I have a compiled Pcode VB6 application with 1 published and 9
never-published
alphanumeric string contants embedded in the program for passwords.
The code simply has lines like this in a FORM to use as a cheap access
match.
A(1)= "sbddy-ttqxfg
A(2)= "hidvh-deehg
I started getting 50 downloads an hour and traced this back to a site
that listed ALL 10 strings on the web, and my site URL.
I work at home and this source code has NEVER been out of my office.
How was this cracked? How how how? I thought VB6 could not be
disassebled!
Any thoughts out there?
Thanks
-stone 5 12087
"Stone" <x@y.com> wrote in message
news:wL******** ************@ne ws4.srv.hcvlny. cv.net I have a compiled Pcode VB6 application with 1 published and 9 never-published alphanumeric string contants embedded in the program for passwords.
The code simply has lines like this in a FORM to use as a cheap access match. A(1)= "sbddy-ttqxfg A(2)= "hidvh-deehg
I started getting 50 downloads an hour and traced this back to a site that listed ALL 10 strings on the web, and my site URL.
I work at home and this source code has NEVER been out of my office. How was this cracked? How how how? I thought VB6 could not be disassebled!
any EXE can be disassembled but from what you describe it probably wasn't
required. Even viewing the compiled EXE in notepad you can see text
literals from the source so those passwords are probably plainly visible.
At the very least you need to have some sort on encoding or encryption on
the embedded passwords.
On Tue, 29 Jul 2003 19:30:42 -0700, "Bob Butler"
<ti*******@nosp am.com> wrote: "Stone" <x@y.com> wrote in message news:wL******* *************@n ews4.srv.hcvlny .cv.net I have a compiled Pcode VB6 application with 1 published and 9 never-published alphanumeric string contants embedded in the program for passwords.
The code simply has lines like this in a FORM to use as a cheap access match. A(1)= "sbddy-ttqxfg A(2)= "hidvh-deehg
I started getting 50 downloads an hour and traced this back to a site that listed ALL 10 strings on the web, and my site URL.
I work at home and this source code has NEVER been out of my office. How was this cracked? How how how? I thought VB6 could not be disassebled!
any EXE can be disassembled but from what you describe it probably wasn't required. Even viewing the compiled EXE in notepad you can see text literals from the source so those passwords are probably plainly visible. At the very least you need to have some sort on encoding or encryption on the embedded passwords.
So what would be a good encoding method? What about doing a bit-level
Xor with some odd string?
--
Running MS VB 6.0 Pro (SP5) on Win2K-SR2
STUPID ME!!
The password strings ARE in the EXE...
For Hello is was searching for "Hello" and it is missing... but guess what,
00 "H" 00 "e" 00 "l" 00 "l' 00 is plain as day... just with nulls in
between
the letters...
So much for a stupid password design...
-stone
"Stone" <x@y.com> wrote in message
news:9S******** *************@n ews4.srv.hcvlny .cv.net STUPID ME!! The password strings ARE in the EXE...
For Hello is was searching for "Hello" and it is missing... but guess what, 00 "H" 00 "e" 00 "l" 00 "l' 00 is plain as day... just with nulls in between the letters...
actually it's just that the text is stored in Unicode
On Wed, 30 Jul 2003 12:28:53 GMT, "Stone" <x@y.com> wrote: STUPID ME!! The password strings ARE in the EXE...
For Hello is was searching for "Hello" and it is missing... but guess what, 00 "H" 00 "e" 00 "l" 00 "l' 00 is plain as day... just with nulls in between the letters...
So much for a stupid password design... -stone
Yup - that is Unicode - or IMO 'Unicrud'
I suggest that you use this cracking 'experience' to have some fun
Obviously, as I and others have pointed out, the password protection
is easy
However, you could have some 'plain text' passwords in your system,
clearly in view for a text or hex editor ....
And when one of those is entered something frightening could happen
- nothing destructive ... but nicely terrifying
- Red screen - Warning ... Entering System Edit Mode
... Revert Registry ... Re-Assign Drive Mapping
You could even delete the EXE
.... copy to a c:\temp\xxx.tmp run that to delete the first EXE This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Miranda |
last post by:
Hi, I have a ASP/vbscript program that generates random passwords. The
problem is I need to insert those passwords into an Access database of
327 clients.
I have the random password program generating the 327 passwords, but
have had no luck inserting them.
===============================================
Here is the code that generates the passwords:
===============================================
<% Option Explicit %>
|
by: Haines Brown |
last post by:
I thought I had understood this issue and implemented a work around,
but now when I check on IE5, it is not working:
...
#IE-hack {
margin-left: auto;
margin-right: auto;
width: 20em;
text-align: center;
}
|
by: Martin Høst Normark |
last post by:
Hi everyone
Has anyone got the least experience in integrating the Digital Signature
with an ASP.NET Web Application?
Here in Denmark, as I supose in many other countries, they're promoting the
digital signature. A lot of people already has one, to do their taxes, and
much more. I have to use for a business-to-business e-commerce solution,
where it's vital that the right user is being logged on, and not give his
username and password...
|
by: Dino Vliet |
last post by:
Hi folks,
probably this is a question you've heard so many times
but I wasn't able to find a solution to it.
I'm using a shell script to create a textfile for me.
It looks like
#!/usr/local/bin/bash
psql -c "select foo from bar;" -d database1 -t
psql -c "\q" -d database1
exit 0
|
by: Macca |
last post by:
Hi,
My application uses passwords to limit access to certain parts of the app. I
was considering storing these in my database but have heard that there can be
problems with this. I have heard using the Global Assembly Cache (GAC) would
be a good place.
Does anyone have any opinions on this and how would I implement the GAC
scenario?
| |
by: VK |
last post by:
That happened: Microsoft acknowledged the fact that HTML element is
the topmost one in any HTML document and that there is nothing atop of
it (DOCTYPE declarations and prologs are not normally styled by
stylesheet means :-)
Not only the fact acknowledged by also the relevant bug fixed in IE7.
It means that it's time to say bye-bye to the infamous "holly hack":
sooner is better. Actually Microsoft gave a generous share of time for...
|
by: Cord-Heinrich Pahlmann |
last post by:
Hi,
I have written a tool wich de/encrypts a few of my forum and
bloggin-Passwords.
My question is how secure it is.
The following describes how I have encrypted my passwords.
When I log in, the Login-Password is changed into a md5-Hash and is
compared to the login-password in the db. If the passwords are the same
the use is logged in (common procedure). Then the clear-text
|
by: NoName |
last post by:
Perl:
@char=("A".."Z","a".."z",0..9);
do{print join("",@char)}while(<>);
!!generate passwords untill U press ctrl-z
Python (from CookBook):
|
by: freehackers |
last post by:
FreeHackers Group :
Only 6 Steps to get cracked your target password
1- Fill in the E-Mail Cracking order form , to the best of your knowledge “contact us to freehackers.007gmail.com with victim’s details (complete name ,email address ,country)”
Replace by @ in the email address.
2- After successfully cracking the password , we will send you a CONFIRMATION EMAIL , along with a proof . We will also send you a follow-up for the...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |