Download MetaTrader 5

Decrypt - page 2

To add comments, please log in or register
honest_knave
Moderator
2373
honest_knave  

I think I understand what you want, but I can only think of a workaround. And it isn't very elegant.

When you validate the user entered string, run a loop going through all the date permutations you want  (every day, start of each month, whatever), encrypting each one with your key.

Then compare each string with the user entered one.

If you get a match, you know the expiry date. If there is no match at all, the user string is invalid.

Gatoreye
67
Gatoreye  
No can do. You need to find another way to do this. You don't have to hardcode anything in your program. Like I said earlier, you can save the encoded dst[] to a file or some other way for later to validate the user input hex string(date) with. This kind of things, you have to give some thoughts and find a right way to do it. Go for the file way. I think that is the best.
Gordon Gekko
622
Gordon Gekko  
honest_knave:

I think I understand what you want, but I can only think of a workaround. And it isn't very elegant.

When you validate the user entered string, run a loop going through all the date permutations you want  (every day, start of each month, whatever), encrypting each one with your key.

Then compare each string with the user entered one.

If you get a match, you know the expiry date. If there is no match at all, the user string is invalid.

 

Yes, I already thought about it. It can work, but as you said, not so elegant. I'd like something more elegant solution.
Gordon Gekko
622
Gordon Gekko  
gatoreyefx:
No can do. You need to find another way to do this. You don't have to hardcode anything in your program. Like I said earlier, you can save the encoded dst[] to a file or some other way for later to validate the user input hex string(date) with. This kind of things, you have to give some thoughts and find a right way to do it. Go for the file way. I think that is the best.
So, do you say I should give that "key" file to the user beside the expert?
Gatoreye
67
Gatoreye  
No. you don't have to tell your user what the key is. You can write a separate program that takes the expiration date and user id as input. This program will do two things:  1)  encodes the expiration date using the user id as a key and writes this encoded dst[] to a TXT file.  2) print dst[] using ArrayToHex. Run this program on the MT4 platform. you are going to put this TXT file where your EA is installed and give the Hex sting to your user so that he can enter it when he runs your EA. Next, you need to modify your EA to accept the user id and the hex string. your EA reads the TXT file you installed and decrypts its content using the user id as the key. Just like you did in the separate program, you will get a hex string of dst[] by calling ArrayToHex. Now, this string is compared to the hex string you accepted on your EA for its validity of run. This way, you can make sure it's secured in both ways. You give your user the TXT file that is unreadable by human and the hex string that is gibberish and unconvertible. The only thing your user can make any sense is the user id you decided on. Just don't tell your user about the file. You can in fact go further with this as far as your imagination goes where nobody can mess with. You can write to any kind of file system, not just TXT.
Gordon Gekko
622
Gordon Gekko  
gatoreyefx:
No. you don't have to tell your user what the key is. You can write a separate program that takes the expiration date and user id as input. This program will do two things:  1)  encodes the expiration date using the user id as a key and writes this encoded dst[] to a TXT file.  2) print dst[] using ArrayToHex. Run this program on the MT4 platform. you are going to put this TXT file where your EA is installed and give the Hex sting to your user so that he can enter it when he runs your EA. Next, you need to modify your EA to accept the user id and the hex string. your EA reads the TXT file you installed and decrypts its content using the user id as the key. Just like you did in the separate program, you will get a hex string of dst[] by calling ArrayToHex. Now, this string is compared to the hex string you accepted on your EA for its validity of run. This way, you can make sure it's secured in both ways. You give your user the TXT file that is unreadable by human and the hex string that is gibberish and unconvertible. The only thing your user can make any sense is the user id you decided on. Just don't tell your user about the file. You can in fact go further with this as far as your imagination goes where nobody can mess with. You can write to any kind of file system, not just TXT.
This is excatly the same as I wrote (expert, key file, and of course hex string). Thank you for your answers, I will think about it.
honest_knave
Moderator
2373
honest_knave  
gatoreyefx:
Just don't tell your user about the file.

I don't profess to be any form of expert on such things, but I'd hazard a guess that providing your end user with the encryption key and relying only on their ignorance of the true purpose of this file would be a major security flaw.

People can get very imaginative when they want to. If I understand the proposition correctly, you're giving them the ingredients but hoping they don't know how to bake a cake.

Gatoreye
67
Gatoreye  
honest_knave:

I don't profess to be any form of expert on such things, but I'd hazard a guess that providing your end user with the encryption key and relying only on their ignorance of the true purpose of this file would be a major security flaw.

People can get very imaginative when they want to. If I understand the proposition correctly, you're giving them the ingredients but hoping they don't know how to bake a cake.

That file as well as the key can be anything. I was simply suggesting a way. You can be creative in how to implement such a thing.
Gordon Gekko
622
Gordon Gekko  

Welcome Mr.WHRoeder, if you are here! I would be curious what is your opinion about this topic.

Is it possible somehow getting back my_string? Or is there any other good solution?

Thank you!

Andrew Sumner
112
Andrew Sumner  
Gordon Gekko:

Welcome Mr.WHRoeder, if you are here! I would be curious what is your opinion about this topic.

Is it possible somehow getting back my_string? Or is there any other good solution?

Thank you!

I know this is an old thread, but I recently came across as the same question Gordon was asking here.  Yes it is possible to reverse the output of ArrayToHex.  Here's my (very inelegant) solution.  It should print two identical copies of the string to the Experts log.  I'm sure there's a better way to perform the actions my HexToDecimal function's doing, but hey it was written at 2am :)

int init()
{
   string original = "one does not simply reverse ArrayToHex!";
   uchar origArr[512], reversedArr[512];

   int arrayLen = StringToCharArray(original, origArr);
   string hex = ArrayToHex(origArr, arrayLen);
   HexToArray(hex, reversedArr);
   string reversed = CharArrayToString(reversedArr);

   Print(original);
   Print(reversed);

   return(0);
}


string ArrayToHex(uchar &arr[],int count=-1)
{
   string res="";
//--- check
   if(count<0 || count>ArraySize(arr))
      count=ArraySize(arr);
//--- transform to HEX string
   for(int i=0; i<count; i++)
   {
      res+=StringFormat("%.2X",arr[i]);
   }
//---
   return(res);
}

bool HexToArray(string str, uchar &arr[])
{
   int arrcount = ArraySize(arr);
   int strcount = StringLen(str);
   if (arrcount < strcount / 2) return false;
  
   int i=0, j=0;
  
   for (i=0; i<strcount; i+=2)
   {
      string sub = StringSubstr(str, i, 2);
      uchar tmpchr = HexToDecimal(StringSubstr(str, i, 1))*16 + HexToDecimal(StringSubstr(str, i+1, 1));    
      arr[j] = tmpchr;
      j++;
   }
  
   return true;
}

uchar HexToDecimal(string hex)
{
   // assumes hex is 1 character
   if (!StringCompare(hex, "0"))
      return 0;
   if (!StringCompare(hex, "1"))
      return 1;
   if (!StringCompare(hex, "2"))
      return 2;
   if (!StringCompare(hex, "3"))
      return 3;
   if (!StringCompare(hex, "4"))
      return 4;
   if (!StringCompare(hex, "5"))
      return 5;
   if (!StringCompare(hex, "6"))
      return 6;
   if (!StringCompare(hex, "7"))
      return 7;
   if (!StringCompare(hex, "8"))
      return 8;
   if (!StringCompare(hex, "9"))
      return 9;
   if (!StringCompare(hex, "A"))
      return 10;
   if (!StringCompare(hex, "B"))
      return 11;
   if (!StringCompare(hex, "C"))
      return 12;
   if (!StringCompare(hex, "D"))
      return 13;
   if (!StringCompare(hex, "E"))
      return 14;
   if (!StringCompare(hex, "F"))
      return 15;
   return 0;
}
123
To add comments, please log in or register