Preview TEDDEH[v0.2] ZOMBIES MOD MENU

[Harry]

How come you feel that this is a huge security issue?
The way this will run is, a database of logins will stored aswell as a MAC address to prevent users sharing login details.

If you could explain your thoughts on the security issue I will indeed look into having a work-around for it.

Ok.
Let's say a User from CCM uses the same username and password as they do on CCM. You release by using a database linked to your tool is a huge security risk.
If you want, PM me and I'll give you a PHP code to make it almost 0% chance of anything happening (it's half a line)

 

[Harry]

^ if they do that, someone can use their CCM

 

[jaming115]

Zombie blood menu!!

 

[Teddeh]

Ok.
Let's say a User from CCM uses the same username and password as they do on CCM. You release by using a database linked to your tool is a huge security risk.
If you want, PM me and I'll give you a PHP code to make it almost 0% chance of anything happening (it's half a line)

I don't get how PHP could play a part in this, It's purely a C# windows application so once the application is compiled surely it's safe enough to release (if i implement the mysql code correctly and not just hard coding passwords etc)
Although I guess I'm the one who's new the windows app development so what do i know, I'll drop you a PM and hopefully you can guide me to what is safe and what isn't

Also When saving passwords to a database, I would encrypt them, It's very silly to store raw text.

btw, new design that I'm working on.

 

[Teddeh]

Actually, Just sparked an idea.
If I had a Webpage running on a machine/vps, powered by PHP/Jquery, Could i just send some sort of signal to my webpage which will run the database stuff?
I mean, running database queries server side is alot more secure than client side right.

I'm thinking sockets or redis, thoughts @Harry ?

 

[CabCon]

Actually, Just sparked an idea.
If I had a Webpage running on a machine/vps, powered by PHP/Jquery, Could i just send some sort of signal to my webpage which will run the database stuff?
I mean, running database queries server side is alot more secure than client side right.

I'm thinking sockets or redis, thoughts @Harry ?

Yes, it is but I'm quite struggling why you don't know this. Your code looks good and you said you worked with php in the past. You should know that.

I recommend to use an API to handle your logins. There are a few templates and tutorials across the internet, just google it.

 

[Teddeh]

Yes, it is but I'm quite struggling why you don't know this. Your code looks good and you said you worked with php in the past. You should know that.

I recommend to use an API to handle your logins. There are a few templates and tutorials across the internet, just google it.

I've never wrote a windows application before so the security issues didn't occur to me until Harry mentioned it.

Regarding PHP, I know what I am doing but I didn't realise I would need todo such a thing to prevent hackers as I thought a windows form would be secure.

I've made a redis library myself and a mongodb & MySQL library for PHP so my view is straight forward now.

 

[candy]

I wanted to ask, since I couldnt see an answer. This tool that you're doing, for your menus and what not. I hope this login system you've got going on, isn't so you can sell the menus. Honestly I wont use it either way to be honest, but selling gsc is pretty pethetic.

 

[Harry]

I don't get how PHP could play a part in this, It's purely a C# windows application so once the application is compiled surely it's safe enough to release (if i implement the mysql code correctly and not just hard coding passwords etc)
Although I guess I'm the one who's new the windows app development so what do i know, I'll drop you a PM and hopefully you can guide me to what is safe and what isn't

Also When saving passwords to a database, I would encrypt them, It's very silly to store raw text.

btw, new design that I'm working on.

Actually, Just sparked an idea.
If I had a Webpage running on a machine/vps, powered by PHP/Jquery, Could i just send some sort of signal to my webpage which will run the database stuff?
I mean, running database queries server side is alot more secure than client side right.

I'm thinking sockets or redis, thoughts @Harry ?

So both of these methods WILL work, however, both are insecure.

So, when you 'compile' your program, it'll take anyone with google and 2 minutes to get your full source code. Think Im wrong, send me a program with nothing in it but a 'string GetThis = "SOMETHING HERE";' and send it to me, Ill get it easily.

However, the method with 'sending some type of signal' is what I do on one of my programs. I can do this because the program communicated with my server in order to retrieve or send information. For instance, when you login, all you are doing is authenticating a username and password exist, same with registration, you're just making it exist.
However, when you purchase something, it's all done through my site. You enter your PayPal info into PayPal, then my site will receive information from PayPal to say whether I should give you credits or not, and how many.
Although my application says 'You have 10 credits remaining', you can crack this and edit it to say '1000', right? Wrong. Because when you try to use one, my server-sided code sends a request to my database, to see if you have '1' credit remaining. If its true, it'll take away a credit and then return a value I want it to. However, if it's false, it'll return an error ("You are out of credits"). The 'You have 1000 credits remaining' is just a basic notification. The login is just a simple way of remembering who you are, and who we should take and give the credits to and from.

When you are building an application that works all client based, it's a lot harder. You'll find the majority of programs have 'cracks' or 'nulled' versions of themselves because of this (Adobe EVERYTHING is a great example of this). There is NO sure way of making your client sided program safe or secure.
When you enter (for a login):

"SELECT * FROM users WHERE username = "+username.Text+" AND password = "+password.Text;"

your are literally opening yourself up to sooo many malicious attacks, even when your program is confused or obfuscated.
Lemme tell you why:
1: You are giving me columns, database name AND a database hostname all at once. This goes back to my, if someone uses the same information on another website or tool, RIP them.
2: Windows can't read your "syhoiwcy75t23785yc8wbt78y389bc8" confused code, it reads "MessageBox.Show("My Code")", so sometime, your program will be plain source code. This means I could dump your program and get the source code from that. Pretty basic.

I know this has been longwinded, but please, reconsider making a login unless you are doing your stuff web based.

Here is a project I am currently working on:

You do not have permission to view link Log in or register now.

You run a listener which will be open source, but nothing is insecure (this will have a login and a paid feature to remove the advertisement I am putting on it).

~ Harry

 

[Teddeh]

So both of these methods WILL work, however, both are insecure.

So, when you 'compile' your program, it'll take anyone with google and 2 minutes to get your full source code. Think Im wrong, send me a program with nothing in it but a 'string GetThis = "SOMETHING HERE";' and send it to me, Ill get it easily.

However, the method with 'sending some type of signal' is what I do on one of my programs. I can do this because the program communicated with my server in order to retrieve or send information. For instance, when you login, all you are doing is authenticating a username and password exist, same with registration, you're just making it exist.
However, when you purchase something, it's all done through my site. You enter your PayPal info into PayPal, then my site will receive information from PayPal to say whether I should give you credits or not, and how many.
Although my application says 'You have 10 credits remaining', you can crack this and edit it to say '1000', right? Wrong. Because when you try to use one, my server-sided code sends a request to my database, to see if you have '1' credit remaining. If its true, it'll take away a credit and then return a value I want it to. However, if it's false, it'll return an error ("You are out of credits"). The 'You have 1000 credits remaining' is just a basic notification. The login is just a simple way of remembering who you are, and who we should take and give the credits to and from.

When you are building an application that works all client based, it's a lot harder. You'll find the majority of programs have 'cracks' or 'nulled' versions of themselves because of this (Adobe EVERYTHING is a great example of this). There is NO sure way of making your client sided program safe or secure.
When you enter (for a login):

"SELECT * FROM users WHERE username = "+username.Text+" AND password = "+password.Text;"

your are literally opening yourself up to sooo many malicious attacks, even when your program is confused or obfuscated.
Lemme tell you why:
1: You are giving me columns, database name AND a database hostname all at once. This goes back to my, if someone uses the same information on another website or tool, RIP them.
2: Windows can't read your "syhoiwcy75t23785yc8wbt78y389bc8" confused code, it reads "MessageBox.Show("My Code")", so sometime, your program will be plain source code. This means I could dump your program and get the source code from that. Pretty basic.

I know this has been longwinded, but please, reconsider making a login unless you are doing your stuff web based.

Here is a project I am currently working on:

You do not have permission to view link Log in or register now.

You run a listener which will be open source, but nothing is insecure (this will have a login and a paid feature to remove the advertisement I am putting on it).

~ Harry

I completely understand where you're coming from now.
Out of all of my experience regarding development, I have never created anything 'client side' (from scratch) which is why I was so oblivious.

To be honest, I feel a little stupid for thinking that I could handle everything client side instead of server side.
I'd like to thank you for clarifying, although I did understand where you was coming from before, now I see more clearly the view on this.

I'm assuming the best way for me to achieve such security is TCP Protocol,
I may be wrong, however, It's just my first guess.

Regarding your previous posts, It wasn't that I didn't believe you, You come across as a very knowledgeable person however, I am kind of Ignorant / Arrogant and I like to-do things my own way rather than taking on someone else's view. (Most developers are) But thank you non the less.

 

[Teddeh]

I wanted to ask, since I couldnt see an answer. This tool that you're doing, for your menus and what not. I hope this login system you've got going on, isn't so you can sell the menus. Honestly I wont use it either way to be honest, but selling gsc is pretty pethetic.

I don't plan to sell GSC Menu's, But I do plan to turn some mods i create into buy-able products.
I am also planning to sell console related stuff aswell as ingame mods.

 

[Harry]

I completely understand where you're coming from now.
Out of all of my experience regarding development, I have never created anything 'client side' (from scratch) which is why I was so oblivious.

To be honest, I feel a little stupid for thinking that I could handle everything client side instead of server side.
I'd like to thank you for clarifying, although I did understand where you was coming from before, now I see more clearly the view on this.

I'm assuming the best way for me to achieve such security is TCP Protocol,
I may be wrong, however, It's just my first guess.

Regarding your previous posts, It wasn't that I didn't believe you, You come across as a very knowledgeable person however, I am kind of Ignorant / Arrogant and I like to-do things my own way rather than taking on someone else's view. (Most developers are) But thank you non the less.

No worries
I'm just thinking about the people because this stuff has happened before.
As for the TCP protocol, I'm not sure what you mean. I think the best way for you to achieve a login is not to make one, or cough up $200+ for an obfuscator which will protect your program till someone finds a way of exploiting it.
If you want to sell mods badly, perhaps you and I could jump into a Skype call once my PC is fixed and spend a night or two working on a secure method or something? You seem to have an idea on what your talking about.
And you have no clue about arrogance in this community. You should have been here 6 months ago when SeriousHD- was here xD

I don't plan to sell GSC Menu's, But I do plan to turn some mods i create into buy-able products.
I am also planning to sell console related stuff aswell as ingame mods.

Sell cheap, sell infinite time. **** these '$30/month' products!

 

[Syndicate]

lol

 

[VerTical]

Cool

 

[AMBITCHOUS]

Starting on an optional base that can be selected within the current menu.
(for those that may not like the category switching)

Thoughts?

This is what i was referring to, GSC has limits, not saying its not impossible but you'll be using a fair few HUD's to make a menu look like that, so in this case if it's possible, you won't be able to add functions that use HUD's whilst having the menu open, that's my friendly advice anyway.

 

[Teddeh]

I've stopped working on this project, I am currently back in fulltime employment so I just don't have the time.
I'll keep the thread as is incase I come back and finish it off.