[RESOLVED] Why is it so hackable?
why is this code so easy to hack? my friend told me if i do this to may app ppl can just find out whats the password or username very easy?
VB Code:
Private Sub cmdlogin_Click()
If txtusername.Text = "TestUser" And txtpassword.Text = "TestPassword" Then
frmloged.Show
Unload Me
Else
MsgBox "The UserName Or Password is not correct!", vbExclamation + vbOKOnly, "Error!!!"
End If
End Sub
Re: Why is it so hackable?
Because you have the user name and password in strings which will stay as pure text even after you have compiled your program.
Re: Why is it so hackable?
Best to have an external file where the password is saved only encrypted.
Re: Why is it so hackable?
how do i get it kind of like encrypted?
Re: Why is it so hackable?
On the short note - if you compile your app and then change file extension from EXE to say TXT and open it in Notepad you will see something like the following:
... cmdlogin Command1 p°¿ï ÿ* txtpassword ` h¿ï Text2 ÿ* txtusername Hh¿ï Text1 ÿ ...
It would take probably under a minute a relatively inexperienced amature to decode that garbage...
Anyway, you never hardcode any values especially User Name/Password. Instead you store it say database but ecrypted. There are many encryption algorythms exist so you will have to find something that fits your level of expertise by searching our forums or elsewhere.
Good luck.
1 Attachment(s)
Re: Why is it so hackable?
Quote:
Originally Posted by Joacim Andersson
Because you have the user name and password in strings which will stay as pure text even after you have compiled your program.
you can see
Re: Why is it so hackable?
wow WIZ126 its so easy to get the username or password!!!!
how do i make it like encrypted in someway?
Re: Why is it so hackable?
@RhinoBull, you dont need to change the file extension from exe to txt. Just open Notepad and drag ' drop your exe from Explorer into the notepad text area and you will get the same result. ;)
Re: Why is it so hackable?
@RobDog: that is too much work - changing ext works better for me. ;)
Re: Why is it so hackable?
You create your own algorithm that changes the ascii bytes of the characters of your password into a complete mess that someone cannot understand, and you can use this algorithm to convert it to the real password ;)
Re: Why is it so hackable?
That is a big NO-NO, Jacob - it can be decrypted within a few seconds (by experienced guy :) ). 64/128 bit encryption is the way to go (if you can afford it...)
Re: Why is it so hackable?
Quote:
Originally Posted by Jacob Roman
You create your own algorithm that changes the ascii bytes of the characters of your password into a complete mess that someone cannot understand, and you can use this algorithm to convert it to the real password ;)
any good links on how to make it?
Re: Why is it so hackable?
Quote:
Originally Posted by RhinoBull
That is a big NO-NO, Jacob - it can be decrypted within a few seconds (by experienced guy :) ). 64/128 bit encryption is the way to go (if you can afford it...)
I didn't say how complicated it had to be or how it had to be encrypted. Of course the real big government agencies use very large and complex Calculus based algorithms for their passwords (wasn't that on the movie Mercury Rising?) But in his case since he's a beginner, any normal algorithm will suffice.
Re: [RESOLVED] Why is it so hackable?
If you need to hard code a username/password into your app (which, as others have already said is not a good idea), you can do some really simple stuff which will make it difficult for the casual hacker. For example,
VB Code:
Option Explicit
Dim TestUser As String
Dim TestPass As String
Private Sub cmdLogin_Click()
If (txtUserName.Text = TestUser) And (txtPassword.Text = TestPass) Then
MsgBox "Wooo hooo... you'[color=black]re in!!"[/color]
Else
MsgBox "Incorrect username/password"
Unload Me
End If
End Sub
Private Sub Form_Load()
TestUser = Chr$(Asc("T")) & Chr$(Asc("e")) & Chr$(Asc("s")) & Chr$(Asc("t"))
TestUser = TestUser & Chr$(Asc("U")) & Chr$(Asc("s")) & Chr$(Asc("e")) & Chr$(Asc("r"))
TestPass = Chr$(Asc("T")) & Chr$(Asc("e")) & Chr$(Asc("s")) & Chr$(Asc("t"))
TestPass = TestPass & Chr$(Asc("P")) & Chr$(Asc("a")) & Chr$(Asc("s")) & Chr$(Asc("s"))
End Sub
That's pretty simple but fairly effective without resorting to complex encryption algorithms. Obviously you'd make your test username & password a bit more obscure.
BTW Did I mention that hardcoding a username & password is a bad idea? :eek2:
Re: [RESOLVED] Why is it so hackable?
Quote:
Originally Posted by pnish
VB Code:
If (txtUserName.Text = TestUser) And (txtPassword.Text = TestPass) Then
MsgBox "Wooo hooo... you'[color=black]re in!!"[/color]
Else
MsgBox "Incorrect username/password"
Unload Me
End If
Actually, if I can throw my 2 cents in on a resolved thread, this type of structure is also trivial to hack. All you have to do is trace back the "Wooo hooo..." string to it's test and then make the jump instruction non-conditional. This type of string basically provides a big "crack me here" sign in your code. These two links (one from a cracking site) give some really good advice on protecting software:
http://www.woodmann.com/fravia/protec.htm
http://lastbit.com/vitas/antihack.asp
Re: [RESOLVED] Why is it so hackable?
here is some code I have used before works well
VB Code:
Public Function Encode(Data As String) As String
Randomize
Dim Key() As Long
ReDim Key(Len(Data))
Dim i As Long
Dim LenData As Long
Dim Coded As String
Coded = ""
LenData = Len(Data)
For i = 1 To LenData
Key(i) = (Rnd() * 50 + 1) + 20 'Define keys for each character
Next
For i = 1 To LenData
'Adding the key to each character's ascii
If Asc(Mid$(Data, i, 1)) + Key(i) > 255 Then
'If the new ascii value exceeds 255(Highest char ascii), then count upwards from 0
Coded = Coded & Chr$(Key(i)) & Chr$(Asc(Mid$(Data, i, 1)) + Key(i) - 255)
Else
Coded = Coded & Chr$(Key(i)) & Chr$(Asc(Mid$(Data, i, 1)) + Key(i))
End If
Next
'Return encoded value
'Debug.Print Len(Coded)
Encode = Coded
End Function
Public Function Decode(Data As String) As String
Dim Key() As Long
ReDim Key(Len(Data))
Dim i As Long
Dim Decoded As String
Dim CodedString As String
Dim LenData As Long
Dim LenCodedString As Long
Dim NextChr As Long
Decoded = ""
CodedString = ""
'Seperate the key from the actual code
LenData = Len(Data)
For i = 1 To LenData
If (i / 2) = Int(i / 2) Then
CodedString = CodedString & Mid$(Data, i, 1)
Else
Key(((i - 1) / 2) + 1) = Asc(Mid$(Data, i, 1))
End If
Next
'Minus the key from each character
LenCodedString = Len(CodedString)
For i = 1 To LenCodedString
NextChr = Asc(Mid$(CodedString, i, 1)) - Key(i)
'If the new ascii is below 0, then count backwards from 255
If NextChr <= 0 Then
NextChr = NextChr + 255
End If
'Add to decoded string
Decoded = Decoded + Chr$(NextChr)
Next
'Return Decoded value
Decode = Decoded
End Function