From: Chris Frolik Newsgroups: comp.os.msdos.djgpp Subject: Re: Allegro: Password protecting DATAFILE Date: Sun, 12 Oct 1997 03:59:31 -0500 Organization: IndyNet - Indys Internet Gateway (info AT indy DOT net) Lines: 50 Message-ID: <34409173.3453@indy.net> References: <61oa8h$9vg$2 AT news DOT interlog DOT com> <61ocqv$li3$3 AT news DOT ox DOT ac DOT uk> NNTP-Posting-Host: ip75-80.ts.indy.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp Precedence: bulk George Foot wrote: > > Gautam N. Lad (gautam AT interlog DOT com) wrote: > : This may be one of the dumbest question, but is there any way to password > : protect Allegro's DATAFILE (.DAT) so that if a user of my program has > : DJGPP and Allegro fully installed, tries to open up my program's .DAT file, it > : would ask for a password (which is stored in the .DAT file). > : I mean, they can hack the Grabber program to by-pass the password (if > : possible), but is something like this possible, hopefully in the future (or is it > : already available in v3.x)? > > It's already available. The encryption system is not particularly secure; > anyone with the source to your program could of course find out what the > password is. I think it's a WIP feature, though. You call a function to > set a password, and then all subsequent packfile functions (including > datafile accesses) use that password. The grabber and dat utility both > support this too. > > -- > George Foot > Merton College, Oxford There are ways to make this more secure, by "encrypting" it within your code. For example, don't do this: char passwd[] = "fwloih325"; if that is the password. Instead, create a simple encryption function. For example: // key should be an 8-character password char *get_password(char *key) { key[0] *= 2; key[1] = (key[1] + 5 + (char)(key[1] / 1.252325)); key[2] -= 23; key[3] = key[4] >> 3; key[4] = 114; /* etc, etc... */ return key; } Then, choose an arbitrary 8-character string. Run it through this function, and see what you get. The result should be your actual password. However, the string that you hard-code into your EXE should be the initial arbitrary string that you chose. To get the actual password, call get_password() using the string as the parameter. This makes things a little more secure, rather than just hardcoding the password into your EXE.