Jump to content


Photo

Encryption Scripts


  • This topic is locked This topic is locked
31 replies to this topic

#1 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 02 May 2005 - 12:22 PM

I have finished writing some scripts for GM that do some really interesting encryption.

essentially it works by generating a public key and private key (yes its LIKE rsa but no its not actually rsa) you send the public key to people and they can encrypt messages with it and send it back to you and they can only be decrypted by you.

the scripts are as easy as encode(key,message) and it returns the encrypted message. i wrote the scripts with the intention they could be used in any program for any purpose (actually i really wanted to write a secure chat program). by simply changing a few variables in the scripts you can customize it to fit your needs.

GML is really not the best language to write encryption programs in because it cant handle large math needed for RSA and game maker is not going to break any speed records. With this in mind know i took a common method of encryption and made it secure in the sense that you can encrypt with it but the program will not allow decryption without proper authorization. its the best i could do without RSA.

the scripts are part of a demo program i put together to show how they are used.

Encryption scripts and demo

feel free to edit the scripts and change them as you please and i only ask you give me credit if you think i deserve it. have fun just try not to get caught.

Edited by KC LC, 03 June 2008 - 09:38 AM.

  • 0

#2 joepie91

joepie91

    GMC Member

  • GMC Member
  • 203 posts

Posted 02 May 2005 - 12:29 PM

I have finished writing some scripts for GM that do some really interesting encryption.

essentially it works by generating a public key and private key (yes its LIKE rsa but no its not actually rsa) you send the public key to people and they can encrypt messages with it and send it back to you and they can only be decrypted by you.

the scripts are as easy as encode(key,message) and it returns the encrypted message. i wrote the scripts with the intention they could be used in any program for any purpose (actually i really wanted to write a secure chat program). by simply changing a few variables in the scripts you can customize it to fit your needs.

GML is really not the best language to write encryption programs in because it cant handle large math needed for RSA and game maker is not going to break any speed records. With this in mind know i took a common method of encryption and made it secure in the sense that you can encrypt with it but the program will not allow decryption without proper authorization. its the best i could do without RSA.

the scripts are part of a demo program i put together to show how they are used.

Encryption scripts and demo

feel free to edit the scripts and change them as you please and i only ask you give me credit if you think i deserve it. have fun just try not to get caught.

<{POST_SNAPBACK}>

broken...
  • 0

#3 myddrn

myddrn

    GMC Member

  • New Member
  • 4 posts

Posted 03 May 2005 - 02:22 AM

Hey hey hey... it WORKS now... and i can even say that without quoting the whole thing... wow.. it's amazing...
i can say is the encryption's pretty sexy so far... keep it up!
  • 0

#4 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 17 June 2005 - 05:31 PM

i thought maybe i would give some new life to this and see if i could actually get some comments this time. i updated the demo a little bit and changed how the algorithm works a tad. it would be nice if i got some responses though :(
  • 0

#5 IceMetalPunk

IceMetalPunk

    InfiniteIMPerfection

  • GMC Elder
  • 9486 posts
  • Version:GM:Studio

Posted 17 June 2005 - 06:55 PM

Well... link's broken again....

-IMP :D :(
  • 0

#6 ckv

ckv

    GMC Member

  • GMC Member
  • 46 posts

Posted 17 June 2005 - 10:20 PM

i thought maybe i would give some new life to this and see if i could actually get some comments this time. i updated the demo a little bit and changed how the algorithm works a tad. it would be nice if i got some responses though :(

<{POST_SNAPBACK}>

Well melvin, algo looks pretty complex, but the problem in this is that it's also very complex to use. If you can simplify it's usage it would make it much better.
  • 0

#7 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 17 June 2005 - 11:57 PM

the link is fine and the reason it is complex to use is that its designed to be used for communications. with 90% of encryptions the same key that encrypts it is the key that is used to decrypt it. this makes it bad for communications because you have to first transmit the key to someone and then they can decrypt any message that you have encrypted. with this, once you have encrypted a message to someone, you cannot decrypt it. only the intended recipient can decrypt it. this is why you have to worry about keys and all that nonsense. otherwise this would just be usefull for encrypting files or something on a computer. the complexity of use comes with the extra functionality of being able to share messages securely with others

Edited by melvin2001, 17 June 2005 - 11:59 PM.

  • 0

#8 Xargo

Xargo

    GMC Member

  • New Member
  • 123 posts

Posted 10 July 2005 - 03:10 PM

This is amazingly great Melvin! :( This is really what I'm looking for. :lol: I'm making a mmorpg and the comminucation encryption is very important. :(

I'm going to try the demo and try to understand it as quick as possible. :)

U get credit for sure. :chikin I'll send you the url of the website of my game when I'm ready. ^_^
  • 0

#9 seventoes

seventoes

    Yeah, I got that.

  • New Member
  • 106 posts

Posted 11 July 2005 - 10:17 PM

Link broked...
  • 0

#10 Xargo

Xargo

    GMC Member

  • New Member
  • 123 posts

Posted 12 July 2005 - 06:36 PM

If the link is broken just wait a while, you don't have to post that. The link already works again. Broken links are mainly caused by exceeded bandwidth or server downtimes, that are temporary cases.
  • 0

#11 Xargo

Xargo

    GMC Member

  • New Member
  • 123 posts

Posted 13 July 2005 - 02:20 PM

Sorry it took so long to understand how it works. :rambo Actually I waited with it untill today, because my bro suddenly bought two Lord of the Rings games and I couldn't stand not playing them before I continue. ;)

Well, now I read the help file I think I understand it now. You actually just generate a public file, and if people want to send an encrypted message that you can decrypt to you, they first need your public file, load it, generate the encrypted text and send it to you. Then you need your own public file plus your private file to decrypt it. Note no one else can decrypt the messages sent to you even if they have your public file, because they also need your private file to decrypt. :P Great. :lol:

Now I'm thinking about the best method to import this in my game so the passwords and other account data will get protected. If I am right, this encryption can only be used for communication, if you just need to encrypt some strings/files on your own local harddrive, you better use another encrypting method, because if you use this method you got that private file and public file on your pc and whole the stuff that are not needed. So actually I need two encryptions for my mmorpg. This one, used to send the password and other account data to the server, and another simple one just to encrypt the local data. Because, if they send the encrypted data using the servers public key, I will decrypt it on my server, and then encrypt it with a non-communication encryption method just to store it on my pc. So it's like this:

Posted Image
Drawn by me. :D Such art. ;D


Can someone comment my method? I don't know if this is the most efficient or even right method. =/

Btw. Sorry for the double post, I forgot I already replied yesterday, I'm such an idiot. :angry:

Edited by Xargo, 13 July 2005 - 02:24 PM.

  • 0

#12 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 14 July 2005 - 04:00 AM

yeah actually you are spot on with that diagram! good work! you can actually make my scripts work for that too but it will take some re-coding and stuff like that.... if people are REALLY interested i would be willing to make an simple encryption script simply for encrypting strings and returning a value.... i could whip that out in a half an hour.
  • 0

#13 Xargo

Xargo

    GMC Member

  • New Member
  • 123 posts

Posted 14 July 2005 - 04:14 PM

Yeah it will no problem to recode your scripts for that. :)

The simple encryption is no priority for me, because there are many of them already.

I think the less replies are caused because of your unorganized explanation text, many people just give up after one time read but not totally understanding it. I'm one of the little people doing an effort to re-read it because I really need it for my mmorpg.
  • 0

#14 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 14 July 2005 - 04:43 PM

yeah im not much for writing help files or anything like that... i get bored and distracted and just start babbling. maybe i'll redo the explenation later.
  • 0

#15 Xargo

Xargo

    GMC Member

  • New Member
  • 123 posts

Posted 14 July 2005 - 05:23 PM

I can write an explanation if you want. I'm not bad with explaining. :) I even got a handicap, I always explain too much. ^_^ My posts are often far too big.
  • 0

#16 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 25 July 2005 - 07:19 PM

I found a major security flaw in the encryption that I have patched. I wont write up an explenation of what the flaw was as to keep this version more secure. Just be aware that this new version is corrected and that old keyfiles will not work with this version.... nor will you be able to decode any messages encoded with previous versions. so if you have a message encoded please decode it before you install this version or you wont be able to get it back.
  • 0

#17 ITakeGFXRequests

ITakeGFXRequests

    GMC Member

  • New Member
  • 230 posts

Posted 25 July 2005 - 07:28 PM

link broke
use this host:
http://www.rapidshare.de
  • 0

#18 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 25 July 2005 - 08:22 PM

the link is fine
  • 0

#19 Degman

Degman

    There is no spoon

  • New Member
  • 263 posts

Posted 25 July 2005 - 08:55 PM

Well now..this is a really interesting creation. Good work! This is one of those creations that most of the GMC won't understand and see the use for, but I certainly do.
Online verification in games just got a whole lot better :)
  • 0

#20 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 26 July 2005 - 10:53 PM

im glad you like this degman. i am thinking about encrypting a string that would be considered "easy" to crack if i used something like basic replacement encryption, and then putting it up on the message boards to see if anyone can crack it. i dont know if anyone would be interested in trying to crack my encryption though.
  • 0

#21 gamehawk

gamehawk

    Creative Thinking

  • New Member
  • 339 posts

Posted 26 July 2005 - 10:58 PM

Yeah, I would. Even though I don't know if I could do it. I like challenges.

Edited by gamehawk, 26 July 2005 - 10:58 PM.

  • 0

#22 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 26 July 2005 - 11:57 PM

here is the message you should try and decrypt


105 50 217 113 156 131 165 219 90 213 18 237 26 140 84 173 84 211 66 203 72 211 70 80 1 75 84 204 73 125 80 14 86 125 77 84 69 35 1 234 67 121 70 152 1 63 70 12 66 39 84 197 90 202 1 158 85 184 80 235 1 242 68 149 83 84 66 248 68 248 76 191 15 150 20 140 81 220 109 33 102 16 98 177 116 246 102 207 33 244 103 4 102 154 102 7 109 126 33 126 103 195 115 149 102 192 102 177 33 222 117 115 112 138 33 41 101 219 112 7 33 94 116 168 112 139 47

  • 0

#23 FredFredrickson

FredFredrickson

    Artist

  • Global Moderators
  • 9210 posts
  • Version:GM:Studio

Posted 04 August 2005 - 03:03 AM

Sorry it took so long to understand how it works. :lol: Actually I waited with it untill today, because my bro suddenly bought two Lord of the Rings games and I couldn't stand not playing them before I continue. :P

Well, now I read the help file I think I understand it now. You actually just generate a public file, and if people want to send an encrypted message that you can decrypt to you, they first need your public file, load it, generate the encrypted text and send it to you. Then you need your own public file plus your private file to decrypt it. Note no one else can decrypt the messages sent to you even if they have your public file, because they also need your private file to decrypt. :) Great. :(

Now I'm thinking about the best method to import this in my game so the passwords and other account data will get protected. If I am right, this encryption can only be used for communication, if you just need to encrypt some strings/files on your own local harddrive, you better use another encrypting method, because if you use this method you got that private file and public file on your pc and whole the stuff that are not needed. So actually I need two encryptions for my mmorpg. This one, used to send the password and other account data to the server, and another simple one just to encrypt the local data. Because, if they send the encrypted data using the servers public key, I will decrypt it on my server, and then encrypt it with a non-communication encryption method just to store it on my pc. So it's like this:

Posted Image
Drawn by me. :lol: Such art. ;D


Can someone comment my method? I don't know if this is the most efficient or even right method. =/

Btw. Sorry for the double post, I forgot I already replied yesterday, I'm such an idiot. :D

<{POST_SNAPBACK}>



"Secure" password stoarage is easy... although to truly make it secure, you can't actually retrieve the password if it is lost, you can only reset it.

Here's how it works, in case this hasn't been explained...

User types in his password when he creates the account
The password is encrypted (in PHP you use md5, which is almost uncrackable)
The encrypted password is sent to the server, and stored with the user's info
When the user wants to log in, he types in his password, as normal
The password is encrypted using the same algorithm as before, and sent to the server
The server compares the sent password to the one that is stored
If they match, then the user is free to continue, if not, the user is prompted again

This way you are secure in two ways...
If the account is hacked, and someone downloads the user's info, the encrypted password (unless somehow decrypted) is useless. Because whenever the user sends his info to be verified, the password text is run through the encryption algorithm, and hence, just knowing the encrypted password would not work. Entering the encrypted password into the password field, and trying to submit it to the server would yield a double encrypted password, which would not be the same as the encrypted password already stored on the server.
Second, the same goes for if the information that is being sent to the server is intercepted by a hacker... It's still the same old useless encrypted info.

Of course, there are security flaws with every system... but this is the type I use on all the PHP sites I've coded, and it seems to work just fine.

Hopefully I'm not way off topic by posting this, just thought you might find it useful! :P

Edited by FredFredrickson, 04 August 2005 - 03:06 AM.

  • 0

#24 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 05 August 2005 - 02:11 AM

thats how most password storage mechanisms work. only problem is when you try and retrieve the password (like you said) its not really possible. so yes you can securly send a message... you'll just never know what that message is...
  • 0

#25 Xargo

Xargo

    GMC Member

  • New Member
  • 123 posts

Posted 06 August 2005 - 02:04 PM

Sorry it took so long to understand how it works. ;) Actually I waited with it untill today, because my bro suddenly bought two Lord of the Rings games and I couldn't stand not playing them before I continue. :P

Well, now I read the help file I think I understand it now. You actually just generate a public file, and if people want to send an encrypted message that you can decrypt to you, they first need your public file, load it, generate the encrypted text and send it to you. Then you need your own public file plus your private file to decrypt it. Note no one else can decrypt the messages sent to you even if they have your public file, because they also need your private file to decrypt. :( Great. :D

Now I'm thinking about the best method to import this in my game so the passwords and other account data will get protected. If I am right, this encryption can only be used for communication, if you just need to encrypt some strings/files on your own local harddrive, you better use another encrypting method, because if you use this method you got that private file and public file on your pc and whole the stuff that are not needed. So actually I need two encryptions for my mmorpg. This one, used to send the password and other account data to the server, and another simple one just to encrypt the local data. Because, if they send the encrypted data using the servers public key, I will decrypt it on my server, and then encrypt it with a non-communication encryption method just to store it on my pc. So it's like this:

Posted Image
Drawn by me. :P Such art. ;D


Can someone comment my method? I don't know if this is the most efficient or even right method. =/

Btw. Sorry for the double post, I forgot I already replied yesterday, I'm such an idiot. :D

<{POST_SNAPBACK}>



"Secure" password stoarage is easy... although to truly make it secure, you can't actually retrieve the password if it is lost, you can only reset it.

Here's how it works, in case this hasn't been explained...

User types in his password when he creates the account
The password is encrypted (in PHP you use md5, which is almost uncrackable)
The encrypted password is sent to the server, and stored with the user's info
When the user wants to log in, he types in his password, as normal
The password is encrypted using the same algorithm as before, and sent to the server
The server compares the sent password to the one that is stored
If they match, then the user is free to continue, if not, the user is prompted again

This way you are secure in two ways...
If the account is hacked, and someone downloads the user's info, the encrypted password (unless somehow decrypted) is useless. Because whenever the user sends his info to be verified, the password text is run through the encryption algorithm, and hence, just knowing the encrypted password would not work. Entering the encrypted password into the password field, and trying to submit it to the server would yield a double encrypted password, which would not be the same as the encrypted password already stored on the server.
Second, the same goes for if the information that is being sent to the server is intercepted by a hacker... It's still the same old useless encrypted info.

Of course, there are security flaws with every system... but this is the type I use on all the PHP sites I've coded, and it seems to work just fine.

Hopefully I'm not way off topic by posting this, just thought you might find it useful! :)

<{POST_SNAPBACK}>



Yes indeed, that is -my opinion- the best way.
  • 0

#26 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 06 August 2005 - 04:42 PM

im in the process of writing a secure e-mail client with my scripts... so you can send encrypted e-mail to people and the only way they can read them is to check the mail with the secured program.
  • 0

#27 Mast3r Blade

Mast3r Blade

    GMC Member

  • New Member
  • 36 posts

Posted 16 September 2005 - 10:51 AM

Wouldnt it be good if somone made a lib that has encrypt string & decrypt string...
Just a though...
I would do it but i cant be bothered downloading lib builder...
  • 0

#28 ytaipsw

ytaipsw

    GMC Member

  • New Member
  • 121 posts
  • Version:Unknown

Posted 08 February 2006 - 12:48 AM

GOOD JOB
I LOOOOOOOOOVE IT :(
  • 0

#29 guzu_ligo

guzu_ligo

    GMC Member

  • New Member
  • 109 posts

Posted 10 February 2006 - 08:04 AM

This is great! I'm going to post it in GMClans. Great job!
  • 0

#30 melvin2001

melvin2001

    GMC Member

  • New Member
  • 94 posts

Posted 14 February 2006 - 01:27 AM

glad it could help some people. more comments are always welcome. For those of you interested in computer security you should check out my blog http://www.yadtel.ne...blog/index.html
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users