I have a compiled Pcode VB6 application with 1 published and 9
never-published
alphanumeric string contants embedded in the program for passwords.

The code simply has lines like this in a FORM to use as a cheap access
match.
A(1)= "sbddy-ttqxfg
A(2)= "hidvh-deehg

I started getting 50 downloads an hour and traced this back to a site
that listed ALL 10 strings on the web, and my site URL.

I work at home and this source code has NEVER been out of my office.
How was this cracked? How how how? I thought VB6 could not be
disassebled!

Any thoughts out there?
Thanks
-stone

"Stone" <x@y.com> wrote in message
news:wLFVa.5259$W93.1268770@news4.srv.hcvlny.cv.ne t[color=blue]
> I have a compiled Pcode VB6 application with 1 published and 9
> never-published
> alphanumeric string contants embedded in the program for passwords.
>
> The code simply has lines like this in a FORM to use as a cheap access
> match.
> A(1)= "sbddy-ttqxfg
> A(2)= "hidvh-deehg
>
> I started getting 50 downloads an hour and traced this back to a site
> that listed ALL 10 strings on the web, and my site URL.
>
> I work at home and this source code has NEVER been out of my office.
> How was this cracked? How how how? I thought VB6 could not be
> disassebled![/color]

any EXE can be disassembled but from what you describe it probably wasn't
required. Even viewing the compiled EXE in notepad you can see text
literals from the source so those passwords are probably plainly visible.
At the very least you need to have some sort on encoding or encryption on
the embedded passwords.

On Tue, 29 Jul 2003 19:30:42 -0700, "Bob Butler"
<tiredofit@nospam.com> wrote:
[color=blue]
>"Stone" <x@y.com> wrote in message
>news:wLFVa.5259$W93.1268770@news4.srv.hcvlny.cv.n et[color=green]
>> I have a compiled Pcode VB6 application with 1 published and 9
>> never-published
>> alphanumeric string contants embedded in the program for passwords.
>>
>> The code simply has lines like this in a FORM to use as a cheap access
>> match.
>> A(1)= "sbddy-ttqxfg
>> A(2)= "hidvh-deehg
>>
>> I started getting 50 downloads an hour and traced this back to a site
>> that listed ALL 10 strings on the web, and my site URL.
>>
>> I work at home and this source code has NEVER been out of my office.
>> How was this cracked? How how how? I thought VB6 could not be
>> disassebled![/color]
>
>any EXE can be disassembled but from what you describe it probably wasn't
>required. Even viewing the compiled EXE in notepad you can see text
>literals from the source so those passwords are probably plainly visible.
>At the very least you need to have some sort on encoding or encryption on
>the embedded passwords.[/color]

So what would be a good encoding method? What about doing a bit-level
Xor with some odd string?

--
Running MS VB 6.0 Pro (SP5) on Win2K-SR2

STUPID ME!!
The password strings ARE in the EXE...

For Hello is was searching for "Hello" and it is missing... but guess what,
00 "H" 00 "e" 00 "l" 00 "l' 00 is plain as day... just with nulls in
between
the letters...

So much for a stupid password design...
-stone

"Stone" <x@y.com> wrote in message
news:9SOVa.10247$W93.2971924@news4.srv.hcvlny.cv.n et[color=blue]
> STUPID ME!!
> The password strings ARE in the EXE...
>
> For Hello is was searching for "Hello" and it is missing... but guess
> what, 00 "H" 00 "e" 00 "l" 00 "l' 00 is plain as day... just with
> nulls in between
> the letters...[/color]

actually it's just that the text is stored in Unicode

On Wed, 30 Jul 2003 12:28:53 GMT, "Stone" <x@y.com> wrote:
[color=blue]
>STUPID ME!!
>The password strings ARE in the EXE...
>
>For Hello is was searching for "Hello" and it is missing... but guess what,
>00 "H" 00 "e" 00 "l" 00 "l' 00 is plain as day... just with nulls in
>between
>the letters...
>
>So much for a stupid password design...
>-stone[/color]

Yup - that is Unicode - or IMO 'Unicrud'

I suggest that you use this cracking 'experience' to have some fun

Obviously, as I and others have pointed out, the password protection
is easy

However, you could have some 'plain text' passwords in your system,
clearly in view for a text or hex editor ....

And when one of those is entered something frightening could happen
- nothing destructive ... but nicely terrifying
- Red screen - Warning ... Entering System Edit Mode
... Revert Registry ... Re-Assign Drive Mapping

You could even delete the EXE
.... copy to a c:\temp\xxx.tmp run that to delete the first EXE