Making a program secure against hackers.

I know, this is ComputerCraft, but since many people have used the HTTP api to login to websites, on a server, a hacker could come on and change the program to send all the passwords to him/her! Which is not a good thing. So here is how to secure your program against hackers!

Step 1:

Spoiler

This part is securing the program against CTRL-T. If you didn't know, holding down this keyboard shortcut will terminate the program and give access to hackers! To disable it, you need to add this code to the top of the program:

os.pullEvent = os.pullEventRaw -- disable termination

os.pullEvent is a function that yields (pauses) the program until an event is received. An event is anything like a mouse click, a redstone input, and many other things! Check the list here!

os.pullEventRaw will NOT break on system events (terminate, reboot, shutdown). It is used for advanced programs that need to handle these events differently AND preventing termination. (There is currently no way to stop rebooting and shutting down, but we will get there soon.)

To restore os.pullEvent, you must first make a backup of it to restore later.

old_pullevent = os.pullEvent
os.pullEvent = os.pullEventRaw
-- some code
-- more code
os.pullEvent = old_pullevent -- this will allow termination again!

Step 2:

Spoiler

OK, you have secured against CTRL-T, but what if someone tries CTRL-R to reboot? They will go into the shell again! So to stop this, type:

edit startup

Startup is the file that runs at boot time. Hopefully it will be blank. Type:

shell.run("your_program") -- replace your_program with the name of your program

Now press CTRL and choose save, then reboot. Your program should start! If not, you either will get:

No such program -- you typed the name of the program wrong
(nothing) -- you didn't save
startup:1:attempt to call nil -- you typed shell.run wrong
startup:1:attempt to index ? (a nil value) -- you forgot the quotes

Step 3:

Spoiler

I am assuming that your program does not quit immediately. (Like cp, mv and other command line programs.) But you must have a quit option somewhere, so how do you stop people going into the shell?
There is one way that is simple but limited:

1. Edit startup again
2. Go to line 2 (the line after shell.run("your_program"))
3. Type os.reboot()
4. Save the file

You could even do:

1. Edit startup
2. Move line 1 to line 2
3. Type while true do in line 1
4. Go to line 3
5. Type end
6. Save the file

But what if your program takes arguments? (command line parameters)

If this is the case, try this in the startup file(pretty basic):

amount_of_params = 3 -- change this to how many your program takes
p = {}
while true do
for i = 1, #params do
  print("Parameter " .. tostring(i) .. "?")
  table.insert(p, read())
end
p1, p2, p3 = unpack(p) -- make p4, p5 and as many as you need!
shell.run("your_program", p1, p2, p3) -- add p4 and p5 and more here!
end

As you can see, this tutorial is not finished yet. Check back soon!

ZudoHackz, on 09 July 2013 - 02:20 AM said:

I know, this is ComputerCraft, but since many people have used the HTTP api to login to websites, on a server, a hacker could come on and change the program to send all the passwords to him/her! Which is not a good thing. So here is how to secure your program against hackers!

Wait so you're suggesting to add a password lock to the computer to stop people from getting usernames and passwords from the HTTP api? Not very effective imo.
With you saying HTTP API I was expecting this tutorial to be something about making data secure for transmission and then sending it to PHP, which then securely stores it in a hidden database or something like that…. I wasn't expecting this to be yet another "How to make a door lock" type tutorial…

Damn I would of thought is was a PHP securing tutorial.
If anyone have some tips please give me some :P/> !

theoriginalbit, on 09 July 2013 - 03:40 AM said:

ZudoHackz, on 09 July 2013 - 02:20 AM said:

I know, this is ComputerCraft, but since many people have used the HTTP api to login to websites, on a server, a hacker could come on and change the program to send all the passwords to him/her! Which is not a good thing. So here is how to secure your program against hackers!

Wait so you're suggesting to add a password lock to the computer to stop people from getting usernames and passwords from the HTTP api? Not very effective imo.
With you saying HTTP API I was expecting this tutorial to be something about making data secure for transmission and then sending it to PHP, which then securely stores it in a hidden database or something like that…. I wasn't expecting this to be yet another "How to make a door lock" type tutorial…

That is an example

ZudoHackz, on 09 July 2013 - 02:20 AM said:

print("Parameter " + tostring(i) + "?")

Wut… This is not Java

There are other serious issues with the code as well.

OP, please clean this up and make a real tutorial out of it, as it does not currently meet minimum expectations.

The big problem with protection from hackers is Ctrl+S. There's no way to stop it, like Ctrl+R, but Ctrl+S allows you to place a disk-drive next to the computer before you startup the computer again. Disk-drives can bypass the original startup file, and allow access to all the files.

Also I'm not sure about the whole old_pullEvent situation.

P.S. Always use protection, but it's not 100% efficient!!!

this dosent really teach you how to protect against people who want to secure rednet communications (which is a real problem for new people), preventing termination is basic, and you dont need to have shell.run in startup, just rename it to startup
i might make a tutorial on how to secure rednet connections with a new encryption api i made

in a an area that people can place blocks you can not stop a shutdoww, reboot etc. step 1, place computer2(a computer in your inv) next to computer1(computer you wish to shutdown) next to it. step 2 go into lua and type

 comp = peripheral.wrap(side) comp.shutdown() 

no program is really safe :/

jay5476, on 11 August 2013 - 07:01 AM said:

in a an area that people can place blocks you can not stop a shutdoww, reboot etc. step 1, place computer2(a computer in your inv) next to computer1(computer you wish to shutdown) next to it. step 2 go into lua and type

 comp = peripheral.wrap(side) comp.shutdown() 

no program is really safe :/

jay5476 I'm sorry to burst your thunder but that's actually combatible, if I may create that word.
It's possible to detect the placement of the computer, and the same logic you used is reversed.
Simply tell the original computer to wait for a peripheral to be added, if it's a computer continually call the shutdown method on every side that there is an identified computer, and only when the computer has been removed from the side, does the original computer stop calling the shutdown method on that side.

The true reason you cannot stop a shutdown is very simply the Ctrl+S combination. There is no protection

oh lol I completely missed that they would have to code that aswell account for wired modems so it makes it all more difficult

@reububble
If you make a program that restart a computer if ctrl + s is pressed 0,9 seconds you can't use ctrl+s to shutdown ;)/>

theeboris, on 11 August 2013 - 03:21 PM said:

@reububble
If you make a program that restart a computer if ctrl + s is pressed 0,9 seconds you can't use ctrl+s to shutdown ;)/>

uhhhhh… except I don't know exactly what you said here, the is no stopping the CTRL+S and CTRL+R key combos as they're built in Java side and actually bypass the Lua environment completely!

theoriginalbit, on 11 August 2013 - 08:21 PM said:

theeboris, on 11 August 2013 - 03:21 PM said:

@reububble
If you make a program that restart a computer if ctrl + s is pressed 0,9 seconds you can't use ctrl+s to shutdown ;)/>

uhhhhh… except I don't know exactly what you said here, the is no stopping the CTRL+S and CTRL+R key combos as they're built in Java side and actually bypass the Lua environment completely!

what he meant was, you can prevent the computer from being shut down by detecting if the ctrl and S key were pressed for a long time and restart
but that dosent work because the shutdown event isnt cancelled by a reboot

yeh if your holding the keys when its rebooted it can be bypassed

Nope, it's a java level implementation that will always shutdown the computer if the Ctrl+S has been held down for 1 second.
Even if you reboot the computer 10 times in that second, the game knows how long you've held down the buttons, even if the ComputerCraft computer doesn't.

Sucks don't it?

Aaahw :(/> It sucks indeed :(/>