Support

If you have a problem or need to report a bug please email : support@dsprobotics.com

There are 3 sections to this support area:

DOWNLOADS: access to product manuals, support files and drivers

HELP & INFORMATION: tutorials and example files for learning or finding pre-made modules for your projects

USER FORUMS: meet with other users and exchange ideas, you can also get help and assistance here

Does any one have this pc Mac adress protection?

For general discussion related FlowStone

Re: Does any one have this pc Mac adress protection?

Postby adamszabo » Tue Mar 24, 2020 5:40 pm

I appreciate your efforts, but this can easily be cracked by any cracker. They are all aware of base64, and hex and binary conversions, they know what to look for. Also, they can easily read strings that are in green or in ruby, they would easily figure out what you are trying to replace A with 0 and M with 1.
adamszabo
 
Posts: 510
Joined: Sun Jul 11, 2010 7:21 am

Re: Does any one have this pc Mac adress protection?

Postby wlangfor@uoguelph.ca » Tue Mar 24, 2020 8:28 pm

That's not true, honestly.

But to be blunt the only reason for this method to be employed is so that there all only numbers or letters, and not just like ab, and m and T and X, Q; but a full range.

It's only when that pre-requisite is met that you can apply preg_replace or gsub to replace instances of a number or a letter.

In the case of php:

Code: Select all
<?php

function replace($str){
$one = array('is`1`','is`2`','is`3`','is`4`');
$two = array('4','3','2','1');
$replace = preg_replace($one, $two, $str);
return $replace;
}

echo replace($str);

?>


I hope I am making sense. It's like math. There are various challenges of course.

+ Multi-languages and special characters
+ url's and proper formatting
+ amount of data sent by URL

and this is the most palpable way.

But, what makes it work correctly is the two step key process.
The plugin maker would create a 12 digit key. And that key is all that is required for this program to re-organize the codex/cipher to a different, unique pattern.

So, first in the case of base64, the few letters which are employed are utilized and the numbers (8) are associated and employed in that given order. Next, the final encoded output is all numbers, so those numbers are replaced in sequential order front to back and then back to front; but in a random sequence (9,2,3,1,7,0,4 and so on)

It's totally un-crackable. But if I was to only use the base 64 and bin to hex and so on, you'd be right. But the goal is to have all numbers and two layers of protection.

It's a bit more powerful than 512 bit encryption and would require AI to crack.

Even if you were to take the original example and change around the order of letter replacement I doubt it could be cracked. Those who know do.

EDIT: also, I've been able to get every facsimile of hex >bin and hex > string working good too. So, all the php code is done, all that is left is to create the rosetta program which juggles the 12 digit code and makes a unique order out of that.

Once it's all made; I welcome anybody to try and decrypt it; but I know you won't be able to. I'll provide all the parts and a test locale with which you can use it to test connectivity with your plugins. It's an ideal method because there is no form connectivity. Instead php creates an image as a repsonse and flowstone downloads a tiny image and make sense of parts that are opaque and transparent, like a barcode. So, no threat to the server.
User avatar
wlangfor@uoguelph.ca
 
Posts: 817
Joined: Tue Apr 03, 2018 5:50 pm
Location: North Bay, Ontario, Canada

Re: Does any one have this pc Mac adress protection?

Postby wlangfor@uoguelph.ca » Wed Mar 25, 2020 2:47 pm

Here is the final product for flowstone,

Image

unstoppable algorithm - part 6 php ready.fsm
(2.33 KiB) Downloaded 65 times


Now I have to reproduce the same in php.

I'm including the php code of an earlier version, but that does not include the code to automatically create the rosetta using 28 unique characters.

The challenge after that is making a password strength device which works in both php and flowstone so that flowstone developers aren't being stupid with the strength of their codes. This will beat any algorithm, but only if you're not using similar characters plausibly, and not in sequence "a,b,c,d,e" and so on.

Code: Select all
<?php

function hexToStr($hex)
{
    $string='';
    for ($i=0; $i < strlen($hex)-1; $i+=2)
    {
        $string .= chr(hexdec($hex[$i].$hex[$i+1]));
    }
    return $string;
}

function hexbin($hex) {
    $bin = decbin(hexdec($hex));
    return $bin;
}

function BinHex($bin) {
    $hex='';
    for($i=strlen($bin)-4;$i>=0;$i-=4)
        $hex.=dechex(bindec(substr($bin,$i,4)));
   return strrev($hex);
}

function DeCrypt($str) {
  $one = array('`0`is','`1`is','`2`is','`3`is','`4`is','`5`is','`6`is','`7`is','`8`is');
  $two = array('A','M','T','E','x','w','D','Q','=');
  return preg_replace($one, $two, $str);
}


$codex = "163516341605123512341204123512351634160416351635160516041235
120516341635160512351205120412351634160416051605123416051604
123516351634163412351235163516041235120416341605123512341635
160512041205160416051605123416351604120416051634163516351234
160412051205160516341635163512341604120512051605163416041605
123516351204120512351634163516351235123416041204160416341204
160512351635120412041205163412351635160512351205160416351634
120412351235120516041205160416341204160516351605160416041604
160416041235123416341604120512041604160516051235160416041205
120416341604163512351234160512051605163416351605123512341204
123516051634163516351235123416041205123416041605160512351634
160412041234163412051205163516051604160412041634123516351635
160516041235163416341204160512341635120412051205163416351635
123512341205120412351605163416351605120416051604120416051635
120512041635160412041605163416051635123512341604120416341634
120512351635123516051604120416051635120512051235120412351204
163412051205123512041204123416041604160516051205123512041235
120416341205120512351204120516041204160516351205160512351205
160416351634163516051234163516041235120516341205160512341604
120512341635160416341235163512341204123512041634120512051235
123516051204123516341204160512351234120512041235163412051235
123512051204123512051634160416351635123416041205163416341634
1235123512351788";

$codex = DeCrypt($codex);

//decode base 64
$codex = base64_decode($codex);

// binary to hex
$codex = BinHex($codex);

// hex to string
$codex = hexToStr($codex);

echo $codex;

?>


Like I said I'm not a teacher, but you might get some ideas after looking at this schematic. I tried to ensure it's a method that can be duplicated in other programming languages for obvious reasons.
User avatar
wlangfor@uoguelph.ca
 
Posts: 817
Joined: Tue Apr 03, 2018 5:50 pm
Location: North Bay, Ontario, Canada

Re: Does any one have this pc Mac adress protection?

Postby tulamide » Wed Mar 25, 2020 3:29 pm

This is not a safe code at all. It would be cracked in seconds by standard hacker groups. Nothing is protected on the whole chain. the 'to bin' and 'to hex' prims just present the data to you differently, without touching the data itself. Base64 doesn't change the data at all, it just packs it into user readable ascii code that is well defined and known: 6 bits per original char in the same order they were before. You just follow the Base64 table of chars to decode it back (takes seconds). Replacing some of those chars by numbers is the oldest security measure besides writing backwards - a simple bruteforce will get it, again, in seconds.

Acknowledging the fact, that no encoding is uncrackable, all you can do is making it extremely long to decode. It's for a reason that prime numbers and pseudo-randomness (which gives you a seed to work with) is the way to go, when trying to protect content from being read. It is as crackable as everything alse, but it takes months and years even with large botnets.

@wlangfor, you wrote you programmed Youtube
I was making products like youtube and ajax in 2005

Could you provide some more info, because wherever I look it up, it always says that Chad Hurley, Steve Chen and Jawed Karim made Youtube. No mentioning of any other involved.
If you feel like gifting: https://paypal.me/tulamide
tulamide
 
Posts: 2206
Joined: Sat Jun 21, 2014 2:48 pm
Location: Germany

Re: Does any one have this pc Mac adress protection?

Postby wlangfor@uoguelph.ca » Wed Mar 25, 2020 3:41 pm

It's sturdy and would hold up against anything.
You're just in a bad mood. I never said I made youtube.

Make some code that can compete and then you'd be in the position to say.
Moving this project to user examples.

:)
User avatar
wlangfor@uoguelph.ca
 
Posts: 817
Joined: Tue Apr 03, 2018 5:50 pm
Location: North Bay, Ontario, Canada

Re: Does any one have this pc Mac adress protection?

Postby wlangfor@uoguelph.ca » Wed Mar 25, 2020 3:58 pm

Moved the file to User Examples:
http://dsprobotics.com/support/viewtopic.php?f=3&t=39233

So, there is a better description of the always-unique three step encryption process that has nothing to do with binary or hex or base 64.

And honestly, unless you can crack it, or find someone who can I'll just squeal troll about this. I'm not "pretending" to be a programmer. My work used to be trusted by 10's of thousands of clients using a product called Subdreamer before the time of wordpress. Honestly, our work back then was much more complex, the only difference now is ajax and php pre-made libraries.
User avatar
wlangfor@uoguelph.ca
 
Posts: 817
Joined: Tue Apr 03, 2018 5:50 pm
Location: North Bay, Ontario, Canada

Re: Does any one have this pc Mac adress protection?

Postby tulamide » Wed Mar 25, 2020 5:26 pm

On page two:
wlangfor@uoguelph.ca wrote:I was making products like youtube and ajax in 2005


On page three, after being asked for details about making Youtube:
wlangfor@uoguelph.ca wrote:I never said I made youtube.


Over the years I presented a lot of my past work. I don't have to prove anything. You, otoh, make assertions that don't match with what you present. My guess is that you claim to be a programmer, but were actually scripting a bit in php.

And nothing has changed regarding my statement. None of what you presented actually secures the data.
If you feel like gifting: https://paypal.me/tulamide
tulamide
 
Posts: 2206
Joined: Sat Jun 21, 2014 2:48 pm
Location: Germany

Re: Does any one have this pc Mac adress protection?

Postby wlangfor@uoguelph.ca » Wed Mar 25, 2020 7:29 pm

tulamide wrote:On page two:
wlangfor@uoguelph.ca wrote:I was making products like youtube and ajax in 2005


On page three, after being asked for details about making Youtube:
wlangfor@uoguelph.ca wrote:I never said I made youtube.


Over the years I presented a lot of my past work. I don't have to prove anything. You, otoh, make assertions that don't match with what you present. My guess is that you claim to be a programmer, but were actually scripting a bit in php.

And nothing has changed regarding my statement. None of what you presented actually secures the data.


:) decode and then we'll talk.
User avatar
wlangfor@uoguelph.ca
 
Posts: 817
Joined: Tue Apr 03, 2018 5:50 pm
Location: North Bay, Ontario, Canada

Re: Does any one have this pc Mac adress protection?

Postby pshannon » Thu Mar 26, 2020 4:30 am

tulamide wrote:This is not a safe code at all. It would be cracked in seconds by standard hacker groups. Nothing is protected on the whole chain. the 'to bin' and 'to hex' prims just present the data to you differently, without touching the data itself. Base64 doesn't change the data at all, it just packs it into user readable ascii code that is well defined and known: 6 bits per original char in the same order they were before. You just follow the Base64 table of chars to decode it back (takes seconds). Replacing some of those chars by numbers is the oldest security measure besides writing backwards - a simple bruteforce will get it, again, in seconds.

Acknowledging the fact, that no encoding is uncrackable, all you can do is making it extremely long to decode. It's for a reason that prime numbers and pseudo-randomness (which gives you a seed to work with) is the way to go, when trying to protect content from being read. It is as crackable as everything alse, but it takes months and years even with large botnets.

@wlangfor, you wrote you programmed Youtube
I was making products like youtube and ajax in 2005

Could you provide some more info, because wherever I look it up, it always says that Chad Hurley, Steve Chen and Jawed Karim made Youtube. No mentioning of any other involved.


Tula, you are spot on and I already gave my two cents a few days ago on this. I used to be a professional pen tester/hacker, today I consult companies on how to secure and limit their exposure so they are not easy marks for getting hacked. 20 years ago before I started in the security profession, I thought making my own encryption would be something cool and unbreakable etc. I never used it, but I played with it quite a bit. The thought process was truly data scrambling which has been around since early years of the ancient greece/spartans using different types of simple ciphers like the scytale(Wrap it around a rod and then write your message. You need the same size pole to read it). ROT 13 cipher with alpha substitution. How can I not bring up my favorite one from WWII the enigma. This one was actually very difficult and would almost be a good enough encryption tool today when they added the 4th wheel on it. So back to this whole issue. Always use a proven standard. Never try to invent an encryption for you to use without putting the information out there to be tested. When AES was chosen, it was determined by speed to encrypt/decrypt, limiting collisions, key size and confidentiality. Hackers, math magicians and many other groups put this through a ton of tests before there was a chosen winner(Rijndael) to get the label of AES. Which is the standard today for symmetric. The other thing about ciphers, the algorithm must always be available and not a secret. I go back to what I said earlier and this backs up tula. Time and cpu power is the only thing that prevents encryption from be cracked! Why invent if we already have the best standards available to you? We will all be extinct by the time you crack AES today if you use a very long complicated key by using brute force with the current hardware today. I am not ragging on anyone here, but please don't use unapproven encryption for any real purposes. Never ever say something is unhackable/uncrackable, it is truly an impossible claim.
https://en.wikipedia.org/wiki/Advanced_ ... n_Standard
User avatar
pshannon
 
Posts: 106
Joined: Fri Jan 02, 2015 3:08 am

Re: Does any one have this pc Mac adress protection?

Postby tulamide » Thu Mar 26, 2020 5:59 am

@pshannon
Thank you for taking the time to write it down much better than I could! Your profession must be very interesting. I can imagine that cyber security is the most important topic for the industry over the last 2 decades.

For the other guys, who will follow the wikipedia link, I just want to set the numbers in perspective, that you can read there:
The earth is approx. 2^32 years old.
The universe approx. 2^33.5 years.
If you feel like gifting: https://paypal.me/tulamide
tulamide
 
Posts: 2206
Joined: Sat Jun 21, 2014 2:48 pm
Location: Germany

PreviousNext

Return to General

Who is online

Users browsing this forum: No registered users and 3 guests