BlueBank v3.0
TrumpetMiner 10 May 2015
BlueBank v3.5
2019 Edit: If my friends and I ever start up a game with an up to date version of CC, I will get to work on making this. Things are kinda tight right now with college, but I really do want to give this program the update I think it deserves. I first wrote this back in 2015. Now 4 years later and looking back on making this program, I can see it really pushed me towards what I love. I'm now in college majoring in computing security. For that, I'm grateful to this mod and this community and I want to end BlueBank with an amazing update.
Features
Done Planed Next Update (Planned) Next Update (Done)
-"Not Enough Funds" on Certain Amounts during Transfer
-Can Watch Signals Between Server and Client to Find Info
-Non-String Transfer Input Results in Server Crash
Message Me or Comment if You find or fix a bug
Screenshots
https://plus.google....46470577?sort=1
Instructions
Create A Computer With a Modem on Any Side and Put The Server Program onto it.
Edit the Program and Follow Instructions at Top.
Create Accounts by Editing Files Under "user/enterUsername" and Putting the Password Inside or Using by a Client Computer.
Edit User's Money by Editing Files Under "$/enterUsername" and Putting the # of $ Inside.
You Create Accounts Through the Main Screen (If you're logged out) of the Client!
Run the Server Program.
Create A Computer With A Modem on Any Side and Put The Client Program onto it.
Edit the Program and Follow Instructions at Top.
Run the Client Program.
If You Want to put This onto Your Server or Use This in Your Own Programs, Message Me Because I'd Like To Advertise it on This Page and Help You Set It up if You Would Like.
Pastebin
Server: pastebin get VkYYSbR4 server
Client: pastebin get bpf4TVGb client
Admin: pastebin get 6WpAVENC admin
ATM: Coming Soon
Pocket-Friendly: Coming Soon
Shop: Coming Soon
More secure version by Scoopta and Cloud Ninja:
Client: http://pastebin.com/5sY44uVz
Server: http://pastebin.com/QMMYtg9k
(Credits: Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja)
Edited by TrumpetMiner, 27 February 2019 - 06:45 AM.
2019 Edit: If my friends and I ever start up a game with an up to date version of CC, I will get to work on making this. Things are kinda tight right now with college, but I really do want to give this program the update I think it deserves. I first wrote this back in 2015. Now 4 years later and looking back on making this program, I can see it really pushed me towards what I love. I'm now in college majoring in computing security. For that, I'm grateful to this mod and this community and I want to end BlueBank with an amazing update.
Features
Accounts and Money Hosted On ServerEasy Access to Balance and Transfer Through Client ComputerIt WorksAtmShopOS W/BlueBank IntegrationCredit CardsPocket BankFreeze AccountsAdmin System Through the Client ComputerAdmin MenuCreate Account SystemMore Security:
Encryption on EverythingServers Don't Take Unauthorized Client Ids
-Can Watch Signals Between Server and Client to Find Info
-Non-String Transfer Input Results in Server Crash
Message Me or Comment if You find or fix a bug
Screenshots
https://plus.google....46470577?sort=1
Instructions
Create A Computer With a Modem on Any Side and Put The Server Program onto it.
Edit the Program and Follow Instructions at Top.
You Create Accounts Through the Main Screen (If you're logged out) of the Client!
Run the Server Program.
Create A Computer With A Modem on Any Side and Put The Client Program onto it.
Edit the Program and Follow Instructions at Top.
Run the Client Program.
If You Want to put This onto Your Server or Use This in Your Own Programs, Message Me Because I'd Like To Advertise it on This Page and Help You Set It up if You Would Like.
Pastebin
Server: pastebin get VkYYSbR4 server
Client: pastebin get bpf4TVGb client
Admin: pastebin get 6WpAVENC admin
ATM: Coming Soon
Pocket-Friendly: Coming Soon
Shop: Coming Soon
More secure version by Scoopta and Cloud Ninja:
Client: http://pastebin.com/5sY44uVz
Server: http://pastebin.com/QMMYtg9k
(Credits: Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja)
Edited by TrumpetMiner, 27 February 2019 - 06:45 AM.
biggest yikes 10 May 2015
Rednet is *super* insecure, I can listen on channel 65533 and easily hack anyone's account and transfer their money to mine. Also, it's kind of hard to register a user, you have to make a "$" directory and a "user" directory, and the passwords aren't even hashed or anything. I think you could improve it, but so far it looks pretty nice.
(weird label names, I know, I made these tried this on some random computers I could find, but you get the point)
/offtopic http://www.comicsanscriminal.com/
EDIT: Even worse, to make a transaction you don't need a password..
EDIT 2: Super easy to crash the server by sending a balance that's not a string
Edited by Atenefyr, 10 May 2015 - 11:03 PM.
(weird label names, I know, I made these tried this on some random computers I could find, but you get the point)
/offtopic http://www.comicsanscriminal.com/
EDIT: Even worse, to make a transaction you don't need a password..
EDIT 2: Super easy to crash the server by sending a balance that's not a string
rednet.send(serverid, "Transfer") rednet.send(serverid, "") rednet.send(serverid, "") rednet.send(serverid, {}) --send table instead of string
Edited by Atenefyr, 10 May 2015 - 11:03 PM.
TrumpetMiner 10 May 2015
TrumpetMiner 30 Aug 2015
Atenefyr, on 10 May 2015 - 10:38 PM, said:
Rednet is *super* insecure, I can listen on channel 65533 and easily hack anyone's account and transfer their money to mine. Also, it's kind of hard to register a user, you have to make a "$" directory and a "user" directory, and the passwords aren't even hashed or anything. I think you could improve it, but so far it looks pretty nice.
I've been working on this new version for a few days now. I fixed a few bugs, added a new admin system, and now you can create a new account from the start menu. My next plan is to fix the server-crashing table bug, and add Caesar Cipher: http://www.computerc...__fromsearch__1 if I can get into contact with the creator or another encryption API if I cannot.
valithor 30 Aug 2015
TrumpetMiner, on 30 August 2015 - 03:26 AM, said:
Atenefyr, on 10 May 2015 - 10:38 PM, said:
Rednet is *super* insecure, I can listen on channel 65533 and easily hack anyone's account and transfer their money to mine. Also, it's kind of hard to register a user, you have to make a "$" directory and a "user" directory, and the passwords aren't even hashed or anything. I think you could improve it, but so far it looks pretty nice.
I've been working on this new version for a few days now. I fixed a few bugs, added a new admin system, and now you can create a new account from the start menu. My next plan is to fix the server-crashing table bug, and add Caesar Cipher: http://www.computerc...__fromsearch__1 if I can get into contact with the creator or another encryption API if I cannot.
Just know Ceasar Cipher's are incredibly easy to crack. If you are really worried about security I would suggest looking into AES (Only decent CC encryption API I can think of right now)
AES api link: http://www.computerc...aes-encryption/
PokeAcer 30 Aug 2015
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Use a new key per install (generate on first boot from, IDK, a hash of the microtime and some random characters? (echo it in a PHP script + a random string generator) sha256 of course, just make the server handle this) then require that you insert a floppy disk into a *wired networked* drive for encryption - if you think people have compromised your bank and stole it, pull that out and make a 'reset key' functionality which recreates the key and sends a message to the client to shutdown.
And maybe make a key using the script aswell.
I've made a script that will function perfectly for keygen:
http://185.99.132.59/hash.php
Edited by PokeAcer, 30 August 2015 - 09:38 PM.
Use a new key per install (generate on first boot from, IDK, a hash of the microtime and some random characters? (echo it in a PHP script + a random string generator) sha256 of course, just make the server handle this) then require that you insert a floppy disk into a *wired networked* drive for encryption - if you think people have compromised your bank and stole it, pull that out and make a 'reset key' functionality which recreates the key and sends a message to the client to shutdown.
And maybe make a key using the script aswell.
I've made a script that will function perfectly for keygen:
http://185.99.132.59/hash.php
Edited by PokeAcer, 30 August 2015 - 09:38 PM.
Exerro 31 Aug 2015
Alternatively, using diffe-hellman is a much better option I'd say. You can securely establish a new key with each connection, meaning even if an attacker somehow got a hold of the key, it would change next time you connected, rather than remaining the same for all eternity. Also, for computers to be able to encrypt and decrypt text, they both need to have the same key. The method you're suggesting seems to leave every computer with a different key and no way to share it securely.
PokeAcer 31 Aug 2015
awsumben13, on 31 August 2015 - 01:28 PM, said:
Alternatively, using diffe-hellman is a much better option I'd say. You can securely establish a new key with each connection, meaning even if an attacker somehow got a hold of the key, it would change next time you connected, rather than remaining the same for all eternity. Also, for computers to be able to encrypt and decrypt text, they both need to have the same key. The method you're suggesting seems to leave every computer with a different key and no way to share it securely.
My idea is this:
- Building has machines for money transfer
- Machines have wired network cable onto ONE floppy drive, with a blockbreaker (if you have relevant mod installed) on the cable right by the drive for security. one machine creates the file (the server) and then that is the key used via AES. If you need to reset due to compromization, you eject the floppy, then make someone go downstairs, throw the floppy away, then put a new one in to generate the key. It sends it via wired network cable (we will need to stop termination aswell) - the key is checked then removed from memory each time you change (so it connects, gets key to use, waits for message back, decrypts, then overwrites the variable)
- The blockbreaker is for if you think someone's placed a wire leading to their PC (griefing?), so you can securely break the connection.
About the DH approach
'You will have problem with Diffie-Hellman because calculations required for it to succeed use to big numbers for LUA to understand(300 digit prime)
I have unfinished version of this that went to trash because of such problem. I am working on workaround in free time (meta-tables rule!) but sadly no time estimate on this. Sorry for that Still good luck in future endeavors i am sure someone else can help '
jaffacakesareamazing 12 Sep 2015
The problem I am having is that your program doesn't use a protocol, and therefore it is crashing because there are other rednet messages going on and the clients and server can't communicate. Please could you add a protocol to the next update?
TrumpetMiner 12 Dec 2015
jaffacakesareamazing, on 12 September 2015 - 04:41 PM, said:
The problem I am having is that your program doesn't use a protocol, and therefore it is crashing because there are other rednet messages going on and the clients and server can't communicate. Please could you add a protocol to the next update?
I will be doing a rewrite of the client around Christmas and have already planned this and some new features such as:
- Encrypting (Once I find the right API)
- Stores (Maybe)
- Change Background and Text Color
- Bug Fixes!
Hopefully after this your problem (and many others) will be fixed.
TrumpetMiner 12 Dec 2015
EDIT: Just found the cause of AES not working, I will be looking into implementing it in the next update.
Edited by TrumpetMiner, 12 December 2015 - 04:41 AM.
TrumpetMiner 20 Dec 2015
(link is in my signature)
It's gone.
I will re-upload on release of the actual system and I will make a small section in this thread to update you on my progress.
Edited by TrumpetMiner, 20 December 2015 - 07:06 AM.
TrumpetMiner 31 Mar 2016
Hey guys, I might show some of the features and do work on BlueBank v4.0 on Twitch if anyone wants to see it. If I can get around 5 people to watch, I will start a stream. Reply to this and I will contact you when the stream goes up!
proxene 16 Apr 2016
Hello ,
I try to do a little atm to convert golds in virtual money only on the server I have a little problem and I get this error: Data Is Not String
This means that at the server?
Here is my code: http://pastebin.com/DmktCXQz
I only apply this code has a very specific account that the player does not show.
Can you help me ?
Regards ,
Proxene
I try to do a little atm to convert golds in virtual money only on the server I have a little problem and I get this error: Data Is Not String
This means that at the server?
Here is my code: http://pastebin.com/DmktCXQz
I only apply this code has a very specific account that the player does not show.
Can you help me ?
Regards ,
Proxene
Cloud Ninja 15 May 2016
So since my stuff got removed, i've noticed a few bugs. I've been able to not only sniff out passwords, but even without checking any code on the client, i can sniff out all protocols you use. Well, me and a friend of my have taken it upon ourselves to fix your code a bit, it isn't finished yet, but either myself or him will post with the finished code for you later. The admin and client have been merged (with checking for users that are admin on the server side) so as to not need more than 2 programs in total, as well as session ID's added so that even if someone manages to be logged in, you need the id in order to send or receive information.
Scoopta 15 May 2016
I've completely overhauled your code and made BlueBank way more secure than it was originally. The network protocol has been completely reworked with security in mind. With the original all it took to crack was my rednet libpcap implementation. Now it would take a specially engineered utility to crack and a bit of reverse engineering of the protocol.
Improvements:
Server: http://pastebin.com/i0ZscG8h
On the client make a .server file with the server's ID. This is how you configure the server
To setup the first admin create a directory called admin and put an empty file in there named the users username. I.e /admin/Scoopta for my user. Once you have the first admin setup they can use the client software to promote and demote any other user so manually doing this is no longer required.
If you find any bugs let me know and I'll patch them
Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja
Edited by Scoopta, 17 May 2016 - 01:25 AM.
Improvements:
- Each time a client logs in they are now assigned a unique session ID only valid for that particular login. When the client logs out or logs in again the old session id is invalidated
- Client and server now communicate direcly with the modem API instead of rednet. This prevents libpcap from sniffing the traffic
- Client and server now communicate using randomly generated ID's making sniffing more difficult
- Network protocol makes it difficult to crack without actual reverse engineering
- Permissions system: Each user can now be promoted to admin status and their client will automatically render admin tools.
- No need for separated auth key to do administrative tasks
Server: http://pastebin.com/i0ZscG8h
On the client make a .server file with the server's ID. This is how you configure the server
To setup the first admin create a directory called admin and put an empty file in there named the users username. I.e /admin/Scoopta for my user. Once you have the first admin setup they can use the client software to promote and demote any other user so manually doing this is no longer required.
If you find any bugs let me know and I'll patch them
Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja
Edited by Scoopta, 17 May 2016 - 01:25 AM.
TrumpetMiner 16 May 2016
Scoopta, on 15 May 2016 - 04:21 AM, said:
I've completely overhauled your code and made BlueBank way more secure than it was originally. The network protocol has been completely reworked with security in mind. With the original all it took to crack was my rednet libpcap implementation. Now it would take a specially engineered utility to crack and a bit of reverse engineering of the protocol.
Improvements:
Server: http://pastebin.com/QMMYtg9k
On the client make a .server file with the server's ID. This is how you configure the server
If you find any bugs let me know and I'll patch them
Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja
Improvements:
- Each time a client logs in they are now assigned a unique session ID only valid for that particular login. When the client logs out or logs in again the old session id is invalidated
- Client and server now communicate direcly with the modem API instead of rednet. This prevents libpcap from sniffing the traffic
- Client and server now communicate using randomly generated ID's making sniffing more difficult
- Network protocol makes it difficult to crack without actual reverse engineering
- Permissions system: Each user can now be promoted to admin status and their client will automatically render admin tools.
- No need for separated auth key to do administrative tasks
Server: http://pastebin.com/QMMYtg9k
On the client make a .server file with the server's ID. This is how you configure the server
If you find any bugs let me know and I'll patch them
Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja
Thanks for this, it will give me ideas and an example of what needs to come in BlueBank v4.0.
4.0 is now around 25% complete with the ideas I had earlier so the features that 4.0 doesn't cover, can be added in the future.
There will most likely me many more bugs to catch in v4.0, so I'm glad that I have people out there to catch my mistakes and help me out with my first public program.
After v4.0, I will be moving on to BlueNet which will include BlueBank and many other programs.
Edit: It seems I cannot start the server. It says attempt to index ? on line 7
Edited by TrumpetMiner, 16 May 2016 - 11:05 PM.
Cloud Ninja 17 May 2016
Make sure you have a modem on a computer when you try to start the server.
Scoopta 17 May 2016
TrumpetMiner, on 16 May 2016 - 10:21 PM, said:
Scoopta, on 15 May 2016 - 04:21 AM, said:
I've completely overhauled your code and made BlueBank way more secure than it was originally. The network protocol has been completely reworked with security in mind. With the original all it took to crack was my rednet libpcap implementation. Now it would take a specially engineered utility to crack and a bit of reverse engineering of the protocol.
Improvements:
Server: http://pastebin.com/QMMYtg9k
On the client make a .server file with the server's ID. This is how you configure the server
If you find any bugs let me know and I'll patch them
Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja
Improvements:
- Each time a client logs in they are now assigned a unique session ID only valid for that particular login. When the client logs out or logs in again the old session id is invalidated
- Client and server now communicate direcly with the modem API instead of rednet. This prevents libpcap from sniffing the traffic
- Client and server now communicate using randomly generated ID's making sniffing more difficult
- Network protocol makes it difficult to crack without actual reverse engineering
- Permissions system: Each user can now be promoted to admin status and their client will automatically render admin tools.
- No need for separated auth key to do administrative tasks
Server: http://pastebin.com/QMMYtg9k
On the client make a .server file with the server's ID. This is how you configure the server
If you find any bugs let me know and I'll patch them
Credits:
Core networking and server code: Scoopta
UI Elements and client mods: CloudNinja
Thanks for this, it will give me ideas and an example of what needs to come in BlueBank v4.0.
4.0 is now around 25% complete with the ideas I had earlier so the features that 4.0 doesn't cover, can be added in the future.
There will most likely me many more bugs to catch in v4.0, so I'm glad that I have people out there to catch my mistakes and help me out with my first public program.
After v4.0, I will be moving on to BlueNet which will include BlueBank and many other programs.
Edit: It seems I cannot start the server. It says attempt to index ? on line 7
Edited by Scoopta, 17 May 2016 - 01:09 AM.
Cloud Ninja 17 May 2016
New update to our version of bluebank (kinda)
You can now do as follows to install bluebank much easier
You can now do as follows to install bluebank much easier
pastebin run xRXts4yM <client/server> I.E pastebin run xRXts4yM client installs the client pastebin run xRXts4yM server installs the server