Channel Lock For Server Ops V2 Now With Hashed Password

Elrond1369 #1

Elrond1369's profile picture

34 posts

Location United States

Posted 09 August 2013 - 05:36 PM

Channel Lock for servers V2 now with hashed password

This modification to ComputerCraft locks Channels 655** so they require two passwords to open them for listening. It also uses password hashing to keep your passwords secret

Download

Setup

Spoiler

hashing the passwords
1. start lua
2. type: x = crypto.hash(pass1, pass2)
3. type file = io.open("pass.dat", "w") file:write(x .. "") file:close()
Putting the hashed password into peripheral api
1. Locate pass.dat in your computer folder. Get the number saved their
2. Open peripheral in lua/rom/api
3. search the peripheral file for <hash>
4. replace <hash> with the number from pass.dat
5. Save and update in cc.zip

Tiin57 #2

Tiin57's profile picture

1243 posts

Location Indiana, United States

Posted 09 August 2013 - 05:47 PM

Protip: Don't use Adf.ly on a Computercraft program. The money is extremely minimal and it just makes you seem greedy.

Edit: Thank you for removing it.

MysticT #3

1604 posts

Posted 09 August 2013 - 06:22 PM

> lua
> t = fs
> file = t.open("/rom/apis/peripheral", "r")
> file.readAll()
Passwords retrieved.
Easy :P/>
You should override the fs api if you want to secure files.

PixelToast #4

2217 posts

Location 3232235883

Posted 09 August 2013 - 06:23 PM

fail sandbox is fail c_C
MysticT: you forgot a "r" ;)/>

Elrond1369 #5

Elrond1369's profile picture

34 posts

Location United States

Posted 09 August 2013 - 06:55 PM

MysticT, on 09 August 2013 - 06:22 PM said:
> lua
> t = fs
> file = t.open("/rom/apis/peripheral")
> file.readAll()
Passwords retrieved.
Easy :P/>/>/>
You should override the fs api if you want to secure files.


if string.find(s, "fs%.")==nil then
error("don't try and change fs to somthing else")
end

PixelToast #6

2217 posts

Location 3232235883

Posted 09 August 2013 - 07:00 PM

yea no.
best solution is to use hashing
SHA1 and a 64 bit salt would do nicely

MysticT #7

1604 posts

Posted 09 August 2013 - 07:04 PM

Elrond1369, on 09 August 2013 - 06:55 PM said:
MysticT, on 09 August 2013 - 06:22 PM said:
> lua
> t = fs
> file = t.open("/rom/apis/peripheral")
> file.readAll()
Passwords retrieved.
Easy :P/>/>/>
You should override the fs api if you want to secure files.
if string.find(s, "fs%.")==nil then
error("don't try and change fs to somthing else")
end

Yeah, check again…
I never used "fs.", just "fs". So it won't catch it.
Derp, my bad.
Ok, use this then:
> lua
> t = _G["f".."s"]
> file = t.open("/rom/apis/peripheral", "r")
> file.readAll()
:)/>

PixelToast, on 09 August 2013 - 06:23 PM said:
fail sandbox is fail c_C
MysticT: you forgot a "r" ;)/>

Oh god, how could I? :P/>
Here it is just for you: "r" xD

Elrond1369 #8

Elrond1369's profile picture

34 posts

Location United States

Posted 09 August 2013 - 07:31 PM

MysticT, on 09 August 2013 - 07:04 PM said:
Elrond1369, on 09 August 2013 - 06:55 PM said:
MysticT, on 09 August 2013 - 06:22 PM said:
> lua
> t = fs
> file = t.open("/rom/apis/peripheral")
> file.readAll()
Passwords retrieved.
Easy :P/>/>/>
You should override the fs api if you want to secure files.
if string.find(s, "fs%.")==nil then
error("don't try and change fs to somthing else")
end
Yeah, check again…
I never used "fs.", just "fs". So it won't catch it.
Derp, my bad.
Ok, use this then:
> lua
> t = _G["f".."s"]
> file = t.open("/rom/apis/peripheral", "r")
> file.readAll()
:)/>

PixelToast, on 09 August 2013 - 06:23 PM said:
fail sandbox is fail c_C
MysticT: you forgot a "r" ;)/>
Oh god, how could I? :P/>
Here it is just for you: "r" xD

 
fs = table.remove(fs, 14)

MysticT #9

1604 posts

Posted 09 August 2013 - 07:36 PM

Elrond1369, on 09 August 2013 - 07:31 PM said:
fs = table.remove(fs, 14)

What? :huh:/>
I can't find that or your previous "fix" in the code anyway.
Also, you are blocking any file/path that contains peripheral…

Elrond1369 #10

Elrond1369's profile picture

34 posts

Location United States

Posted 09 August 2013 - 07:49 PM

PixelToast, on 09 August 2013 - 07:00 PM said:
yea no.
best solution is to use hashing
SHA1 and a 64 bit salt would do nicely

~~Um how is that done~~
Never mind I found something that can do this. Your right this should work better

Elrond1369 #11

Elrond1369's profile picture

34 posts

Location United States

Posted 20 August 2013 - 05:54 PM

MysticT, on 09 August 2013 - 07:36 PM said:
Elrond1369, on 09 August 2013 - 07:31 PM said:
fs = table.remove(fs, 14)
What? :huh:/>
I can't find that or your previous "fix" in the code anyway.
Also, you are blocking any file/path that contains peripheral…

I've completely changed everything to use password hashing and it uses your bit rotate functions.

PixelToast #12

2217 posts

Location 3232235883

Posted 20 August 2013 - 10:16 PM

function hash(pass1, pass2)
local key = 32
local x
local y
local pass
local output
while key % 32 == 0 do
key = math.random(10000, 99999)
end
x = string.len(pass1)
y = 1
output = 0
while y ~= x+1 do
output = output + string.byte(string.sub(pass1, y, y+1))
output = output * 2
y = y + 1
end
pass1 = output
x = string.len(pass2)
y = 1
output = 0
while y ~= x+1 do
output = output + string.byte(string.sub(pass2, y, y+1))
output = output * 2
y = y + 1
end
pass2 = output
pass = rightRotate(pass1, key)
pass = leftRotate(pass, pass2)
return pass
end

Uhm
now anything i look at instantly smells like fish

NeverCast #13

392 posts

Location Christchurch, New Zealand

Posted 20 August 2013 - 10:26 PM

Your hash function needs a complete scrap and rewrite mate.
Firstly it's not a hash function if it generates different results each time, which it's certain to do because you use math.random. Perhaps a bit more learning about how hash functions actually work could be profitable for you. Secondly your checkhash function effectively brute forces the hash. I cannot imagine the amount of collisions that will cause ( Something else you should research if it doesn't make sense, hash collisions).

You've got a great idea here, and I don't want you to give up. But your implementation of hashing is all wrong, and you should sincerely consider redoing it.
Thanks for your submit and I look forward to your update; and remember to have fun when coding!

Elrond1369 #14

Elrond1369's profile picture

34 posts

Location United States

Posted 21 August 2013 - 09:57 PM

NeverCast, on 20 August 2013 - 10:26 PM said:

Your hash function needs a complete scrap and rewrite mate.
Firstly it's not a hash function if it generates different results each time, which it's certain to do because you use math.random. Perhaps a bit more learning about how hash functions actually work could be profitable for you. Secondly your checkhash function effectively brute forces the hash. I cannot imagine the amount of collisions that will cause ( Something else you should research if it doesn't make sense, hash collisions).

You've got a great idea here, and I don't want you to give up. But your implementation of hashing is all wrong, and you should sincerely consider redoing it.
Thanks for your submit and I look forward to your update; and remember to have fun when coding!

The math.random is to create a salt so that you can't get the passwords using a rainbow table. The check function then goes thruogh all posible salts. If you find a colision please let me know and then I'll try and fix it. It's really patetic that someone would waste time trying to crack a hashed password inside a video game when in the end it would only get them baned from the server.

PixelToast #15

2217 posts

Location 3232235883

Posted 22 August 2013 - 10:39 PM

yeah, banned, as if the admin were watching over me and making sure i dont have access to specific channels
c_c
i actually cracked passwords on a server i go to
and rainbow tables are only efficiently made in SHA and such hashes, not this one (if you would even consider it a hash)…

and why "pass1" and "pass2" whai!

key=math.random(10000, 99999)

you know, you could just multiply a random number by 32 and it will automatically become %32


x = string.len(pass2)
y = 1
output = 0
while y ~= x+1 do
output = output + string.byte(string.sub(pass2, y, y+1))
output = output * 2
y = y + 1
end

this.
this is not a hash.
this makes me want to puke.
rainbow tables arent needed to top the crap that was thrown into it.

time to make a program to crack it (assuming i will not die from retardation before then)
well not crack it, more like a collision generation program

sorry if i was mean, just had a [INSERT RAGE HERE] moment there

Elrond1369 #16

Elrond1369's profile picture

34 posts

Location United States

Posted 26 August 2013 - 05:46 PM

PixelToast, on 22 August 2013 - 10:39 PM said:
yeah, banned, as if the admin were watching over me and making sure i dont have access to specific channels
c_c
i actually cracked passwords on a server i go to
and rainbow tables are only efficiently made in SHA and such hashes, not this one (if you would even consider it a hash)…

and why "pass1" and "pass2" whai!
key=math.random(10000, 99999)
you know, you could just multiply a random number by 32 and it will automatically become %32
x = string.len(pass2)
y = 1
output = 0
while y ~= x+1 do
output = output + string.byte(string.sub(pass2, y, y+1))
output = output * 2
y = y + 1
end
this.
this is not a hash.
this makes me want to puke.
rainbow tables arent needed to top the crap that was thrown into it.

time to make a program to crack it (assuming i will not die from retardation before then)
well not crack it, more like a collision generation program

sorry if i was mean, just had a [INSERT RAGE HERE] moment there

So I should just remove the key? Also I can't find any usefull info on how to make a password hasher.