-------------------------------------------------------------------------------- Eggdrop +OK Blowfish Encryption -------------------------------------------------------------------------------- We all know EFnet is plain text from head to toe. Instead of letting Big Brother intensively watch your every notion, one can fight him with technology. In this case a simple crypto (blowfish) extension to make channels and queries more private, while staying on the big EFnet. 1) The Concept of the +OK Encryption 2) An Example Implementation 3) A modded dZSbot.tcl -------------------------------------------------------------------------------- 1) The Concept of the +OK Encryption The eggdrop bot is the most widely used channel control bot on EFnet. One of the reasons is it's superb tcl scriptablity. Included in the eggdrop's tcl module library is a blowfish encryption module. You cannot use/build an eggdrop bot without this module, so you certainly have it! It's used internally by the eggbot to save passwords in encrypted form on disk. Yet it provides two public tcl function, which we can use to scramble text: encrypt Returns: encrypted string (using the currently loaded encryption module), encoded into ASCII using base-64 decrypt Returns: decrypted string (using the currently loaded encryption module) (from the eggdrop docs) We will use these two function to encrypt the bot's output messages and send them to the chan prefixed with "+OK". In the other direction we will make a wrapper proc which is "bind"ed to the "+OK" trigger on the chan. The wrapper proc will decrypt the command the user issued and forwarded decrypted text to a custom handler proc. -------------------------------------------------------------------------------- 2) An Example Implementation The first step in creating a crypto-enabled eggdrop tcl is to be able to output encrypted text to a channel or query. This is best done with a custom putdest proc which will select the encryption key depending on the message's destination. It's also good to declare the encryption key only once in a global variable, so that changing it later on is a one-line change. set cryptkey "thisisatextkey" proc putdest {dest msg} { global cryptkey if {$dest == "#mainchan" || $dest == "#otherchan"} { set msg "+OK [encrypt $cryptkey $msg]" } putserv "PRIVMSG $dest :$msg" } This short proc is a replacement for all putserv/putchan/put.... in the tcl. It encrypts text to #mainchan or #otherchan with the globally defined key and sends it to the chan. You can test the proc above with this simple text trigger: bind pub -|- "!talk" putsometext proc putsometext {nick uhost hand chan text} { putdest $chan "This text will be encrypted" putdest $chan "and outputed to the chan with putserv" putdest $chan "which you might want to replace" putdest $chan "with putquick if you need lower message latency" } That concludes the outgoing message handling. You have to replace all putserv, putquick, putchan with the encryption-enabled putdest one. To illustrate how to decrypt incoming text, the following example replays all incoming encrypted text in plain text to the channel. set cryptkey "thisisatestkey" bind pub -|- "+OK" putdecrypted proc putdecrypted {nick uhost hand chan text} { global cryptkey set plaintext [decrypt $cryptkey $text] putserv "PRIVMSG $chan :Plain text $plaintext" } Now for binding incoming encrypted !triggers. Since the actual !trigger command is inside the encrypted text, we cannot use the "bind pub" command anymore. Instead we have to bind to the prefix "+OK" which will capture all encrypted messages, then after decrypting the actual !trigger hand it on the processing proc. Instead of switching the decrypted trigger command or using an if cascade, it's easier to take advantage of tcl as an interpreter and call a proc named after the associated trigger. This way an encrypted !trigname command will be bound to a proc named "proc pubmsg:!trigname" which is called with the same parameters as if it is called from the eggdrop core. bind pub -|- "+OK" pubdecrypt proc pubdecrypt {nick uhost hand chan arg} { global cryptkey if {$chan != "#mainchan"} { return 0 } set plaintext [decrypt $cryptkey [join $arg]] set textsplit [split $plaintext] set cmd [lindex $textsplit 0] set cmdargs [lrange $textsplit 1 end] if {[info procs "pubmsg:$cmd"] == "pubmsg:$cmd"} { pubmsg:$cmd $nick $uhost $hand $chan $cmdargs } } As a test, insert the following proc into the sample script. proc pubmsg:!testtrig {nick uhost hand chan text} { putdest $chan "Yeah. It works." } Now we got all the tools to turn a non-crypto sitebot tcl into a blowfish encrypted sitebot. You only need to o insert the code bits from above o remove the original unencrypted binds o rename the !trigger procs into the ones found my the dispatcher o replace all putserv/putquick etc with the crypto-enabled putdest -------------------------------------------------------------------------------- 3) A modded dZSbot.tcl Well. Soon I'll post the standard dZSbot.tcl with crypto functions inserted. Still gotta test a few things with it. -------------------------------------------------------------------------------- I hope this short (and compact) toot will help a few scriptics in making their chans more secure. An assortment of irc client plugins are also on my page. And I'll be happy to add new ones. F File: $Revision: 236 $ $Date: 2006-08-03 11:49:53 +0200 (Thu, 03 Aug 2006) $