PDA

View Full Version : Encrypt Simba Passwords



Brandon
12-18-2011, 06:26 PM
Hey All.. I have created a plugin that encrypts passwords in simba IF you implement it. It uses an encryption algorithm known as XTEA + Base64 Encoding.

*Sigh* For the commentators below.. If you really think your smart.. Break this.. Come on.. Go ahead and decrypt it:
IMmrAYw6YTmmVf10JN5BsV3/BxEWNGzX

To Find out your encrypted password, you'd use:

writeln(Encrypt('PasswordHere', Key));

The function definition is: Function Encrypt(Password, Key: String): String;

Now for the implementation.. How will Simba decrypt it?
In Simba you'd have to call Decrypt('Encrypted Pass here', 'Key'). It will prompt you for your key IF one is not already stored in the Key.INI file. I had to store it somewhere or else every 6 hours, you'd find yourself entering it again! Of course you can change the location of the stored key.


Example:

What User Sees in the script: Password:= fdsnglskngklanglanith32805235;
What Simba Sees: Password:= Whatever;


http://i.imgur.com/V2DO1.png
http://i.imgur.com/V2DO1.png

Future Development:
The ability to Encrypt Passwords, Usernames and Pins.. IN a selected file..


Instructions For USERS are at the very bottom of this post.. As well as download links.


FOR DEVELOPERS:

Short Example / Test script.



library SSecurity;

{$mode objfpc}{$H+}

uses
Classes, SysUtils, DCPbase64, DCPconst, DCPcrypt2, DCPmd5, StringFuncs,
MufasaTypes, stringutil, Forms, Dialogs, LCLType, Controls, Interfaces, IniFiles, XTea;

{$R *.res}

type
TCharArray = array of Char;

Function StringToCharArray(TheStr: string): TCharArray; register;
var
i, l: Integer;
begin
l := Length(TheStr);
SetLength(Result, l + 1);
for i := l downto 1 do
Result[i - 1] := TheStr[i];
end;

Function CharArrayToString(TheStr: TCharArray): String; register;
var
i, l: Integer;
begin
l := Length(TheStr) - 1;
for i:= 0 To l do
Result := Result + TheStr[i];
end;

Function ToASCII(AChar: char): Integer; register;
begin
result:= ord(AChar);
end;

Function ToChar(AChar: Byte): Char; register;
begin
result:= chr(AChar);
end;


Function DecToBin(Num: Int64): Int64; register;
var
bin, pos: Cardinal;
begin
bin := 0;
pos := 1;

while (Num > 0) do
begin
bin := bin + (Num mod 2) * pos;
Num := Num Div 2;
pos := pos * 10;
end;

Result:= Bin;
end;


Function Encrypt(StrToEncrypt, Key: String): String; register;
begin
Result:= Trim(Base64Encode(XTeaCryptStr(Trim(StrToEncrypt), Key)));
end;


Function Decrypt(StrToDecrypt, Key: String): String; register;
begin
Result:= Trim(XTeaDecryptStr(Base64Decode(Trim(StrToDecrypt )), Key));
end;


Procedure WriteToFile(StrToWrite: String); register;
var
FS: TOpenDialog;
Buffer, FName: String;
F: TFileStream;
begin
FS := TOpenDialog.Create(nil);
FS.Options := [ofFileMustExist];
FS.Filter := ' Simba Scripts (*.simba;*.Simba)|*.simba;*.Simba|All files (*.*)|*.*|';
FS.FilterIndex := 1;

if FS.Execute then
begin
FName:= FS.FileName;
F:= TFileStream.Create(FName, fmOpenReadWrite);
try
F.Position:= 0;
SetLength(Buffer, F.Size);
F.ReadBuffer(Buffer, F.Size);
Finally
F.Free;
end;

F:= TFileStream.Create(FName, fmOpenReadWrite);
try
F.Position:= 0;
Buffer := StringReplace(Buffer, Between('Pass', ';', Buffer), StrToWrite, [rfReplaceAll, rfIgnoreCase]);
F.WriteBuffer(Buffer, Length(Buffer));
writeln(Buffer);
Finally
F.Free;
end;
FS.Free;
end;
end;

{ EXPORTS }


procedure SetPluginMemoryManager(MemMgr : TMemoryManager); stdcall; export;
begin
SetMemoryManager(MemMgr);
end;


{ EXPORT TYPES }


function GetTypeCount(): Integer; stdcall; export;
begin
Result := 1;
end;

function GetTypeInfo(x: Integer; var sType, sTypeDef: string): integer; stdcall;
begin
case x of
0: begin
sType := 'TCharArray';
sTypeDef := 'Array of Char;';
end;
else
Result := -1;
end;
end;



{ EXPORT FUNCS }

function GetFunctionCount(): Integer; stdcall; export;
begin
Result := 8;
end;

function GetFunctionCallingConv(x : Integer) : Integer; stdcall; export;
begin
Result := 0;
case x of
0..7 : Result := 1;
end;
end;

function GetFunctionInfo(x: Integer; var ProcAddr: Pointer; var ProcDef: PChar): Integer; stdcall; export;
begin
case x of
0:
begin
ProcAddr := @StringToCharArray;
StrPCopy(ProcDef, 'Function StringToCharArray(TheStr: string): TCharArray;');
end;
1:
begin
ProcAddr := @CharArrayToString;
StrPCopy(ProcDef, 'Function CharArrayToString(TheStr: TCharArray): String;');
end;
2:
begin
ProcAddr := @ToASCII;
StrPCopy(ProcDef, 'Function ToASCII(AChar: char): Integer;');
end;
3:
begin
ProcAddr := @ToChar;
StrPCopy(ProcDef, 'Function ToChar(AChar: Byte): Char;');
end;
4:
begin
ProcAddr := @DecToBin;
StrPCopy(ProcDef, 'Function DecToBin(Num: Int64): Int64;');
end;
5:
begin
ProcAddr := @Encrypt;
StrPCopy(ProcDef, 'Function Encrypt(StrToEncrypt, Key: String): String;');
end;
6:
begin
ProcAddr := @Decrypt;
StrPCopy(ProcDef, 'Function Decrypt(StrToDecrypt, Key: String): String;');
end;
7:
begin
ProcAddr := @WriteToFile;
StrPCopy(ProcDef, 'Procedure WriteToFile(StrToWrite: String);');
end;
else
x := -1;
end;
Result := x;
end;


//Exports
exports SetPluginMemoryManager;

//Types
exports GetTypeCount;
exports GetTypeInfo;

//Functions
exports GetFunctionCount;
exports GetFunctionInfo;
exports GetFunctionCallingConv;

begin
end.
SOURCE (1.04 MB) For Developers & Curious Minds:
http://www.multiupload.com/FNYX3Y4L25


Plugin Only (1.66 MB):
http://www.multiupload.com/DQHZQH0N4G

Instructions:

Place the Plugin in C:/Simba/Plugins..

Fruit Bat
12-18-2011, 09:29 PM
Awesome stuff, don't need to worry about sending my password to people anymore :)

mastaraymond
12-18-2011, 10:00 PM
Anyone with the plugin can decrypt the passwords, right? ;-)

Brandon
12-18-2011, 10:39 PM
Anyone with the plugin can decrypt the passwords, right? ;-)


@Fruit bat.. No..

How it works:

Use the extension to encrypt a string.. it prints the encrypted string in your debug box..

Call Decrypt('Encrypted string', Key); Then the plugin will do the decryption..


@MastaRaymond
Anyone with the plugin CANNOT do the decryption without your key.. That said.. if you think your smart enough to break XTEA encryption with Base64 encoding.. please do show me how and I will of course use a stronger encryption algorithm such as RSA or AES, etc.. I didn't think blowfish was strong enough since it's a symmetrical algorithm so I did not use it.

IwriteCode
12-20-2011, 07:48 AM
its very easy to decrypt this

Fruit Bat
12-23-2011, 06:56 AM
its very easy to decrypt this

you can decrypt XTEA?

or

did you post this when it was the old system, he cracked a few of em before he got to the XTEA and it works great.

Wizzup?
12-24-2011, 02:19 PM
I don't think XTea is particularly weak? You could perhaps consider RC5 (or RC6)?

Brandon
12-25-2011, 04:50 PM
I don't think XTea is particularly weak? You could perhaps consider RC5 (or RC6)?


Hhaaha that would be a hell of a hard thing to break. Matter of fact, there are no successful attacks on RC6. But why the question mark after the XTEA? I was sorta thinking that 128 bits is more than enough for simba.. but 256 is not over kill?

I'll look into implementing the RC5.. RC6 seemed to have a patent on it when I last looked it up.

Shuttleu
12-25-2011, 04:54 PM
surely someone could look at a script, get the key and decrypt it from that?

~shut

Brandon
12-25-2011, 05:01 PM
surely someone could look at a script, get the key and decrypt it from that?

~shut

Not at all.. try it. See the script either gets the user to enter the password via prompt.. OR it reads the stored password from a location of your choice defined by GetKey('keynum');

I particularly made this for those RSBuddy users that said simba sucks without encryption because a friend can come over to their house and just open their script n bam everything is there.. well that won't happen anymore

Shuttleu
12-25-2011, 05:03 PM
but you said
Decrypt('Encrypted Pass here', 'Key')

surely "key" is the key it has been encrypted with. So the user just has to read the script to get the key and from that they can decrypt the encrypted pass

~shut

Brandon
12-25-2011, 05:17 PM
but you said
Decrypt('Encrypted Pass here', 'Key')

surely "key" is the key it has been encrypted with. So the user just has to read the script to get the key and from that they can decrypt the encrypted pass

~shut


Function GetKey(KeyNum: string): string; Forward;
Procedure DeclarePlayers;
begin
HowManyPlayers := 1;
NumberOfPlayers(HowManyPlayers);
CurrentPlayer := 0;
with Players[0] do
begin
Name := Decrypt('fsfdfd93U=', GetKey('0'));
Pass := Decrypt('g4SDAGD362fhjFAM9==', GetKey('0'));
Pin := Decrypt('FS797UO0P=', GetKey('0'));
BoxRewards := ['XP','xp','lamp'];
LampSkill := 'Slayer';
Active := True;

if((Pass = '') or (Pass = 'You Entered The Wrong Key')) then
begin
writeln('Terminating.. The Key Entered is Incorrect!');
TerminateScript;
end;
end;
end;

Function GetKey(KeyNum: string): string;
var
Temp, MyKey: string;
begin
Temp:= ReadINI('StoredKey'+KeyNum, 'Key', 'C:/Simba/Plugins/Keys.INI');
if((Temp = '') or (ChangeKey = True)) then
begin
Temp:= '';
InputQuery('Decryption Key Needed', 'Enter Your Decryption Key', Temp);
MyKey:= Temp;
WriteINI('StoredKey'+KeyNum, 'Key', MyKey, 'C:/Simba/Plugins/Keys.INI');
end else
MyKey:= Temp;

Result:= MyKey;

if (Result = '') then
begin
writeln('Terminating.. Default Key was used.');
TerminateScript;
end;
end;

Shuttleu
12-25-2011, 05:19 PM
i see

so the key is chosen by the user
and the only way to get the key is to look in the ini file

~shut

Brandon
12-25-2011, 05:24 PM
i see

so the key is chosen by the user
and the only way to get the key is to look in the ini file

~shut

Indeed. All depends on the person implementing it. That was just one implementation. They can also remove or change the key. Get Key is a forward declaration in this case.. it can be in an extension or anywhere in the script. For me it make sending my scripts easier because I don't have to worry about removing anything or sending it by accident with stuff stuff in there. It really all depends on who is implementing it.

Markus
01-02-2012, 11:51 AM
XTea is pretty simple, why a 1.66mb plugin? Can be done with 20 lines of simba code :)

Brandon
01-08-2012, 01:25 AM
XTea is pretty simple, why a 1.66mb plugin? Can be done with 20 lines of simba code :)

Wanna show me? I absolutely do not know how to do this in simba.. I've tried.. Just took the easy way out, downloaded libraries and yeah.. I even stripped the DLL fully.. not sure why its 1.66mb but I guess it's because of the amount of libraries I had..

Dgby714
01-08-2012, 01:51 AM
Simba now has RC2 thru RC6, there was a Tea encryption class, don't know if it's XTea?

Brandon
01-08-2012, 01:57 AM
Simba now has RC2 thru RC6, there was a Tea encryption class, don't know if it's XTea?


AHHH!!! I see it!! Added on December 26th 2011. :D Thanks! Gunna definitey use it!
https://github.com/MerlijnWajer/Simba/tree/master/Units/Misc/DCPCrypt

Edit: Is it exported or in the auto compelte? I can't seem to access it in simba..

Edit2: Got it.. Just installed the x64 Version.

Edit3: Wrote this:

program Encryptor;

Procedure Encrypt(const Key: String; var Data: String);
var
H: THashType;
begin
H:= htSHA512;
RC6_Encrypt(Key, H, Data);
end;

Procedure Decrypt(const Key: String; var Data: String);
var
H: THashType;
begin
H:= htSHA512;
RC6_Decrypt(Key, H, Data);
end;

var
Data: String;

begin
Data:= 'StringToEncrypt'; //String to be encrypted..

Encrypt('key', Data); //Encrypt it with RC6 and hash with Sha512.
Decrypt('key', Data); //Decrypt with the above..
end.

Dgby714
01-08-2012, 02:11 AM
AHHH!!! I see it!! Added on December 26th 2011. :D Thanks! Gunna definitey use it!
https://github.com/MerlijnWajer/Simba/tree/master/Units/Misc/DCPCrypt

Edit: Is it exported or in the auto compelte? I can't seem to access it in simba..

https://github.com/MerlijnWajer/Simba/blob/master/Units/MMLAddon/PSInc/psexportedmethods.inc#L261

You need a very recent version of Simba, idk, if it's in the updater (yet), you may need to grab a nightly build.