Jump to content
  • Advertisement
Sign in to follow this  
ehmdjii

simple encryption

This topic is 4517 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

hello, i am sending some data to a server by calling an url with libCURL. now in order to prevent hacking i want to encrypt this data somehow. so im looking for a way to scrample the data using a key in my application. then on the server i want to descramble it using the same key. whats an easy way to this in C++?

Share this post


Link to post
Share on other sites
Advertisement
Hey ehmdjii,

Have you tried a Google search ?
If I wanted to create a simple encryption mechanism, I would use a XOR.

Try taking a look here maybe.
Cheers
StratBoy61

-edit-
Note that there is at least one little problem with the XOR: If someone has access to your encrypting mechanism, passing it a binary value made with only 1's will output the coding string, allowing thus to uncrypt. So you have to protect your encrypting mechanism, not the uncrypting one :)

[Edited by - StratBoy61 on March 4, 2006 5:07:11 AM]

Share this post


Link to post
Share on other sites
Quote:
Original post by Emmanuel Deloget
There is a lot of enctryption libraries around there. One on top of my head: OpenSSL.

The advantage of using SSL is that it is going to encrypt the whole HTTP communication. So that a potential hacker has no idea about how your client and server communicate. Same with your code, you do not have to care about encryption, it will be done by your ISAPI layer and your web server. I did not know that a free version of it existed though. The only problem I can see about using it is the performance. Do some MMOs use SSL for real-time communication ?
Please let me know.
StratBoy61

Share this post


Link to post
Share on other sites
one more question about the XOR encryption

is it safe to send such data over a regular http request?

like
http://.../upload.php?s=xor-result-here

it seems it contains a lot of characters that may break an url.

Share this post


Link to post
Share on other sites
It seems that the length of an URL is limited by the web server (cf. http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2). What about a Google search about the PHP restrictions for that ? :)

I would actually recommend using a POST command with binary information in your case, rather than pasting the data into the URL.
Cheers
StratBoy61

Share this post


Link to post
Share on other sites
If the problem is just to scramble the data so that Joe User will not fake high scores on your server, then what I would do is post the data using either base-64 encoding or hexadecimal. Those encodings are about as secure as XOR scrambling the data, from a fake-it point of view, but are text-only and thus guaranteed to be compatible in the URL.

Another approach would be to compute a hash of 1) some number you hard-code into your program, 2) the score, 3) the user ID. Send this as a separate number, and verify the hash (by re-computing it) on the server side. As long as the user doesn't know the hard-coded number, they can't re-create the hash.

All of these methods suffer from the weakness that, in the end, they do trust data from the client, so a determined hacker can disassemble your program and send any score he wants. There's no way around that, except by using server-authenticated simulation, which is typically too expensive for most independent games.

Share this post


Link to post
Share on other sites
Quote:
Original post by hplus0603
All of these methods suffer from the weakness that, in the end, they do trust data from the client, so a determined hacker can disassemble your program and send any score he wants.

I am curious about that to tell you the truth. Is it *that* easy to disassemble a C++ program and understand what it does ?
I read --some time ago, that one could either write his own program to fool a hacker who would want to disassemble it, or pass his/her program into a kind of scrambler utility that would mess up the binary (for disassembly).
To me, hackers usually try to take advantage of other weaknesses and spoofing is usually the easiest way ; disassembling and trying to understand, well, I am sceptical...
StratBoy61

Share this post


Link to post
Share on other sites
Quote:
Is it *that* easy to disassemble a C++ program and understand what it does ?


That depends on who you are. If you have no experience, then no, it'll take a while. But if your day job is debugging applications, or writing device drivers, or doing embedded programming, and you have ten years of experience, then finding the spot in your application where the encryption happens should take less than an evening's worth.

There are ways to make it harder -- for example, with a non-uniform instruction cache, you can re-write the code after it's loaded in icache, and thus confuse someone disassembling memory (because it loads through D-cache), but these methods often break on new versions of the OS, and in the end only serve to slightly delay the determined attacker (say, by half an hour to an hour).

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!