What can I do to protect this more...

Status
This thread has been locked.

Wouterg

Premium
Feedback score
15
Posts
108
Reactions
60
Resources
1
So, I have a program which contains some strings that people will want to get to on release.
The program people download is a program which requests a PIN from the user.
Once it's entered, the client will send the PIN to the server, and the server will check if it's correct.
If it isn't it will notify the client, but if it is, it sends a file to the client and a list of strings (That's the part people will want to get a hold of).
Those are of course sent encrypted, using the PIN the user provided.

Once the client has received the files and strings, it will decrypt and encrypt the strings with a different key. It saves this to the disk.
Once that's done, it also saves the program it got received from the server to disk, and executes it with one argument, which is the (encrypted) file location.

When the second program executes (The one that would actually need the strings) it decrypts the file, stores the strings in memory and deletes the file.
Then, it will proceed to use those strings when it needs to.

Is there any easy way this could be cracked? Have I overlooked something?
Thanks.
 
Last edited:
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

Christopher

Floating around
Supreme
Feedback score
8
Posts
2,048
Reactions
1,120
Resources
0
So, I have a program which contains some strings people will want to get to on release.
The program people download is a program which requests a PIN from the user.
Once it's entered, the client will send the PIN to the server, and the server will check if it's correct.
If it isn't it will notify the client, but if it is, it sends a file to the client and a list of strings (That's the part people will want to get a hold of).
Those are of course sent encrypted, using the PIN the user provided.

Once the client has received the files and strings, it will decrypt and encrypt the strings with a different key. It saves this to the disk.
Once that's done, it also saves the program it got received from the server to disk, and executes it with one argument, which is the (encrypted) file location.

When the second program executes (The one that would actually need the strings) it decrypts the file, stores the strings in memory and deletes the file.
Then, it will proceed to use those strings when it needs to.

Is there any easy way this could be cracked? Have I overlooked something?
Thanks.
Normally issues arise when the server sends back a valid response, unlocking features, files, etc in the program. This can be a problem because the server can be spoofed, however, in this case, since the unlocking (per se) is on the server's side, unless the client uses some kind of bruteforce programme to guess the pin, you should be OK? Just make sure you have some kind of max verification attempts in place.
 

Wouterg

Premium
Feedback score
15
Posts
108
Reactions
60
Resources
1
Normally issues arise when the server sends back a valid response, unlocking features, files, etc in the program. This can be a problem because the server can be spoofed, however, in this case, since the unlocking (per se) is on the server's side, unless the client uses some kind of bruteforce programme to guess the pin, you should be OK? Just make sure you have some kind of max verification attempts in place.

Good point. Will definiately add a max tries thing.
 
Status
This thread has been locked.
Top