Easter Egg 2

[mark01]

I have a form that opens only when the user types in a certain password into my text box. When this form opens, it shows a picture of one of my friends. I will be distributing this application on the internet.

My question is this:
Is there anyway for a skilled individual to open the application, and somehow find the hidden form? (without typing the correct password into the textbox)

I just want to make sure nobody will see this picture, unless they know the password.

 

[bclt]

No it is safe to distribute the application of yours. With too, extremely advanced programming (assembly and C, as this is windows application), could break the password. That is 1/10^30 possibility to happen.

-bclt

 

[strongm]

Er ...

 

[bclt]

Er... means ?

 

[strongm]

It means what on earth are you talking about?

 

[bclt]

Got a better and right answer? Post it

 

[strongm]

mark01 - tricky for a 3rd party to get at the form without running the program and knowing the password, but - depending on how you are hiding the password program's copy of the password - it may be easier for a 3rd party to get hold of that password than you might think.

 

[strongm]

Given that you have absolutley no real information about mark01's program, unfortunately none of your answer has any validity at all

"it is safe" - on what informational basis can you make that claim?

"extremely advanced programming ... could break the password" - true enough - but there it is also possible that some really simple programming might be sufficient. Or just a text editor.

"That is 1/10^30 possibility" - where on earth does this number come from?

 

[bclt]

The "1/10^30" comes from nowhere.

If txtpass="alCe3_t" then
' Do show foto
End If

Wanted to say that just typing passwords tring to find the right one, is not simple; the compinations are too many even for a 3Char Password (note that aaA <> aAA; there is case sensitivity and the person trying to find it do not know the number of characters, {U|L}Case, numbers inluded, special chars.....etc).

You thing that opening an application (exe) with wordpad this you will see is binary, object or source code ?

 

[strongm]

I know what I'll see. Do you?

 

[bjd4jc]

bclt-

Perhaps create a program with the code you have in your last post, compile it and open the .exe with notepad.

Then, do a search for "a l C e 3 _ t" and see what you get. I think you'll be plenty surprised.

 

[Calypso06]

oooooooooooh you got pwn1000d

 

[mark01]

Thanks for all of your replies. My password in the code looks similar to this...
Password = "p" & "a" & "s" & "s" & "w" & "o" & "r" & "d" & "3" & "#" & "8" & "*"
just to protect it from viewing with a text editor. Does this effectively hide the password?
Also, 3 wrong guesses, and the application closes.

 

[johnwm]

Three wrong guesses won't close the text editor! Why not compile a simple version and open it with a text editor for yourself? You'll see the answer then!

..Along with the names of the forms, the name of the controls.......

________________________________________________________________
If you want to get the best response to a question, please check out FAQ222-2244 first
'If we're supposed to work in Hex, why have we only got A fingers?'
Essex Steam UK for steam enthusiasts

 

[strongm]

>open the .exe with notepad

If you open it in Notepad in Unicode mode (after all, the strings are Unicode), you don't have to look for words with 'gaps' in ... (this also means that strings obfuscated by building them through concatenation are not actually as difficult to find as some people might think)

OK, now is this VB being stupid? No. A VB program compiles to a standard W32 Portable Executable (PE) format executable or DLL. Part of that format is a .data section, which always contains global and static variables that are initialised at compile time and all the string literals used by the program (there is also a .rsrc section, into which all the resources from resource files are placed - so thinking that you might hide strings in a resource file won't work either as they are also visible to a text editor)

 

[PatrickIRL]

Hmmmm, this is VERY interesting because I'm in almost the same position as mark01. Is there any way to get around this?? Would I be better off using another language (C/C++) or would the result be the same??

Patrick

 

[strongm]

The C2 compiler and the linker used by VB6 are basicallythe same ones as used by C/C++ in Visual Studio 6 - and a PE file always has the same format ...

 

[mattKnight]

Is this leading to an cryptographic based solution?

Take Care

Matt
If at first you don't succeed, skydiving is not for you.

 

[chiph]

Is this leading to an cryptographic based solution?

Probably.

But you need to determine how much coding effort you want to put in to protect your secret. For something like an easter egg, you want it hard to find, but not impossible.

A good example is the Windows Minesweeper cheat mode. Take a well-known secret phrase (XYZZY from Colossal Cave adventure), and the knowledge of where to look for the cheat, and it makes for a pretty good easter egg.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[tsdragon]

If the VB compiler is as smart as it should be, using "A" & "B" & "C" won't help. Since they are all literals the compiler should perform the concatenation at compile time. If you made each character a variable then the compiler should not do that.


Tracy Dryden

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.