Easter Egg 2

[mark01]

I have a form that opens only when the user types in a certain password into my text box. When this form opens, it shows a picture of one of my friends. I will be distributing this application on the internet.

My question is this:
Is there anyway for a skilled individual to open the application, and somehow find the hidden form? (without typing the correct password into the textbox)

I just want to make sure nobody will see this picture, unless they know the password.

 

[SH4F33]

just forget the password for a minute, even if it is the "complexest" password on earth, if you've loaded the image straight to a picturebox/image control, well my friend; in less than 30 seconds, people can get all forms from your application. [whisper]umm.... de.....com... errr pile[/whisper]

Now let's still forget the password and lets say you are loading the picture from a resource file, still we can get the picture. This can be done when we...(can you whisper that again?)

 

[strongm]

>using "A" & "B" & "C" won't help

As already stated

>people can get all forms from your application

Yep, this is one of the few areas where so-called 'decompilers' (which they are not, frankly) such as VB RezQ can actually be useful

 

[chelseatech]

Rather than a string literal use a function that does a calculation at run time. Then nothing is hidden in your code.

But they could still use a password generator and try that against your code. All codes are breakable given enough time. With a 3 character code with digits, upper and lower case, that is 62 ** 3 or 238,328 combinations. If a good generator could do 1000 passwords in a minute then it's cracked within 4 hours. Longer passwords might require a long weekend or a holiday break. Additional machines mean any code is breakable. Dictionary attacks are even faster to get a solution, so don't use common phrases as your password.

But why worry with that. If the image is embedded in your code, they could extract that with a binary file editor.

Editor and Publisher of Crystal Clear

http://www.chelseatech.co.nz/pubs.htm

 

[Homersim2600]

As Mark01 stated the program closes after 3-tries, what if he took this further to say that if the user doesn't get the password correct in 3-tries, then the program will not work again?

"As far as the laws of mathematics refer to reality, they are not certain; as far as they are certain, they do not refer to reality."--Albert Einstein

 

[Hypetia]

Interesting discussion.

I remember when I used to use Windows 98, somehow I managed to dig out the Internet Explorer 4 easter egg.

The following code demonstrate the decoding of this easter egg as it is still present, even in Internet Explorer 6.
(just tested on Windows XP).
___
[tt]
Private Declare Function LoadLibraryEx Lib "kernel32" Alias "LoadLibraryExA" (ByVal lpLibFileName As String, ByVal hFile As Long, ByVal dwFlags As Long) As Long
Private Declare Function FindResource Lib "kernel32" Alias "FindResourceA" (ByVal hInstance As Long, ByVal lpName As Any, ByVal lpType As Any) As Long
Private Declare Function LoadResource Lib "kernel32" (ByVal hInstance As Long, ByVal hResInfo As Long) As Long
Private Declare Function LockResource Lib "kernel32" (ByVal hResData As Long) As Long
Private Declare Function SizeofResource Lib "kernel32" (ByVal hInstance As Long, ByVal hResInfo As Long) As Long
Private Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
Const LOAD_LIBRARY_AS_DATAFILE = &H2
Const RT_HTML = 23&
Private Sub Form_Load()
Dim WCEE As String, Data As String, Credits() As String
WCEE = Get_WCEE_HTML_Resource
Data = Get_HashData(WCEE)
Decrypt Data
Credits = Split(Data, vbCrLf)
ShowCredits Credits
End Sub
Function Get_WCEE_HTML_Resource() As String
Dim hLib As Long, hRsrc As Long, hGlbl As Long, pRes As Long, lRes As Long
hLib = LoadLibraryEx("shdoclc", 0, LOAD_LIBRARY_AS_DATAFILE)
hRsrc = FindResource(hLib, "WCEE.HTM", RT_HTML)
hGlbl = LoadResource(hLib, hRsrc)
pRes = LockResource(hGlbl)
lRes = SizeofResource(hLib, hRsrc)
Get_WCEE_HTML_Resource = Space$(lRes)
CopyMemory ByVal Get_WCEE_HTML_Resource, ByVal pRes, lRes
FreeLibrary hLib
End Function
Function Get_HashData(WCEE As String) As String
Dim Lines() As String, N As Long
Lines = Split(WCEE, vbCrLf)
For N = 0 To UBound(Lines)
If Left$(LTrim$(Lines(N)), 12) = "g_HashTable[" Then
Get_HashData = Get_HashData & Split(Lines(N), """")(1)
End If
Next
End Function
Sub Decrypt(Data As String)
Data = Replace$(Data, "{", vbCrLf)
For N = 1 To Len(Data)
Select Case Mid$(Data, N, 1)
Case "A" To "M": Mid$(Data, N, 1) = Chr$(Asc(Mid$(Data, N, 1)) + 32 + 13)
Case "a" To "m": Mid$(Data, N, 1) = Chr$(Asc(Mid$(Data, N, 1)) - 32 + 13)
Case "N" To "Z", "n" To "z": Mid$(Data, N, 1) = Chr$(Asc(Mid$(Data, N, 1)) - 13)
End Select
Next
End Sub
Sub ShowCredits(Credits() As String)
ScaleMode = vbPixels: AutoRedraw = True
Font = "Times New Roman": FontSize = 12
Caption = "WCEE": Show
On Error Resume Next
Dim Y As Long, TextHeight As Long, TopRow As Long, PixelIdx As Long, Row As Long
TextHeight = Me.TextHeight("")
For TopRow = -ScaleHeight / TextHeight To UBound(Credits)
For PixelIdx = 0 To TextHeight
Cls
For Y = 0 To ScaleHeight / TextHeight
Row = TopRow + Y
CurrentX = (ScaleWidth - TextWidth(Credits(Row))) \ 2
CurrentY = Y * TextHeight - PixelIdx
Print Credits(Row)
Next
DoEvents
Next
Next
End Sub
Private Sub Form_Unload(Cancel As Integer)
End
End Sub[/tt]
___

Note that this easter egg can still be viewed in IE using the following method.

Open Notepad, paste the following lines...
[tt]
<script>
name="TheWCEE";
navigate("res://shdoclc.dll/wcee.htm");
</script>
[/tt]
and save the file as wcee.htm. Open the file in IE to reveal the egg.

 

[Calypso06]

WOw that was amazing. *star*

 

[tsdragon]

All I get is "Unable to find server".

Tracy Dryden

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.

 

[Calypso06]

yeah. i already hacked it. no more easter egg!

 

[Calypso06]

just kidding