Beta plugin: HidePasswords

Charles Dye

Super Moderator
Staff member
May 20, 2008
4,446
88
Albuquerque, NM
prospero.unm.edu
I'm uploading a test version of a new plugin to obscure passwords in TCMD.INI. If you don't have any passwords in your .INI file, this plugin cannot do anything good for you.

If you'd like to test this plugin, please back up your .INI file first, as the plugin does modify it. Copy the appropriate .DLL file into a subdirectory PLUGINS in your Take Command program directory, so it is always loaded at startup. Then close all instances of TCC. The first time you start TCC after installing the plugin, the passwords in your .INI file should be obfuscated.

For testing purposes I am including a little batch file SHOW.BTM which displays the current values of the obscured directives. This batch file relies on a known (deliberate) security loophole in the plugin; the loophole (and the batch file) will be removed before the plugin is released.

If you'd like to guineapig my code, you can find it here: http://www.unm.edu/~cdye/plugins/hidepasswords.html
 
May 20, 2008
3,515
4
Elkridge, MD, USA
If you'd like to guineapig my code, you can find it here: http://www.unm.edu/~cdye/plugins/hidepasswords.html
Sorry, your CODE is not there! Dl'd, opened, and found at end the TRUE URL of the plugin. DL'd, it contained the plugin and another copy of the description. Still not the CODE. But you should keep that private anyway.

Question: Does the plugin work with the actual file as reported by %_ININAME, or does it expect the file to be called TCMD.INI? I have NO files using the default name OR the default location!

Question: If I move my mail directives into a temporary .INI file, run a new instance of TCC using the obfuscator, can I move the obfuscated mail directives back to their included file for a future instance of TCC, or does the decoder work only on directives in the primary .INI file (not TCMD.INI!), i.e., you do NOT imitate the way the preprocessors of C compilers work even in decoding? I suspect that I will have to choose between password obfuscation and easy software maintenance...
 

Charles Dye

Super Moderator
Staff member
May 20, 2008
4,446
88
Albuquerque, NM
prospero.unm.edu
Sorry, your CODE is not there! Dl'd, opened, and found at end the TRUE URL of the plugin. DL'd, it contained the plugin and another copy of the description. Still not the CODE. But you should keep that private anyway.

You mean the source? I'll consider it... but honestly, there's nothing very interesting there. It's an unusual idea, I think, but the implementation is actually quite banal. (And the cryptography is perfectly amateurish, basically XORing the string with a random key.)

Question: Does the plugin work with the actual file as reported by %_ININAME, or does it expect the file to be called TCMD.INI? I have NO files using the default name OR the default location!

At startup and after the OPTION dialog is called, it gets the .INI filename via %_ININAME. At shutdown, it uses the saved filename from earlier calls, since %_ININAME is not guaranteed to be available.

Question: If I move my mail directives into a temporary .INI file, run a new instance of TCC using the obfuscator, can I move the obfuscated mail directives back to their included file for a future instance of TCC, or does the decoder work only on directives in the primary .INI file (not TCMD.INI!), i.e., you do NOT imitate the way the preprocessors of C compilers work even in decoding? I suspect that I will have to choose between password obfuscation and easy software maintenance...

I'm only processing the one file. Following INCLUDEd files opens several cans of worms that make my little head hurt: nested INCLUDEs, circular INCLUDEs, directives in more than one file....
 

Charles Dye

Super Moderator
Staff member
May 20, 2008
4,446
88
Albuquerque, NM
prospero.unm.edu
I'm putting up a new build, which changes the obscured text format to correct some structural weaknesses and make obscured passwords harder to crack. This version is not backwards compatible with the first one -- if you tested build 0.90, you will need to restore your original .INI file before installing this one.

http://www.unm.edu/~cdye/plugins/hidepasswords.html
 
Similar threads
Thread starter Title Forum Replies Date
Charles Dye Masochist seeking same for beta-testing fun Plugins 24
Joe Caverly 64-bit Plugin development using PureBasic Plugins 8
R New Plugin Plugins 0
Alpengreis elevated plugin questions Plugins 3
fpefpe utf-8 support in sdk/plugin api Plugins 4
S How to? Can @DU function in 4Utils64 plugin somehow cater for dirs with spaces? Plugins 3
vefatica Plugin access to arrays? Plugins 4
vefatica How big is a plugin's parameter buffer? Plugins 5
C @knownpath plugin Plugins 0
Charles Dye Updated OSD plugin Plugins 0
Joe Caverly C# plugin framework for JPSoft's TCC Plugins 0
dcantor Help for newest version of TEXTUTILS plugin Plugins 10
dcantor UISTUFF plugin missing help topic Plugins 12
M How to? Use SafeChars plugin... Plugins 2
dcantor Error in SAFECHARS plugin v 1.9.0 Plugins 2
dcantor Request for documentation for ISO8601 plugin Plugins 4
vefatica Possible with a plugin? Plugins 6
dcantor Inconsistency between textutils plugin and wrap utility Plugins 2
M (Stupid?) Problem with 64-bit 4Utils plugin... Plugins 3
H Latest ISO8601 plugin? Plugins 1
Charles Dye New plugin: QKeys Plugins 34
S Plugin to quickly locate all files hard linked together Plugins 5
S Documentation Plugin everything.dll Plugins 5
newbie How to? Multi-plugin installation errors, Re: FedUtils8 Plugins 7
vefatica Plugin -> thread -> Command() -> Ctrl-C? Plugins 20
Charles Dye A weirdoid plugin question Plugins 6
M SafeChars plugin misbehaving... Plugins 3
M A weird error re a plugin... Plugins 0
vefatica Plugin dilemma Plugins 2
fpefpe Documentation Plugin API/SDK Plugins 3
C Looking for Vince's old 4UTILS plugin for TCMD v8 Plugins 1
S DESKTOP plugin - anyone ? Plugins 0
C How to? a plugin to sort Outlook Express "rules" Plugins 0
M ISO Plugin: Yes, it's wonderful, but it could be yet more wonderful... Plugins 7
M The ISO plugin is wonderful, but it lacks a little something... Plugins 22
M ISO8601 Plugin not "reporting" errors to TCC... Plugins 4
Frank 4console plugin Plugins 4
S WAD ISO8601 Plugin Plugins 15
Joe Caverly Plugin and 64-bit TCC Plugins 3
C Problem with FixNames plugin Plugins 9
dcantor Suggestion and request for DBF plugin Plugins 6
dcantor Suggestion for SafeChars plugin Plugins 7
M Charles, I just installed the "new" SafeChars plugin, ... Plugins 5
M A problem with the SafeChars Plugin... Plugins 30
S WHICHWIN (sysutils plugin) Plugins 13
M A (presumbly pretty simple) SafeChars plugin request... Plugins 2
M A "SafeChars" plugin request... Plugins 2
S ISO 8601 plugin enhancement Plugins 6
D UNKNOWN_CMD in Plugin Plugins 13
C Looking for isemailaddress[string] plugin Plugins 7

Similar threads