How to Encrypt AccountEmail and AccountPassword?

[libai 2]

I have  many accounts that it took me many many time to config each one.

I write a config copy tool  to copy files from Settings directory and modify the file name to match the role name and server name.

But  the fields accountEmail and accountPassword in file  General-roleName-serverName.xml   are encrypted ,even i try to find a way to guess it's algorithm，but  it's not work on other machine , is there any guid to help me ?

on one machine it like this, but when i change to other  the result also changes.

a 603
b 604
c 605
d 606
e 607
f 608
g 609
h 610
i 611
j 612
k 613
l 614
m 615
n 616
o 617
p 618
q 619
r 620
s 621
t 622
u 623
v 624
w 625
x 626
y 627
z 628

0 554
1 555
2 556
3 557
4 558
5 559
6 560
7 561
8 562
9 563

 

[libai 2]

"g8802"  encrypted different result on different machine.
<AccountEmail>609-562-562-554-556</AccountEmail>
<AccountEmail>578-531–531-523-525</AccountEmail>

[libai 2]

 

[Matenia 620]

It's probably encrypted with a salt. I doubt Droidz will share that. 
It's probably easier to set the values to the Settings class via a plugin, then restart the bot and turn off the plugin.

 

[Droidz 2708]

Hello,

You can use the same settings file on several machines if you use a static encryption key : https://wrobot.eu/byme/doc/html/F-robotManager.robotManagerGlobalSetting.ForceStaticEncryptKey.htm (edit xml file "WRobot\Settings\RobotManagerGlobalSetting.xml")

[Nax 7]

You could consider creating a system where the decryption key is generated based on the user's IP address or hardware ID. To implement this, you'll need to delve into the field of cryptography and learn how to securely handle and manage these keys,

 

i am currently researching this to give people able to protect their own fightclasses / profiles etc.

[libai 2]

16 hours ago, Droidz said:

Hello,

You can use the same settings file on several machines if you use a static encryption key : https://wrobot.eu/byme/doc/html/F-robotManager.robotManagerGlobalSetting.ForceStaticEncryptKey.htm (edit xml file "WRobot\Settings\RobotManagerGlobalSetting.xml")

thank you Droidz，it works.

[libai 2]

17 hours ago, Matenia said:

It's probably encrypted with a salt. I doubt Droidz will share that. 
It's probably easier to set the values to the Settings class via a plugin, then restart the bot and turn off the plugin.

 

it's a really nice point, thank you.

[libai 2]

11 hours ago, Nax said:

You could consider creating a system where the decryption key is generated based on the user's IP address or hardware ID. To implement this, you'll need to delve into the field of cryptography and learn how to securely handle and manage these keys,

 

i am currently researching this to give people able to protect their own fightclasses / profiles etc.

 

fightclassed can be compile into dll and then use some tool to encrypt ... but how to do with files in profiles .. like quests  it seems no way to compile to dll 

[Matenia 620]

  

4 hours ago, libai said:

 

fightclassed can be compile into dll and then use some tool to encrypt ... but how to do with files in profiles .. like quests  it seems no way to compile to dll 

If you're an authorized seller, you can encrypt it with Droidz' software and the real version will only be available from the servers.

 

16 hours ago, Nax said:

You could consider creating a system where the decryption key is generated based on the user's IP address or hardware ID. To implement this, you'll need to delve into the field of cryptography and learn how to securely handle and manage these keys,

 

i am currently researching this to give people able to protect their own fightclasses / profiles etc.

Don't create an encryption ID based on IP, that's bound to lead to issues. If you do it based on MAC address, it's probably the smartest - it can be changed but you're not fucking users over if they swap out their hardware - most users won't change their motherboard too frequently - or their NIC for that matter.

I recommend creating keys on purchase, unique to the user (order id + email) and validating them periodically (heartbeat) - or if your server can handle it, just keep a bunch of TCP connections open for user sessions.
I shared my server that does exactly this and can be attached to Rocketr in the authorized sellers forums and it's what most people here were using. It's good enough, if your DLLs are properly obfuscated.

Can it still be cracked somewhat easily by someone with extensive reverse engineering knowledge? Of course. But so can pretty much any program you write.

Edited November 3, 2023 by Matenia

[Nax 7]

7 hours ago, Matenia said:

  

If you're an authorized seller, you can encrypt it with Droidz' software and the real version will only be available from the servers.

 

Don't create an encryption ID based on IP, that's bound to lead to issues. If you do it based on MAC address, it's probably the smartest - it can be changed but you're not fucking users over if they swap out their hardware - most users won't change their motherboard too frequently - or their NIC for that matter.

I recommend creating keys on purchase, unique to the user (order id + email) and validating them periodically (heartbeat) - or if your server can handle it, just keep a bunch of TCP connections open for user sessions.
I shared my server that does exactly this and can be attached to Rocketr in the authorized sellers forums and it's what most people here were using. It's good enough, if your DLLs are properly obfuscated.

Can it still be cracked somewhat easily by someone with extensive reverse engineering knowledge? Of course. But so can pretty much any program you write.

this is interesting, ill have to take a look at the code. i dont use Dll, my code is for my project .