(adsbygoogle = window.adsbygoogle || []).push({}); Ohayu NGU, here is my HOT Login/Register system that i wrote in C# that uses a api i coded(PHP/SQL). The login is protected with HWID.
The PHP part is secure and uses prepared statements. aswell as bCrypt for passwords.
I originally wrote this for my l33t injector, but i never decided to release it cuz it fked up
As for the C# part, you should probably obfuscate this or encrypt the url. Just do something that makes it harder to crack.

You can find the source on You must login or register to view this content.
Here's a little video of what it looks like You must login or register to view this content.

Fair enough

remote vars are a big YES to anyone thats coding lets say a rtm tool that they are going to sell store offsets on a server and can be only accessed with a valid login for your given applications
yes this needs more knowledge but is much better as this prevents needing to update your tools for new game updates etc

but a strong obfuscation is needed also not just rely on things like confuser,confuserex

Very nice, but i learned the hard way years ago. Some computers have the same HWID so there isn't much you can do with it. You can probably use it as a salt though.

Remote vars s not safe at all, if you have valid credentials you only have to either hook the HTTP/S/TCP traffic or dump the assembly at runtime if they do use DynamicCompiling. That's why so much software get cracked easily.

The only thing you can do is Obfuscation, and yes as you stated you should really rely on very strong obfuscators, like You must login or register to view this content. or even You must login or register to view this content.

You bring up the problem of remote variables not being safe (despite it being a good measure) then claim that the solution is through obfuscation? I'm sure you're aware that security through obscurity is a mindless idea and if someone wants to truly secure their program, they should do so by writing a good authentication system that isn't reliant on obscuring their code. From my point of view, it seems like you're giving away bad advice in hopes of bringing in more customers to your own obfuscator.

The truth is, all security measures that you could possibly put into place are one's that should be put in place. While obfuscation should be used in most circumstances, it should not be your primary concern when securing your program.



There is a nice HWID class I found on a StackOverflow thread a few years ago. When I was first getting started with auth, I ran into the issue of multiple users having the same processor-id, like you mentioned. Utilizing this You must login or register to view this content., I was able to prevent that from occurring.

I'm not this kind of person, but I don't think I can make you change your pov on me. I only tried tell people not to use this HWID system.

Why shouldn't they use this 'HWID System'
It's a good way to get going and if necessary they can modify the C# part to make it more secure.

Also, since we're talking about security. You might want to fix this XSS in your website ; ) You must login or register to view this content.

Pm me your skype if you need any help.