Results 1 to 19 of 19

Thread: Encrypt Simba Passwords

  1. #1
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default Encrypt Simba Passwords

    Hey All.. I have created a plugin that encrypts passwords in simba IF you implement it. It uses an encryption algorithm known as XTEA + Base64 Encoding.

    *Sigh* For the commentators below.. If you really think your smart.. Break this.. Come on.. Go ahead and decrypt it:
    IMmrAYw6YTmmVf10JN5BsV3/BxEWNGzX

    To Find out your encrypted password, you'd use:

    writeln(Encrypt('PasswordHere', Key));

    The function definition is: Function Encrypt(Password, Key: String): String;

    Now for the implementation.. How will Simba decrypt it?
    In Simba you'd have to call Decrypt('Encrypted Pass here', 'Key'). It will prompt you for your key IF one is not already stored in the Key.INI file. I had to store it somewhere or else every 6 hours, you'd find yourself entering it again! Of course you can change the location of the stored key.


    Example:

    What User Sees in the script: Password:= fdsnglskngklanglanith32805235;
    What Simba Sees: Password:= Whatever;



    http://i.imgur.com/V2DO1.png

    Future Development:
    The ability to Encrypt Passwords, Usernames and Pins.. IN a selected file..


    Instructions For USERS are at the very bottom of this post.. As well as download links.


    FOR DEVELOPERS:

    Short Example / Test script.

    Code:
    library SSecurity;
    
    {$mode objfpc}{$H+}
    
    uses
      Classes, SysUtils, DCPbase64, DCPconst, DCPcrypt2, DCPmd5, StringFuncs,
      MufasaTypes, stringutil, Forms, Dialogs, LCLType, Controls, Interfaces, IniFiles, XTea;
    
    {$R *.res}
    
      type
        TCharArray = array of Char;
    
    Function StringToCharArray(TheStr: string): TCharArray; register;
    var
      i, l: Integer;
    begin
      l := Length(TheStr);
      SetLength(Result, l + 1);
      for i := l downto 1 do
        Result[i - 1] := TheStr[i];
    end;
    
    Function CharArrayToString(TheStr: TCharArray): String; register;
    var
      i, l: Integer;
    begin
      l := Length(TheStr) - 1;
      for i:= 0 To l do
        Result := Result + TheStr[i];
    end;
    
    Function ToASCII(AChar: char): Integer; register;
    begin
      result:= ord(AChar);
    end;
    
    Function ToChar(AChar: Byte): Char; register;
    begin
      result:= chr(AChar);
    end;
    
    
    Function DecToBin(Num: Int64): Int64; register;
    var
      bin, pos: Cardinal;
    begin
        bin := 0;
        pos := 1;
    
        while (Num > 0) do
        begin
          bin := bin + (Num mod 2) * pos;
          Num := Num Div 2;
          pos := pos * 10;
        end;
    
        Result:= Bin;
    end;
    
    
    Function Encrypt(StrToEncrypt, Key: String): String; register;
    begin
         Result:= Trim(Base64Encode(XTeaCryptStr(Trim(StrToEncrypt), Key)));
    end;
    
    
    Function Decrypt(StrToDecrypt, Key: String): String; register;
    begin
         Result:= Trim(XTeaDecryptStr(Base64Decode(Trim(StrToDecrypt)), Key));
    end;
    
    
    Procedure WriteToFile(StrToWrite: String); register;
    var
      FS: TOpenDialog;
      Buffer, FName: String;
      F: TFileStream;
    begin
      FS := TOpenDialog.Create(nil);
      FS.Options := [ofFileMustExist];
      FS.Filter := ' Simba Scripts (*.simba;*.Simba)|*.simba;*.Simba|All files (*.*)|*.*|';
      FS.FilterIndex := 1;
    
      if FS.Execute then
      begin
        FName:= FS.FileName;
          F:= TFileStream.Create(FName, fmOpenReadWrite);
          try
            F.Position:= 0;
            SetLength(Buffer, F.Size);
            F.ReadBuffer(Buffer, F.Size);
          Finally
            F.Free;
          end;
    
          F:= TFileStream.Create(FName, fmOpenReadWrite);
          try
            F.Position:= 0;
            Buffer := StringReplace(Buffer, Between('Pass', ';', Buffer), StrToWrite, [rfReplaceAll, rfIgnoreCase]);
            F.WriteBuffer(Buffer, Length(Buffer));
            writeln(Buffer);
          Finally
            F.Free;
          end;
        FS.Free;
      end;
    end;
    
    {                                       EXPORTS                                }
    
    
    procedure SetPluginMemoryManager(MemMgr : TMemoryManager); stdcall; export;
    begin
      SetMemoryManager(MemMgr);
    end;
    
    
    {                                    EXPORT TYPES                              }
    
    
    function GetTypeCount(): Integer; stdcall; export;
    begin
      Result := 1;
    end;
    
    function GetTypeInfo(x: Integer; var sType, sTypeDef: string): integer; stdcall;
    begin
      case x of
        0: begin
            sType := 'TCharArray';
            sTypeDef := 'Array of Char;';
          end;
        else
          Result := -1;
      end;
    end;
    
    
    
    {                                    EXPORT FUNCS                              }
    
    function GetFunctionCount(): Integer; stdcall; export;
    begin
      Result := 8;
    end;
    
    function GetFunctionCallingConv(x : Integer) : Integer; stdcall; export;
    begin
      Result := 0;
      case x of
         0..7 : Result := 1;
      end;
    end;
    
    function GetFunctionInfo(x: Integer; var ProcAddr: Pointer; var ProcDef: PChar): Integer; stdcall; export;
    begin
      case x of
        0:
          begin
            ProcAddr := @StringToCharArray;
            StrPCopy(ProcDef, 'Function StringToCharArray(TheStr: string): TCharArray;');
          end;
        1:
          begin
            ProcAddr := @CharArrayToString;
            StrPCopy(ProcDef, 'Function CharArrayToString(TheStr: TCharArray): String;');
          end;
        2:
          begin
            ProcAddr := @ToASCII;
            StrPCopy(ProcDef, 'Function ToASCII(AChar: char): Integer;');
          end;
        3:
          begin
            ProcAddr := @ToChar;
            StrPCopy(ProcDef, 'Function ToChar(AChar: Byte): Char;');
          end;
        4:
          begin
            ProcAddr := @DecToBin;
            StrPCopy(ProcDef, 'Function DecToBin(Num: Int64): Int64;');
          end;
        5:
          begin
            ProcAddr := @Encrypt;
            StrPCopy(ProcDef, 'Function Encrypt(StrToEncrypt, Key: String): String;');
          end;
        6:
          begin
            ProcAddr := @Decrypt;
            StrPCopy(ProcDef, 'Function Decrypt(StrToDecrypt, Key: String): String;');
          end;
        7:
          begin
            ProcAddr := @WriteToFile;
            StrPCopy(ProcDef, 'Procedure WriteToFile(StrToWrite: String);');
          end;
      else
        x := -1;
      end;
      Result := x;
    end;
    
    
    //Exports
    exports SetPluginMemoryManager;
    
    //Types
    exports GetTypeCount;
    exports GetTypeInfo;
    
    //Functions
    exports GetFunctionCount;
    exports GetFunctionInfo;
    exports GetFunctionCallingConv;
    
    begin
    end.
    SOURCE (1.04 MB) For Developers & Curious Minds:
    http://www.multiupload.com/FNYX3Y4L25


    Plugin Only (1.66 MB):

    http://www.multiupload.com/DQHZQH0N4G

    Instructions:

    Place the Plugin in C:/Simba/Plugins..
    Last edited by Brandon; 12-20-2011 at 07:31 AM.
    I am Ggzz..
    Hackintosher

  2. #2
    Join Date
    Aug 2011
    Posts
    62
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Awesome stuff, don't need to worry about sending my password to people anymore

  3. #3
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    3,620
    Mentioned
    5 Post(s)
    Quoted
    0 Post(s)

    Default

    Anyone with the plugin can decrypt the passwords, right? ;-)
    Verrekte Koekwous

  4. #4
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by mastaraymond View Post
    Anyone with the plugin can decrypt the passwords, right? ;-)

    @Fruit bat.. No..

    How it works:

    Use the extension to encrypt a string.. it prints the encrypted string in your debug box..

    Call Decrypt('Encrypted string', Key); Then the plugin will do the decryption..


    @MastaRaymond
    Anyone with the plugin CANNOT do the decryption without your key.. That said.. if you think your smart enough to break XTEA encryption with Base64 encoding.. please do show me how and I will of course use a stronger encryption algorithm such as RSA or AES, etc.. I didn't think blowfish was strong enough since it's a symmetrical algorithm so I did not use it.
    Last edited by Brandon; 12-20-2011 at 05:13 AM.
    I am Ggzz..
    Hackintosher

  5. #5
    Join Date
    Nov 2009
    Posts
    47
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

  6. #6
    Join Date
    Aug 2011
    Posts
    62
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by IwriteCode View Post
    its very easy to decrypt this
    you can decrypt XTEA?

    or

    did you post this when it was the old system, he cracked a few of em before he got to the XTEA and it works great.

  7. #7
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    I don't think XTea is particularly weak? You could perhaps consider RC5 (or RC6)?



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  8. #8
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Wizzup? View Post
    I don't think XTea is particularly weak? You could perhaps consider RC5 (or RC6)?

    Hhaaha that would be a hell of a hard thing to break. Matter of fact, there are no successful attacks on RC6. But why the question mark after the XTEA? I was sorta thinking that 128 bits is more than enough for simba.. but 256 is not over kill?

    I'll look into implementing the RC5.. RC6 seemed to have a patent on it when I last looked it up.
    I am Ggzz..
    Hackintosher

  9. #9
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

  10. #10
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Shuttleu View Post
    surely someone could look at a script, get the key and decrypt it from that?

    ~shut
    Not at all.. try it. See the script either gets the user to enter the password via prompt.. OR it reads the stored password from a location of your choice defined by GetKey('keynum');

    I particularly made this for those RSBuddy users that said simba sucks without encryption because a friend can come over to their house and just open their script n bam everything is there.. well that won't happen anymore
    I am Ggzz..
    Hackintosher

  11. #11
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

  12. #12
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Shuttleu View Post
    but you said
    Decrypt('Encrypted Pass here', 'Key')

    surely "key" is the key it has been encrypted with. So the user just has to read the script to get the key and from that they can decrypt the encrypted pass

    ~shut
    Simba Code:
    Function GetKey(KeyNum: string): string; Forward;
      Procedure DeclarePlayers;
      begin
        HowManyPlayers := 1;
        NumberOfPlayers(HowManyPlayers);
        CurrentPlayer := 0;
        with Players[0] do
        begin
          Name        := Decrypt('fsfdfd93U=', GetKey('0'));
          Pass        := Decrypt('g4SDAGD362fhjFAM9==', GetKey('0'));
          Pin         := Decrypt('FS797UO0P=', GetKey('0'));
          BoxRewards  := ['XP','xp','lamp'];
          LampSkill   := 'Slayer';
          Active      := True;

          if((Pass = '') or (Pass = 'You Entered The Wrong Key')) then
          begin
            writeln('Terminating.. The Key Entered is Incorrect!');
            TerminateScript;
          end;
        end;
      end;

      Function GetKey(KeyNum: string): string;
      var
        Temp, MyKey: string;
      begin
        Temp:= ReadINI('StoredKey'+KeyNum, 'Key', 'C:/Simba/Plugins/Keys.INI');
        if((Temp = '') or (ChangeKey = True)) then
        begin
          Temp:= '';
          InputQuery('Decryption Key Needed', 'Enter Your Decryption Key', Temp);
          MyKey:= Temp;
          WriteINI('StoredKey'+KeyNum, 'Key', MyKey, 'C:/Simba/Plugins/Keys.INI');
        end else
          MyKey:= Temp;

        Result:= MyKey;

        if (Result = '') then
        begin
          writeln('Terminating.. Default Key was used.');
          TerminateScript;
        end;
      end;
    I am Ggzz..
    Hackintosher

  13. #13
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

  14. #14
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Shuttleu View Post
    i see

    so the key is chosen by the user
    and the only way to get the key is to look in the ini file

    ~shut
    Indeed. All depends on the person implementing it. That was just one implementation. They can also remove or change the key. Get Key is a forward declaration in this case.. it can be in an extension or anywhere in the script. For me it make sending my scripts easier because I don't have to worry about removing anything or sending it by accident with stuff stuff in there. It really all depends on who is implementing it.
    I am Ggzz..
    Hackintosher

  15. #15
    Join Date
    Feb 2007
    Location
    Het ademt zwaar en moedeloos vannacht.
    Posts
    7,211
    Mentioned
    26 Post(s)
    Quoted
    72 Post(s)

    Default

    XTea is pretty simple, why a 1.66mb plugin? Can be done with 20 lines of simba code
    I made a new script, check it out!.

  16. #16
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Markus View Post
    XTea is pretty simple, why a 1.66mb plugin? Can be done with 20 lines of simba code
    Wanna show me? I absolutely do not know how to do this in simba.. I've tried.. Just took the easy way out, downloaded libraries and yeah.. I even stripped the DLL fully.. not sure why its 1.66mb but I guess it's because of the amount of libraries I had..
    I am Ggzz..
    Hackintosher

  17. #17
    Join Date
    Jan 2008
    Location
    10° north of Hell
    Posts
    2,035
    Mentioned
    65 Post(s)
    Quoted
    164 Post(s)

    Default

    Simba now has RC2 thru RC6, there was a Tea encryption class, don't know if it's XTea?

    Dg's Small Procedures | IRC Quotes
    Thank Wishlah for my nice new avatar!
    Quote Originally Posted by IRC
    [22:12:05] <Dgby714> Im agnostic
    [22:12:36] <Blumblebee> :O ...you can read minds

  18. #18
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Dgby714 View Post
    Simba now has RC2 thru RC6, there was a Tea encryption class, don't know if it's XTea?

    AHHH!!! I see it!! Added on December 26th 2011. Thanks! Gunna definitey use it!
    https://github.com/MerlijnWajer/Simb.../Misc/DCPCrypt

    Edit: Is it exported or in the auto compelte? I can't seem to access it in simba..

    Edit2: Got it.. Just installed the x64 Version.

    Edit3: Wrote this:
    Simba Code:
    program Encryptor;

    Procedure Encrypt(const Key: String; var Data: String);
    var
      H: THashType;
    begin
      H:= htSHA512;
      RC6_Encrypt(Key, H, Data);
    end;

    Procedure Decrypt(const Key: String; var Data: String);
    var
      H: THashType;
    begin
      H:= htSHA512;
      RC6_Decrypt(Key, H, Data);
    end;

    var
      Data: String;

    begin
      Data:= 'StringToEncrypt';     //String to be encrypted..

      Encrypt('key', Data);     //Encrypt it with RC6 and hash with Sha512.
      Decrypt('key', Data);     //Decrypt with the above..
    end.
    I am Ggzz..
    Hackintosher

  19. #19
    Join Date
    Jan 2008
    Location
    10° north of Hell
    Posts
    2,035
    Mentioned
    65 Post(s)
    Quoted
    164 Post(s)

    Default

    Quote Originally Posted by ggzz View Post
    AHHH!!! I see it!! Added on December 26th 2011. Thanks! Gunna definitey use it!
    https://github.com/MerlijnWajer/Simb.../Misc/DCPCrypt

    Edit: Is it exported or in the auto compelte? I can't seem to access it in simba..
    https://github.com/MerlijnWajer/Simb...thods.inc#L261

    You need a very recent version of Simba, idk, if it's in the updater (yet), you may need to grab a nightly build.

    Dg's Small Procedures | IRC Quotes
    Thank Wishlah for my nice new avatar!
    Quote Originally Posted by IRC
    [22:12:05] <Dgby714> Im agnostic
    [22:12:36] <Blumblebee> :O ...you can read minds

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •