November 2, 20232 yr I have many accounts that it took me many many time to config each one. I write a config copy tool to copy files from Settings directory and modify the file name to match the role name and server name. But the fields accountEmail and accountPassword in file General-roleName-serverName.xml are encrypted ,even i try to find a way to guess it's algorithm,but it's not work on other machine , is there any guid to help me ? on one machine it like this, but when i change to other the result also changes. a 603 b 604 c 605 d 606 e 607 f 608 g 609 h 610 i 611 j 612 k 613 l 614 m 615 n 616 o 617 p 618 q 619 r 620 s 621 t 622 u 623 v 624 w 625 x 626 y 627 z 628 0 554 1 555 2 556 3 557 4 558 5 559 6 560 7 561 8 562 9 563
November 2, 20232 yr Author "g8802" encrypted different result on different machine. <AccountEmail>609-562-562-554-556</AccountEmail> <AccountEmail>578-531–531-523-525</AccountEmail>
November 2, 20232 yr It's probably encrypted with a salt. I doubt Droidz will share that. It's probably easier to set the values to the Settings class via a plugin, then restart the bot and turn off the plugin.
November 2, 20232 yr Hello, You can use the same settings file on several machines if you use a static encryption key : https://wrobot.eu/byme/doc/html/F-robotManager.robotManagerGlobalSetting.ForceStaticEncryptKey.htm (edit xml file "WRobot\Settings\RobotManagerGlobalSetting.xml")
November 2, 20232 yr You could consider creating a system where the decryption key is generated based on the user's IP address or hardware ID. To implement this, you'll need to delve into the field of cryptography and learn how to securely handle and manage these keys, i am currently researching this to give people able to protect their own fightclasses / profiles etc.
November 3, 20232 yr Author 16 hours ago, Droidz said: Hello, You can use the same settings file on several machines if you use a static encryption key : https://wrobot.eu/byme/doc/html/F-robotManager.robotManagerGlobalSetting.ForceStaticEncryptKey.htm (edit xml file "WRobot\Settings\RobotManagerGlobalSetting.xml") thank you Droidz,it works.
November 3, 20232 yr Author 17 hours ago, Matenia said: It's probably encrypted with a salt. I doubt Droidz will share that. It's probably easier to set the values to the Settings class via a plugin, then restart the bot and turn off the plugin. it's a really nice point, thank you.
November 3, 20232 yr Author 11 hours ago, Nax said: You could consider creating a system where the decryption key is generated based on the user's IP address or hardware ID. To implement this, you'll need to delve into the field of cryptography and learn how to securely handle and manage these keys, i am currently researching this to give people able to protect their own fightclasses / profiles etc. fightclassed can be compile into dll and then use some tool to encrypt ... but how to do with files in profiles .. like quests it seems no way to compile to dll
November 3, 20232 yr 4 hours ago, libai said: fightclassed can be compile into dll and then use some tool to encrypt ... but how to do with files in profiles .. like quests it seems no way to compile to dll If you're an authorized seller, you can encrypt it with Droidz' software and the real version will only be available from the servers. 16 hours ago, Nax said: You could consider creating a system where the decryption key is generated based on the user's IP address or hardware ID. To implement this, you'll need to delve into the field of cryptography and learn how to securely handle and manage these keys, i am currently researching this to give people able to protect their own fightclasses / profiles etc. Don't create an encryption ID based on IP, that's bound to lead to issues. If you do it based on MAC address, it's probably the smartest - it can be changed but you're not fucking users over if they swap out their hardware - most users won't change their motherboard too frequently - or their NIC for that matter. I recommend creating keys on purchase, unique to the user (order id + email) and validating them periodically (heartbeat) - or if your server can handle it, just keep a bunch of TCP connections open for user sessions. I shared my server that does exactly this and can be attached to Rocketr in the authorized sellers forums and it's what most people here were using. It's good enough, if your DLLs are properly obfuscated. Can it still be cracked somewhat easily by someone with extensive reverse engineering knowledge? Of course. But so can pretty much any program you write. Edited November 3, 20232 yr by Matenia
November 3, 20232 yr 7 hours ago, Matenia said: If you're an authorized seller, you can encrypt it with Droidz' software and the real version will only be available from the servers. Don't create an encryption ID based on IP, that's bound to lead to issues. If you do it based on MAC address, it's probably the smartest - it can be changed but you're not fucking users over if they swap out their hardware - most users won't change their motherboard too frequently - or their NIC for that matter. I recommend creating keys on purchase, unique to the user (order id + email) and validating them periodically (heartbeat) - or if your server can handle it, just keep a bunch of TCP connections open for user sessions. I shared my server that does exactly this and can be attached to Rocketr in the authorized sellers forums and it's what most people here were using. It's good enough, if your DLLs are properly obfuscated. Can it still be cracked somewhat easily by someone with extensive reverse engineering knowledge? Of course. But so can pretty much any program you write. this is interesting, ill have to take a look at the code. i dont use Dll, my code is for my project .
Create an account or sign in to comment