[HOW TO] Create your own auth system with Glitch and C++ for your desktop app!

Hello everyone! I’ve made a (hopefully useful) tutorial!

In this tutorial we will create a authentication system (per computer) for a desktop app.

DISCLAIMER: THIS ONLY WORKS ON WINDOWS
Note: Tested & Built on Windows 10

Step 1

First, we will need to open up Visual Studio. I’m using Visual Studio 2017 Community Edition

Now you will come to a screen similar to this.

In the top right corner go to File > New > Project

Once you have pressed that you should receive a dialog window that looks like this:

Select Visual C++ > Windows Desktop > Windows Desktop Wizard.

Then choose the name and path.

I’m going to call it Auth Example

Make sure Create directory for solution is checked. If you know what your doing you may uncheck it

Now press OK

Step 2

A new screen will appear. It will look something like this:

image

Now, change all of the configuration in the window until it looks like the following image bellow:

image
(You can just check Empty Project)

Now press OK

You will now reach a screen that looks like this:

In the sidebar right-click on Source Files and then go to Add > New Item

Once clicking that you will be presented by another dialog.

Press C++ File (.cpp) and change the name to main.cpp

Now press Add

In your main.cpp file add the following code:

#include <Windows.h>
#include <String.h>
#include <iostream>
#include "Auth.h"

using namespace std;

bool auth()
{
	string hostfile = "https://PRONAME.glitch.me/auth/authexploit?hid=";
	string hwid = a_gethid();

	if (hwid == "NULL")
	{
		return false;
	}

	string result = a_DownloadURL(hostfile + hwid);

	if (result == "1") {
		return true;
	}
	else {
		return false;
	}
};

void appmain(int argc, char **argv)
{
    // Your app's code here
}

int main(int argc, char **argv)
{
    if (auth())
	{
		MessageBox(NULL, L"You are whitelisted! Enjoy!", L"Info", MB_OK);
		appmain(argc, argv);
	}
	else {
		MessageBox(NULL, L"You don't own a copy of YOUR_APP_NAME either an unexpected error occured!", L"Info", MB_OK);
		exit(10);
	}
}

appmain is the void/function that is called if the user is authorised to use your app. If not a message box will show.

Now, create a new file but choose a Header File (.h) and name it Auth.h

Remove the #pragma once from the file.

In it place the following code:

#pragma once

#define _WIN32_DCOM
#include <iostream>
using namespace std;
#include <comdef.h>
#include <Wbemidl.h>

#pragma once
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib, "wininet.lib")

#include <stdio.h>
#include <windows.h>
#include <TlHelp32.h>
#include <string>
#include <wininet.h>

#pragma comment(lib, "wbemuuid.lib")

string a_replaceAll(string subject, const string& search,
	const string& replace) {
	size_t pos = 0;
	while ((pos = subject.find(search, pos)) != string::npos) {
		subject.replace(pos, search.length(), replace);
		pos += replace.length();
	}
	return subject;
}

string a_DownloadURL(string URL) {
	HINTERNET interwebs = InternetOpenA("Mozilla/5.0", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, NULL);
	HINTERNET urlFile;
	string rtn;
	if (interwebs) {
		urlFile = InternetOpenUrlA(interwebs, URL.c_str(), NULL, NULL, NULL, NULL);
		if (urlFile) {
			char buffer[2000];
			DWORD bytesRead;
			do {
				InternetReadFile(urlFile, buffer, 2000, &bytesRead);
				rtn.append(buffer, bytesRead);
				memset(buffer, 0, 2000);
			} while (bytesRead);
			InternetCloseHandle(interwebs);
			InternetCloseHandle(urlFile);
			string p = a_replaceAll(rtn, "|n", "\r\n");
			return p;
		}
	}
	InternetCloseHandle(interwebs);
	string p = a_replaceAll(rtn, "|n", "\r\n");
	return p;
}

std::string a_ws2s(const std::wstring& s)
{
	int len;
	int slength = (int)s.length() + 1;
	len = WideCharToMultiByte(CP_ACP, 0, s.c_str(), slength, 0, 0, 0, 0);
	char* buf = new char[len];
	WideCharToMultiByte(CP_ACP, 0, s.c_str(), slength, buf, len, 0, 0);
	std::string r(buf);
	delete[] buf;
	return r;
}

string a_gethid()
{
	HRESULT hres;

	// Step 1: --------------------------------------------------
	// Initialize COM. ------------------------------------------

	hres = CoInitializeEx(0, COINIT_MULTITHREADED);
	if (FAILED(hres))
	{
		cout << "Failed to initialize COM library. Error code = 0x"
			<< hex << hres << endl;
		return "NULL";                  // Program has failed.
	}

	// Step 2: --------------------------------------------------
	// Set general COM security levels --------------------------

	hres = CoInitializeSecurity(
		NULL,
		-1,                          // COM authentication
		NULL,                        // Authentication services
		NULL,                        // Reserved
		RPC_C_AUTHN_LEVEL_DEFAULT,   // Default authentication 
		RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation  
		NULL,                        // Authentication info
		EOAC_NONE,                   // Additional capabilities 
		NULL                         // Reserved
	);


	if (FAILED(hres))
	{
		cout << "Failed to initialize security. Error code = 0x"
			<< hex << hres << endl;
		CoUninitialize();
		return "NULL";                    // Program has failed.
	}

	// Step 3: ---------------------------------------------------
	// Obtain the initial locator to WMI -------------------------

	IWbemLocator *pLoc = NULL;

	hres = CoCreateInstance(
		CLSID_WbemLocator,
		0,
		CLSCTX_INPROC_SERVER,
		IID_IWbemLocator, (LPVOID *)&pLoc);

	if (FAILED(hres))
	{
		cout << "Failed to create IWbemLocator object."
			<< " Err code = 0x"
			<< hex << hres << endl;
		CoUninitialize();
		return "NULL";                 // Program has failed.
	}

	// Step 4: -----------------------------------------------------
	// Connect to WMI through the IWbemLocator::ConnectServer method

	IWbemServices *pSvc = NULL;

	// Connect to the root\cimv2 namespace with
	// the current user and obtain pointer pSvc
	// to make IWbemServices calls.
	hres = pLoc->ConnectServer(
		_bstr_t(L"ROOT\\CIMV2"), // Object path of WMI namespace
		NULL,                    // User name. NULL = current user
		NULL,                    // User password. NULL = current
		0,                       // Locale. NULL indicates current
		NULL,                    // Security flags.
		0,                       // Authority (for example, Kerberos)
		0,                       // Context object 
		&pSvc                    // pointer to IWbemServices proxy
	);

	if (FAILED(hres))
	{
		cout << "Could not connect. Error code = 0x"
			<< hex << hres << endl;
		pLoc->Release();
		CoUninitialize();
		return "NULL";                // Program has failed.
	}

	//cout << "Connected to ROOT\\CIMV2 WMI namespace" << endl;


	// Step 5: --------------------------------------------------
	// Set security levels on the proxy -------------------------

	hres = CoSetProxyBlanket(
		pSvc,                        // Indicates the proxy to set
		RPC_C_AUTHN_WINNT,           // RPC_C_AUTHN_xxx
		RPC_C_AUTHZ_NONE,            // RPC_C_AUTHZ_xxx
		NULL,                        // Server principal name 
		RPC_C_AUTHN_LEVEL_CALL,      // RPC_C_AUTHN_LEVEL_xxx 
		RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
		NULL,                        // client identity
		EOAC_NONE                    // proxy capabilities 
	);

	if (FAILED(hres))
	{
		cout << "Could not set proxy blanket. Error code = 0x"
			<< hex << hres << endl;
		pSvc->Release();
		pLoc->Release();
		CoUninitialize();
		return "NULL";               // Program has failed.
	}

	// Step 6: --------------------------------------------------
	// Use the IWbemServices pointer to make requests of WMI ----

	// For example, get the name of the operating system
	IEnumWbemClassObject* pEnumerator = NULL;
	hres = pSvc->ExecQuery(
		bstr_t("WQL"),
		bstr_t("SELECT * FROM Win32_OperatingSystem"),
		WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
		NULL,
		&pEnumerator);

	if (FAILED(hres))
	{
		cout << "Query for operating system failed."
			<< " Error code = 0x"
			<< hex << hres << endl;
		pSvc->Release();
		pLoc->Release();
		CoUninitialize();
		return "NULL";               // Program has failed.
	}

	// Step 7: -------------------------------------------------
	// Get the data from the query in step 6 -------------------

	IWbemClassObject *pclsObj = NULL;
	ULONG uReturn = 0;

	BSTR sernum = (BSTR)"NULL";

	while (pEnumerator)
	{
		HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1,
			&pclsObj, &uReturn);

		if (0 == uReturn)
		{
			break;
		}

		VARIANT vtProp;

		// Get the value of the Name property
		hr = pclsObj->Get(L"SerialNumber", 0, &vtProp, 0, 0);
		//wcout << " SerialNumber : " << vtProp.bstrVal << endl;
		sernum = vtProp.bstrVal;
		VariantClear(&vtProp);

		pclsObj->Release();
	}

	// Cleanup
	// ========

	pSvc->Release();
	pLoc->Release();
	pEnumerator->Release();
	CoUninitialize();

	std::wstring ret(sernum, SysStringLen(sernum));

	return a_ws2s(ret);   // Program successfully completed.

}

You can now close the file (don’t forget to save it!)

Now, go to this link. It will remix a project for you. In the project open wlst.json and edit the JSON file with the appropriate Serial Numbers’s

Now, copy the project name and open back up your main.cpp file in Visual Studio.

Find the string hostfile = "https://PRONAME.glitch.me/auth/authexploit?hid="; and replace PRONAME with your project’s name.

Now you should be done!

Common Errors

Q) You don’t have the C++ project menu.

A) In the Visual Studio installer make sure you have the Desktop development with C++ box enabled.

Note: Visual Studio 2017 only works on Windows 10

Thanks for reading!

If you have any questions make a new thread and tag me. Please do not reply to this post as it clutters it up.

4 Likes

Hi, sorry to let you down but this can be easily bypassed using a tool called HTTP Debugger. I can bypass this login in less than a minute. I would rather have an encrypted response coming from the server and one going to the server that way they don’t know what the password for the encryption or the cipher. Having a dynamic response can be good too :slight_smile:

Yea this thing got bypassed a year ago anyway. Even if a encryption method was used it could likely still be decrypted.

1 Like

Using XorS should make it a little harder to decrypt and crack, otherwise your best option is to do a HWID + username and password authentication, even HWID + IP + Username and password authentication is good. Use a server(such as a website) to store thing’s and encrypt the string using like i said XorS making your job 10x easier. If you read thos post and see my reply take my reply as make something better than this but this is a good start.

1 Like

php file for get hwid from mysql ?