HISE Logo Forum
    • Categories
    • Register
    • Login

    Blowfish - on a string

    Scheduled Pinned Locked Moved General Questions
    36 Posts 5 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Christoph HartC
      Christoph Hart @Lindon
      last edited by Christoph Hart

      If you think this is your line of defense

      The pirate cannot generate new serials because they dont have the private key,

      then this is the attack vector:

      and check against the array of serials (that is clearly viewable by the pirate) inside the plugin.

      A keygen would simply contain the "clearly viewable" list of valid serials and spit out one of them:

      inline function nastyKeygen()
      {
           return extractedKeys[Math.randInt(0, extractedKeys.length)];
      }
      

      If you want to up your copy protection game, just use the ScriptLocker class. This enforces a system identification and a server call, but if your server is hacked, then you might as well give up.

      LindonL 1 Reply Last reply Reply Quote 0
      • LindonL
        Lindon @Christoph Hart
        last edited by Lindon

        @Christoph-Hart said in Blowfish - on a string:

        If you think this is your line of defense

        The pirate cannot generate new serials because they dont have the private key,

        then this is the attack vector:

        and check against the array of serials (that is clearly viewable by the pirate) inside the plugin.

        A keygen would simply contain the "clearly viewable" list of valid serials and spit out one of them:

        inline function nastyKeygen()
        {
             return extractedKeygens[Math.randInt(0, extractedKeygens.length);
        }
        

        If you want to up your copy protection game, just use the ScriptLocker class. This enforces a system identification and a server call, but if your server is hacked, then you might as well give up.

        well I think one of us doesn't understand RSA = it could well be me....

        Heres a serial: 1234-1234

        I take the encrypting(private) key and generate an encrypted version....

        qw247dnwpoie75hb4985345h34

        I give this to my customer....

        My app asks for this encrypted key:...

        The app contains the decrypting(public) key:

        333eee333eerr444rrr

        it uses this public key to decrypt it the serial provided by the user, getting:

        1234-1234

        it checks against the array of valid serials held in the app:

        1234-1234
        5668-5678
        2345-6784
        2291-6144

        its present so valid all good....

        Along comes my pirate, he gets a copy of my app:

        he can see the list of serials...

        1234-1234
        5668-5678
        2345-6784
        2291-6144

        he can see the public key:

        333eee333eerr444rrr

        Okay so now he needs to generate an encrypted serial that will be decrypted by the public key....for that he needs the private key....he doesn't have it..and its very complex to get it. So he will have to hack the code.

        Did I misunderstand something?

        HISE Development for hire.
        www.channelrobot.com

        LindonL Christoph HartC 2 Replies Last reply Reply Quote 0
        • LindonL
          Lindon @Lindon
          last edited by Lindon

          @Lindon so I think what I'm looking for is these JUCE calls to be implemented in HISE

          static void RSAKey::createKeyPair(
          RSAKey & publicKey,
          RSAKey & privateKey,
          int 	numBits,
          const int * 	randomSeeds = nullptr,
          int 	numRandomSeeds = 0 
          )	
          

          which is a convenience but gives me two RSA keys...

          and this:

          
          bool RSAKey::applyToValue(BigInteger & value)const
          
          

          which I can use with the encoding key to encode my serials, and with the decoding key to decode them...

          HISE Development for hire.
          www.channelrobot.com

          1 Reply Last reply Reply Quote 0
          • Christoph HartC
            Christoph Hart @Lindon
            last edited by

            @Lindon Actually, no, you're right. I forgot the decryption step in my calculations...

            Alright, you win. But I would recommend to not store serials inside the plugin (unnecessary loading time for parsing ten of thousands of JSON strings, possibility of license overflow), but to just check them with any arbitrary logic:

            isSerialValid(decryptedSerial)
            {
                return decryptedSerial.charAt(4) = 'A'; // or something a bit more secure...
            }
            

            then only generate serials that match against that filter in your keygen.

            LindonL 1 Reply Last reply Reply Quote 1
            • LindonL
              Lindon @Christoph Hart
              last edited by

              @Christoph-Hart said in Blowfish - on a string:

              @Lindon Actually, no, you're right. I forgot the decryption step in my calculations...

              Alright, you win. But I would recommend to not store serials inside the plugin (unnecessary loading time for parsing ten of thousands of JSON strings, possibility of license overflow), but to just check them with any arbitrary logic:

              isSerialValid(decryptedSerial)
              {
                  return decryptedSerial.charAt(4) = 'A'; // or something a bit more secure...
              }
              

              then only generate serials that match against that filter in your keygen.

              hmm, yeah that looks good... - still I'd like to be in the position to require "tens of thousands" of strings....LOL.

              The actual next thing to do is to recreate the decrypt-and-check-steps in several places in the plug-in AND to do so in slightly different ways each time so the result isnt easy to just pattern match trace in the script...the to defer some of them, time and functionality based...

              HISE Development for hire.
              www.channelrobot.com

              Christoph HartC 1 Reply Last reply Reply Quote 0
              • Christoph HartC
                Christoph Hart @Lindon
                last edited by Christoph Hart

                Alright, it's pushed (won't show up in the API until I'm back on my Windows system though). You can create the RSA key pairs already in the Tools menu. Just make sure you don't save it as file, or HISE will think you are using its copy protection...

                // You can create those with "Tools / Create RSA Key pair, then copy to clip board and paste it here"
                const var publicKey =  "101,6e72f1e9720ba9f28c32034c61575948f919ec78d97ad0cecd539f798084e284d983c580db1d3fb72897535305df0bc61769825f18174a46c2d524b32138f80d";
                
                // Obviously don't include that one in your shipped product...
                const var privateKey =  "c0889eb9cdc6a2c5afa7dde7c29645f9ba332aa8d3c32a3fa7aaac6838afdc89a1b66da08b40f71c68797a4977b00c3c3a8dcf750adc9238b1c0a42c78a4b01,6e72f1e9720ba9f28c32034c61575948f919ec78d97ad0cecd539f798084e284d983c580db1d3fb72897535305df0bc61769825f18174a46c2d524b32138f80d";
                
                const var dummyData = "1234abc"
                
                const var encrypted = FileSystem.encryptWithRSA(dummyData, privateKey);
                
                const var decrypted = FileSystem.decryptWithRSA(encrypted, publicKey);
                
                Console.print(encrypted);
                Console.print(decrypted);
                
                LindonL 1 Reply Last reply Reply Quote 1
                • LindonL
                  Lindon @Christoph Hart
                  last edited by

                  @Christoph-Hart man you're quick...Thanks.

                  HISE Development for hire.
                  www.channelrobot.com

                  Dan KorneffD 1 Reply Last reply Reply Quote 0
                  • Dan KorneffD
                    Dan Korneff @Lindon
                    last edited by

                    @Lindon Did you get this implemented yet?

                    Dan Korneff - Producer / Mixer / Audio Nerd

                    Christoph HartC 1 Reply Last reply Reply Quote 0
                    • Christoph HartC
                      Christoph Hart @Dan Korneff
                      last edited by

                      @dustbro Paste the code into a script and find out :)

                      Dan KorneffD 1 Reply Last reply Reply Quote 1
                      • Dan KorneffD
                        Dan Korneff @Christoph Hart
                        last edited by

                        @Christoph-Hart I have no doubt that it works. I guess that was just opening a conversation to "how does it work?" Is there a flow chart or something I can look at? I have a key that I'd like to hide in my script, and this seems like a way to do it... I just don't know how it works. .

                        Dan Korneff - Producer / Mixer / Audio Nerd

                        LindonL 1 Reply Last reply Reply Quote 0
                        • LindonL
                          Lindon @Dan Korneff
                          last edited by Lindon

                          @dustbro depends what you mean by "hide" - read the "flow of control description" I wrote earlier...and it should be obvious.

                          RSA encryption/decryption allows you to hide one key, (the private key) and to use the public key(viewable) to decrypt the string

                          HISE Development for hire.
                          www.channelrobot.com

                          1 Reply Last reply Reply Quote 1
                          • LindonL
                            Lindon @ustk
                            last edited by

                            @ustk said in Blowfish - on a string:

                            @Lindon I've just added two methods:
                            https://github.com/christophhart/HISE/pull/331

                            to use this way:
                            Screenshot 2022-06-02 at 16.23.41.png

                            Did this ever get included in HISE? Its not working here...

                            HISE Development for hire.
                            www.channelrobot.com

                            d.healeyD 1 Reply Last reply Reply Quote 0
                            • d.healeyD
                              d.healey @Lindon
                              last edited by

                              @Lindon Christoph posted an example a few posts up.

                              Libre Wave - Freedom respecting instruments and effects
                              My Patreon - HISE tutorials
                              YouTube Channel - Public HISE tutorials

                              LindonL 1 Reply Last reply Reply Quote 0
                              • LindonL
                                Lindon @d.healey
                                last edited by

                                @d-healey no, I'm looking for the simple blowfish stuff.... it doesnt seem to work anymore..

                                HISE Development for hire.
                                www.channelrobot.com

                                d.healeyD 1 Reply Last reply Reply Quote 0
                                • d.healeyD
                                  d.healey @Lindon
                                  last edited by

                                  @Lindon Looks like that pull request hasn't been merged yet.

                                  Libre Wave - Freedom respecting instruments and effects
                                  My Patreon - HISE tutorials
                                  YouTube Channel - Public HISE tutorials

                                  LindonL 1 Reply Last reply Reply Quote 0
                                  • LindonL
                                    Lindon @d.healey
                                    last edited by

                                    @d-healey -yeah I will use the write/read EncryptedObject then...

                                    HISE Development for hire.
                                    www.channelrobot.com

                                    d.healeyD 1 Reply Last reply Reply Quote 0
                                    • d.healeyD
                                      d.healey @Lindon
                                      last edited by d.healey

                                      @Lindon Or wait a few minutes for @Christoph-Hart to merge it hopefully :D

                                      You could also pull it into your own fork.

                                      Libre Wave - Freedom respecting instruments and effects
                                      My Patreon - HISE tutorials
                                      YouTube Channel - Public HISE tutorials

                                      LindonL 1 Reply Last reply Reply Quote 0
                                      • LindonL
                                        Lindon @d.healey
                                        last edited by

                                        @d-healey said in Blowfish - on a string:

                                        You could also pull it into your own fork.

                                        Sometimes you make laugh out loud.....

                                        HISE Development for hire.
                                        www.channelrobot.com

                                        Christoph HartC 1 Reply Last reply Reply Quote 1
                                        • Christoph HartC
                                          Christoph Hart @Lindon
                                          last edited by

                                          @Lindon I've merged it.

                                          LindonL 1 Reply Last reply Reply Quote 1
                                          • LindonL
                                            Lindon @Christoph Hart
                                            last edited by

                                            @Christoph-Hart -too late-I'm down the encryptedObject path now - :beaming_face_with_smiling_eyes:

                                            HISE Development for hire.
                                            www.channelrobot.com

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post

                                            16

                                            Online

                                            1.7k

                                            Users

                                            11.9k

                                            Topics

                                            103.7k

                                            Posts