Encrypted Ini File Back Into A 4 Line Variable?

[welby 4]

Hi All,

 

I am using Heopos Ini addon and I am encrypting the values in the "ini" file which is fine.

 

But what I want to do is read say four lines of the ini file and put all four lines into a single variable.

 

I am ok reading and decrypting each line into it's own variable.

 

I can't go out to a text file as this defeats the object of the encryption.

 

And it has to be four lines as Pach's twitter addon expects to see a four line API entry.

 

Has anyone got any suggestions as I do not wish to expose the twitter API keys once entered into my app.

 

Thanks in advance.

Edited February 27, 2017 by welby

[HelloInsomnia 1103]

You can store an encryption key inside of your bot which will marginally protect you, as in the user wouldn't be able to read your keys in plain text that are stored on their system. Alternatively you could just keep the API keys in the program as it basically does the same thing.

 

The problem is that somebody could potentially view your source code by decompiling the program or just by sniffing the web traffic and seeing your api key in plain text there.

 

Best thing to do is to have the user input their own API keys.

[welby 4]

You can store an encryption key inside of your bot which will marginally protect you, as in the user wouldn't be able to read your keys in plain text that are stored on their system. Alternatively you could just keep the API keys in the program as it basically does the same thing.

 

The problem is that somebody could potentially view your source code by decompiling the program or just by sniffing the web traffic and seeing your api key in plain text there.

 

Best thing to do is to have the user input their own API keys.

Hi thank you for the reply.

 

I understand what you are saying but I was trying to avoid the end-user entering the API details each time they used the bot.

 

Are you saying it's possible to store a variable internally that will remain each time the bot is launched without resorting to an external ini file.

 

If that's the case then that would be the way forward.

 

Am I understanding you correctly?

Edited February 28, 2017 by welby

[HelloInsomnia 1103]

Hi thank you for the reply.

 

I understand what you are saying but I was trying to avoid the end-user entering the API details each time they used the bot.

 

Are you saying it's possible to store a variable internally that will remain each time the bot is launched without resorting to an external ini file.

 

If that's the case then that would be the way forward.

 

Am I understanding you correctly?

 

No, I am not saying that. I misunderstood your original post and I thought you were trying to protect your own API keys and not the users. If you want to store the users API keys but not in plain text you can encrypt them and store them into a text file or into an ini file as well. You can use hmac plugin (by UbotDev) or TextEncryption plugin (by Meter) and either will allow you to have your own encryption key.

 

"I can't go out to a text file as this defeats the object of the encryption."

 

You can if you just store an encryption key inside of your program. This is what I meant by keeping a variable internally. You can just keep an encryption key in an variable that decrypts the text file.

 

You can read all of those lines from the ini file into a list and then set the variable to be the text of the list like so:

clear list(%myList)
add item to list(%myList,"line 1","Don\'t Delete","Global")
add item to list(%myList,"line 2","Don\'t Delete","Global")
add item to list(%myList,"line 3","Don\'t Delete","Global")
add item to list(%myList,"line 4","Don\'t Delete","Global")
set(#myVar,%myList,"Global")

[welby 4]

Worked like a charm - thank you

 

Everything encrypted - nothing visible externally - only decrypts internally - and loads encrypted keys on launch

 

I am learning as I go - thanks again.

 

I guess the only way to protect a bot from hackers is to encrypt the UBOT and call it from within another bot.

 

I must admit I wasn't aware of any currrent tools that could decompile a bot - is it that simple?

[HelloInsomnia 1103]

Worked like a charm - thank you

 

Everything encrypted - nothing visible externally - only decrypts internally - and loads encrypted keys on launch

 

I am learning as I go - thanks again.

 

I guess the only way to protect a bot from hackers is to encrypt the UBOT and call it from within another bot.

 

I must admit I wasn't aware of any currrent tools that could decompile a bot - is it that simple?

 

The only way to protect it is to create your own API and then issue your users API keys, then have your server do the work and return the results and protect it with API limitations. But that makes no sense because at that point they could just use their own Twitter API keys so it's redundant.

 

Decompiling .NET software is easy, reading it is another thing though (which is why I said "potentially") and I don't know what steps Ubot takes to protect our scripts but any application is technically crackable. That being said I wouldn't worry because it's not really likely to happen unless you have an extremely popular software which is protected and people only crack it to unprotect it.

[welby 4]

I happy I dont have any sensitive data being written out to files, so I have covered that base.

 

In terms of hacking ubot, if my software ever gets that popular I am hoping I will be a wealthy person and can retire on the proceeds, but somehow I am a realist!

 

Thanks again for your help!

Edited March 2, 2017 by welby