ZCCBJSB%EB0UB011.BITNET@cunyvm.cuny.edu (Josep Sau B.) (04/11/91)
Going on with passwords, Cathy Anderson <anderson@herald.usask.ca> says: >I had written one myself ...! I have it so it reads the password >from a file and it can be changed without the code. >The problem is that I need an external file (which can be typed so >you can get an idea of the password). What about encrypting the password written to that file? This way a curious may TYPE it to see its contents but that won't help much him/her to know the password... This may be a very simple function to do this: (* written from scratch, no syntax check *) FUNCTION Crypt (pw:Password) :Password; {-Encrypts or Decrypts-} CONST Key : $99; {-any 8 bits mask -} VAR i :INTEGER; BEGIN FOR i := 1 TO LENGTH(pw) DO pwi! := CHAR(BYTE(pwi! XOR Key)); Encrypt := pw; END; You have to read the crypted password from the file, filter it thru a simmilar function, and try to match it with user entered password. >Anyway, what I want to know is if there is a way so that this >password can be included in the .EXE file so I don't have to >have another file and I don't need the code to change it. There is a package in TRICKLE server called PCKSELFM.ZIP in directory <MSDOS.TURBOPAS>. It shows a simple way to add non-static data to the end of an EXE file. It speaks about configuration info and the like, but it can be used to store a password. --Josep Sau B. '...and he amazed with the marvels that are in the world, and he asked about things he did not understand, and he taught about things he knew.' Raimundus Lulius - _Llibre_de_Meravelles_
jscott@isis.cs.du.edu (James Scott) (04/11/91)
In article <26530@adm.brl.mil> ZCCBJSB%EB0UB011.BITNET@cunyvm.cuny.edu (Josep Sau B.) writes:
=>Going on with passwords, Cathy Anderson <anderson@herald.usask.ca>
=>says:
=>
=>There is a package in TRICKLE server called PCKSELFM.ZIP
=>in directory <MSDOS.TURBOPAS>. It shows a simple way to
=>add non-static data to the end of an EXE file. It speaks
=>about configuration info and the like, but it can be used
=>to store a password.
=>
=>
=>--Josep Sau B.
Great! Where's (What's) a TRICKLE server?mwizard@eecs.cs.pdx.edu (Craig Nelson) (04/11/91)
ZCCBJSB%EB0UB011.BITNET@cunyvm.cuny.edu (Josep Sau B.) writes: >Going on with passwords, Cathy Anderson <anderson@herald.usask.ca> >says: >>I had written one myself ...! I have it so it reads the password >>from a file and it can be changed without the code. >>The problem is that I need an external file (which can be typed so >>you can get an idea of the password). Reading a chunk of text from a .EXE file is a piece of cake. Just declare a section in any INTERFACE section of an including unit, and mark the section with an identifiable string. For instance: Interface Const MarkText:String[20] = 'INSTALLATION SECTION'; PassBuff:String[20] = ''; This will set up an interesting effect in the .EXE. You open the .EXE file like any other file, and read the first 21 bytes into a String variable using BlockRead(). Then you enter a loop by reading the next 21 bytes and check every position for a string that is the above. Once you find the string , immediately after it is the location you can write/read to for accessing your password (or whatever else you feel like using in that section). Remember to use the PassBuff vairable as well as the MarkText variable in a "used" piece of code somewhere, or that nifty little optimizing compiler Borland makes will strip the unused variable (and the space it allocates) out of the finished .EXE file. Cheers! []====================================================================[] || Craig R. Nelson | CCSofD Software Inc. || || Programmer | Beaverton, OR, 97005 || || mwizard@eecs.ee.pdx.edu | (unlisted on the net) ||
olm@informatik.uni-kiel.dbp.de (Olaf Mehlberg) (04/12/91)
In <26530@adm.brl.mil> ZCCBJSB%EB0UB011.BITNET@cunyvm.cuny.edu (Josep Sau B.) writes: [ procedure for encryption deleted ] >You have to read the crypted password from the file, filter it thru >a simmilar function, and try to match it with user entered password. To get at least little security: filter the user entered password thru the encryption-procedure and compare the result with the file. NEVER (not even in memory) CREATE THE CLEAR-TEXT-PASSWORD. If you need more information about password encryption and password security, i suggest, that you read the group sci.crypt. (Followup's should go there) Olaf Mehlberg standard-disclaimer . ------------------------------------------------------------------------ There are two methods for writing bug-free programms, but only the third one will work. ------------------------------------------------------------------------ Christian-Albrechts-Universitaet Kiel, Institut fuer Informatik Preusserstr. 1 - 9 , D - 2300 Kiel 1 Phone: ++49-431-5604-42 , Fax: ++49-431-566143 EMail: olm@informatik.uni-kiel.dbp.de ------------------------------------------------------------------------
maarten@cs.ruu.nl (Maarten Pennings) (04/15/91)
I just read some news about how to include chunks of (changing) information
(like a password) in an EXE file instead of having an additional data file.
I posed just this question some month ago (I wanted to save a 'HiScore'), but
no ready to use answer came forth. So I spend two weekends hacking, and now
have a procedure
Procedure UpDateExe(var save; size:word)
that lets you update any typed constant in your EXE-file. So, if you have a
declaration like
Const Password: Word = 1234;
you may now have a fragment like
Read(Password); {May I change a constant? Yes, as long as it is a typed-one}
UpDateExe(Password,SizeOf(Password))
and from then on your EXE contains the new value for your password. The
procedure first computes the location of the passed varaiable ('save'), then
determines the size of the exe header and then writes the (first 'size' bytes
of the constant) to the appropriate location in your EXE file.
If somebody out there is interested, I will post or mail the unit. Please send
requests by mail.
Maarten
--
Maarten Pennings maarten@cs.ruu.nl
In avoiding temptation, one remains pure but irrelevant.
--