitive data will be founded and then used in a negative way.
Well, clearly in the OPs situation cvars is not the answer however, in most situations where there is only one user of a database and you don't want it hardcoded the method is to use cvars. If someone hacks into the FTP (the only place the cvars are in plain text) then that's a whole different story.
__________________
fysiks is offline
Clauu
Senior Member
Join Date: Feb 2008
Location: RO
Old 05-08-2011 , 13:16   Re: Any good encryption?
Reply With Quote #9

Wait a second, what ftp? the plugin will be used by x users on their servers so cvars must be defined locally in every server.
Clauu is offline
johnally
Member
Join Date: May 2011
Location: Mauritius
Old 05-08-2011 , 13:22   Re: Any good encryption?
Reply With Quote #10

@Clauu .. I hate sockets.. Why? I feel it is more unsecure as data is transmitted in a near plain-text format :s.. However, whenever I use sockets, I have to consider an md5 key by the side of my data. Such a pain :s.. Do you know of any other technique of securing my socket connection as I do NOT wish the hosters tamper the data.

@fysiks .. Now you see the tip of the iceberg My issue is kinda enormous but I'm sure we can 'hack' our way through it and probably help this community with decompiling issues. However, private plugins are not so welcomed here ;)

@Clauu[2nd rep] .. yep used locally.. the hoster will download and install locally.. use of cvars is kinda extreme sucide
__________________
No allowed!

johnally is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:17.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode