Old 29th September 2011, 23:56   #1
eveningnick
Junior Member
 
Join Date: Sep 2011
Posts: 5
Question Hide a string in registry by XOR'ing it

hello!
Could you please advice me how to hide a string-password that i'm saving in the system registry from a NSIS installer? I don't want to store it as a plain text. So i was hoping i could encode or encrypt it
I don't know how to do it in nsis. In C i'd just wrote some loop that iterates throuh the string and does something to it so i can be reversed later to its original state.
There are no examples on the internet for NSIS, and the only suitable function i know in NSIS that could be used for encryption - xor - does not operate on strings (the password i need to 'hide' is a string) but only on integers.

Forgive me my impudence, but could you post some example routine that takes a string as its input and outputs a transformed symbol by symbol string?

Thank you!
eveningnick is offline   Reply With Quote
Old 30th September 2011, 00:18   #2
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,434
How about storing a hash of the password rather than the password itself?

Stu
Afrow UK is offline   Reply With Quote
Old 30th September 2011, 10:42   #3
eveningnick
Junior Member
 
Join Date: Sep 2011
Posts: 5
Stu,

Hashing sounds nice but it seems to be even more complicated than simple XORing of the string.
NSIS script unfortunately isn't like a C program.

My problem is that, despite knowing how to do that in C, I don't even where to start with NSIS scripting. There are no examples on this topic (all I found were related to decorating a string like adding quotation marks).

There are no loops (like for(; in C), and the symbols are not treated by their ascii codes in a NSIS script.

If there are existing routines for hashing a string and you are aware of them, I'd be thankful if you shared. If there are none, could you at least point me on how this kind of string processing is done usually?
Thank you!
eveningnick is offline   Reply With Quote
Old 30th September 2011, 11:56   #4
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,434
Search Google for "NSIS hash" or "NSIS sha1". You can do loops in NSIS using Goto or LogicLib. Again, search.

Edit: And if you know C so well then you can write a plug-in or write a DLL and call it with the System plug-in.

Stu
Afrow UK is offline   Reply With Quote
Old 30th September 2011, 12:52   #5
T.Slappy
Major Dude
 
T.Slappy's Avatar
 
Join Date: Jan 2006
Location: Slovakia
Posts: 533
Send a message via ICQ to T.Slappy
Quote:
Originally Posted by eveningnick View Post
Stu,

Hashing sounds nice but it seems to be even more complicated than simple XORing of the string.
NSIS script unfortunately isn't like a C program.

My problem is that, despite knowing how to do that in C, I don't even where to start with NSIS scripting. There are no examples on this topic (all I found were related to decorating a string like adding quotation marks).

There are no loops (like for(; in C), and the symbols are not treated by their ascii codes in a NSIS script.

If there are existing routines for hashing a string and you are aware of them, I'd be thankful if you shared. If there are none, could you at least point me on how this kind of string processing is done usually?
Thank you!
This is big mistake! NSIS language is very similar to C! In headers [logic, win, etc] you have many functionality. Of course some stuff is very hard to achieve, but with scripts and system plug-in you can do what you want.
Loops [for, while] are of course supported!
Try to implement simple Caesar cipher http://en.wikipedia.org/wiki/Caesar_cipher in NSIS - it is only few lines of code.

Cool looking installer with custom design: www.graphical-installer.com
I offer NSIS scripting, C/C++/C#/Delphi programming: www.unsigned.sk
Develop NSIS projects in Visual Studio 2005-2019: www.visual-installer.com
or RAD Studio 2009, 2010, XE-10.3 Rio: www.rad-installer.com
T.Slappy is offline   Reply With Quote
Old 30th September 2011, 15:13   #6
eveningnick
Junior Member
 
Join Date: Sep 2011
Posts: 5
Quote:
Originally Posted by Afrow UK View Post
Search Google for "NSIS hash" or "NSIS sha1". You can do loops in NSIS using Goto or LogicLib. Again, search.

Edit: And if you know C so well then you can write a plug-in or write a DLL and call it with the System plug-in.

Stu
i've tried this one: http://nsis.sourceforge.net/Crypto_plug-in
getting an error "CryptAcquireContext=0x80090016" on my Windows 7.
Well fine, there's a note on the website "it may be broken". Apparently it is .

Tried also md5dll plugin:

md5dll::GetMD5String "md5me"
Pop $0
MessageBox MB_OK "$0"

which displays only one symbol instead of 16-bytes (I was expecting 32 symbols, 2 symbols per hex code of every byte of the hash). But i get a message box with text something like "c".
Why does it happen? Should I convert this $0 into a string representation explicitly?
eveningnick is offline   Reply With Quote
Old 30th September 2011, 15:30   #7
LoRd_MuldeR
Major Dude
 
LoRd_MuldeR's Avatar
 
Join Date: Sep 2005
Location: Somewhere over the Slaughterhouse
Posts: 797
NSIS doesn't need explicit conversions.

I did not use the MD5 plug-in before, but maybe the first pop doesn't give you the hash? (Just guessing)

My Plugins: StdUtils | NSISList | CPUFeatures | ExecTimeout | KillProc
My source of inspiration: http://youtu.be/lCwY4_0W1YI
LoRd_MuldeR is offline   Reply With Quote
Old 30th September 2011, 16:25   #8
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,434
If you are using Unicode NSIS you need to use a Unicode build of the plug-in. Also, how about: http://nsis.sourceforge.net/NsisCrypt_plug-in

Stu
Afrow UK is offline   Reply With Quote
Old 30th September 2011, 16:26   #9
eveningnick
Junior Member
 
Join Date: Sep 2011
Posts: 5
i finally used another plugin (nsis crypto) which returns md5 hash in base 64. Nothing else worked.
Thanks everyone.
eveningnick is offline   Reply With Quote
Old 30th September 2011, 16:27   #10
eveningnick
Junior Member
 
Join Date: Sep 2011
Posts: 5
Quote:
Originally Posted by Afrow UK View Post
If you are using Unicode NSIS you need to use a Unicode build of the plug-in. Also, how about: http://nsis.sourceforge.net/NsisCrypt_plug-in

Stu
Yes, that's what I used.
Thx Stu
eveningnick is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump