Jump to content




BlueBank v3.0


27 replies to this topic

#1 TrumpetMiner

  • Members
  • 33 posts

Posted 10 May 2015 - 08:12 PM

BlueBank v3.5

2019 Edit: If my friends and I ever start up a game with an up to date version of CC, I will get to work on making this. Things are kinda tight right now with college, but I really do want to give this program the update I think it deserves. I first wrote this back in 2015. Now 4 years later and looking back on making this program, I can see it really pushed me towards what I love. I'm now in college majoring in computing security. For that, I'm grateful to this mod and this community and I want to end BlueBank with an amazing update.

Features
Done Planed Next Update (Planned) Next Update (Done)
  • Accounts and Money Hosted On Server
  • Easy Access to Balance and Transfer Through Client Computer
  • It Works
  • Atm
  • Shop
  • OS W/BlueBank Integration
  • Credit Cards
  • Pocket Bank
  • Freeze Accounts
  • Admin System Through the Client Computer
  • Admin Menu
  • Create Account System
  • More Security:
  • Encryption on Everything
  • Servers Don't Take Unauthorized Client Ids
Known Bugs
-"Not Enough Funds" on Certain Amounts during Transfer
-Can Watch Signals Between Server and Client to Find Info
-Non-String Transfer Input Results in Server Crash

Message Me or Comment if You find or fix a bug

Screenshots

https://plus.google....46470577?sort=1


Instructions
Create A Computer With a Modem on Any Side and Put The Server Program onto it.
Edit the Program and Follow Instructions at Top.
Create Accounts by Editing Files Under "user/enterUsername" and Putting the Password Inside or Using by a Client Computer.
Edit User's Money by Editing Files Under "$/enterUsername" and Putting the # of $ Inside.
You Create Accounts Through the Main Screen (If you're logged out) of the Client!

Run the Server Program.

Create A Computer With A Modem on Any Side and Put The Client Program onto it.
Edit the Program and Follow Instructions at Top.
Run the Client Program.

If You Want to put This onto Your Server or Use This in Your Own Programs, Message Me Because I'd Like To Advertise it on This Page and Help You Set It up if You Would Like.

Pastebin
Server: pastebin get VkYYSbR4 server
Client: pastebin get bpf4TVGb client

Admin: pastebin get 6WpAVENC admin
ATM: Coming Soon
Pocket-Friendly: Coming Soon
Shop: Coming Soon


More secure version by Scoopta and Cloud Ninja:

Client: http://pastebin.com/5sY44uVz
Server: http://pastebin.com/QMMYtg9k
(Credits: Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja)

Edited by TrumpetMiner, 27 February 2019 - 06:45 AM.


#2 biggest yikes

  • Members
  • 573 posts

Posted 10 May 2015 - 10:38 PM

Rednet is *super* insecure, I can listen on channel 65533 and easily hack anyone's account and transfer their money to mine. Also, it's kind of hard to register a user, you have to make a "$" directory and a "user" directory, and the passwords aren't even hashed or anything. I think you could improve it, but so far it looks pretty nice.
Posted Image
(weird label names, I know, I made these tried this on some random computers I could find, but you get the point)
/offtopic http://www.comicsanscriminal.com/
EDIT: Even worse, to make a transaction you don't need a password..
EDIT 2: Super easy to crash the server by sending a balance that's not a string
rednet.send(serverid, "Transfer")
rednet.send(serverid, "")
rednet.send(serverid, "")
rednet.send(serverid, {}) --send table instead of string

Edited by Atenefyr, 10 May 2015 - 11:03 PM.


#3 TrumpetMiner

  • Members
  • 33 posts

Posted 10 May 2015 - 11:15 PM

View PostAtenefyr, on 10 May 2015 - 10:38 PM, said:


I'm so Sorry. I'll never go back...

Edited by TrumpetMiner, 11 May 2015 - 08:16 PM.


#4 TrumpetMiner

  • Members
  • 33 posts

Posted 30 August 2015 - 03:26 AM

View PostAtenefyr, on 10 May 2015 - 10:38 PM, said:

Rednet is *super* insecure, I can listen on channel 65533 and easily hack anyone's account and transfer their money to mine. Also, it's kind of hard to register a user, you have to make a "$" directory and a "user" directory, and the passwords aren't even hashed or anything. I think you could improve it, but so far it looks pretty nice.

I've been working on this new version for a few days now. I fixed a few bugs, added a new admin system, and now you can create a new account from the start menu. My next plan is to fix the server-crashing table bug, and add Caesar Cipher: http://www.computerc...__fromsearch__1 if I can get into contact with the creator or another encryption API if I cannot.

#5 valithor

  • Members
  • 1,053 posts

Posted 30 August 2015 - 04:15 AM

View PostTrumpetMiner, on 30 August 2015 - 03:26 AM, said:

View PostAtenefyr, on 10 May 2015 - 10:38 PM, said:

Rednet is *super* insecure, I can listen on channel 65533 and easily hack anyone's account and transfer their money to mine. Also, it's kind of hard to register a user, you have to make a "$" directory and a "user" directory, and the passwords aren't even hashed or anything. I think you could improve it, but so far it looks pretty nice.

I've been working on this new version for a few days now. I fixed a few bugs, added a new admin system, and now you can create a new account from the start menu. My next plan is to fix the server-crashing table bug, and add Caesar Cipher: http://www.computerc...__fromsearch__1 if I can get into contact with the creator or another encryption API if I cannot.

Just know Ceasar Cipher's are incredibly easy to crack. If you are really worried about security I would suggest looking into AES (Only decent CC encryption API I can think of right now)

AES api link: http://www.computerc...aes-encryption/

#6 PokeAcer

  • Members
  • 143 posts

Posted 30 August 2015 - 09:19 PM

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Use a new key per install (generate on first boot from, IDK, a hash of the microtime and some random characters? (echo it in a PHP script + a random string generator) sha256 of course, just make the server handle this) then require that you insert a floppy disk into a *wired networked* drive for encryption - if you think people have compromised your bank and stole it, pull that out and make a 'reset key' functionality which recreates the key and sends a message to the client to shutdown.

And maybe make a key using the script aswell.

I've made a script that will function perfectly for keygen:
http://185.99.132.59/hash.php

Edited by PokeAcer, 30 August 2015 - 09:38 PM.


#7 Exerro

  • Members
  • 801 posts

Posted 31 August 2015 - 01:28 PM

Alternatively, using diffe-hellman is a much better option I'd say. You can securely establish a new key with each connection, meaning even if an attacker somehow got a hold of the key, it would change next time you connected, rather than remaining the same for all eternity. Also, for computers to be able to encrypt and decrypt text, they both need to have the same key. The method you're suggesting seems to leave every computer with a different key and no way to share it securely.

#8 PokeAcer

  • Members
  • 143 posts

Posted 31 August 2015 - 08:10 PM

View Postawsumben13, on 31 August 2015 - 01:28 PM, said:

Alternatively, using diffe-hellman is a much better option I'd say. You can securely establish a new key with each connection, meaning even if an attacker somehow got a hold of the key, it would change next time you connected, rather than remaining the same for all eternity. Also, for computers to be able to encrypt and decrypt text, they both need to have the same key. The method you're suggesting seems to leave every computer with a different key and no way to share it securely.

My idea is this:
- Building has machines for money transfer
- Machines have wired network cable onto ONE floppy drive, with a blockbreaker (if you have relevant mod installed) on the cable right by the drive for security. one machine creates the file (the server) and then that is the key used via AES. If you need to reset due to compromization, you eject the floppy, then make someone go downstairs, throw the floppy away, then put a new one in to generate the key. It sends it via wired network cable (we will need to stop termination aswell) - the key is checked then removed from memory each time you change (so it connects, gets key to use, waits for message back, decrypts, then overwrites the variable)
- The blockbreaker is for if you think someone's placed a wire leading to their PC (griefing?), so you can securely break the connection.

About the DH approach

'You will have problem with Diffie-Hellman because calculations required for it to succeed use to big numbers for LUA to understand(300 digit prime)
I have unfinished version of this that went to trash because of such problem. I am working on workaround in free time (meta-tables rule!) but sadly no time estimate on this. Sorry for that :P Still good luck in future endeavors i am sure someone else can help :lol:'

#9 jaffacakesareamazing

  • Members
  • 17 posts

Posted 12 September 2015 - 04:41 PM

The problem I am having is that your program doesn't use a protocol, and therefore it is crashing because there are other rednet messages going on and the clients and server can't communicate. Please could you add a protocol to the next update?

#10 TrumpetMiner

  • Members
  • 33 posts

Posted 12 December 2015 - 04:05 AM

View Postjaffacakesareamazing, on 12 September 2015 - 04:41 PM, said:

The problem I am having is that your program doesn't use a protocol, and therefore it is crashing because there are other rednet messages going on and the clients and server can't communicate. Please could you add a protocol to the next update?

I will be doing a rewrite of the client around Christmas and have already planned this and some new features such as:

- Encrypting (Once I find the right API)

- Stores (Maybe)

- Change Background and Text Color

- Bug Fixes!

Hopefully after this your problem (and many others) will be fixed. :)

#11 TrumpetMiner

  • Members
  • 33 posts

Posted 12 December 2015 - 04:39 AM

Right now I am looking at a Caesar Cipher because I see other API's like AES and either am totally confused on how to use them or cannot get them to work at all. If you have any more suggestions or if you can offer help in getting AES to work, I would love to hear from you. Thanks.

EDIT: Just found the cause of AES not working, I will be looking into implementing it in the next update.

Edited by TrumpetMiner, 12 December 2015 - 04:41 AM.


#12 TrumpetMiner

  • Members
  • 33 posts

Posted 20 December 2015 - 05:52 AM

If you like Blue Bank, go check out Blue Net's page. It is nothing yet, but if people like the idea it could be very cool. :)

(link is in my signature)


It's gone.

I will re-upload on release of the actual system and I will make a small section in this thread to update you on my progress.

Edited by TrumpetMiner, 20 December 2015 - 07:06 AM.


#13 TrumpetMiner

  • Members
  • 33 posts

Posted 31 March 2016 - 10:54 PM

Hey guys, I might show some of the features and do work on BlueBank v4.0 on Twitch if anyone wants to see it. If I can get around 5 people to watch, I will start a stream. Reply to this and I will contact you when the stream goes up! :)

#14 proxene

  • Members
  • 6 posts

Posted 16 April 2016 - 12:12 AM

Hello ,
I try to do a little atm to convert golds in virtual money only on the server I have a little problem and I get this error: Data Is Not String

This means that at the server?
Here is my code: http://pastebin.com/DmktCXQz

I only apply this code has a very specific account that the player does not show.

Can you help me ?

Regards ,
Proxene

#15 Cloud Ninja

  • Members
  • 361 posts

Posted 15 May 2016 - 02:29 AM

So since my stuff got removed, i've noticed a few bugs. I've been able to not only sniff out passwords, but even without checking any code on the client, i can sniff out all protocols you use. Well, me and a friend of my have taken it upon ourselves to fix your code a bit, it isn't finished yet, but either myself or him will post with the finished code for you later. The admin and client have been merged (with checking for users that are admin on the server side) so as to not need more than 2 programs in total, as well as session ID's added so that even if someone manages to be logged in, you need the id in order to send or receive information.

#16 Scoopta

  • Members
  • 23 posts
  • LocationCalifornia, United States

Posted 15 May 2016 - 04:21 AM

I've completely overhauled your code and made BlueBank way more secure than it was originally. The network protocol has been completely reworked with security in mind. With the original all it took to crack was my rednet libpcap implementation. Now it would take a specially engineered utility to crack and a bit of reverse engineering of the protocol.

Improvements:
  • Each time a client logs in they are now assigned a unique session ID only valid for that particular login. When the client logs out or logs in again the old session id is invalidated
  • Client and server now communicate direcly with the modem API instead of rednet. This prevents libpcap from sniffing the traffic
  • Client and server now communicate using randomly generated ID's making sniffing more difficult
  • Network protocol makes it difficult to crack without actual reverse engineering
  • Permissions system: Each user can now be promoted to admin status and their client will automatically render admin tools.
  • No need for separated auth key to do administrative tasks
Client: http://pastebin.com/2BCqWa2c
Server: http://pastebin.com/i0ZscG8h

On the client make a .server file with the server's ID. This is how you configure the server
To setup the first admin create a directory called admin and put an empty file in there named the users username. I.e /admin/Scoopta for my user. Once you have the first admin setup they can use the client software to promote and demote any other user so manually doing this is no longer required.

If you find any bugs let me know and I'll patch them

Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja

Edited by Scoopta, 17 May 2016 - 01:25 AM.


#17 TrumpetMiner

  • Members
  • 33 posts

Posted 16 May 2016 - 10:21 PM

View PostScoopta, on 15 May 2016 - 04:21 AM, said:

I've completely overhauled your code and made BlueBank way more secure than it was originally. The network protocol has been completely reworked with security in mind. With the original all it took to crack was my rednet libpcap implementation. Now it would take a specially engineered utility to crack and a bit of reverse engineering of the protocol.

Improvements:
  • Each time a client logs in they are now assigned a unique session ID only valid for that particular login. When the client logs out or logs in again the old session id is invalidated
  • Client and server now communicate direcly with the modem API instead of rednet. This prevents libpcap from sniffing the traffic
  • Client and server now communicate using randomly generated ID's making sniffing more difficult
  • Network protocol makes it difficult to crack without actual reverse engineering
  • Permissions system: Each user can now be promoted to admin status and their client will automatically render admin tools.
  • No need for separated auth key to do administrative tasks
Client: http://pastebin.com/5sY44uVz
Server: http://pastebin.com/QMMYtg9k

On the client make a .server file with the server's ID. This is how you configure the server

If you find any bugs let me know and I'll patch them

Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja

Thanks for this, it will give me ideas and an example of what needs to come in BlueBank v4.0.

4.0 is now around 25% complete with the ideas I had earlier so the features that 4.0 doesn't cover, can be added in the future.

There will most likely me many more bugs to catch in v4.0, so I'm glad that I have people out there to catch my mistakes and help me out with my first public program.

After v4.0, I will be moving on to BlueNet which will include BlueBank and many other programs.

Edit: It seems I cannot start the server. It says attempt to index ? on line 7

Edited by TrumpetMiner, 16 May 2016 - 11:05 PM.


#18 Cloud Ninja

  • Members
  • 361 posts

Posted 17 May 2016 - 12:45 AM

Make sure you have a modem on a computer when you try to start the server.

#19 Scoopta

  • Members
  • 23 posts
  • LocationCalifornia, United States

Posted 17 May 2016 - 01:02 AM

View PostTrumpetMiner, on 16 May 2016 - 10:21 PM, said:

View PostScoopta, on 15 May 2016 - 04:21 AM, said:

I've completely overhauled your code and made BlueBank way more secure than it was originally. The network protocol has been completely reworked with security in mind. With the original all it took to crack was my rednet libpcap implementation. Now it would take a specially engineered utility to crack and a bit of reverse engineering of the protocol.

Improvements:
  • Each time a client logs in they are now assigned a unique session ID only valid for that particular login. When the client logs out or logs in again the old session id is invalidated
  • Client and server now communicate direcly with the modem API instead of rednet. This prevents libpcap from sniffing the traffic
  • Client and server now communicate using randomly generated ID's making sniffing more difficult
  • Network protocol makes it difficult to crack without actual reverse engineering
  • Permissions system: Each user can now be promoted to admin status and their client will automatically render admin tools.
  • No need for separated auth key to do administrative tasks
Client: http://pastebin.com/5sY44uVz
Server: http://pastebin.com/QMMYtg9k

On the client make a .server file with the server's ID. This is how you configure the server

If you find any bugs let me know and I'll patch them

Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja

Thanks for this, it will give me ideas and an example of what needs to come in BlueBank v4.0.

4.0 is now around 25% complete with the ideas I had earlier so the features that 4.0 doesn't cover, can be added in the future.

There will most likely me many more bugs to catch in v4.0, so I'm glad that I have people out there to catch my mistakes and help me out with my first public program.

After v4.0, I will be moving on to BlueNet which will include BlueBank and many other programs.

Edit: It seems I cannot start the server. It says attempt to index ? on line 7
As cloud already suggested that's most likely because you did not put a modem on the computer. I should have stated this in my original post but to make a user an admin create a directory called admin and put an empty file in there which is named the username. I.e. /admin/TrumpetMiner. Once you have one admin that admin can promote and demote any other user through the client software so you don't need to manually do it.

Edited by Scoopta, 17 May 2016 - 01:09 AM.


#20 Cloud Ninja

  • Members
  • 361 posts

Posted 17 May 2016 - 01:33 AM

New update to our version of bluebank (kinda)

You can now do as follows to install bluebank much easier
pastebin run xRXts4yM <client/server>
I.E
pastebin run xRXts4yM client installs the client
pastebin run xRXts4yM server installs the server






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users