AutoHotkey Community
It is currently May 26th, 2012, 12:42 pm

View unanswered posts | View active topics


Board index » AutoHotkey » Scripts

All times are UTC [ DST ]



Post new topic Reply to topic  Page 3 of 4
  [ 58 posts ]  Go to page Previous  1, 2, 3, 4  Next
  Print view | E-mail friend Previous topic | Next topic 
Author Message
Laszlo
 Post subject:
PostPosted: October 25th, 2007, 3:41 pm 
Offline

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO
leofola wrote:
I would like to use the Processor ID (globally unique and available from any processor as far as I know – correct me if I’m wrong)
Unfortunately, AMD processors don’t have it. Intel Pentium III processors do, but only if enabled in the BIOS. So, the processor serial number is more often unavailable than available.
leofola wrote:
have it “interact” with the GUID in order to “disguise” it so as not to be dealing with people’s private info. By interact, I’m not yet sure what I mean. I guess multiplication?
I am not sure, how it would work. You can just XOR the two byte-strings for disguise. But the GUID has to be stored, because it is always different, when generated anew. Why don’t you use only this stored GUID? You need a system design, first.


Report this post
Top
 Profile  
Reply with quote  
Leon
 Post subject:
PostPosted: October 25th, 2007, 6:03 pm 
Offline

Joined: August 27th, 2007, 8:00 pm
Posts: 179
Laszlo wrote:
Unfortunately, AMD processors don’t have it. Intel Pentium III processors do, but only if enabled in the BIOS. So, the processor serial number is more often unavailable than available.

[Edit]I think you may have misread my post.
The code I use should retrieve Proc ID not SN (as per your advice re: obtainability of SN in a previous thread).
So is Processor ID globally obtainable?

Just found an AMD on which to run the code (improved version of code below), and got a result of same length as i get when running it on my P4 machine.
That's only 2 tests but so far so good.[/Edit]
Requires COM.ahk...(D/load COM).
Code:
Proc2 := WMI_Query("root\cimv2", "Win32_Processor", "ProcessorID")

WMI_Query(Namespace, Class, Property)
{
   COM_Init()
   psvc := COM_GetObject("winmgmts:{impersonationLevel=impersonate}!\\." . Namespace)
   pset := COM_Invoke(psvc, "ExecQuery", "SELECT * FROM " . Class)
   penm := COM_Invoke(pset, "_NewEnum")
   Loop
      If   COM_Enumerate(penm, pobj) = 0
         sResult .= COM_Invoke(pitm:=COM_Invoke(pprs:=COM_Invoke(pobj, "Properties_"), "Item", Property), "Value") . SubStr(COM_Release(pitm) . COM_Release(pprs) . COM_Release(pobj),1,0) . "`n"
      Else   Break
   COM_Release(penm)
   COM_Release(pset)
   COM_Release(psvc)
   COM_Term()
   Return   sResult
}
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

GUID() {
   VarSetCapacity(A,16), S := "12"
   DllCall("rpcrt4\UuidCreate","Str",A)
   Loop 16
      DllCall("msvcrt\sprintf", Str,S, Str,"%02x", "Uchar",*(&A+A_Index-1)), h .= S
   Return h
}
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
GU = % GUID()
StringLen, ProcLen, Proc2
ProcLen/=2
StringLeft, Proc1, Proc2, %ProcLen%
StringTrimLeft, Proc2, Proc2, %ProcLen%

If Proc1 = %Proc2%
MsgBox, ProcessorID (or possible SN) `n= %Proc1%
Else
MsgBox, ProcessorID (or possible SN) `n= %Proc1%%Proc2%
MsgBox,  GUID = %GU%
;FileAppend, %GU% `n%Proc%, GU.txt
return


Laszlo wrote:
Why don’t you use only this stored GUID?

Not sure how I could use it if stored. Surely a malicious user would need only to find it in its ini file / reg key etc, purchase one AuthCode, and create a script that edits the stored value on any machine and unlocks with the AuthCode. Maybe I'm missing something though.

Laszlo wrote:
You need a system design, first.

Here is the design theory so far (script to follow when written):
1. Installing the SW generates a "serial" (big long lump of numbers and letters in case my terminology is wrong, as it often can be).
The serial is then given to User (MsgBox, Clipboard etc).
2. User inputs this at website, website then generates an AuthCode (another letter-number lump) which is given to User.
3. User inputs this at SW's prompt. SW then checks by calculation that the AuthCode came from the website's calculation upon the serial number which should still refer to the (hopefullly globally unique and obtainable) Processor ID


Report this post
Top
 Profile  
Reply with quote  
Leon
 Post subject:
PostPosted: October 25th, 2007, 10:50 pm 
Offline

Joined: August 27th, 2007, 8:00 pm
Posts: 179
For security would it be better to XOR the two values (ProcID and GUID) instead of inserting each character of ProcID into certain "random but retrace-able" positions wthin GUID.
I think i have a decent way of making the latter option safe.
I can describe it if u like in theory. Let me know.

However, doing it by insertion seems a lot more complicated than XOR.
Only problem with XOR is I am not sure how to perform an XOR.

I tried using your code as an example to follow but couldn't apply it to simply XORing the two values (ProcID and GUID) together.

Also I assume it is possible to reverse the process of XORing so that I can verify that the code given by user matches the result of XORing a random unsaved GUID with users ProcID?


Report this post
Top
 Profile  
Reply with quote  
engunneer
 Post subject:
PostPosted: October 25th, 2007, 11:13 pm 
Offline
User avatar

Joined: August 30th, 2005, 8:43 pm
Posts: 8666
Location: Salem, MA
^ means XOR. you can XOR it twice to get back the original number, IIRC.

(A ^ B) ^ B = A

_________________
Image
(Common Answers) - New Tutorials Forum - Humongous FAQ


Report this post
Top
 Profile  
Reply with quote  
Leon
 Post subject:
PostPosted: October 26th, 2007, 2:27 am 
Offline

Joined: August 27th, 2007, 8:00 pm
Posts: 179
So is it possible to XOR a pair of alpha-numerical strings?
Doesn't seem to be working for me.
I was looking for some way to treat them as hex so that it might work despite the letters (sure i saw that somewhere before) but couldn't find it.
Code:
ProcID = BFEBFBFF00000F29
 
GUID = 3ddfc90449a2b24aa97847e768f04f44

VarSetCapacity(Serial,60)

Serial := (ProcID ^ GUID)
MsgBox, %Serial%

Is there some other means by which I could get a similar effect if XOR is not meant to be used for alpha-numerical strings?
or is my code wrong somewhere else maybe?


Report this post
Top
 Profile  
Reply with quote  
rani
 Post subject:
PostPosted: December 19th, 2008, 10:52 am 
Offline

Joined: March 18th, 2008, 4:04 am
Posts: 193
Hi,
is it possible to change shareware parameters by changing GUID of a PC ?


Report this post
Top
 Profile  
Reply with quote  
Laszlo
 Post subject:
PostPosted: December 19th, 2008, 6:56 pm 
Offline

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO
Leon wrote:
So is it possible to XOR a pair of alpha-numerical strings?
Yes, with some extra code. Assuming that your strings contain hex digits, the following HexXOR function does the job.
Code:
ProcID = BFEBFBFF00000F29
GUID = 3ddfc90449a2b24aa97847e768f04f44

Serial := HexXOR(ProcID,GUID)
MsgBox %Serial%

HexXOR(a,b) {
   Static S := 12
   VarSetCapacity(z,abs(StrLen(a)-StrLen(b)),Asc("0"))
   If (StrLen(a)>StrLen(b))
      b := b . z
   Else
      a := a . z
   Loop % StrLen(a)//2 {
      i := 2*A_Index-1
      x := "0x" . SubStr(a,i,2)
      y := "0x" . SubStr(b,i,2)
      DllCall("msvcrt\sprintf", Str,S, Str,"%02X",UInt,x^y)
      c .= S
   }
   Return c
}


Report this post
Top
 Profile  
Reply with quote  
Laszlo
 Post subject:
PostPosted: December 19th, 2008, 7:01 pm 
Offline

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO
rani wrote:
is it possible to change shareware parameters by changing GUID of a PC ?
This GUID is not an ID of your machine, but a number, which is different each time it is newly generated, and different from numbers generated elsewhere.


Report this post
Top
 Profile  
Reply with quote  
cerewa
 Post subject:
PostPosted: December 19th, 2008, 7:29 pm 
Offline

Joined: August 14th, 2008, 7:26 pm
Posts: 32
Quote:
Even if the entropy source is not electronic, like radioactive isotopes, the sensors are sensitive electronic devices susceptible to external influences.


I wonder if one way toward security would be to use a microphone that listens to sounds at volumes/frequencies that are audible.

Sure, a person can influence the random number generator! But if it's obvious that's what they're doing...


Report this post
Top
 Profile  
Reply with quote  
Laszlo
 Post subject:
PostPosted: December 19th, 2008, 8:27 pm 
Offline

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO
Microphones do provide physical entropy by detecting background acoustic and electric noise, but it is hard to determine, how much. A strong sound makes the signal predictable, but the PC fans could cause some repetitive patterns, too. Therefore, many samples have to be hashed together. Cheap webcams ($10) in the dark (in a box, wrapped in duct tape) usually give you more-, and less predictable noise.


Report this post
Top
 Profile  
Reply with quote  
rani
 Post subject:
PostPosted: December 20th, 2008, 7:43 am 
Offline

Joined: March 18th, 2008, 4:04 am
Posts: 193
hi Laszlo,
is it possible to change shareware parameters,
or trace it when in a machine it's located ?


Report this post
Top
 Profile  
Reply with quote  
Laszlo
 Post subject:
PostPosted: December 20th, 2008, 5:59 pm 
Offline

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO
What do you want to do? If you want to protect your shareware, see the SW copy protection thread. If you want to hack the SW of others, I cannot help: there are too many tricks they can use to protect their IP.


Report this post
Top
 Profile  
Reply with quote  
greynite
 Post subject:
PostPosted: January 1st, 2009, 8:11 pm 
Offline

Joined: May 17th, 2008, 5:00 am
Posts: 39
Location: Dallas, TX
Laszlo, would it not make more sense to use a single GUID creation call to seed calls to AES (e.g. http://www.autohotkey.com/forum/viewtopic.php?t=37484 ) in counter mode?

Thus each script gets a copious amount of pseudo-random numbers while using up a minimal amount of system entropy...

Thanks,
Shawn


Report this post
Top
 Profile  
Reply with quote  
Laszlo
 Post subject:
PostPosted: January 1st, 2009, 8:40 pm 
Offline

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO
Yes, you can do that. TEA is even faster, unless your CPU has native AES commands. Using GUID as a key, just encrypt a counter. The result cannot be distinguished from true random with reasonable computing resources. Keep in mind that AHK's built in random number generator is two orders of magnitude faster, so only use ciphers for secure random numbers, for higher quality requirements.


Report this post
Top
 Profile  
Reply with quote  
greynite
 Post subject:
PostPosted: January 1st, 2009, 10:53 pm 
Offline

Joined: May 17th, 2008, 5:00 am
Posts: 39
Location: Dallas, TX
Lol, from a post you made on Tue Oct 23, 2007 5:15 pm:
Laszlo wrote:
If you need just one random number, for low security, the low order word of the high speed Windows counter suffices. If you need a high security number, use a GUID Windows can generate, described here. If you need many low security random numbers use the Random function of AHK. If you need many high security random numbers, use a GUID as a key, and encrypt a counter…

Thanks for your patience with us newbs :)

Cheers,
Shawn


Report this post
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 3 of 4
  [ 58 posts ]  Go to page Previous  1, 2, 3, 4  Next

Board index » AutoHotkey » Scripts

All times are UTC [ DST ]

Who is online

Users browsing this forum: No registered users and 20 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Group