Results 1 to 13 of 13

Thread: Is it possible?

  1. #1
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default Is it possible?

    Is it possible to have simba read a string and execute that?

    Example:

    Simba Code:
    var
       Data, X: String;

    Begin
       X:= 'blehsdgsgs';
       Data:= 'begin writeln(X); end;';

      //Read Data and execute whatever is in that string..
    //This it would output the value of X?
    End.
    I am Ggzz..
    Hackintosher

  2. #2
    Join Date
    Jan 2008
    Location
    10° north of Hell
    Posts
    2,035
    Mentioned
    65 Post(s)
    Quoted
    164 Post(s)

    Default

    Not currently. Tho you can use CallProc(Proc: string; Args: TVariantArray); to call a procedure by name (string).

    Dg's Small Procedures | IRC Quotes
    Thank Wishlah for my nice new avatar!
    Quote Originally Posted by IRC
    [22:12:05] <Dgby714> Im agnostic
    [22:12:36] <Blumblebee> :O ...you can read minds

  3. #3
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Dgby714 View Post
    Not currently. Tho you can use CallProc(Proc: string; Args: TVariantArray); to call a procedure by name (string).
    Ahhh defeats the whole purpose of reading a file into a string and then having simba run the procedures contained in that =l

    Oh well I'll try that CallProc and see what I can do. I asked because I encrypted an entire script and wanted to decrypt/run it without really showing the data..
    I am Ggzz..
    Hackintosher

  4. #4
    Join Date
    Jan 2008
    Location
    10° north of Hell
    Posts
    2,035
    Mentioned
    65 Post(s)
    Quoted
    164 Post(s)

    Default

    Quote Originally Posted by ggzz View Post
    Ahhh defeats the whole purpose of reading a file into a string and then having simba run the procedures contained in that =l

    Oh well I'll try that CallProc and see what I can do.
    Does the function need to be a full fledged compiler+MML, or will a simpler one work?

    I can prob throw together a simple procedure that loads the string into Lape and executes it.
    It won't be able to use the current scripts resources tho. (variables, constants, functions)

    Dg's Small Procedures | IRC Quotes
    Thank Wishlah for my nice new avatar!
    Quote Originally Posted by IRC
    [22:12:05] <Dgby714> Im agnostic
    [22:12:36] <Blumblebee> :O ...you can read minds

  5. #5
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Dgby714 View Post
    Does the function need to be a full fledged compiler+MML, or will a simpler one work?

    I can prob throw together a simple procedure that loads the string into Lape and executes it.
    It won't be able to use the current scripts resources tho. (variables, constants, functions)
    Ahhh I see hmm I'll get back to you on that. The scripts I encrypted were full on pascal scripts that actually use smart and yeah it won't be of much use if I couldn't use the includes.. If this was done, would I myself be able to translate each function to Python? If I can, then I'd actually start on that.

    Ahh don't worry yourself about it, I'll find another way.
    I am Ggzz..
    Hackintosher

  6. #6
    Join Date
    Nov 2011
    Posts
    255
    Mentioned
    0 Post(s)
    Quoted
    6 Post(s)

    Default

    Here is my suggestion on how to increase security, any static variables, strings, ints, colors, etc, load into an array from an authed web server. Have them be encrypted by a given string (maybe a users IP address) and use that string to decrypt the data at runtime. Also obfucate the code obviously. That will secure your script against the majority of people trying to crack it. If someone can get through that, they most likely have the ability to get through any security you can place on any code given the nature of simba (must show source code)

    Edit: I didn't know about this callproc function, but with that you could have it load your entire main loop from online, just have a bunch of bogus procedures very similar but not-functioning or functioning in adverse ways in the script to make it harder to crack. And then in the main loop call each procedure by an encrypted spot in the initial array so no procedure name is ever displayed. That would be a bit harder to get through.
    Last edited by [Nathan]; 01-08-2012 at 04:18 AM.

  7. #7
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by [Nathan] View Post
    Here is my suggestion on how to increase security, any static variables, strings, ints, colors, etc, load into an array from an authed web server. Have them be encrypted by a given string (maybe a users IP address) and use that string to decrypt the data at runtime. Also obfucate the code obviously. That will secure your script against the majority of people trying to crack it. If someone can get through that, they most likely have the ability to get through any security you can place on any code given the nature of simba (must show source code)

    Edit: I didn't know about this callproc function, but with that you could have it load your entire main loop from online, just have a bunch of bogus procedures very similar but not-functioning or functioning in adverse ways in the script to make it harder to crack. And then in the main loop call each procedure by an encrypted spot in the initial array so no procedure name is ever displayed. That would be a bit harder to get through.
    Problem.. Simba cannot execute code within a string.. So loading the script from any servers = nope.. never.. It's exactly the same thing your proposing as in my first post -_-
    When simba gets a page, it returns the html file in a string.. and if I were to do it any other way, that would require sockets and there's no way I'm going to do that just for a script.. maybe if it was a database or something.. I'm pretty sure even if I were to use sockets, it'd still not be able to compile whatever I downloaded.. Why? Because I'd have to decrypt the file.. that'd make the whole point of this thread useless because any old smart guy can easily just find the decrypted file and yeah.. wasted my time.
    I am Ggzz..
    Hackintosher

  8. #8
    Join Date
    Dec 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by ggzz View Post
    Problem.. Simba cannot execute code within a string.. So loading the script from any servers = nope.. never.. It's exactly the same thing your proposing as in my first post -_-
    When simba gets a page, it returns the html file in a string.. and if I were to do it any other way, that would require sockets and there's no way I'm going to do that just for a script.. maybe if it was a database or something.. I'm pretty sure even if I were to use sockets, it'd still not be able to compile whatever I downloaded.. Why? Because I'd have to decrypt the file.. that'd make the whole point of this thread useless because any old smart guy can easily just find the decrypted file and yeah.. wasted my time.
    It is possible, though I'm not sure how.

    Freddy1990 said he'd be designing something like this in the near future. He's the guy to ask.

  9. #9
    Join Date
    Oct 2009
    Location
    Stockton, CA
    Posts
    2,040
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by belbn View Post
    It is possible, though I'm not sure how.

    Freddy1990 said he'd be designing something like this in the near future. He's the guy to ask.
    Simba != SCAR.
    Join the IRC! irc.rizon.net:6667/srl | SQLite (0.99rc3+) | SRL Doc | Simba Doc | Extra Simba Libraries (openSSL & sqlite3)
    Quote Originally Posted by #srl
    10:45 < Toter> daphil when can get sex anyday I want
    10:45 < Toter> he is always on #SRL
    "A programmer is just a tool which converts caffeine into code"

  10. #10
    Join Date
    Nov 2011
    Posts
    255
    Mentioned
    0 Post(s)
    Quoted
    6 Post(s)

    Default

    Quote Originally Posted by ggzz View Post
    Problem.. Simba cannot execute code within a string.. So loading the script from any servers = nope.. never.. It's exactly the same thing your proposing as in my first post -_-
    When simba gets a page, it returns the html file in a string.. and if I were to do it any other way, that would require sockets and there's no way I'm going to do that just for a script.. maybe if it was a database or something.. I'm pretty sure even if I were to use sockets, it'd still not be able to compile whatever I downloaded.. Why? Because I'd have to decrypt the file.. that'd make the whole point of this thread useless because any old smart guy can easily just find the decrypted file and yeah.. wasted my time.
    You missunderstand what im saying, i didn't say execute any string in there. I meant the string being the name of an already coded procedure. You have all the procedures + decoy ones in the script, and in the main thread you call them by their name, but using a name loaded from the webserver so its difficult to find out what procedure is actually being called

  11. #11
    Join Date
    Dec 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by Sex View Post
    Simba != SCAR.
    We're talking basic Pascal here. There isn't much of a difference in terms of how the code is executed.

  12. #12
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by [Nathan] View Post
    You missunderstand what im saying, i didn't say execute any string in there. I meant the string being the name of an already coded procedure. You have all the procedures + decoy ones in the script, and in the main thread you call them by their name, but using a name loaded from the webserver so its difficult to find out what procedure is actually being called

    Ahh but someone smart would just put Writeln(#number here) after each one that was called.. they'd just check which numbers were written and bam.. you know which proc's are called off the server -_-
    I am Ggzz..
    Hackintosher

  13. #13
    Join Date
    Nov 2011
    Posts
    255
    Mentioned
    0 Post(s)
    Quoted
    6 Post(s)

    Default

    Quote Originally Posted by ggzz View Post
    Ahh but someone smart would just put Writeln(#number here) after each one that was called.. they'd just check which numbers were written and bam.. you know which proc's are called off the server -_-
    Thats why you've got to get creative It's also a huge downside to trying to encrypt a simba script, because a simple writeln can usaually kill it for you. But there are ways around that

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •