 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
Laszlo
Joined: 14 Feb 2005
Posts: 4474
Location: Boulder, CO
|
 Posted: Thu Oct 25, 2007 2:41 pm Post subject: |
 |
|
| leofola wrote: | | I would like to use the Processor ID (globally unique and available from any processor as far as I know – correct me if I’m wrong) |
Unfortunately, AMD processors don’t have it. Intel Pentium III processors do, but only if enabled in the BIOS. So, the processor serial number is more often unavailable than available.
| leofola wrote: | | have it “interact” with the GUID in order to “disguise” it so as not to be dealing with people’s private info. By interact, I’m not yet sure what I mean. I guess multiplication? |
I am not sure, how it would work. You can just XOR the two byte-strings for disguise. But the GUID has to be stored, because it is always different, when generated anew. Why don’t you use only this stored GUID? You need a system design, first. |
|
| Back to top |
|
 |
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Thu Oct 25, 2007 5:03 pm Post subject: |
|
|
| Laszlo wrote: | | Unfortunately, AMD processors don’t have it. Intel Pentium III processors do, but only if enabled in the BIOS. So, the processor serial number is more often unavailable than available. |
[Edit]I think you may have misread my post.
The code I use should retrieve Proc ID not SN (as per your advice re: obtainability of SN in a previous thread).
So is Processor ID globally obtainable?
Just found an AMD on which to run the code (improved version of code below), and got a result of same length as i get when running it on my P4 machine.
That's only 2 tests but so far so good.[/Edit]
Requires COM.ahk ...(D/load COM).
| Code: |
Proc2 := WMI_Query("root\cimv2", "Win32_Processor", "ProcessorID")
WMI_Query(Namespace, Class, Property)
{
COM_Init()
psvc := COM_GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\" . Namespace)
pset := COM_Invoke(psvc, "ExecQuery", "SELECT * FROM " . Class)
penm := COM_Invoke(pset, "_NewEnum")
Loop
If COM_Enumerate(penm, pobj) = 0
sResult .= COM_Invoke(pitm:=COM_Invoke(pprs:=COM_Invoke(pobj, "Properties_"), "Item", Property), "Value") . SubStr(COM_Release(pitm) . COM_Release(pprs) . COM_Release(pobj),1,0) . "`n"
Else Break
COM_Release(penm)
COM_Release(pset)
COM_Release(psvc)
COM_Term()
Return sResult
}
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
GUID() {
VarSetCapacity(A,16), S := "12"
DllCall("rpcrt4\UuidCreate","Str",A)
Loop 16
DllCall("msvcrt\sprintf", Str,S, Str,"%02x", "Uchar",*(&A+A_Index-1)), h .= S
Return h
}
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
GU = % GUID()
StringLen, ProcLen, Proc2
ProcLen/=2
StringLeft, Proc1, Proc2, %ProcLen%
StringTrimLeft, Proc2, Proc2, %ProcLen%
If Proc1 = %Proc2%
MsgBox, ProcessorID (or possible SN) `n= %Proc1%
Else
MsgBox, ProcessorID (or possible SN) `n= %Proc1%%Proc2%
MsgBox, GUID = %GU%
;FileAppend, %GU% `n%Proc%, GU.txt
return |
| Laszlo wrote: | | Why don’t you use only this stored GUID? |
Not sure how I could use it if stored. Surely a malicious user would need only to find it in its ini file / reg key etc, purchase one AuthCode, and create a script that edits the stored value on any machine and unlocks with the AuthCode. Maybe I'm missing something though.
| Laszlo wrote: | | You need a system design, first. |
Here is the design theory so far (script to follow when written):
1. Installing the SW generates a "serial" (big long lump of numbers and letters in case my terminology is wrong, as it often can be).
The serial is then given to User (MsgBox, Clipboard etc).
2. User inputs this at website, website then generates an AuthCode (another letter-number lump) which is given to User.
3. User inputs this at SW's prompt. SW then checks by calculation that the AuthCode came from the website's calculation upon the serial number which should still refer to the (hopefullly globally unique and obtainable) Processor ID |
|
| Back to top |
|
|
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Thu Oct 25, 2007 9:50 pm Post subject: |
|
|
For security would it be better to XOR the two values (ProcID and GUID) instead of inserting each character of ProcID into certain "random but retrace-able" positions wthin GUID.
I think i have a decent way of making the latter option safe.
I can describe it if u like in theory. Let me know.
However, doing it by insertion seems a lot more complicated than XOR.
Only problem with XOR is I am not sure how to perform an XOR.
I tried using your code as an example to follow but couldn't apply it to simply XORing the two values (ProcID and GUID) together.
Also I assume it is possible to reverse the process of XORing so that I can verify that the code given by user matches the result of XORing a random unsaved GUID with users ProcID? |
|
| Back to top |
|
|
engunneer
Joined: 30 Aug 2005
Posts: 7698
Location: Germany (but I only speak English)
|
| Posted: Thu Oct 25, 2007 10:13 pm Post subject: |
|
|
^ means XOR. you can XOR it twice to get back the original number, IIRC.
(A ^ B) ^ B = A
_________________
 Unless noted, all code is UNTESTED.
Answers Here: 1.(Loops, Viruses, etc.) 2.Search 3.RTFM 4.Ask for Help.
PMs will be ignored unless you are hiring me. |
|
| Back to top |
|
|
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Fri Oct 26, 2007 1:27 am Post subject: |
|
|
So is it possible to XOR a pair of alpha-numerical strings?
Doesn't seem to be working for me.
I was looking for some way to treat them as hex so that it might work despite the letters (sure i saw that somewhere before) but couldn't find it.
| Code: | ProcID = BFEBFBFF00000F29
GUID = 3ddfc90449a2b24aa97847e768f04f44
VarSetCapacity(Serial,60)
Serial := (ProcID ^ GUID)
MsgBox, %Serial% |
Is there some other means by which I could get a similar effect if XOR is not meant to be used for alpha-numerical strings?
or is my code wrong somewhere else maybe? |
|
| Back to top |
|
|
rani
Joined: 18 Mar 2008
Posts: 144
|
| Posted: Fri Dec 19, 2008 9:52 am Post subject: |
|
|
Hi,
is it possible to change shareware parameters by changing GUID of a PC ? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4474
Location: Boulder, CO
|
| Posted: Fri Dec 19, 2008 5:56 pm Post subject: |
|
|
| Leon wrote: | | So is it possible to XOR a pair of alpha-numerical strings? |
Yes, with some extra code. Assuming that your strings contain hex digits, the following HexXOR function does the job. | Code: | ProcID = BFEBFBFF00000F29
GUID = 3ddfc90449a2b24aa97847e768f04f44
Serial := HexXOR(ProcID,GUID)
MsgBox %Serial%
HexXOR(a,b) {
Static S := 12
VarSetCapacity(z,abs(StrLen(a)-StrLen(b)),Asc("0"))
If (StrLen(a)>StrLen(b))
b := b . z
Else
a := a . z
Loop % StrLen(a)//2 {
i := 2*A_Index-1
x := "0x" . SubStr(a,i,2)
y := "0x" . SubStr(b,i,2)
DllCall("msvcrt\sprintf", Str,S, Str,"%02X",UInt,x^y)
c .= S
}
Return c
} |
|
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4474
Location: Boulder, CO
|
| Posted: Fri Dec 19, 2008 6:01 pm Post subject: |
|
|
| rani wrote: | | is it possible to change shareware parameters by changing GUID of a PC ? |
This GUID is not an ID of your machine, but a number, which is different each time it is newly generated, and different from numbers generated elsewhere. |
|
| Back to top |
|
|
cerewa
Joined: 14 Aug 2008
Posts: 32
|
| Posted: Fri Dec 19, 2008 6:29 pm Post subject: |
|
|
| Quote: | | Even if the entropy source is not electronic, like radioactive isotopes, the sensors are sensitive electronic devices susceptible to external influences. |
I wonder if one way toward security would be to use a microphone that listens to sounds at volumes/frequencies that are audible.
Sure, a person can influence the random number generator! But if it's obvious that's what they're doing... |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4474
Location: Boulder, CO
|
| Posted: Fri Dec 19, 2008 7:27 pm Post subject: |
|
|
| Microphones do provide physical entropy by detecting background acoustic and electric noise, but it is hard to determine, how much. A strong sound makes the signal predictable, but the PC fans could cause some repetitive patterns, too. Therefore, many samples have to be hashed together. Cheap webcams ($10) in the dark (in a box, wrapped in duct tape) usually give you more-, and less predictable noise. |
|
| Back to top |
|
|
rani
Joined: 18 Mar 2008
Posts: 144
|
| Posted: Sat Dec 20, 2008 6:43 am Post subject: |
|
|
hi Laszlo,
is it possible to change shareware parameters,
or trace it when in a machine it's located ? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4474
Location: Boulder, CO
|
| Posted: Sat Dec 20, 2008 4:59 pm Post subject: |
|
|
| What do you want to do? If you want to protect your shareware, see the SW copy protection thread. If you want to hack the SW of others, I cannot help: there are too many tricks they can use to protect their IP. |
|
| Back to top |
|
|
greynite
Joined: 17 May 2008
Posts: 31
Location: Dallas, TX
|
| Posted: Thu Jan 01, 2009 7:11 pm Post subject: |
|
|
Laszlo, would it not make more sense to use a single GUID creation call to seed calls to AES (e.g. http://www.autohotkey.com/forum/viewtopic.php?t=37484 ) in counter mode?
Thus each script gets a copious amount of pseudo-random numbers while using up a minimal amount of system entropy...
Thanks,
Shawn |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4474
Location: Boulder, CO
|
| Posted: Thu Jan 01, 2009 7:40 pm Post subject: |
|
|
| Yes, you can do that. TEA is even faster, unless your CPU has native AES commands. Using GUID as a key, just encrypt a counter. The result cannot be distinguished from true random with reasonable computing resources. Keep in mind that AHK's built in random number generator is two orders of magnitude faster, so only use ciphers for secure random numbers, for higher quality requirements. |
|
| Back to top |
|
|
greynite
Joined: 17 May 2008
Posts: 31
Location: Dallas, TX
|
| Posted: Thu Jan 01, 2009 9:53 pm Post subject: |
|
|
Lol, from a post you made on Tue Oct 23, 2007 5:15 pm:
| Laszlo wrote: | | If you need just one random number, for low security, the low order word of the high speed Windows counter suffices. If you need a high security number, use a GUID Windows can generate, described here. If you need many low security random numbers use the Random function of AHK. If you need many high security random numbers, use a GUID as a key, and encrypt a counter… |
Thanks for your patience with us newbs 
Cheers,
Shawn |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
