[Poll] OpenBullet Secure API


  • Admin

    During the last weeks I was repetitively asked for a secure version of OpenBullet. I was thinking about building one in the little amount of spare time I have left between exams, but I wanted to hear your opinions first.

    • It will be a paid solution (around 300$)

    • I will provide the whole server-side source code and a customized client's source code.

    • I will provide the help setting up your server on a Win/Linux machine and editing / compiling the source code.

    • All the config decryption codes will be stored on your server so, even if someone manages to reverse engineer your client and break your obfuscation, no one will be able to decrypt them without a valid account that is whitelisted on that specific config.

    • Your server will have a database with two collections: users and configs. Only you will be able to upload configs on the server and they will only be delivered to whitelisted people who logged in successfully from an authorized pc.

    CLIENT
    A modified build of OpenBullet (the source code is only delivered to you) in order to add further layers of security by securing encryption logic and keys behind obfuscation (I will not provide obfuscators).

    The client will have a section dedicated to the admin (you) where you (using a secret master key that resides on the server) can upload encrypted configs to the server, edit their whitelist and manage the users directly from OpenBullet, with just the press of a button right after you built the config. No additional programs needed.

    SERVER
    I will provide the full source code of an ASP .NET core API (like the open source one) but with plenty more features focused around encryption and security like:

    • API Key + HWID based authentication, with optional possibility for your customers to automatically reset the HWID. You give the api key to a customer and he will be able to use your api to get the configs he bought. You can also choose how many HWIDs a user can have.

    • Configs with unique decryption key and users whitelist.

    • Full log of anything that happens so you can easily spot users who try to play unfair.

    • Resistance to bruteforce attempts thanks to temporary IP bans and rate limiting.

    • A reseller panel so you will be able to host other people's configs on your server for a price and deliver them to their customers via the same client.

    In order to access your service, users will need to have an API KEY provided by you. Configs will be automatically delivered to them in an encrypted form and decrypted client-side.

    Final notes
    This is just an idea, I wanted to know what is your opinion on it and how many would be interested in something like this. Do not vote yes if you aren't interested in buying something like this for around the price stated earlier (300$) because it will only provide fake results and waste everyone's time.

    Ruri


  • Admin

    Okay so a small update about this thing. I will update OpenBullet and fix some bugs first, then I will try to work on this and keep you updated on the status of the project.


Log in to reply