egghelp/eggheads community

Encrypt userfile

2003-09-06T13:28:09-04:00

Maybe you want to see source code, but the compiler was written just to hide those part. Anyway, whatr kind of tricks are you using to see source code?

About tclpro compiled chanfile, it is not possible on all shell's, becase not every shell (not too many shells) have go tclpro installed .

Statistics: Posted by KrzychuG — Sat Sep 06, 2003 1:28 pm

Encrypt userfile

2003-08-30T22:03:31-04:00

TCL Pro sucks because of one reason : compiler

if i install a TCL script i want to see what it does, and thats impossible with tcl pro (except with some tricks)

i dont want wgets & so on on my box

Statistics: Posted by GodOfSuicide — Sat Aug 30, 2003 10:03 pm

Encrypt userfile

2003-08-30T15:14:20-04:00

Userfile might be encrypted by blowfish and its preety secure. Random key might be even 80 chars long. If key won't be visible in binary, then brute force that userfile will take a really long time. For tcl's one problem exists. Tcl can interpret whole file or one line. For whole files (scripts) we had te decrypt tcl to file and the load decrypted file (unsecure). For chanfiles not. So for tcl's use tclpro to protect source code, for userfile/chanfile and other files which can be readed string after string use blowfish with inteligent hiden key. Another problem. There is a way to get decrypted userfile. It might be done while userfile is transfered to share-bots. Solution: write module which will recrypt userfile using new key (to protect local userfile) then send key and userfile, and on sharebot load userfile and recrypt with local ufkey. Module is preety simple

I'm interested compiling chanfile by tclpro. Any ideas how to make it.

Statistics: Posted by KrzychuG — Sat Aug 30, 2003 3:14 pm

Encrypt userfile

2003-08-24T05:33:21-04:00

or even better : write a module that encrypts the userfile and everytime the bot / a script / etc trys to access it decrypts it on the fly with a generated key

Statistics: Posted by GodOfSuicide — Sun Aug 24, 2003 5:33 am

Encrypt userfile

2003-08-23T21:24:48-04:00

It would be possible, though, to write a script that saves users in a tcl file (adduser, setuser for each one) and then delete the user file.

Better idea: use a encrypted file system.

Statistics: Posted by stdragon — Sat Aug 23, 2003 9:24 pm

Encrypt userfile

2003-08-23T19:53:16-04:00

Maybe yes, but how will you use it to encrypt/compile userfile ?
Encrypted userfile is exists for example in cnt botpack.

good point.. I don't think I was paying attention to the 'userfile' part when posting that reply... While the chanfile can be treated as a tcl file, we all know that the userfile is not.

Statistics: Posted by strikelight — Sat Aug 23, 2003 7:53 pm

Encrypt userfile

2003-08-23T13:30:34-04:00

Maybe yes, but how will you use it to encrypt/compile userfile ?
Encrypted userfile is exists for example in cnt botpack.

Statistics: Posted by KrzychuG — Sat Aug 23, 2003 1:30 pm

Encrypt userfile

2003-08-16T16:09:52-04:00

The best and securest approach is to implement byte-coding of sensitive files. See tclpro from tcl.activestate.com for more information.

Statistics: Posted by strikelight — Sat Aug 16, 2003 4:09 pm

Encrypt userfile

2003-08-16T14:58:40-04:00

It is possible to do. Encrypt userfile is done in bots available in poland (like VoiD). Userfile isn't encrypted in the fly. Keys might be found by 'strings binary'. Best way to encrypt userfile is using blowfish module or any other encryption. Every function writes anything to userfile have to be modified (userrec.c '_write_userfile' and in some modules). File contains keys cannot be included in binary, but bigth be copied to char by new function (ex. setCryptKey). To write those keys in function 'sed' might be used. To support encrypted share files a new module might should be written (preety simple) and function sending crypt key to bots downloading userfile. That's all

Statistics: Posted by KrzychuG — Sat Aug 16, 2003 2:58 pm

Encrypt userfile

2002-02-03T19:56:00-04:00

I'm interested too in encryption. Can you write a little example Petersen? I'm kinda newbie in programming eggdrop =)
greetz

Statistics: Posted by Guest — Sun Feb 03, 2002 7:56 pm

Encrypt userfile

2002-02-02T00:52:00-04:00

Thanks, FAQ has been added.

http://www.egghelp.org/faq.shtml#123

Statistics: Posted by slennox — Sat Feb 02, 2002 12:52 am

Encrypt userfile

2002-01-31T13:37:00-04:00

let me elaborate. There are 2 ways to make an ecryption module. Either you statically compile the full encryption keys into it somewhere (or into a file readable by it), or you make it read a commandline option for the keys.
If you have the source for the module, you can (with enough knowledge) work out exactly where the encryption keys are stored in the module binary if they are linked into it. Even if they aren't linked into it, with the source you can work out where the keys are stored in a mem dump of a running eggdrop process. Thus the only way to make it in any way useful is to use your own code, so that the keys are stored in the binary/ram in a completly unique place compared with everybody elses egg. Combined with stack encryption routines, and automatic fork() if the process gets traced, it makes it very difficult to get the routines out of the binary at all. Even saying all this, as long as someone gets a shell with your UID, there isnt anything you can do that can make it impossible for them to get the crypt routines from a running bot. For most ppl this isnt gonna be a problem, because most script kiddies wouldnt know how to do this anyway. But if a widely avaliable open source crypto module was made avaliable as part of the eggdrop source, it would not be long before someone releases some util to crack that particular module (or worse, not release it and have lotsa ppl in a false sense of security).
Unfortunatly, security through obscurity is the only way if you don't trust the security of the box the egg is running from.

Statistics: Posted by Petersen — Thu Jan 31, 2002 1:37 pm

Encrypt userfile

2002-01-30T23:28:00-04:00

Is there anyone who disagrees with Petersen's answer? I think a FAQ entry for this is overdue buy my lack of knowledge in this area has prevented it.

Statistics: Posted by slennox — Wed Jan 30, 2002 11:28 pm

Encrypt userfile

2002-01-30T08:28:00-04:00

plenty, but you won't get one easily. the reason being is that such encryption schemes almost always rely on statically compiled encryption keys. thus if the source was given out it would be trivial to decrypt anything crypted with them. only real way to encrypt your userfiles is to write the crypto routines yourself (or employ someone to write them for you).

Statistics: Posted by Petersen — Wed Jan 30, 2002 8:28 am

Encrypt userfile

2002-01-30T07:31:00-04:00

Hi to all. I have a problem... i want encrypt all userfile data. Exist a tcl or module for this function?

Statistics: Posted by Guest — Wed Jan 30, 2002 7:31 am