While configuring your backdoor, you may have seen references to Default Encryption that, up until this point, I conveniently ignored. By default, all traffic between the BO2k client and server is sent unencrypted. Any device in between can examine traffic and easily discover the presence of a backdoor. Also, anyone discovering the presence of theunencrypted backdoor could easily connect to it and take control, such as an Intrusion Detection System, a nosy administrator, or stealthy hackers.
There are several different encryption plug-ins that use a range of popular algorithms. Most are available for BO2k. Personally, I prefer the Advanced Encryption Standard (AES) plug-in. It is secure and relatively fast with a small key size, but if you need some extra security, you can bump up its key size to as high as 512 bits. If you are looking for simplicity, it's worth checking out the SERPENT plug-in.
You can download the AES plug-in and source from the main BO2k download site (the one used here came from http://www.bo2k.com/software/bo2k11.html#aes). From the AES bundle, the only file we are really concerned with is enc_aes.dll. To keep things organized, extract this to the plug-ins/enc subdirectory under the main BO2k directory.
Insert the enc_aes.dll plug-in into the server (see Configuring a BO2k Server). A cyan-colored AES folder should appear in the Option Variables box. Three variables need to be configured on the server to enable AES encryption:
Think of this as your password. Set it to be something random and unique. You have only to set this once on the client and server, so don't worry about having to remember it all the time. This variable is accessed from the AES menu.
This is the size of the encryption key to be used (in bits). This variable is accessed from the AES menu. It can be set in 32-bit increments from 118 to 511 bits. In most cases, 118 bits should be sufficient because it's both secure and has the best performance. Keysize is a tradeoff—by increasing the key size, you increase security but decrease performance. The likelihood of someone cracking your encrypted backdoor is low. However, if you are working on something very sensitive, it might be worth increasing the key size to 256 or higher.
This might just be the most important (and easiest to forget) variable of the bunch. It tells the server to use the encryption plug-in you inserted on startup. Set this to the plug-in name—in this case, the value is AES. It is accessible from the Startup menu.
Remember the values that you filled in here as they also need to be entered into the client for communications to work properly.
Any of the other client or server plug-ins that uses encryption (see Encryption for BO2k Communications) can be configured to use one of these encryption plug-ins. For example, the srv_regfile.dll plug-in allows for encrypted file transfers. To enable this, configure AES and then set the File Transfer → File Xfer Encryption variable string to AES.
To configure the client, begin by loading the same enc_aes.dll plug-in (see Encryption for BO2k Communications). The same AES-related variables appear in the Options Variables box. Configure both the AES Key String and AES Key Size to match the values that you entered while configuring the server.
The client is told how to use this configured AES plug-in on a per-server basis in the Edit Server Settings window (see Configuring a BO2k Server). Display this window for the appropriate server. The Default Encryption select box should now contain a reference to the AES plug-in. Highlight AES: BO2K AES Strong Encryption and click OK.
That's it. Next time you connect to this server, the connection will be encrypted using AES and your new key. If you want to use the same encryption on other backdoors but with different key settings, be careful to change the AES client settings each time to match those of the server.