C++

Forum

 
[CHALLENGE] Hack this program

Pages: 12
ozza (35)
I've made a password protection program with encryption, and I want to see how secure it is. If anyone could come up with any vulnerabilities or improvements please let me know. First, create a password, or get somebody else to. Then, try and get into the program without using the password. Also, please don't cheat and use the decryption key provided in the source, that's there purely so that you can compile the program yourself and make sure it's not a virus. Here it is, go crazy:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
 
#include<iostream>
#include<fstream>
#include<conio.h>
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <winable.h>
#include <cmath>
#include<string>
using namespace std;


void Auth(); //prompt to enter password
void Members(); //where you place your program, to be accessed after successful password
void Userchange(); //disabled
void Passchange(); //unused
void First(); //prompt to enter a password if there isn't one on record (i.e first time opening program)
void menu(); //currently unused
void Select(); //selection menu to access pass change or program etc.
void encrypt(string &e); //encrypt function
void decrypt (string &e); //decrypt function
string inpass;
string user;
string pass;
string first;
string firstconf;
int num = 0;
string com;
char c=' ';

main()
{
      system("cls");
      while(num==0)
      {
      system("cls");
      ifstream Passfile("password.txt", ios::in);
      Passfile>>inpass;
      if (inpass == ""){
      Passfile.close();
      cout<<"It appears that this is your first time opening this program\nplease enter a password: ";
      First();
      }
      else{
      Auth();
}}}
void Auth()
{
     ifstream Passfile("password.txt", ios::in);
     Passfile>>inpass;
     decrypt ( inpass );
     system("cls");
     cout<<"PASSWORD: ";
     
         do   //Loop until 'Enter' is pressed
         {
            
         c = getch();
         switch(c)
            {
            case 0: //Catches f1-f12
               {
               getch();     
               break;
               }
               case 0xE0: //Catches arrow keys, end, home, page up/down, etc.
                    {
                         getch();
                          break;
                          }
            case '\b':
               {
               if(pass.size() != 0)  //If the password string contains data, erase last character
                  {
                  cout << "\b \b";
                  pass.erase(pass.size() - 1, 1);
                  }
               break;       
               }  
              
            default:
            {
               if(isalnum(c) || ispunct(c))
                  {
                                      
                  pass += c;
                  cout << "*";           
                  }
                  
               break;     
               }
            };
         }  
         
         
      while(c != '\r');
      
   cout<<"\n";
     Passfile.close();
     if(pass==inpass)
     {
                     Select();
                     }
     else
     {
         cout<<"Wrong Password, please try again.";
         Sleep(500);
         main();
         }
}
  void First()
  {
       string first;
       string firstconf;
do   //Loop until 'Enter' is pressed
/*3 NUL
15 Shift Tab
16-25 Alt-Q/W/E/R/T/Y/U/I/O/P
30-38 Alt-A/S/D/F/G/H/I/J/K/L
44-50 Alt-Z/X/C/V/B/N/M
59-68 F1-F10 (disabled as softkeys)
71 Home
72 Up Arrow
73 PgUp
75 Left Arrow
77 Right Arrow
79 End
80 Down Arrow
81 PgDn
82 Ins
83 Del
84-93 F11-F20 (Shift-F1 to Shift-F10) 
94-103 F21-F30 (Ctrl-F1 to Ctrl-F10)
104-113 F31-F40 (Alt-F1 to Alt-F10)
114 Ctrl-PrtScr
115 Ctrl-Left Arrow
116 Ctrl-Right Arrow
117 Ctrl-End
118 Ctrl-PgDn
119 Ctrl-Home
120-131 Alt-1/2/3/4/5/6/7/8/9/0/-/=
132 Ctrl-PgUp
133 F11
134 F12
135 Shift-F11
136 Shift-F12
137 Ctrl-F11
138 Ctrl-F12
139 Alt-F11
140 Alt-F12
*/
         {
         c = getch();
         switch(c)
         {
            case 0: //Catches f1-f12
               {
               getch();
               break;
               }
               case 0xE0: //Catches arrow keys, end, home, page up/down, etc.
                    {
                         getch();
                          break;
                    }
            case '\b':
               {
               if(first.size() != 0)  //If the password string contains data, erase last character
                  {
                  cout << "\b \b";
                  first.erase(first.size() - 1, 1);
                  }
               break;       
               }   
            default:
               {
               if(isalnum(c) || ispunct(c))
                  {
                  first += c;
                  cout << "*";           
                  }
                  
               break;     
               }      
            };
         }
      while(c != '\r');
       cout<<"\n";
      system("cls");
      cout<<"Confirm Password: ";
     do   //Loop until 'Enter' is pressed
         {
         c = getch();
         switch(c)
            {
            case 0: //Catches f1-f12
               {
               getch();
               break;
               }
               case 0xE0: //Catches arrow keys, end, home, page up/down, etc.
                    {
                         getch();
                          break;
                          }
            case '\b':
               {
               if(firstconf.size() != 0)  //If the password string contains data, erase last character
                  {
                  cout << "\b \b";
                  firstconf.erase(firstconf.size() - 1, 1);
                  }
               break;       
               }   
            default:
               {
               if(isalnum(c) || ispunct(c))
                  {
                  firstconf += c;
                  cout << "*";           
                  }
               break;     
               }
            };
         }  
      while(c != '\r');
   cout<<"\n";
     if (first.compare(firstconf) != 0){
       cout<<"Passwords do not match, please try again";
      Sleep(1000);
      system("cls");


      First();
}  
    else if(first.compare(firstconf) == 0) {
      ofstream Passfile("password.txt", ios::out);
      encrypt( first );
      Passfile<<first;
      Passfile.close();
      cout<<"Password successfully registered! You may now access the program";
      Sleep (1000);
      system ("cls");
      main();
      }
      }
void Members()
{

menu();
}
void menu(){
string str;
string x;
system ("cls");
cout <<"1. Write to a file\n";
cout<<"2. Read what you've written\n";
getline(cin, x);
if (x=="1"){
system("cls");
  fstream myfile("example.txt", ios::out|ios::app);
  myfile <<"\n";
  getline (cin, str);
  myfile << str;
  myfile.close();
  menu();
}
if (x=="2"){
            system("cls");
  string line;
  ifstream myfile ("example.txt");
  if (myfile.is_open())
  {
    while ( myfile.good() )
    {
      getline (myfile,line);
      cout <<line << endl;
    }
    myfile.close();
  getch();
  menu();
  }

  else{ cout << "Unable to open file"; 
}
}
menu();
}

//encrypt data
void encrypt (string &e) 
{
  const char* tempCharArray = e.c_str();
  for( int i=0; i<e.size(); ++i )
    e[i] = tempCharArray[i]+75;

  
} // encrypt

//decrypt data
void decrypt (string &e)
{
  const char* tempCharArray = e.c_str();
  for( int i=0; i<e.size(); ++i )
    e[i] = tempCharArray[i]-75;
  
} // decrypt

void Select(){
     system("cls");
            cout<<"Congratulations! You've either hacked in or cheated :P, please tell me how you\ndid it at http://www.cplusplus.com/forum/beginner/76573/(the link you should've gotten this from)\n";

getch();

      }
Last edited on
Athar (4466)
I've made a password protection program with encryption, and I want to see how secure it is.

It's about as secure as encrypting a page of text by flipping it upside down.
What you're using is this: http://en.wikipedia.org/wiki/Caesar_cipher
It would be secure if the key was at least as long as the password and completely random (and, of course, different each time).
Last edited on
gelatine (256)
when we are trying to hack the program, are we allowed to see the code or not ?
ozza (35)
Try to use as little of the code as possible, because people trying to hack in wouldn't be able to see it. It's purely there to prove that it isn't a virus. And Athar, I would love for it to be a random encryption but can't work out how to decrypt a random encryption. Any suggestions?
Akshit (196)
save random key with password
Athar (4466)
I would love for it to be a random encryption but can't work out how to decrypt a random encryption. Any suggestions?

That's not possible. The key must be supplied by the user when encrypting and decrypting, possibly in the form of a hashed password. When storing passwords, they are usually salted and then hashed - this is secure enough for practical purposes.

save random key with password

Brilliant idea... actually, not really.
Last edited on
ozza (35)
I'm sorry but I don't understand how to do that.
gelatine (256)
here is a nice article on hashing:
http://www.cprogramming.com/tutorial/computersciencetheory/hash-table.html

the main idea about encryption is that there is NO decryption.
the user enters a password and you encrypt it and store it somewhere.
if the user uses his password again then you encrypt the password again and if the 2 encrypted password matches then he typed his password. so if a hacker gets the password file there is no way he can get the password of the user
Last edited on
ozza (35)
Thankyou, by the way, did you manage to get in?
Athar (4466)
The requirements for a hash function used in hash tables is different from one used in cryptography.
http://en.wikipedia.org/wiki/Cryptographic_hash_function
gelatine (256)
nope, but once you have the password file it isn't any problem. and since the password file is stored on the computer where the program is located that won't be a problem. you really need a serious encryption.
ozza (35)
I never thought of it that way before, by not decrypting it. That's very clever. The only problem is that I don't understand hashing or salting, at all, I clearly have a lot to learn. And as for a serious encryption, I don't even know where to start... I guess that's why I made this thread, to search for vulnerabilities that I couldn't find myself.
gelatine (256)
I believe there are some nice precompiled encryption functions for c++. I once read somewhere that you should not try to make your own encryption functions unless you are a security expert which we aren't ;p
but if you really want to make it yourself you should assign a value for each character (or use ASCII) and do some operations on it. like bitwise OR ( | ) then you have a new number and convert it again to characters. and there is your encrypted data.

for example if your password is "klmno"
k=107 ----- l=108 ------- m=109 ------- n=110 ------- o=111
1101011--- 1101100 ---- 1101101 ------ 1101110 ---- 1101111
use | on 2 characters next to each other and also on 'k' and 'o'
below i converted the answer already to ASCII again
k | l --> o
l | m --> m
m | n --> o
n | o --> o
o | k --> o

so the encrypted password becomes "omooo" (this looks not really good but that is because the binary values of k,l,m,n and o are next to each others)

but this reveils a new problem which is called collission. if you type in "olmoo" it also gets encrypted to "omooo". that is called collission. and the hacker can use collissions to break in. to prevent this from happening you should have more complicated operations on the ASCII values and you should use a fixed length of the encrypted data(for example always 128 bytes (128 characters)).

i hope this give you an idea of basic encryption.
Last edited on
ozza (35)
Thanks, I just tried searching for precompiled encryption programs but came up with nothing :( . I looked into the Cryptographic Hash Function, and don't understand any of it, but I think I will try and learn how to do that, if looking for a precompiled program fails completely.
Athar (4466)
boost has an inofficial implementation of SHA-1, so this is an example of how to save a password:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
uint byteSwap32(uint val)
{
    return
    (((val&0xFF000000)>>24))|
    (((val&0x00FF0000)>>16)<<8)|
    (((val&0x0000FF00)>>8)<<16)|
    (((val&0x000000FF))<<24);
}

void savePassword(const std::string& password)
{
    std::string saltedPassword="THIS IS MY SALT"+password;
    boost::uuids::detail::sha1 s;
    s.process_bytes(saltedPassword.c_str(),saltedPassword.size());
    uint digest[5];
    s.get_digest(digest);
    for (int i=0;i<5;i++)digest[i]=byteSwap32(digest[i]);
    const char* bdigest=(char*)digest;
    std::ofstream out("password",ios::binary|ios::trunc);
    out.write(bdigest,sizeof digest);
}


Checking the password is done the same way: salt and hash the password and compare the digest with the saved one.

Salting is simply adding an arbitrary string to the password to make rainbow table attacks less effective (basically huge databases of precomputed hash values that allow finding the original password for a given hash). It is fine for an attacker to know the salt, so it can be saved with the hashed password.
http://en.wikipedia.org/wiki/Rainbow_table
Last edited on
closed account (3hM2Nwbp)
Well, if I were to go about cracking it, I would just flip a jumper in the assembly, dump the executable, and fix the thunks. That way when you open it this is essentially what runs:

1
2
3
4
5
6
7
8
9
 
//if(pass==inpass) <-- jumper flipped
if(pass != inpass) // or if(true)
{
  Select();
}
else
{
  cout<<"Wrong Password, please try again.";
}

;strcmp called
test cl, cl
jz GoodPass; <-- Switch this to jnz or jmp
BadPass:
  ; Bad Password
  jmp End
GoodPass:
  ; Good Password
End:
Last edited on
gelatine (256)
you do not always have the source code. so how would you flip it then ?
ozza (35)
Exactly. The source code was only given to prove that you weren't going to run an executable that destroyed your computer.
Athar (4466)
Disassembly != source code
Anyone can disassemble the executable, no source code required.
gelatine (256)
Anyone can disassemble the executable, no source code required.

how would you disassemble it then. and why wouldn't it be the same as the source code?
Last edited on
Pages: 12