 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
Uminnsky
Joined: 12 Aug 2009
Posts: 26
|
 Posted: Thu Feb 18, 2010 12:45 am Post subject: Any loop hole with aborting program via URLdownloadtofile? |
 |
|
Upon launching, my program runs the below...
| Code: |
FileDelete %A_programfiles%\config.txt
URLDownloadToFile,http://..../config.txt, c:\Program Files\config.txt
FileRead,validate,%A_programfiles%\config.txt
ifnotinstring, validate, validationstring
{
FileDelete %A_programfiles%\config.txt
exitapp
}
|
I am trying to think of any way someone could continue to run the program if the downloaded text file does not contain the specified validation string. Any thoughts on if this is possible, or a way to get around the above procedure?
Thanks! |
|
| Back to top |
|
 |
Guest
|
| Posted: Thu Feb 18, 2010 12:49 am Post subject: |
|
|
| if the user knows the website (from virus scanner or something), they would know the content, and then they can redirect the page to somewhere else or just create the text file by themselves |
|
| Back to top |
|
|
Uminnsky
Joined: 12 Aug 2009
Posts: 26
|
| Posted: Thu Feb 18, 2010 12:54 am Post subject: |
|
|
| except the file is deleted both before and after the urldownload command, so the program would have to be suspended somehow after the download for them to change the contents of the text file. |
|
| Back to top |
|
|
Leef_me
Joined: 08 Apr 2009
Posts: 5336
Location: San Diego, California
|
| Posted: Thu Feb 18, 2010 4:17 am Post subject: |
|
|
If the program downloaded a file doesn't have the matching string, they can't run the program.
Of course, if they can de-compile your program and get the validation code, then they can run the program at will.
If they previously ran the program and the program downloaded a file _does_ have the matching string, they could copy that file and save it for future use. The snippet of code you posted does not show the file deleted if there is a match.
If the match is not based on a ever-changing validate, it would seem easy to duplicate the required file, or even to write-protect the file to prevent it being deleted. |
|
| Back to top |
|
|
Uminnsky
Joined: 12 Aug 2009
Posts: 26
|
| Posted: Thu Feb 18, 2010 10:38 pm Post subject: |
|
|
| Leef_me wrote: | If the program downloaded a file doesn't have the matching string, they can't run the program.
Of course, if they can de-compile your program and get the validation code, then they can run the program at will.
If they previously ran the program and the program downloaded a file _does_ have the matching string, they could copy that file and save it for future use. The snippet of code you posted does not show the file deleted if there is a match.
If the match is not based on a ever-changing validate, it would seem easy to duplicate the required file, or even to write-protect the file to prevent it being deleted. |
Thanks! I forgot to include my file delete command following the ifnotinstring statement in the code above, so it does delete it regardless of outcome.
Regardless of this though, I still don't see how they could utilize a saved copy of the file since it is still deleted prior to the download.
| Quote: | | or even to write-protect the file to prevent it being deleted |
This I can see as a potential way of getting around my above code. Perhaps I could do this then...
| Code: | FileDelete %A_programfiles%\config.txt
IfExist, %A_programfiles%\config.txt
exitapp
URLDownloadToFile,http://..../config.txt, c:\Program Files\config.txt
FileRead,validate,%A_programfiles%\config.txt
ifnotinstring, validate, validationstring
{
FileDelete %A_programfiles%\config.txt
exitapp
}
FileDelete %A_programfiles%\config.txt |
Or, perhaps add a random function to the file name. |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
