eveningnick
29th September 2011 23:56 UTC

Hide a string in registry by XOR'ing it
hello!
Could you please advice me how to hide a string-password that i'm saving in the system registry from a NSIS installer? I don't want to store it as a plain text. So i was hoping i could encode or encrypt it
I don't know how to do it in nsis. In C i'd just wrote some loop that iterates throuh the string and does something to it so i can be reversed later to its original state.
There are no examples on the internet for NSIS, and the only suitable function i know in NSIS that could be used for encryption - xor - does not operate on strings (the password i need to 'hide' is a string) but only on integers.

Forgive me my impudence, but could you post some example routine that takes a string as its input and outputs a transformed symbol by symbol string?

Thank you!

Afrow UK
30th September 2011 00:18 UTC

How about storing a hash of the password rather than the password itself?

Stu

eveningnick
30th September 2011 10:42 UTC

Stu,

Hashing sounds nice but it seems to be even more complicated than simple XORing of the string.
NSIS script unfortunately isn't like a C program.

My problem is that, despite knowing how to do that in C, I don't even where to start with NSIS scripting. There are no examples on this topic (all I found were related to decorating a string like adding quotation marks).

There are no loops (like for(; ;) in C), and the symbols are not treated by their ascii codes in a NSIS script.

If there are existing routines for hashing a string and you are aware of them, I'd be thankful if you shared. If there are none, could you at least point me on how this kind of string processing is done usually?
Thank you!

Afrow UK
30th September 2011 11:56 UTC

Search Google for "NSIS hash" or "NSIS sha1". You can do loops in NSIS using Goto or LogicLib. Again, search.

Edit: And if you know C so well then you can write a plug-in or write a DLL and call it with the System plug-in.

Stu

T.Slappy
30th September 2011 12:52 UTC

Originally posted by eveningnick
Stu,

Hashing sounds nice but it seems to be even more complicated than simple XORing of the string.
NSIS script unfortunately isn't like a C program.

My problem is that, despite knowing how to do that in C, I don't even where to start with NSIS scripting. There are no examples on this topic (all I found were related to decorating a string like adding quotation marks).

There are no loops (like for(; ;) in C), and the symbols are not treated by their ascii codes in a NSIS script.

If there are existing routines for hashing a string and you are aware of them, I'd be thankful if you shared. If there are none, could you at least point me on how this kind of string processing is done usually?
Thank you!

eveningnick
30th September 2011 15:13 UTC

Originally posted by Afrow UK
Search Google for "NSIS hash" or "NSIS sha1". You can do loops in NSIS using Goto or LogicLib. Again, search.

Edit: And if you know C so well then you can write a plug-in or write a DLL and call it with the System plug-in.

Stu

LoRd_MuldeR
30th September 2011 15:30 UTC

NSIS doesn't need explicit conversions.

I did not use the MD5 plug-in before, but maybe the first pop doesn't give you the hash? (Just guessing)

Afrow UK
30th September 2011 16:25 UTC

If you are using Unicode NSIS you need to use a Unicode build of the plug-in. Also, how about: http://nsis.sourceforge.net/NsisCrypt_plug-in

Stu

eveningnick
30th September 2011 16:26 UTC

i finally used another plugin (nsis crypto) which returns md5 hash in base 64. Nothing else worked.
Thanks everyone.

eveningnick
30th September 2011 16:27 UTC

Originally posted by Afrow UK
If you are using Unicode NSIS you need to use a Unicode build of the plug-in. Also, how about: http://nsis.sourceforge.net/NsisCrypt_plug-in

Stu