Results 1 to 16 of 16

Thread: [RESOLVED] Why is it so hackable?

  1. #1

    Thread Starter
    Member
    Join Date
    Jul 2005
    Posts
    35

    Resolved [RESOLVED] Why is it so hackable?

    why is this code so easy to hack? my friend told me if i do this to may app ppl can just find out whats the password or username very easy?

    VB Code:
    1. Private Sub cmdlogin_Click()
    2. If txtusername.Text = "TestUser" And txtpassword.Text = "TestPassword" Then
    3. frmloged.Show
    4. Unload Me
    5. Else
    6. MsgBox "The UserName Or Password is not correct!", vbExclamation + vbOKOnly, "Error!!!"
    7. End If
    8. End Sub

  2. #2
    I'm about to be a PowerPoster! Joacim Andersson's Avatar
    Join Date
    Jan 1999
    Location
    Sweden
    Posts
    14,649

    Re: Why is it so hackable?

    Because you have the user name and password in strings which will stay as pure text even after you have compiled your program.

  3. #3
    Elite Hacker Jacob Roman's Avatar
    Join Date
    Aug 2004
    Location
    Miami Beach, FL
    Posts
    5,349

    Re: Why is it so hackable?

    Best to have an external file where the password is saved only encrypted.

  4. #4

    Thread Starter
    Member
    Join Date
    Jul 2005
    Posts
    35

    Re: Why is it so hackable?

    how do i get it kind of like encrypted?

  5. #5
    PowerPoster RhinoBull's Avatar
    Join Date
    Mar 2004
    Location
    New Amsterdam
    Posts
    24,132

    Re: Why is it so hackable?

    On the short note - if you compile your app and then change file extension from EXE to say TXT and open it in Notepad you will see something like the following:
    ... cmdlogin  Command1 p°¿ï ÿ*  txtpassword ` h¿ï  Text2  ÿ*  txtusername Hh¿ï  Text1  ÿ ...

    It would take probably under a minute a relatively inexperienced amature to decode that garbage...

    Anyway, you never hardcode any values especially User Name/Password. Instead you store it say database but ecrypted. There are many encryption algorythms exist so you will have to find something that fits your level of expertise by searching our forums or elsewhere.

    Good luck.

  6. #6
    Frenzied Member wiz126's Avatar
    Join Date
    Jul 2005
    Location
    Mars,Milky Way... Chit Chat Posts: 5,733
    Posts
    1,080

    Re: Why is it so hackable?

    Quote Originally Posted by Joacim Andersson
    Because you have the user name and password in strings which will stay as pure text even after you have compiled your program.
    you can see
    Attached Images Attached Images  
    1) If your post has been adequately answered please click in your post on "Mark Thread Resolved".
    2) If someone has been useful to you please show your respect by rating their posts.
    3) Please use [highlight="VB"] 'your code goes in here [/highlight] tags when posting code.
    4) Before posting your question, make sure you checked this links:
    MICROSOFT MSDN -- VB FORUMS SEARCH

    5)Support Classic VB - A PETITION TO MICROSOFT

    ___________________________________________________________________________________
    THINGS TO KNOW ABOUT VB: || VB Examples/Demos
    What are Classes?
    || -
    Where to place a sub/function?(global) || Webbrowser control

  7. #7

    Thread Starter
    Member
    Join Date
    Jul 2005
    Posts
    35

    Re: Why is it so hackable?

    wow WIZ126 its so easy to get the username or password!!!!

    how do i make it like encrypted in someway?

  8. #8
    Ex-Super Mod RobDog888's Avatar
    Join Date
    Apr 2001
    Location
    LA, Calif. Raiders #1 AKA:Gangsta Yoda™
    Posts
    60,709

    Re: Why is it so hackable?

    @RhinoBull, you dont need to change the file extension from exe to txt. Just open Notepad and drag ' drop your exe from Explorer into the notepad text area and you will get the same result.
    VB/Office Guru™ (AKA: Gangsta Yoda®)
    I dont answer coding questions via PM. Please post a thread in the appropriate forum.

    Microsoft MVP 2006-2011
    Office Development FAQ (C#, VB.NET, VB 6, VBA)
    Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
    If a post has helped you then Please Rate it!
    Reps & Rating PostsVS.NET on Vista Multiple .NET Framework Versions Office Primary Interop AssembliesVB/Office Guru™ Word SpellChecker™.NETVB/Office Guru™ Word SpellChecker™ VB6VB.NET Attributes Ex.Outlook Global Address ListAPI Viewer utility.NET API Viewer Utility
    System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6

  9. #9

  10. #10
    Elite Hacker Jacob Roman's Avatar
    Join Date
    Aug 2004
    Location
    Miami Beach, FL
    Posts
    5,349

    Re: Why is it so hackable?

    You create your own algorithm that changes the ascii bytes of the characters of your password into a complete mess that someone cannot understand, and you can use this algorithm to convert it to the real password

  11. #11

  12. #12

    Thread Starter
    Member
    Join Date
    Jul 2005
    Posts
    35

    Re: Why is it so hackable?

    Quote Originally Posted by Jacob Roman
    You create your own algorithm that changes the ascii bytes of the characters of your password into a complete mess that someone cannot understand, and you can use this algorithm to convert it to the real password
    any good links on how to make it?

  13. #13
    Elite Hacker Jacob Roman's Avatar
    Join Date
    Aug 2004
    Location
    Miami Beach, FL
    Posts
    5,349

    Re: Why is it so hackable?

    Quote Originally Posted by RhinoBull
    That is a big NO-NO, Jacob - it can be decrypted within a few seconds (by experienced guy ). 64/128 bit encryption is the way to go (if you can afford it...)
    I didn't say how complicated it had to be or how it had to be encrypted. Of course the real big government agencies use very large and complex Calculus based algorithms for their passwords (wasn't that on the movie Mercury Rising?) But in his case since he's a beginner, any normal algorithm will suffice.

  14. #14
    Frenzied Member pnish's Avatar
    Join Date
    Aug 2002
    Location
    Tassie, Oz
    Posts
    1,918

    Re: [RESOLVED] Why is it so hackable?

    If you need to hard code a username/password into your app (which, as others have already said is not a good idea), you can do some really simple stuff which will make it difficult for the casual hacker. For example,
    VB Code:
    1. Option Explicit
    2.  
    3. Dim TestUser As String
    4. Dim TestPass As String
    5.  
    6. Private Sub cmdLogin_Click()
    7.  
    8.     If (txtUserName.Text = TestUser) And (txtPassword.Text = TestPass) Then
    9.         MsgBox "Wooo hooo... you'[color=black]re in!!"[/color]
    10.     Else
    11.         MsgBox "Incorrect username/password"
    12.         Unload Me
    13.     End If
    14.    
    15. End Sub
    16.  
    17. Private Sub Form_Load()
    18.  
    19.     TestUser = Chr$(Asc("T")) & Chr$(Asc("e")) & Chr$(Asc("s")) & Chr$(Asc("t"))
    20.     TestUser = TestUser & Chr$(Asc("U")) & Chr$(Asc("s")) & Chr$(Asc("e")) & Chr$(Asc("r"))
    21.     TestPass = Chr$(Asc("T")) & Chr$(Asc("e")) & Chr$(Asc("s")) & Chr$(Asc("t"))
    22.     TestPass = TestPass & Chr$(Asc("P")) & Chr$(Asc("a")) & Chr$(Asc("s")) & Chr$(Asc("s"))
    23.        
    24. End Sub
    That's pretty simple but fairly effective without resorting to complex encryption algorithms. Obviously you'd make your test username & password a bit more obscure.

    BTW Did I mention that hardcoding a username & password is a bad idea?
    Pete

    No trees were harmed in the making of this post, however a large number of electrons were greatly inconvenienced.

  15. #15
    Fanatic Member Comintern's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln, NE
    Posts
    826

    Re: [RESOLVED] Why is it so hackable?

    Quote Originally Posted by pnish
    VB Code:
    1. If (txtUserName.Text = TestUser) And (txtPassword.Text = TestPass) Then
    2.         MsgBox "Wooo hooo... you'[color=black]re in!!"[/color]
    3.     Else
    4.         MsgBox "Incorrect username/password"
    5.         Unload Me
    6.     End If
    Actually, if I can throw my 2 cents in on a resolved thread, this type of structure is also trivial to hack. All you have to do is trace back the "Wooo hooo..." string to it's test and then make the jump instruction non-conditional. This type of string basically provides a big "crack me here" sign in your code. These two links (one from a cracking site) give some really good advice on protecting software:


    http://www.woodmann.com/fravia/protec.htm
    http://lastbit.com/vitas/antihack.asp

  16. #16
    PowerPoster Static's Avatar
    Join Date
    Oct 2000
    Location
    Rochester, NY
    Posts
    9,390

    Re: [RESOLVED] Why is it so hackable?

    here is some code I have used before works well
    VB Code:
    1. Public Function Encode(Data As String) As String
    2.    
    3.     Randomize
    4.    
    5.     Dim Key() As Long
    6.     ReDim Key(Len(Data))
    7.    
    8.     Dim i As Long
    9.     Dim LenData As Long
    10.     Dim Coded As String
    11.     Coded = ""
    12.    
    13.     LenData = Len(Data)
    14.     For i = 1 To LenData
    15.         Key(i) = (Rnd() * 50 + 1) + 20 'Define keys for each character
    16.     Next
    17.    
    18.     For i = 1 To LenData
    19.         'Adding the key to each character's ascii
    20.         If Asc(Mid$(Data, i, 1)) + Key(i) > 255 Then
    21.             'If the new ascii value exceeds 255(Highest char ascii), then count upwards from 0
    22.             Coded = Coded & Chr$(Key(i)) & Chr$(Asc(Mid$(Data, i, 1)) + Key(i) - 255)
    23.         Else
    24.             Coded = Coded & Chr$(Key(i)) & Chr$(Asc(Mid$(Data, i, 1)) + Key(i))
    25.         End If
    26.     Next
    27.     'Return encoded value
    28.     'Debug.Print Len(Coded)
    29.     Encode = Coded
    30.    
    31. End Function
    32.  
    33. Public Function Decode(Data As String) As String
    34.    
    35.     Dim Key() As Long
    36.     ReDim Key(Len(Data))
    37.    
    38.     Dim i As Long
    39.     Dim Decoded As String
    40.     Dim CodedString As String
    41.     Dim LenData As Long
    42.     Dim LenCodedString As Long
    43.     Dim NextChr As Long
    44.    
    45.     Decoded = ""
    46.     CodedString = ""
    47.    
    48.     'Seperate the key from the actual code
    49.     LenData = Len(Data)
    50.     For i = 1 To LenData
    51.         If (i / 2) = Int(i / 2) Then
    52.             CodedString = CodedString & Mid$(Data, i, 1)
    53.         Else
    54.             Key(((i - 1) / 2) + 1) = Asc(Mid$(Data, i, 1))
    55.         End If
    56.     Next
    57.    
    58.     'Minus the key from each character
    59.     LenCodedString = Len(CodedString)
    60.     For i = 1 To LenCodedString
    61.     NextChr = Asc(Mid$(CodedString, i, 1)) - Key(i)
    62.     'If the new ascii is below 0, then count backwards from 255
    63.     If NextChr <= 0 Then
    64.     NextChr = NextChr + 255
    65. End If
    66. 'Add to decoded string
    67. Decoded = Decoded + Chr$(NextChr)
    68. Next
    69. 'Return Decoded value
    70. Decode = Decoded
    71.  
    72. End Function
    JPnyc rocks!! (Just ask him!)
    If u have your answer please go to the thread tools and click "Mark Thread Resolved"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width