Jump to content
  • 1

How to add One time password on my script

GeorgeMonkey

Asked by GeorgeMonkey,

 Share

Question

GeorgeMonkey Contributor

GeorgeMonkey

Posted
Posted

Hello i would like to add one time password on my script

And it should put it on specific folder like example it will creat a new folder and write it there so the user dont need to enter and enter it again and once the script update It will automatically delete the old one anyone have idea?

 

20 answers to this question

Recommended Posts

  • 1
MC874 Proficient

MC874

Posted
Posted (edited)
3 hours ago, GeorgeMonkey said:

Hello i would like to add one time password on my script

And it should put it on specific folder like example it will creat a new folder and write it there so the user dont need to enter and enter it again and once the script update It will automatically delete the old one anyone have idea?

 

Hi! It depends on your Approach. Well you can do something like this:
Client-Sided:
You can define your Password inside your Script (Make sure to Encrypt & Obfuscate them). You can always add this on your Updated script.

  • 1) Implement if the folder already exist. If not, it will ask user for the password. If exist, it will read the folder that contains the password.
  • 2) If User Password is correct, it will create a hidden folder and file that contains password. If wrong, the script will stop with warnings. 
local password = 'cdaa'
local file = '.pass/.pwd' --Folder: .pass & File: .pwd

if not (io.open(gg.EXT_STORAGE .. '/' .. file, 'r')) then
	input = gg.prompt({'Enter a value :'},{[1] = nil},{[1] = 'string'})
	if input[1] == password then
		gg.saveList(gg.EXT_STORAGE .. '/' .. file, gg.LOAD_APPEND) --Add new file
		io.open(gg.EXT_STORAGE .. '/' .. file, 'w'):write(password) --Save password to file
		print('Correct!')
	else
		print('Not Correct')
	end
else
	content = io.open(gg.EXT_STORAGE .. '/' .. file,'r'):read('*a') --Read file
	if content == password then
		print('Correct!')
	else
		os.remove(gg.EXT_STORAGE .. '/' .. file) --Delete if file not match with password
		print('Not Correct!')
	end
end

Server-Sided:
It would be more better if you also save the password separated on Pastebin. So create a 2 Pastebin: 1 for your script and 1 for your password. This gives you more control over password and make it easier to update your script. Read more here: 

Edited by MainC
Fix end
1
  • 1
CmP Experienced

CmP

Posted
Posted
1 hour ago, MainC said:

- Pastebin only accept HTTPS (SSL), entire Payloads are encrypted and not view-able. Safe from Packet Capturers.

This is absolutely not the case. Here is an example of packet capture application for Android that can show users decrypted contents of HTTPS requests and responses from/to GGhttps://play.google.com/store/apps/details?id=app.greyshirts.sslcapture

Similarly, there are other applications for Android and a bunch of much more well-known ones for Windows, each of which has this capability.

  • 0
GeorgeMonkey Contributor

GeorgeMonkey

Posted
  • Author
Posted
On 11/12/2022 at 12:21 PM, MainC said:

Hi! It depends on your Approach. Well you can do something like this:
Client-Sided:
You can define your Password inside your Script (Make sure to Encrypt & Obfuscate them). You can always add this on your Updated script.

  • 1) Implement if the folder already exist. If not, it will ask user for the password. If exist, it will read the folder that contains the password.
  • 2) If User Password is correct, it will create a hidden folder and file that contains password. If wrong, the script will stop with warnings. 
local password = 'cdaa'
local file = '.pass/.pwd' --Folder: .pass & File: .pwd

if not (io.open(gg.EXT_STORAGE .. '/' .. file, 'r')) then
	input = gg.prompt({'Enter a value :'},{[1] = nil},{[1] = 'string'})
	if input[1] == password then
		gg.saveList(gg.EXT_STORAGE .. '/' .. file, gg.LOAD_APPEND) --Add new file
		io.open(gg.EXT_STORAGE .. '/' .. file, 'w'):write(password) --Save password to file
		print('Correct!')
	else
		print('Not Correct')
	end
else
	content = io.open(gg.EXT_STORAGE .. '/' .. file,'r'):read('*a') --Read file
	if content == password then
		print('Correct!')
	else
		os.remove(gg.EXT_STORAGE .. '/' .. file) --Delete if file not match with password
		print('Not Correct!')
	end
end

Server-Sided:
It would be more better if you also save the password separated on Pastebin. So create a 2 Pastebin: 1 for your script and 1 for your password. This gives you more control over password and make it easier to update your script. Read more here: 

Thank you Very much sir really needing this for very long time thank god Game guardian forums helpers still active!

  • 0
GeorgeMonkey Contributor

GeorgeMonkey

Posted
  • Author
Posted
On 11/12/2022 at 12:21 PM, MainC said:

Hi! It depends on your Approach. Well you can do something like this:
Client-Sided:
You can define your Password inside your Script (Make sure to Encrypt & Obfuscate them). You can always add this on your Updated script.

  • 1) Implement if the folder already exist. If not, it will ask user for the password. If exist, it will read the folder that contains the password.
  • 2) If User Password is correct, it will create a hidden folder and file that contains password. If wrong, the script will stop with warnings. 
local password = 'cdaa'
local file = '.pass/.pwd' --Folder: .pass & File: .pwd

if not (io.open(gg.EXT_STORAGE .. '/' .. file, 'r')) then
	input = gg.prompt({'Enter a value :'},{[1] = nil},{[1] = 'string'})
	if input[1] == password then
		gg.saveList(gg.EXT_STORAGE .. '/' .. file, gg.LOAD_APPEND) --Add new file
		io.open(gg.EXT_STORAGE .. '/' .. file, 'w'):write(password) --Save password to file
		print('Correct!')
	else
		print('Not Correct')
	end
else
	content = io.open(gg.EXT_STORAGE .. '/' .. file,'r'):read('*a') --Read file
	if content == password then
		print('Correct!')
	else
		os.remove(gg.EXT_STORAGE .. '/' .. file) --Delete if file not match with password
		print('Not Correct!')
	end
end

Server-Sided:
It would be more better if you also save the password separated on Pastebin. So create a 2 Pastebin: 1 for your script and 1 for your password. This gives you more control over password and make it easier to update your script. Read more here: 

Also error in inpute value its always say Not Correct 

On 11/12/2022 at 12:21 PM, MainC said:

Hi! It depends on your Approach. Well you can do something like this:
Client-Sided:
You can define your Password inside your Script (Make sure to Encrypt & Obfuscate them). You can always add this on your Updated script.

  • 1) Implement if the folder already exist. If not, it will ask user for the password. If exist, it will read the folder that contains the password.
  • 2) If User Password is correct, it will create a hidden folder and file that contains password. If wrong, the script will stop with warnings. 
local password = 'cdaa'
local file = '.pass/.pwd' --Folder: .pass & File: .pwd

if not (io.open(gg.EXT_STORAGE .. '/' .. file, 'r')) then
	input = gg.prompt({'Enter a value :'},{[1] = nil},{[1] = 'string'})
	if input[1] == password then
		gg.saveList(gg.EXT_STORAGE .. '/' .. file, gg.LOAD_APPEND) --Add new file
		io.open(gg.EXT_STORAGE .. '/' .. file, 'w'):write(password) --Save password to file
		print('Correct!')
	else
		print('Not Correct')
	end
else
	content = io.open(gg.EXT_STORAGE .. '/' .. file,'r'):read('*a') --Read file
	if content == password then
		print('Correct!')
	else
		os.remove(gg.EXT_STORAGE .. '/' .. file) --Delete if file not match with password
		print('Not Correct!')
	end
end

Server-Sided:
It would be more better if you also save the password separated on Pastebin. So create a 2 Pastebin: 1 for your script and 1 for your password. This gives you more control over password and make it easier to update your script. Read more here: 

I also cannot find the new created folder it should put it on storafe/emulated so i can Modify it anywhere later on

  • 0
GeorgeMonkey Contributor

GeorgeMonkey

Posted
  • Author
Posted
17 minutes ago, GeorgeMonkey said:

Thank you Very much sir really needing this for very long time thank god Game guardian forums helpers still active!

One issue i cannot find the Folder where it actually save pleas put it on 0/storage/emulated/ -- Creat a new folder And save it there pleas

  • 0
MC874 Proficient

MC874

Posted
Posted (edited)
Quote

Also error in inpute value its always say Not Correct 

Hi! I've tested the Script and it works fine. The Input value must the same as password ('cdaa') defined here: 

local password = 'cdaa'

The reason for this is: to reject user that gives wrong password. If the user gives the correct password, then the password is saved into a file (/storage/emulated/0/.pass/.pwd). Read my Implementation list on #Client-Sided

Quote

I also cannot find the new created folder it should put it on storafe/emulated so i can Modify it anywhere later on

The folder are hidden by purpose as it's only used by the script. However you can unhide the folder by changing lines 2 into this: (Remove the dots ...) 

local file = 'pass/pwd'

You can now access them on /storage/emulated/0/pass/pwd. If this helps You, consider to approve this post as Solution.
*Edit: I've Updated the script to Unhide the Folder & More Description on what the script does.

test.lua

Edited by MainC
Script
  • 0
HEROGAMEOfficial Proficient

HEROGAMEOfficial

Posted
Posted
On 11/12/2022 at 11:21 AM, MainC said:

password separated on Pastebin.

Paste bin is online, this is really bad idea.

On 11/12/2022 at 8:12 AM, GeorgeMonkey said:

Hello i would like to add one time password on my script

And it should put it on specific folder like example it will creat a new folder and write it there so the user dont need to enter and enter it again and once the script update It will automatically delete the old one anyone have idea?

 

You can do anything use gg.saveVariable and loadfile function.

  • 0
MC874 Proficient

MC874

Posted
Posted (edited)
Quote

Paste bin is online, this is really bad idea.

Hi! I think this is not really bad, since you can remotely changing your Script Password. They can only capture the password using a Packet Sniffer or once the Password is loaded to Game Guardian. Also, Pastebin supports for Authentication through Headers (Even they have the Pastebin link, they can't access it without an Auth). Well, since this is a Free Service, what you might expect? Serving Password on Client-Side is more bad and using Owned Server are costly.

Edited by MainC
Words
1
  • 0
HEROGAMEOfficial Proficient

HEROGAMEOfficial

Posted
Posted
2 hours ago, MainC said:

Hi! I think this is not really bad, since you can remotely changing your Script Password. They can only capture the password using a Packet Sniffer or once the Password is loaded to Game Guardian. Also, Pastebin supports for Authentication through Headers (Even they have the Pastebin link, they can't access it without an Auth). Well, since this is a Free Service, what you might expect? Serving Password on Client-Side is more bad and using Owned Server are costly.

that right its bad idea.

  • 0
MC874 Proficient

MC874

Posted
Posted (edited)
24 minutes ago, HEROGAMEOfficial said:

that right its bad idea.

Which one that's bad? and What's your Solution?. It would be more helpful if you also contribute Your own 'ways'.

Edited by MainC
1
  • 0
MAARS Experienced

MAARS

Posted
Posted (edited)
6 hours ago, MainC said:

Hi! I think this is not really bad, since you can remotely changing your Script Password. They can only capture the password using a Packet Sniffer or once the Password is loaded to Game Guardian. Also, Pastebin supports for Authentication through Headers (Even they have the Pastebin link, they can't access it without an Auth). Well, since this is a Free Service, what you might expect? Serving Password on Client-Side is more bad and using Owned Server are costly.

There are a lot of free service for PHP and nodejs, python i think too, you can still build your own server to perfectly fit your need

Edited by MAARS
1
  • 0
MAARS Experienced

MAARS

Posted
Posted
6 hours ago, MainC said:

Hi! I think this is not really bad, since you can remotely changing your Script Password. They can only capture the password using a Packet Sniffer or once the Password is loaded to Game Guardian. Also, Pastebin supports for Authentication through Headers (Even they have the Pastebin link, they can't access it without an Auth). Well, since this is a Free Service, what you might expect? Serving Password on Client-Side is more bad and using Owned Server are costly.

When you capture an outgoing or incoming http request you get the header as well 

1
  • 0
MC874 Proficient

MC874

Posted
Posted (edited)
6 hours ago, MAARS said:

When you capture an outgoing or incoming http request you get the header as well 

Hi! Yeah you're right, but I'm sorry for the misconception. Pastebin is infact use PHP and it does not use Headers but Payloads (POST Request) to get Your Private Pastes. Payloads can't be captured since decompressing HTTP Packets are required, so they aren't seen RAW but just scrambled hex data if captured. Reference: Getting Pastes.

Edited by MainC
  • 0
MAARS Experienced

MAARS

Posted
Posted (edited)

Yes that it, but even the api doc is in php, I think you can actually implement the same thing in any language? I need to try

Edited by MAARS

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.