Jump to content




Channel Lock For Server Ops V2 Now With Hashed Password


15 replies to this topic

#1 Elrond1369

  • Members
  • 34 posts
  • LocationUnited States

Posted 09 August 2013 - 04:36 PM

Channel Lock for servers V2 now with hashed password

This modification to ComputerCraft locks Channels 655** so they require two passwords to open them for listening. It also uses password hashing to keep your passwords secret

Download

Setup
Spoiler


#2 Tiin57

    Java Lunatic

  • Members
  • 1,412 posts
  • LocationIndiana, United States

Posted 09 August 2013 - 04:47 PM

Protip: Don't use Adf.ly on a Computercraft program. The money is extremely minimal and it just makes you seem greedy.

Edit: Thank you for removing it.

#3 MysticT

    Lua Wizard

  • Members
  • 1,597 posts

Posted 09 August 2013 - 05:22 PM

> lua
> t = fs
> file = t.open("/rom/apis/peripheral", "r")
> file.readAll()
Passwords retrieved.
Easy :P
You should override the fs api if you want to secure files.

#4 PixelToast

  • Signature Abuser
  • 2,265 posts
  • Location3232235883

Posted 09 August 2013 - 05:23 PM

fail sandbox is fail c_C
MysticT: you forgot a "r" ;)

#5 Elrond1369

  • Members
  • 34 posts
  • LocationUnited States

Posted 09 August 2013 - 05:55 PM

View PostMysticT, on 09 August 2013 - 05:22 PM, said:

> lua
> t = fs
> file = t.open("/rom/apis/peripheral")
> file.readAll()
Passwords retrieved.
Easy :P/>/>
You should override the fs api if you want to secure files.
if string.find(s, "fs%.")==nil then
error("don't try and change fs to somthing else")
end


#6 PixelToast

  • Signature Abuser
  • 2,265 posts
  • Location3232235883

Posted 09 August 2013 - 06:00 PM

yea no.
best solution is to use hashing
SHA1 and a 64 bit salt would do nicely

#7 MysticT

    Lua Wizard

  • Members
  • 1,597 posts

Posted 09 August 2013 - 06:04 PM

View PostElrond1369, on 09 August 2013 - 05:55 PM, said:

View PostMysticT, on 09 August 2013 - 05:22 PM, said:

> lua
> t = fs
> file = t.open("/rom/apis/peripheral")
> file.readAll()
Passwords retrieved.
Easy :P/>/>
You should override the fs api if you want to secure files.
if string.find(s, "fs%.")==nil then
error("don't try and change fs to somthing else")
end
Yeah, check again...
I never used "fs.", just "fs". So it won't catch it.

Derp, my bad.
Ok, use this then:
> lua
> t = _G["f".."s"]
> file = t.open("/rom/apis/peripheral", "r")
> file.readAll()
:)

View PostPixelToast, on 09 August 2013 - 05:23 PM, said:

fail sandbox is fail c_C
MysticT: you forgot a "r" ;)
Oh god, how could I? :P
Here it is just for you: "r" xD

#8 Elrond1369

  • Members
  • 34 posts
  • LocationUnited States

Posted 09 August 2013 - 06:31 PM

View PostMysticT, on 09 August 2013 - 06:04 PM, said:

View PostElrond1369, on 09 August 2013 - 05:55 PM, said:

View PostMysticT, on 09 August 2013 - 05:22 PM, said:

> lua
> t = fs
> file = t.open("/rom/apis/peripheral")
> file.readAll()
Passwords retrieved.
Easy :P/>/>
You should override the fs api if you want to secure files.
if string.find(s, "fs%.")==nil then
error("don't try and change fs to somthing else")
end
Yeah, check again...
I never used "fs.", just "fs". So it won't catch it.

Derp, my bad.
Ok, use this then:
> lua
> t = _G["f".."s"]
> file = t.open("/rom/apis/peripheral", "r")
> file.readAll()
:)

View PostPixelToast, on 09 August 2013 - 05:23 PM, said:

fail sandbox is fail c_C
MysticT: you forgot a "r" ;)
Oh god, how could I? :P
Here it is just for you: "r" xD
 
fs = table.remove(fs, 14)


#9 MysticT

    Lua Wizard

  • Members
  • 1,597 posts

Posted 09 August 2013 - 06:36 PM

View PostElrond1369, on 09 August 2013 - 06:31 PM, said:

fs = table.remove(fs, 14)
What? :huh:
I can't find that or your previous "fix" in the code anyway.
Also, you are blocking any file/path that contains peripheral...

#10 Elrond1369

  • Members
  • 34 posts
  • LocationUnited States

Posted 09 August 2013 - 06:49 PM

View PostPixelToast, on 09 August 2013 - 06:00 PM, said:

yea no.
best solution is to use hashing
SHA1 and a 64 bit salt would do nicely
Um how is that done
Never mind I found something that can do this. Your right this should work better

#11 Elrond1369

  • Members
  • 34 posts
  • LocationUnited States

Posted 20 August 2013 - 04:54 PM

View PostMysticT, on 09 August 2013 - 06:36 PM, said:

View PostElrond1369, on 09 August 2013 - 06:31 PM, said:

fs = table.remove(fs, 14)
What? :huh:
I can't find that or your previous "fix" in the code anyway.
Also, you are blocking any file/path that contains peripheral...
I've completely changed everything to use password hashing and it uses your bit rotate functions.

#12 PixelToast

  • Signature Abuser
  • 2,265 posts
  • Location3232235883

Posted 20 August 2013 - 09:16 PM

function hash(pass1, pass2)
local key = 32
local x
local y
local pass
local output
while key % 32 == 0 do
key = math.random(10000, 99999)
end
x = string.len(pass1)
y = 1
output = 0
while y ~= x+1 do
output = output + string.byte(string.sub(pass1, y, y+1))
output = output * 2
y = y + 1
end
pass1 = output
x = string.len(pass2)
y = 1
output = 0
while y ~= x+1 do
output = output + string.byte(string.sub(pass2, y, y+1))
output = output * 2
y = y + 1
end
pass2 = output
pass = rightRotate(pass1, key)
pass = leftRotate(pass, pass2)
return pass
end
Uhm
now anything i look at instantly smells like fish

#13 NeverCast

  • Members
  • 400 posts
  • LocationChristchurch, New Zealand

Posted 20 August 2013 - 09:26 PM

Posted Image

Your hash function needs a complete scrap and rewrite mate.
Firstly it's not a hash function if it generates different results each time, which it's certain to do because you use math.random. Perhaps a bit more learning about how hash functions actually work could be profitable for you. Secondly your checkhash function effectively brute forces the hash. I cannot imagine the amount of collisions that will cause ( Something else you should research if it doesn't make sense, hash collisions).

You've got a great idea here, and I don't want you to give up. But your implementation of hashing is all wrong, and you should sincerely consider redoing it.
Thanks for your submit and I look forward to your update; and remember to have fun when coding!

#14 Elrond1369

  • Members
  • 34 posts
  • LocationUnited States

Posted 21 August 2013 - 08:57 PM

View PostNeverCast, on 20 August 2013 - 09:26 PM, said:

Posted Image

Your hash function needs a complete scrap and rewrite mate.
Firstly it's not a hash function if it generates different results each time, which it's certain to do because you use math.random. Perhaps a bit more learning about how hash functions actually work could be profitable for you. Secondly your checkhash function effectively brute forces the hash. I cannot imagine the amount of collisions that will cause ( Something else you should research if it doesn't make sense, hash collisions).

You've got a great idea here, and I don't want you to give up. But your implementation of hashing is all wrong, and you should sincerely consider redoing it.
Thanks for your submit and I look forward to your update; and remember to have fun when coding!
The math.random is to create a salt so that you can't get the passwords using a rainbow table. The check function then goes thruogh all posible salts. If you find a colision please let me know and then I'll try and fix it. It's really patetic that someone would waste time trying to crack a hashed password inside a video game when in the end it would only get them baned from the server.

#15 PixelToast

  • Signature Abuser
  • 2,265 posts
  • Location3232235883

Posted 22 August 2013 - 09:39 PM

Posted Image
yeah, banned, as if the admin were watching over me and making sure i dont have access to specific channels
c_c
i actually cracked passwords on a server i go to
and rainbow tables are only efficiently made in SHA and such hashes, not this one (if you would even consider it a hash)...

and why "pass1" and "pass2" whai!
key=math.random(10000, 99999)
you know, you could just multiply a random number by 32 and it will automatically become %32
x = string.len(pass2)
y = 1
output = 0
while y ~= x+1 do
output = output + string.byte(string.sub(pass2, y, y+1))
output = output * 2
y = y + 1
end
this.
this is not a hash.
this makes me want to puke.
rainbow tables arent needed to top the crap that was thrown into it.

time to make a program to crack it (assuming i will not die from retardation before then)
well not crack it, more like a collision generation program

sorry if i was mean, just had a [INSERT RAGE HERE] moment there

#16 Elrond1369

  • Members
  • 34 posts
  • LocationUnited States

Posted 26 August 2013 - 04:46 PM

View PostPixelToast, on 22 August 2013 - 09:39 PM, said:

Posted Image
yeah, banned, as if the admin were watching over me and making sure i dont have access to specific channels
c_c
i actually cracked passwords on a server i go to
and rainbow tables are only efficiently made in SHA and such hashes, not this one (if you would even consider it a hash)...

and why "pass1" and "pass2" whai!
key=math.random(10000, 99999)
you know, you could just multiply a random number by 32 and it will automatically become %32
x = string.len(pass2)
y = 1
output = 0
while y ~= x+1 do
output = output + string.byte(string.sub(pass2, y, y+1))
output = output * 2
y = y + 1
end
this.
this is not a hash.
this makes me want to puke.
rainbow tables arent needed to top the crap that was thrown into it.

time to make a program to crack it (assuming i will not die from retardation before then)
well not crack it, more like a collision generation program

sorry if i was mean, just had a [INSERT RAGE HERE] moment there
So I should just remove the key? Also I can't find any usefull info on how to make a password hasher.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users