Author |
Message |
|
Fr0sty
Member
Joined: 27 Nov 2003 Posts: 202
|
Posted: 30 Nov 2003 02:29:55 pm Post subject: |
|
|
Me and my friend are making an alg prog and I kinda wanted to know a couple things. We're trying to make it secure and we don't want anyone stealing it and claiming it as theirs, so for now we're making it untradeable through calculators. I'm kinda trying to keep it to the simple stuff right now (meaning as much as I can understand) and from memory (my sis borrowed my calc) this is what I came up with:
First off, we make two versions of every prog: a protected one and an unprotected one (meaning they can't edit the code on the protected one). We keep the unprotected one and distribute the protected one.
Second, to keep distribution rates low, I'm trying to prevent trading. So I made it where you not only have to enter in a password, but you also have to have the correct numbers in a list (sent by an installation program puts the lists in). A couple of problems: First, my password is stored in Str 1 and anyone who goes to Str 1 can see it. Second, my list is stored in L1 and anyone who goes to L1 can see it. Is there any way to hide my password? Also, is there anyway to make my password a certain length as in 3-5 characters? The only solution I can think of (with my limited knowledge of TI-Basic) are to confuse them by using all lists and strings with different words/numbers in each so that they have to re-enter each number/word by hand thereby confusing them.
I was also thinking about using Get( and Send( but I'm not exactly sure how they work. My idea is to get variables form a calculator and if they are all equal, then the program will work, but if they're not, then it won't. Any help would be nice. |
|
Back to top |
|
|
SnugenZ
Advanced Newbie
Joined: 20 Nov 2003 Posts: 52
|
Posted: 30 Nov 2003 03:14:23 pm Post subject: |
|
|
Thats an exceelent idea --If any can figure this out, i'd be just as happy as frosty -- Like disable send or something -- that;d be amazing -- I bet its near impossible to tdo in basic though -- prolly need asm |
|
Back to top |
|
|
DarkerLine ceci n'est pas une |
Super Elite (Last Title)
Joined: 04 Nov 2003 Posts: 8328
|
Posted: 30 Nov 2003 03:59:17 pm Post subject: |
|
|
Get( and Send( are functions that do something with CBL/CBR. If you want to transfer something from one calc to another, use GetCalc(.
In order to make the password invisible, you could type it into the program instead of storing it to a variable.
About making it untradeable - I've noticed a program with Omnicalc tokens can't be sent to another calculator. Maybe someone (not me - I know no Asm) could write an assembly program that 1)Inserts an Omnicalc token into the program 2)Protects the program from being edited 3)Deletes itself. You would send the assembly program and run it once on the other calculator. The problem with putting the token in yourself is you will then be unable to send the program in the first place. |
|
Back to top |
|
|
Basjuh
Advanced Newbie
Joined: 19 Nov 2003 Posts: 56
|
Posted: 30 Nov 2003 04:04:29 pm Post subject: |
|
|
HASH the list and str so it will be unreadable...
look in the encyption thread i posted a basic hasher there... |
|
Back to top |
|
|
Fr0sty
Member
Joined: 27 Nov 2003 Posts: 202
|
Posted: 30 Nov 2003 04:06:15 pm Post subject: |
|
|
So an Omnicalc token can't even be sent to another calc with Omnicalc?
Btw: thanks for the help =D
too bad my sis borrowed my calc I wanted to try some of this stuff. |
|
Back to top |
|
|
DarkerLine ceci n'est pas une |
Super Elite (Last Title)
Joined: 04 Nov 2003 Posts: 8328
|
Posted: 30 Nov 2003 04:14:34 pm Post subject: |
|
|
Fr0sty wrote: So an Omnicalc token can't even be sent to another calc with Omnicalc?
I've tried it, with version 1.10, and it didn't work. Apparently it can't even ungroup something if a variable to be ungrouped has an Omnicalc token. I found that out the hard way.
An easy-to make hasher:
Code: your favorite number -> rand
operation with 1 rand and N (example: N - 2Nrand) -> N
to unhash:
y. f. n. -> rand
inverse of that operation (example: N/(1-2rand)) -> N
If your program is protected so no one knows y. f. n., it is nearly impossible to break. |
|
Back to top |
|
|
Fr0sty
Member
Joined: 27 Nov 2003 Posts: 202
|
Posted: 30 Nov 2003 05:06:30 pm Post subject: |
|
|
Would the tokens make it able to send progs on demand? Because me and him keep improving on this prog and keep sending it back and forth as we upgrade it.
Also how does the hasher work? Is that all I put in and then it affects my string? Or what? I don't get it. |
|
Back to top |
|
|
Basjuh
Advanced Newbie
Joined: 19 Nov 2003 Posts: 56
|
Posted: 30 Nov 2003 05:12:58 pm Post subject: |
|
|
try using this..
Code: Input Str1
1\->\A
"ADINSXBEJOTY CFKPUZ:GLQV\theta\?HMRW3026159487\->\Str2
For(I,1,length(Str1
inString(Str2,sub(Str1,I,1
\root\(AIAns\->\A
End
A\->\rand
"*\->\Str1
For(I,1,16
Str1+sub(Str2,int(rand39)+1,1\->\Str1
End
DelVar ADelVar Str2DelVar I
0\->\rand
ClrHome
this one is much better, it cant be reverse engineered. you can adapt to fit your needs ... |
|
Back to top |
|
|
Fr0sty
Member
Joined: 27 Nov 2003 Posts: 202
|
Posted: 30 Nov 2003 05:25:00 pm Post subject: |
|
|
Anybody know how I might be able to test some of these without a graphlink and/or a ti calc(my sis borrowed mine and she's in college)? I have an old graphing calc (El-9200C Sharp-Casio) but I'm not sure if it'll help... and a broken Silver Edition that I'm about to send back to TI (they sent me a replacement) and I know that won't help... I tried Virtual TI but I was stupid enough to not send myself a copy of my calc's Rom... Any help would once again be appreciated. |
|
Back to top |
|
|
Basjuh
Advanced Newbie
Joined: 19 Nov 2003 Posts: 56
|
Posted: 30 Nov 2003 05:31:07 pm Post subject: |
|
|
download the TI flash debugger it has the ROM built in and get TI graphlink...
type the program in TI Graphlink and save it as .8xp file, then open the TI flash debugger start a 83+ session and then click load->ram file ,search your .8xp file and click OK and then start the ti83 by clicking on the > (play) icon. |
|
Back to top |
|
|
Fr0sty
Member
Joined: 27 Nov 2003 Posts: 202
|
Posted: 30 Nov 2003 05:45:53 pm Post subject: |
|
|
Thanks, didn't know that I could do that
Also, anyone know a way that Protected items can be unprotected? (I'm not talking about Mirage's Lock, I'm talking about the application known as Protect that is kinda buggy- it protects like 5 more progs than I want it to).
Sorry for all the questions |
|
Back to top |
|
|
Basjuh
Advanced Newbie
Joined: 19 Nov 2003 Posts: 56
|
Posted: 30 Nov 2003 05:55:39 pm Post subject: |
|
|
looks like the prog is kind of buggy and very beta... you can't unprotect with that program/app you'll have to find another one |
|
Back to top |
|
|
Fr0sty
Member
Joined: 27 Nov 2003 Posts: 202
|
Posted: 30 Nov 2003 07:22:29 pm Post subject: |
|
|
Cool encrypter, how do you find out the pw though? That's what I'm wondering
Would it be...
That code... inputting your pw, then making them input theirs to see if it equals each other? I'm not sure how I could make a security thing out of that, can't think >.< |
|
Back to top |
|
|
Darth Android DragonOS Dev Team
Bandwidth Hog
Joined: 31 May 2003 Posts: 2104
|
Posted: 30 Nov 2003 07:45:11 pm Post subject: |
|
|
to unprotect a basic program:
copy prog from calc to comp. open in graphlink. uncheck box that says "protected"
to hack a asm program:
convert hex code into asm code. hunt through asm code for password routine. check where it stores password in memory. find a on calc hex editor and edit the memory.
i know asm. |
|
Back to top |
|
|
NETWizz Byte by bit
Bandwidth Hog
Joined: 20 May 2003 Posts: 2369
|
Posted: 01 Dec 2003 04:00:24 pm Post subject: |
|
|
Fr0sty wrote: Cool encrypter, how do you find out the pw though? That's what I'm wondering
Would it be...
That code... inputting your pw, then making them input theirs to see if it equals each other? I'm not sure how I could make a security thing out of that, can't think >.<
Simple:
His hashing routine takes input from string 1 and returns output to string 1, so instead of rewriting it, we can backup str1, so it isn't overwritten.
Str1->Str3
Input "Password>",Str1
Run the dudes hashing routine
Str1=Str2->A
Str3->Str1
Delvar Str3
If A
Then
Disp "CORRECT
Else
Disp "SORRY
End |
|
Back to top |
|
|
NETWizz Byte by bit
Bandwidth Hog
Joined: 20 May 2003 Posts: 2369
|
Posted: 01 Dec 2003 04:02:34 pm Post subject: |
|
|
If you wish to actually decrypt a password, you would need to analyse his routine from both a programming and a software standpoint then write a decrypter.
Or, you could brute force it, but that would take all day with the slow processor in a calculator. |
|
Back to top |
|
|
Fr0sty
Member
Joined: 27 Nov 2003 Posts: 202
|
Posted: 01 Dec 2003 08:27:41 pm Post subject: |
|
|
Thanks, when I get my calc back, I'll try this
Flash debugger's too slow
Anyone know of a C++ thing I can download (freeware?) to help me practice/program? I'm trying to practice cause I've been raised on TI-Basic which is kinda embarassing if you want to be a programmer you know?
Last edited by Guest on 01 Dec 2003 08:54:59 pm; edited 1 time in total |
|
Back to top |
|
|
Basjuh
Advanced Newbie
Joined: 19 Nov 2003 Posts: 56
|
Posted: 02 Dec 2003 04:38:26 am Post subject: |
|
|
Jbirk wrote: If you wish to actually decrypt a password, you would need to analyse his routine from both a programming and a software standpoint then write a decrypter.
Or, you could brute force it, but that would take all day with the slow processor in a calculator.
a hash cant be decrypted, you can only break it by bruteforce... |
|
Back to top |
|
|
Arcane Wizard `semi-hippie`
Super Elite (Last Title)
Joined: 02 Jun 2003 Posts: 8993
|
Posted: 02 Dec 2003 07:29:16 am Post subject: |
|
|
Fr0sty wrote: Anyone know of a C++ thing I can download (freeware?) to help me practice/program? I'm trying to practice cause I've been raised on TI-Basic which is kinda embarassing if you want to be a programmer you know?
I'd advice to learn some computer programming languages (Maybe QBASIC or PASCAL) first, but here are some C++ tutorials: (I find the top one to be the best, it's also the one I used to learn C++)
http://www.cplusplus.com/doc/tutorial
http://cplus.about.com/library/blcplustut.htm
http://www.cprogramming.com/
I hope I still have a lot more information/tutorials on C++ on some old CD's, so if you want I can upload it all. Don't know if it's worth the trouble, because I'm not sure how much of that info I can find (my rooms a mess ) and how much I actually backed up on those CD's.
Last edited by Guest on 02 Dec 2003 07:30:51 am; edited 1 time in total |
|
Back to top |
|
|
NETWizz Byte by bit
Bandwidth Hog
Joined: 20 May 2003 Posts: 2369
|
Posted: 02 Dec 2003 04:24:17 pm Post subject: |
|
|
Basjuh wrote: Jbirk wrote: If you wish to actually decrypt a password, you would need to analyse his routine from both a programming and a software standpoint then write a decrypter.
Or, you could brute force it, but that would take all day with the slow processor in a calculator.
a hash cant be decrypted, you can only break it by bruteforce...
Although it is extremely complicated, A hash can be decrypted (very difficult).
However, it depends on its bit strength how easily it can be decrypted.
If you look in the first section of your routine, you saved 1 to A making A an unchanging constant.
Yes, I know you change A in the loop.
No, you take I up to the length of the string, so we know that I is 1...2...3.. X times.
You have a limited character set of A-Z, 0-9, theta, :, and ?
In all, you have 39 characters.
Now, you save the value in A to rand to seed the generator. Obviously you are feeding anything in, but the value you are seeding for is limited.
In other words, with all that square root stuff, you make that value smaller.
So, the bigger the number, the more of an effect the square root has on it.
In other words, if you take the square root of 100, you get 10, the sq root of 64, a signifigantly smaller number is 8. The difference between 10 and 8 is only 2.
In other words, if you took the sq root of a number such as 10,000 you would still have only 100, which in the grand scheme of things is small!
I can nearly guarantee that anything you take the sq root of each time in the loop stays very small regardless of what value you input into str1.
You limit your seeding value severely[b]
[b] Random seeds do not even look at the decemal, so putting in 1, 1.2, 1.383748, or any non integer is still recognized as a seed of 1.
Essentially, you are creating too few possible encryption keys (seed values)
Okay, so you build your Hash by randomly or rather psudo randomly with a limited key from str2, where str2 is unchanging.
Unfortunatly, with a limited seed values, no matter what you put in as input will result in less than 100 different possible hashes.
Most unfortunatly is that the TI random number generator has a formula you can attain somewhere.
Anyway you look at it, your hash routine is good, but it could be better. Either way, if someone wants to run a program, they can simply edit it to remove tthe pw stuff. |
|
Back to top |
|
|
|