Jump to content
  • 1

How to add One time password on my script


Question

Posted

Hello i would like to add one time password on my script

And it should put it on specific folder like example it will creat a new folder and write it there so the user dont need to enter and enter it again and once the script update It will automatically delete the old one anyone have idea?

 

Recommended Posts

  • 1
Posted (edited)
3 hours ago, GeorgeMonkey said:

Hello i would like to add one time password on my script

And it should put it on specific folder like example it will creat a new folder and write it there so the user dont need to enter and enter it again and once the script update It will automatically delete the old one anyone have idea?

 

Hi! It depends on your Approach. Well you can do something like this:
Client-Sided:
You can define your Password inside your Script (Make sure to Encrypt & Obfuscate them). You can always add this on your Updated script.

  • 1) Implement if the folder already exist. If not, it will ask user for the password. If exist, it will read the folder that contains the password.
  • 2) If User Password is correct, it will create a hidden folder and file that contains password. If wrong, the script will stop with warnings.
local password = 'cdaa'
local file = '.pass/.pwd' --Folder: .pass & File: .pwd

if not (io.open(gg.EXT_STORAGE .. '/' .. file, 'r')) then
	input = gg.prompt({'Enter a value :'},{[1] = nil},{[1] = 'string'})
	if input[1] == password then
		gg.saveList(gg.EXT_STORAGE .. '/' .. file, gg.LOAD_APPEND) --Add new file
		io.open(gg.EXT_STORAGE .. '/' .. file, 'w'):write(password) --Save password to file
		print('Correct!')
	else
		print('Not Correct')
	end
else
	content = io.open(gg.EXT_STORAGE .. '/' .. file,'r'):read('*a') --Read file
	if content == password then
		print('Correct!')
	else
		os.remove(gg.EXT_STORAGE .. '/' .. file) --Delete if file not match with password
		print('Not Correct!')
	end
end

Server-Sided:
It would be more better if you also save the password separated on Pastebin. So create a 2 Pastebin: 1 for your script and 1 for your password. This gives you more control over password and make it easier to update your script. Read more here: 

Edited by MainC
Fix end
  • 0
Posted
On 11/12/2022 at 12:21 PM, MainC said:

Hi! It depends on your Approach. Well you can do something like this:
Client-Sided:
You can define your Password inside your Script (Make sure to Encrypt & Obfuscate them). You can always add this on your Updated script.

  • 1) Implement if the folder already exist. If not, it will ask user for the password. If exist, it will read the folder that contains the password.
  • 2) If User Password is correct, it will create a hidden folder and file that contains password. If wrong, the script will stop with warnings.
local password = 'cdaa'
local file = '.pass/.pwd' --Folder: .pass & File: .pwd

if not (io.open(gg.EXT_STORAGE .. '/' .. file, 'r')) then
	input = gg.prompt({'Enter a value :'},{[1] = nil},{[1] = 'string'})
	if input[1] == password then
		gg.saveList(gg.EXT_STORAGE .. '/' .. file, gg.LOAD_APPEND) --Add new file
		io.open(gg.EXT_STORAGE .. '/' .. file, 'w'):write(password) --Save password to file
		print('Correct!')
	else
		print('Not Correct')
	end
else
	content = io.open(gg.EXT_STORAGE .. '/' .. file,'r'):read('*a') --Read file
	if content == password then
		print('Correct!')
	else
		os.remove(gg.EXT_STORAGE .. '/' .. file) --Delete if file not match with password
		print('Not Correct!')
	end
end

Server-Sided:
It would be more better if you also save the password separated on Pastebin. So create a 2 Pastebin: 1 for your script and 1 for your password. This gives you more control over password and make it easier to update your script. Read more here: 

Thank you Very much sir really needing this for very long time thank god Game guardian forums helpers still active!

  • 0
Posted
On 11/12/2022 at 12:21 PM, MainC said:

Hi! It depends on your Approach. Well you can do something like this:
Client-Sided:
You can define your Password inside your Script (Make sure to Encrypt & Obfuscate them). You can always add this on your Updated script.

  • 1) Implement if the folder already exist. If not, it will ask user for the password. If exist, it will read the folder that contains the password.
  • 2) If User Password is correct, it will create a hidden folder and file that contains password. If wrong, the script will stop with warnings.
local password = 'cdaa'
local file = '.pass/.pwd' --Folder: .pass & File: .pwd

if not (io.open(gg.EXT_STORAGE .. '/' .. file, 'r')) then
	input = gg.prompt({'Enter a value :'},{[1] = nil},{[1] = 'string'})
	if input[1] == password then
		gg.saveList(gg.EXT_STORAGE .. '/' .. file, gg.LOAD_APPEND) --Add new file
		io.open(gg.EXT_STORAGE .. '/' .. file, 'w'):write(password) --Save password to file
		print('Correct!')
	else
		print('Not Correct')
	end
else
	content = io.open(gg.EXT_STORAGE .. '/' .. file,'r'):read('*a') --Read file
	if content == password then
		print('Correct!')
	else
		os.remove(gg.EXT_STORAGE .. '/' .. file) --Delete if file not match with password
		print('Not Correct!')
	end
end

Server-Sided:
It would be more better if you also save the password separated on Pastebin. So create a 2 Pastebin: 1 for your script and 1 for your password. This gives you more control over password and make it easier to update your script. Read more here: 

Also error in inpute value its always say Not Correct 

On 11/12/2022 at 12:21 PM, MainC said:

Hi! It depends on your Approach. Well you can do something like this:
Client-Sided:
You can define your Password inside your Script (Make sure to Encrypt & Obfuscate them). You can always add this on your Updated script.

  • 1) Implement if the folder already exist. If not, it will ask user for the password. If exist, it will read the folder that contains the password.
  • 2) If User Password is correct, it will create a hidden folder and file that contains password. If wrong, the script will stop with warnings.
local password = 'cdaa'
local file = '.pass/.pwd' --Folder: .pass & File: .pwd

if not (io.open(gg.EXT_STORAGE .. '/' .. file, 'r')) then
	input = gg.prompt({'Enter a value :'},{[1] = nil},{[1] = 'string'})
	if input[1] == password then
		gg.saveList(gg.EXT_STORAGE .. '/' .. file, gg.LOAD_APPEND) --Add new file
		io.open(gg.EXT_STORAGE .. '/' .. file, 'w'):write(password) --Save password to file
		print('Correct!')
	else
		print('Not Correct')
	end
else
	content = io.open(gg.EXT_STORAGE .. '/' .. file,'r'):read('*a') --Read file
	if content == password then
		print('Correct!')
	else
		os.remove(gg.EXT_STORAGE .. '/' .. file) --Delete if file not match with password
		print('Not Correct!')
	end
end

Server-Sided:
It would be more better if you also save the password separated on Pastebin. So create a 2 Pastebin: 1 for your script and 1 for your password. This gives you more control over password and make it easier to update your script. Read more here: 

I also cannot find the new created folder it should put it on storafe/emulated so i can Modify it anywhere later on

  • 0
Posted
17 minutes ago, GeorgeMonkey said:

Thank you Very much sir really needing this for very long time thank god Game guardian forums helpers still active!

One issue i cannot find the Folder where it actually save pleas put it on 0/storage/emulated/ -- Creat a new folder And save it there pleas

  • 0
Posted (edited)
Quote

Also error in inpute value its always say Not Correct 

Hi! I've tested the Script and it works fine. The Input value must the same as password ('cdaa') defined here:

local password = 'cdaa'

The reason for this is: to reject user that gives wrong password. If the user gives the correct password, then the password is saved into a file (/storage/emulated/0/.pass/.pwd). Read my Implementation list on #Client-Sided

Quote

I also cannot find the new created folder it should put it on storafe/emulated so i can Modify it anywhere later on

The folder are hidden by purpose as it's only used by the script. However you can unhide the folder by changing lines 2 into this: (Remove the dots ...)

local file = 'pass/pwd'

You can now access them on /storage/emulated/0/pass/pwd. If this helps You, consider to approve this post as Solution.
*Edit: I've Updated the script to Unhide the Folder & More Description on what the script does.

test.lua

Edited by MainC
Script
  • 0
Posted
On 11/12/2022 at 11:21 AM, MainC said:

password separated on Pastebin.

Paste bin is online, this is really bad idea.

On 11/12/2022 at 8:12 AM, GeorgeMonkey said:

Hello i would like to add one time password on my script

And it should put it on specific folder like example it will creat a new folder and write it there so the user dont need to enter and enter it again and once the script update It will automatically delete the old one anyone have idea?

 

You can do anything use gg.saveVariable and loadfile function.

  • 0
Posted (edited)
Quote

Paste bin is online, this is really bad idea.

Hi! I think this is not really bad, since you can remotely changing your Script Password. They can only capture the password using a Packet Sniffer or once the Password is loaded to Game Guardian. Also, Pastebin supports for Authentication through Headers (Even they have the Pastebin link, they can't access it without an Auth). Well, since this is a Free Service, what you might expect? Serving Password on Client-Side is more bad and using Owned Server are costly.

Edited by MainC
Words
  • 0
Posted
2 hours ago, MainC said:

Hi! I think this is not really bad, since you can remotely changing your Script Password. They can only capture the password using a Packet Sniffer or once the Password is loaded to Game Guardian. Also, Pastebin supports for Authentication through Headers (Even they have the Pastebin link, they can't access it without an Auth). Well, since this is a Free Service, what you might expect? Serving Password on Client-Side is more bad and using Owned Server are costly.

that right its bad idea.

  • 0
Posted (edited)
24 minutes ago, HEROGAMEOfficial said:

that right its bad idea.

Which one that's bad? and What's your Solution?. It would be more helpful if you also contribute Your own 'ways'.

Edited by MainC
  • 0
Posted (edited)
6 hours ago, MainC said:

Hi! I think this is not really bad, since you can remotely changing your Script Password. They can only capture the password using a Packet Sniffer or once the Password is loaded to Game Guardian. Also, Pastebin supports for Authentication through Headers (Even they have the Pastebin link, they can't access it without an Auth). Well, since this is a Free Service, what you might expect? Serving Password on Client-Side is more bad and using Owned Server are costly.

There are a lot of free service for PHP and nodejs, python i think too, you can still build your own server to perfectly fit your need

Edited by MAARS
  • 0
Posted
6 hours ago, MainC said:

Hi! I think this is not really bad, since you can remotely changing your Script Password. They can only capture the password using a Packet Sniffer or once the Password is loaded to Game Guardian. Also, Pastebin supports for Authentication through Headers (Even they have the Pastebin link, they can't access it without an Auth). Well, since this is a Free Service, what you might expect? Serving Password on Client-Side is more bad and using Owned Server are costly.

When you capture an outgoing or incoming http request you get the header as well 

  • 0
Posted (edited)
6 hours ago, MAARS said:

When you capture an outgoing or incoming http request you get the header as well 

Hi! Yeah you're right, but I'm sorry for the misconception. Pastebin is infact use PHP and it does not use Headers but Payloads (POST Request) to get Your Private Pastes. Payloads can't be captured since decompressing HTTP Packets are required, so they aren't seen RAW but just scrambled hex data if captured. Reference: Getting Pastes.

Edited by MainC
  • 0
Posted (edited)

Yes that it, but even the api doc is in php, I think you can actually implement the same thing in any language? I need to try

Edited by MAARS
  • 0
Posted (edited)
1 hour ago, MAARS said:

Yes that it, but even the api doc is in php, I think you can actually implement the same thing in any language? I need to try

I've been testing their API and discover some basic idea:

  • - To get your Pastebin content, you need API_USER_KEY and API_DEV_KEY. The Dev Key are Hardcoded into your Account and User Key are Change-able.
  • - There's no time limit on API_USER_KEY and can be defined into a script variable to access your Pastes.
  • - Pastebin only accept HTTPS (SSL), entire Payloads are encrypted and not view-able. Safe from Packet Capturers.

Here's some Python Script while testing Pastebin API for anyone interested (Might convert to Lua?)
*Edit: (User Input -> Script with API_USER_KEY -> Compare Password from Pastebin -> If correct -> Get Online Script from Pastebin -> Use the script) A good idea?

test.py

Edited by MainC

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.