Jump to content




Disk Lock (Fully Secured SHA-256) [For Both Types of Computers]


9 replies to this topic

#1 Meit

  • Members
  • 22 posts
  • LocationPK

Posted 25 July 2016 - 07:35 PM

Introduction

This is a Disk Lock I was working on the last three hours, This is fully encrypted and safe means no one can break into your computer even with a startup disk! and can't install a virus, This might be the most secure lock ever

Features

  • Unbreakable/Crackable Encryption (EDIT: Bruteforce can crack if you used a idiotic/dumb password like 0000, so use strong ones)
  • Good Security (Impossible to break in)
  • Stable and Fast (But no GUI)
  • Option for recover password (Create new disk, But you must know your password and computer id of the comp u want to recover, Those are listed when you are installing the Disk Lock)
  • Can be easily integrated with your Operating System
  • Bugfree?
  • Safer Encryption [UPDATED]
  • Works on both advanced and non advanced computers

Updates

Update 1.1:

Quote

  • Updated the encryption system to a even safer one, Thanks to Anavrins again.
  • Passwords are now salted and turned into HEX.
  • Token changed (Delete DiskLock.shx before updating and reinstall from start cause you wont be able to recover disk with old and new version files mixing)

Update 1.2:

Quote

  • Fixed a problem with normal computers where there was a color problem, I forgot to check for term.isColor() in both DiskLock and DiskRecovery files.
  • Changed token and little security changes. (Delete DiskLock.shx before updating and reinstall from start cause you wont be able to recover disk with old and new version files mixing)
  • Future plan to reset os.pullEvent is added, Now you can re-use CTRL + ALT + T after you logged in :)

Future Plans

  • Make it possible to reset os.pullEvent back since the lock hooks it into pullEventRaw so nothing can be terminated ( You wont be able to test your programs but you can rename it to something else when testing or remove the pullEvent while testing :( )

FAQ

Q: OMG I lost my password you ******* bricked my computer, Now fix it or get reported.
A: First of all, Calm your ti** down, You can easily recover it if you know your computer ID and the password, If you cant remember it or are lazy as ...., Then dont use this sorry. if you have your old computer id and password use the DiskRecover.lua file from any other computer or turtle, or better pastebin run azbTsxRc it, Then fill out things such as computer id and your password, Don't forget to insert a disk in the drive, Then after inserting your password will be delivered to that disk.
Q: How is this secure? I wont use this until I get my answer..
A: This is more secure than your house safe, Since it encrypts the key of the key of the key that it is impossible to break unless he knows your computer id and password, If you tell someone, better change it by reinstalling e.g., delete the DiskLock.shx in your root directory and then start the app, Plus this app uses a special format for hashes, But the hacker wont be able to break in unless he knows the both things (CompID and Password), The format is:
computerId:Token:Password
You can make this ultimately secure too!
Q: How to make this ultimately secure?
A: Before installing, Go to the startup or DiskLock.lua (whatever u downloaded it as) and then edit token, e.g. change characters but keep the size same and Make sure to save the token in the notepad with your computer id and password, When recovering using the diskrecover.lua, Don't forget to edit the token to the one you used to install and never change the tokens before deleting the DiskLock.shx cause you wont be able to read file if you changed token while the DiskLock data encrypted files were made with the old token, The app wont work!
Q: How do I make this work on startup? You just said that this is unable to break-in!
A: Its some common-sense, In the pastebin file it is written to save the file as startup, But you don't bother looking into it, Just rename the file to startup and done, The installer is the same as the login so this is all in one file except the recovery.
Q: Should I delete the DiskLock.shx in my root directory and DiskLock.shc in my disk? They seem useless...
A: No!!! Never do it, If the DiskLock.shc is deleted and DiskLock.shx is still there then you wont be able to log in unless you recover the password and put it in the disk using the DiskRecover.lua, But leaving this, If you delete only DiskLock.shx then your password will delete too, You wont have the Disk password anymore and you will be prompted to install or not whenever you run the Disklock, DiskLock.shx delete means removing password but not the app..
Since DiskLock.shx is checked to login with a disk or not..
Q: Should I give my disk to my friend? I want him to access my computer.
A: Don't unless you know what you are doing, If he changes the password(by using the diskrecovery.lua and changing the computer password of Disklock.shx, Ur doomed),
Don't let anyone access your pórçó-díó(porco dio) security..



Download : Note

(ALL DOWNLOADS ARE LATEST! OLD VERSIONS NOT AVAILABLE)

DiskLock.lua : Rename to startup and then reboot

DiskRecover.lua : Recovery app, just use pastebin run

Credits:
Me - Base code & Idea
Anavrins - SHA256
KingofGamesYami - Helping on Ask A Pro
dan200 - For Making Computercraft

Edited by Meit, 03 March 2017 - 08:58 AM.


#2 Anavrins

  • Members
  • 775 posts

Posted 25 July 2016 - 08:22 PM

View PostMeit, on 25 July 2016 - 07:35 PM, said:

6 Times Encrypts your key, Is that good?
No, simply re-hashing the password is not good practice, pbkdf2 does what you intend to do in a more efficient and safer way.
If you want to use it, you could change the encrypt function to
function encrypt(str, salt)
  return pbkdf2(str, salt, 50) #-- Adjust 50 to your likings, higher the number, the slower the algorithm goes.
end
As well as changing line 278/279 to
enc_pass = encrypt(pass, compId ..":" ..token)

View PostMeit, on 25 July 2016 - 07:35 PM, said:

Plus this app uses a special format for hashes
There's nothing special with the format, it's just a table representation of it, you can easily convert it into a more conventional format with :toHex()
Changing line 280 and 286 to
handle.write(enc_pass:toHex())

Edited by Anavrins, 25 July 2016 - 08:29 PM.


#3 Meit

  • Members
  • 22 posts
  • LocationPK

Posted 25 July 2016 - 09:13 PM

EDIT: Updated, Thanks again avarins!

Edited by Meit, 25 July 2016 - 09:26 PM.


#4 Anavrins

  • Members
  • 775 posts

Posted 25 July 2016 - 09:32 PM

Well, the code changes should work just fine :P

As for pbkdf2, it's an algorithm which uses any PRF (MD5, SHA1, SHA2, AES), in this case SHA2.
The goal of the algorithm is to inherently slowdown the hashing process to hinder cracking attemps.
It does this by taking your password and salt, and iteratively hash it many times, in a much more clever way than only hash(hash(hash(hash(str)))).

#5 Meit

  • Members
  • 22 posts
  • LocationPK

Posted 25 July 2016 - 09:35 PM

Oh thanks, Btw anavrins I tried idwpass:toHex() and toHex(idwpass), none of them works, in the code the format is toHex(self, s)
EDIT: I edited with those changes the disk recover is having some problems..

Edited by Meit, 25 July 2016 - 09:40 PM.


#6 Anavrins

  • Members
  • 775 posts

Posted 25 July 2016 - 09:44 PM

The :toHex() thing only work with values returned by my api's functions, and in your case, your encrypt() function.
You did enc_key = encrypt(...), so you should do enc_key:toHex()

Edited by Anavrins, 25 July 2016 - 09:45 PM.


#7 Meit

  • Members
  • 22 posts
  • LocationPK

Posted 25 July 2016 - 10:29 PM

Alright, Updated the program and updated the token.. To those who installed it just right it came and want to update then delete your DiskLock.shx and go through the install process again, Please.. because this update has new tokens and you updated then there will be a problem with the hash when you try to create recovery password in a disk..

#8 AlexDevs

  • Members
  • 72 posts
  • Location~

Posted 09 September 2016 - 06:11 PM

View PostMeit, on 25 July 2016 - 07:35 PM, said:

Introduction

This is a Disk Lock I was working on the last three hours, This is fully encrypted and safe means no one can break into your computer even with a startup disk! and can't install a virus, This might be the most secure lock ever

Features

  • Unbreakable/Crackable Encryption (EDIT: Bruteforce can crack if you used a idiotic/dumb password like 0000, so use strong ones)
  • Good Security (Impossible to break in)
  • Stable and Fast (But no GUI)
  • Option for recover password (Create new disk, But you must know your password and computer id of the comp u want to recover, Those are listed when you are installing the Disk Lock)
  • Can be easily integrated with your Operating System
  • Bugfree?
  • Safer Encryption [UPDATED]
  • Works on both advanced and non advanced computers

Updates

Update 1.1:

Quote

  • Updated the encryption system to a even safer one, Thanks to Anavrins again.
  • Passwords are now salted and turned into HEX.
  • Token changed (Delete DiskLock.shx before updating and reinstall from start cause you wont be able to recover disk with old and new version files mixing)

Future Plans

  • Make it possible to reset os.pullEvent back since the lock hooks it into pullEventRaw so nothing can be terminated ( You wont be able to test your programs but you can rename it to something else when testing or remove the pullEvent while testing :( )

FAQ

Q: OMG I lost my password you ******* bricked my computer, Now fix it or get reported.
A: First of all, Calm your ti** down, You can easily recover it if you know your computer ID and the password, If you cant remember it or are lazy as ...., Then dont use this sorry. if you have your old computer id and password use the DiskRecover.lua file from any other computer or turtle, or better pastebin run azbTsxRc it, Then fill out things such as computer id and your password, Don't forget to insert a disk in the drive, Then after inserting your password will be delivered to that disk.
Q: How is this secure? I wont use this until I get my answer..
A: This is more secure than your house safe, Since it encrypts the key of the key of the key that it is impossible to break unless he knows your computer id and password, If you tell someone, better change it by reinstalling e.g., delete the DiskLock.shx in your root directory and then start the app, Plus this app uses a special format for hashes, But the hacker wont be able to break in unless he knows the both things (CompID and Password), The format is:
computerId:Token:Password
You can make this ultimately secure too!
Q: How to make this ultimately secure?
A: Before installing, Go to the startup or DiskLock.lua (whatever u downloaded it as) and then edit token, e.g. change characters but keep the size same and Make sure to save the token in the notepad with your computer id and password, When recovering using the diskrecover.lua, Don't forget to edit the token to the one you used to install and never change the tokens before deleting the DiskLock.shx cause you wont be able to read file if you changed token while the DiskLock data encrypted files were made with the old token, The app wont work!
Q: How do I make this work on startup? You just said that this is unable to break-in!
A: Its some common-sense, In the pastebin file it is written to save the file as startup, But you don't bother looking into it, Just rename the file to startup and done, The installer is the same as the login so this is all in one file except the recovery.
Q: Should I delete the DiskLock.shx in my root directory and DiskLock.shc in my disk? They seem useless...
A: No!!! Never do it, If the DiskLock.shc is deleted and DiskLock.shx is still there then you wont be able to log in unless you recover the password and put it in the disk using the DiskRecover.lua, But leaving this, If you delete only DiskLock.shx then your password will delete too, You wont have the Disk password anymore and you will be prompted to install or not whenever you run the Disklock, DiskLock.shx delete means removing password but not the app..
Since DiskLock.shx is checked to login with a disk or not..
Q: Should I give my disk to my friend? I want him to access my computer.
A: Don't unless you know what you are doing, If he changes the password(by using the diskrecovery.lua and changing the computer password of Disklock.shx, Ur doomed),
Don't let anyone access your pórçó-díó(porco dio) security..


Download : Notes

DiskLock.lua (Rename to startup)

DiskRecover.lua (Recovery app, just run or use pastebin run)

Credits:
Me - Base code & Idea
Anavrins - SHA256
KingofGamesYami - Helping on Ask A Pro
dan200 - For Making Computercraft
Soooooo, you just said "god pig"... Nice words...

#9 TheRockettek

  • Members
  • 547 posts
  • LocationRem is best girl

Posted 09 September 2016 - 06:21 PM

btw, make it tell the user if the setting api is not avaliable (they are on a older version)


#10 Meit

  • Members
  • 22 posts
  • LocationPK

Posted 03 March 2017 - 08:59 AM

Updated to version 1.2,
Changelog:

Quote

  • Fixed a problem with normal computers where there was a color problem, I forgot to check for term.isColor() in both DiskLock and DiskRecovery files.
  • Changed token and little security changes. (Delete DiskLock.shx before updating and reinstall from start cause you wont be able to recover disk with old and new version files mixing)
  • Future plan to reset os.pullEvent is added, Now you can re-use CTRL + ALT + T after you logged in :)






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users