Jump to content
Sign in to follow this  
mmavipc

SQF Encryptor

Recommended Posts

edit: (I can make them links myself by editing now that my post count is 1)

I've written a program to encrypt SQF files with a password, and an SQF script to then decrypt.

I'm relatively new to SQF and the language I'm most comfortable in is C++, so the SQF decryptor probably sucks, one major problem is the lack of bitwise manipulation commands in SQF, so I had to do xor using loops & integers, which takes a long time because it's inefficient, but it's the only solution. I've put in a feature request here: http://dev-heaven.net/issues/65613 if it gets accepted and implemented, decryption will happen nearly instantly.

The zip contains two files: sqfcryptor.exe and decrypt.sqf

Usage:

Put the exe in the same folder as the sqfs you would like to encrypt, double click it, enter password, and then watch the magic. Your original files will still be in the folder, along with filename_enc.sqf which contain an array of numbers Example: http://pastebin.com/3PhdBsbp

Put decrypt.sqf in your addon/mission/whereever you'll be using it. To use it, compile it in a SQF and assign a variable to it, then

private["_decrypted"];
_decrypted =[] call compile loadFile "mysqf_enc.sqf";
_decrypted = ["password", _decrypted] call decrypt;

This will give you a string containing the SQF's code, you can then manipulate it as you would if you had just loadFile'd the unencrypted SQF. Full example

decrypt = compile preprocessFileLineNumbers "decrypt.sqf";
secretFunc = [] call compile loadFile "secretfunc_enc.sqf";
secretFunc = ["random password", secretFunc] call decrypt;
secretToLife = ["omgwat"] call secretFunc;

There's no way to preprocess code in memory, so if you need the preprocessor you need to do it manually before you encrypt the sqf. One way to do this would be to

copyToClipboard preprocessFile "unprocessed.sqf";

and then put your clipboard's contents in a new SQF file and encrypt that instead.

But what's the point if they can just open up the sqf and see the password? If you have it set up that way, then it's just a hoop they need to go through to get to the code. If it's an addon that's unavoidable, unless you want that addon to only work on your server. In a mission you need to put the password in a file that's somewhere on the server eg \userconfig\mission_name\pass.txt and have the mission load that file to get the password, then send the password over the network to clients who are joining. Example:

if(isServer)
{
decPass = loadFile "\userconfig\mission_name\pass.txt";
publicVariable "decPass";
}
else
{
waitUntil {!isNil "decPass"};
//decrypt using decPass
};

I know you probably don't trust the exe(good for you, I wouldn't either if I were you, random exe from internet from guy with 1 post? no thanks), it's included only as a convenience, either open it up in a disassembler(I didn't pack it, so it should be easy to reverse), or code your own by looking at the decryption algorithm and preforming the steps in reverse.

VirusTotal of exe: http://virustotal.com/file/d683f0e3ea7a4dda9ccd64cb5ec63a874bcda85b0e2ac5e17e6ab1c4437ce7a5/analysis/1354401178

Zip: http://filedropper.com/sqfcryptor

Edit: I've cleaned up the code of sqfcryptor.exe it is available here: http://pastebin.com/S4QdJ205

Edited by mmavipc

Share this post


Link to post
Share on other sites

Who are you afraid of reading your code?

This forum is built on sharing, and I would bet most of the good coders who post on this forum learned by other people sharing...

Is this some DayZ related thing?

Share this post


Link to post
Share on other sites
Who are you afraid of reading your code?

This forum is built on sharing, and I would bet most of the good coders who post on this forum learned by other people sharing...

Is this some DayZ related thing?

I initially made it for a pilot qualification map that the group I'm a part of uses, so others couldn't rip it our of their mission cache and use it for their own group/train specifically for it. I thought, why not share it with others, and couldn't think of a reason, so I shared it here.

Share this post


Link to post
Share on other sites

To bad there are those in this world like that, but that is life...

Your other option is to write your code in such a way, even those who look through it can't even figure out what the heck you're doing(Xeno's Domination)...:D

Thanks for sharing, I'm sure those who have a need may find it helpful

Share this post


Link to post
Share on other sites
To bad there are those in this world like that, but that is life...

Your other option is to write your code in such a way, even those who look through it can't even figure out what the heck you're doing(Xeno's Domination)...:D

Thanks for sharing, I'm sure those who have a need may find it helpful

I was going to write an automated obfuscator, but encryption was less work, and more secure the way I'd be using it. I might write an obfuscator later on, and then obfuscate it before I encrypt it, double whammy.

Share this post


Link to post
Share on other sites

This is bye far the stupidest thing I have ever heard, why would you try to encrypt scripts? It's pretty easy to break the code and see what is happening. I have no idea why you are afraid of people stealing your work; it is as simple as posting in the init.sqf or description.ext a "Please do not re-distribute this work" or "Do not modify and take credit for this work". This community is a very trustful one and people are more than happy to show credit for someone else work. If you truly don't want anybody using your code I'm sure with the simple warning posted above will do; I have yet to see someone in this community try and steal someone else's work...

Think about it,

-Bigshot

Share this post


Link to post
Share on other sites
I initially made it for a pilot qualification map that the group I'm a part of uses, so others couldn't rip it our of their mission cache and use it for their own group/train specifically for it. I thought, why not share it with others, and couldn't think of a reason, so I shared it here.

You should have thought "Man, I made an awesome qualification map, I should share it with others" instead of "Man, I made an awesome qualification map, I should try to keep it from others."

Share this post


Link to post
Share on other sites

You realize this is entirely pointless and the code can be ripped with minimal effort and skill right? A "compiled" SQF function is still plain text when you spit it out.

decrypt = compile preprocessFileLineNumbers "decrypt.sqf";
secretFunc = [] call compile loadFile "secretfunc_enc.sqf";
secretFunc = ["random password", secretFunc] call decrypt;
diag_log text (str secretFunc);

Done, all the SQF for that function was just spit to the RPT. ;)

Share this post


Link to post
Share on other sites
So you're sharing a tool specifically aimed at preventing sharing? Odd.

Hehe. And by sharing the tool that aims to prevent sharing, he's lessened the probability that his encryption is secure.

It's an interesting technique and I like the way the password is given out to clients so they can decrypt on then fly, but I don't like the principle.

Presumably, he doesn't want prospective pilots being able to look inside his mission and see what's required to gain qualification ahead of taking the exam and that's a valid reason, but he actually says he doesn't want other groups to train using it.

If it was commercial IP, then again, you could understand, but it can't be. It's in the EULA that anything made with the tools (and by extension, the language) cannot be used commercially.

So this is a bad idea and it's a shame the community has come to this. I hope the OP sees the error of his ways. He's new, I see. Perhaps he'll see the way of the community he's in.

Share this post


Link to post
Share on other sites
You realize this is entirely pointless and the code can be ripped with minimal effort and skill right? A "compiled" SQF function is still plain text when you spit it out.

decrypt = compile preprocessFileLineNumbers "decrypt.sqf";
secretFunc = [] call compile loadFile "secretfunc_enc.sqf";
secretFunc = ["random password", secretFunc] call decrypt;
diag_log text (str secretFunc);

Done, all the SQF for that function was just spit to the RPT. ;)

Yeah, but that's if the password is embedded in the mission, and not sent to the clients from the server. If it's only sent when they connect they'd have to dump the code while connected, and if you don't give them a way to run scripts while playing they'd have to inject the script, which usually causes a BE global ban.

Hehe. And by sharing the tool that aims to prevent sharing, he's lessened the probability that his encryption is secure.

It's an interesting technique and I like the way the password is given out to clients so they can decrypt on then fly, but I don't like the principle.

Presumably, he doesn't want prospective pilots being able to look inside his mission and see what's required to gain qualification ahead of taking the exam and that's a valid reason, but he actually says he doesn't want other groups to train using it.

If it was commercial IP, then again, you could understand, but it can't be. It's in the EULA that anything made with the tools (and by extension, the language) cannot be used commercially.

So this is a bad idea and it's a shame the community has come to this. I hope the OP sees the error of his ways. He's new, I see. Perhaps he'll see the way of the community he's in.

If they asked us for it I'm sure we'd give it to them, it's more to prevent the scenario in which they don't

Share this post


Link to post
Share on other sites

Problem with ArmA and encryption is that all code is open source and people can find out exactly how a script/mission works simply by cracking it open. Encryption could be good for things like protecting passwords or usernames to SQL servers or stuff like that, but if you're encrypting a pilot training mission because you don't want another group to use it, that's kind of upsetting to hear....

Share this post


Link to post
Share on other sites
Problem with ArmA and encryption is that all code is open source...

No, it's not. Whatever script you write, it is yours. What you do with it is up to you as long it doesn't break BIS EULA. Encryption is valid therefor.

Reading this:

If they asked us for it I'm sure we'd give it to them, it's more to prevent the scenario in which they don't

IMHO this guy has completely understood how this community works.

But please, put aside what you (or i) think about this guy and his intentions. If you have questions about his tool or anything constructive to add, feel free to post. If it's about his intentions, feel free to simply ignore this thread.

Share this post


Link to post
Share on other sites

In fairness, posters are helping the OP, who is relatively new get acclimatised to the nature of the forums and the community. I note that no-one has said "Wow, great idea!!11" though that might be because the weight of the communitys opinion is apparently contrary to that.

I also note that he's answered all his critics in a mature and balanced fashion. Good for him, I say.

He's had technical advice from some telling him that he can only achieve his aim to a limited extent.

I think it'd be a shame if we stifled debate with the end result, intentionally or otherwise, that tools that the vast majority of us think is (perhaps this isn't quite the right word) unethical are promoted.

Share this post


Link to post
Share on other sites
Myke;2260217']No' date=' it's not. Whatever script you write, it is yours. What you do with it is up to you as long it doesn't break BIS EULA. Encryption is valid therefor.

[/quote']

What I meant by "open source" is that it's not compiled therefore anyone can look at it. Not that any script you make is automatically everyone else's

Share this post


Link to post
Share on other sites
What I meant by "open source" is that it's not compiled therefore anyone can look at it. Not that any script you make is automatically everyone else's

You're using the term "open source" wrong. Just because SQF isn't compiled doesn't make it open source. Open source means that you are generally allowed to use it, alter it, expand it.

Share this post


Link to post
Share on other sites

I think Horner didn't mean 'open source' in the accepted sense. I'm guessing, but I think he meant more available to all to read.

Share this post


Link to post
Share on other sites

I guess I was using the term "open source" in more of a literal way instead of what is popularly means, but whatever. Getting sidetracked here, I do have a question though, if you don't return decrypt back to a nil status, can't someone just print out the code in "decrypt.sqf"?

Share this post


Link to post
Share on other sites
I guess I was using the term "open source" in more of a literal way instead of what is popularly means, but whatever. Getting sidetracked here, I do have a question though, if you don't return decrypt back to a nil status, can't someone just print out the code in "decrypt.sqf"?

they could just depbo it and look at decrypt.sqf, if decrypt.sqf was ever encrypted nothing could be decrypted. The only way to keep the encryption secure is to safeguard the password, like I mentioned in the OP.

Share this post


Link to post
Share on other sites
;2260551']How do encrypt the password?

That's up to you. In the pilot cert mission the password isn't encrypted at all, it's stored in \userconfig\...\pass.txt on the server, and when a client joins, the server sends it to them.

Share this post


Link to post
Share on other sites

Any time the password is sent as cleartext any place, or has to be stored in cleartext, its vulnerable.

Share this post


Link to post
Share on other sites

If I got this right, the goal here is to prevent people from robbing you of your work, not protecting some NSA stuff. If he is willing to give up his mission as long as he's asked to, and it takes more time to decrypt the damn thing than to just send an email, I guess he's pretty much where he wants to be.

Not that I really see the point yet, but hell, I guess everybody's entitled to do stuff as they see fit.

Share this post


Link to post
Share on other sites

Don't you realize - it cannot be made secure this way as the password needs to be sent to the client and therefore intercepted.

Sure you can hold off noobs that way, but thats it. If you really don't want to share it, you have to script the mission to be as much as server side only as possible.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×