 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
 Posted: Mon Aug 24, 2015 2:11 pm Post subject: crack me password and trainer protection |
 |
|
I remembered I wrote something similar b4 but forgot where, so here a little game and to prove the concept. (just in case, this is never my original idea, I guess "hash the password" is common sense for coder using password.)
how to play:
1. click "test me" entry
2. guess the password
3. look into the source to find hint for part 1
4. you (virtually) cant find part 2 password if the concept is right 
0. cannot protect from your friend whose you give him the real password. He can see the decoded source with a bit lua/scripting knowledge.
enjoy~
| Description: |
|
Download |
| Filename: |
0.passwordtest.CT |
| Filesize: |
4.41 KB |
| Downloaded: |
560 Time(s) |
_________________
- Retarded.
Last edited by panraven on Tue Aug 25, 2015 12:14 pm; edited 1 time in total |
|
| Back to top |
|
 |
lolAnonymous
Expert Cheater
![]() Reputation: 1
Joined: 19 Jul 2015
Posts: 154
|
| Posted: Mon Aug 24, 2015 2:53 pm Post subject: |
|
|
I Don't Know What Are U Saying Because Of My Weak English But Can I Ask U What Is This ? I Got This From Your .ct File
| Code: | {$lua}
if syntaxcheck==true then return '' end
--
--
-- common function
function loadTableFile(n,mode)
local hdr = 'loadTableFile: '
assert(type(n)=='string',hdr.."input should be a string -"..tostring(n).." of "..type(n))
local m = assert(findTableFile(n),hdr.."can't find table file -"..n).Stream
m = assert(readStringLocal(m.Memory,m.Size),hdr.."can't read content -"..n)
if type(mode)~='boolean' then return m end
m = assert(loadstring(m,n),hdr.."lua script load fail -"..n)
return mode and m() or m
end
function enc(s,k,infile,outfile) -- this can be not include on releasing trainer/table, but ok to include
if type(k)~='string' then return nil,'?ERROR?' end
if type(infile)=='string' then
local ok,f = pcall(io.open,infile,'r')
if ok and f then
s = f:read("*a")
f:close()
end
elseif findTableFile(s or '') then
s = loadTableFile(s)
end
if type(s)~='string' then return nil,'?ERROR?' end
k = stringToMD5String(k)
local kt,t,i,j = {},{},1
while k:byte(i) do kt[1+#kt]=k:byte(i) i=i+1 end
i=1
while s:byte(i) do
j = 1+((i-1) % #kt)
t[1+#t]= bAnd(bXor(kt[j],s:byte(i)),0xff)
i = i+1
end
t = #t>0 and "{"..table.concat(t,",").."}" or '{}'
if type(outfile)=='string' then
local ok,f = pcall(io.open,outfile,'w')
if ok and f then
f:write(t)
f:close()
end
end
return t
end
local dec = function(t,k)
if type(t)~='string' or type(k)~='string' then return nil,'*ERROR*' end
k = stringToMD5String(k)
local fs = "return "..t
local kt,i = loadstring(fs),1
local ok
if type(kt)=='function' then ok,t = pcall(kt) end
if not ok or type(t)~='table' then return nil,'!ERROR!' end
kt = {}
while k:byte(i) do kt[1+#kt]=k:byte(i) i=i+1 end
local s,j = {}
for i=1,#t do
j=1+((i-1) % #kt)
s[1+#s]= string.char(bAnd(bXor(kt[j],t[i]),0xff))
end
return table.concat(s)
end
--- do not ship your train/table with the real password
--- do not ship your train/table with the real password
--- do not ship your train/table with the real password
--- do not ship your train/table with the real password
local coreSource = "Ok, you got the explict password from source, well done!!! ;) now try the hidden one :D"
local password = "ce"
--- do not ship your train/table with the real password
--- do not ship your train/table with the real password
--- do not ship your train/table with the real password
--- do not ship your train/table with the real password
--- sample code to make encoded tablefile
--- sample code to make encoded tablefile
--- sample code to make encoded tablefile
--- sample code to make encoded tablefile
--enc(nil,"no-this-is-not-password-:D",[[mysource.lua]],'enctbl')
--- sample code to make encoded tablefile
--- sample code to make encoded tablefile
--- sample code to make encoded tablefile
--- sample code to make encoded tablefile
local enSource = enc(coreSource,password) -- replace this as " loadTableFile('enctbl') " like ==ENCODE== below
function r(psw)
print('')
print('')
-- explict source password is 'ce'
local deSource = dec(enSource,psw)
print("Explict Source:\n")
print( deSource)
deSource = dec(loadTableFile('enctbl'),psw) -- ==ENCODE==
-- this one is runnable
print("Hidden Source:\n")
local ok,runnable = pcall(loadstring,deSource)
if ok and type(runnable)=='function' then
print("Good! you crack the hidden source!")
print("here you go!")
runnable()
else
print( deSource)
end
end
r(inputQuery("Password","Enter Password>","cancel to pretent you know the password ;)") or password)
{$asm}
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
[DISABLE]
//code from here till the end of the code will be used to disable the cheat |
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Mon Aug 24, 2015 7:31 pm Post subject: |
|
|
Given that this is just the plain text CE file, it has no protection to it since anyone can see the code used to encrypt and decrypt your trainer information.
The password is: ce
_________________
- Retired. |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Tue Aug 25, 2015 7:27 am Post subject: |
|
|
second password: dSg
At least your script says: "Good! you crack the hidden source!"
_________________
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
| Posted: Tue Aug 25, 2015 9:04 am Post subject: |
|
|
| mgr.inz.Player wrote: | second password: dSg
At least your script says: "Good! you crack the hidden source!"
|
Ah, embarrassing... 
My testing response is failed.
The "Good!" message show if the decoded string compile as function by loadstring, but no, the decoded string will be a run-able script with another message, there are more than the just "Good!" response will be show.
(That mean a complete lua script can be encode and decode and run)
To save time for using brute force, the pass is a 11-alpha. (was 9-alpha, but it seems I cannot count my fingers ~_~)
| atom0s wrote: | Given that this is just the plain text CE file, it has no protection to it since anyone can see the code used to encrypt and decrypt your trainer information.
The password is: ce |
The psw should not be include in the published ct, that's what the hidden part 
ADDED: Updated. It should now only show the "Good" message with correct password (or matching md5 hashed string?) in hidden part.
_________________
- Retarded.
Last edited by panraven on Tue Aug 25, 2015 12:16 pm; edited 2 times in total |
|
| Back to top |
|
|
lolAnonymous
Expert Cheater
![]() Reputation: 1
Joined: 19 Jul 2015
Posts: 154
|
| Posted: Tue Aug 25, 2015 11:00 am Post subject: |
|
|
Hmmm.... Thanks A lot For This Code/Script Now I Can Save My Auto Assembler Scripts 
Hey But Can U Tell Me How U Got The Second Password ?
Thanks,
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Tue Aug 25, 2015 5:36 pm Post subject: |
|
|
@panraven: If you want to test the security of things, post up a completed trainer/table that has your protections in-tact without any extra stuff that should not be there. You will get a better overall analysis of what you are trying to do to protect the file.
Keep in mind though, if you are just using the stock Cheat Engine trainer stuff, it is super easy to undo any and all of the protections.
_________________
- Retired. |
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
 Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Tue Aug 25, 2015 5:48 pm Post subject: |
|
|
After all, you can't stop somebody from looking at files on their own computer.
You can make it harder or more annoying for them to get useful info out of it, but you can't stop them.
_________________
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
|
| Back to top |
|
|
lolAnonymous
Expert Cheater
![]() Reputation: 1
Joined: 19 Jul 2015
Posts: 154
|
| Posted: Tue Sep 01, 2015 11:26 am Post subject: |
|
|
Panraven Bro I Want To Pm U Need To Talk Some Thing About Your Trainer Can U Pm Me I Can't Pm U Because CE Forum Don't Allow Me 
Thanks In Advance
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
