Conquer Aimbot

Actually no, the last part of the password hash is installation specific. So without actually knowing the unique installation id there is no way to use it. (so long as your password is over 8 characters)

but screw it anyway since now everyone thinks i'm gonna hack their accounts, I withdraw the offer.

Quote:

Originally posted by chocoman4k+Nov 10 2005, 20:38--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (chocoman4k @ Nov 10 2005, 20:38)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--Qonquer@Nov 10 2005, 20:15 can you explain the password encryption reversal proceedure? It is very common in a lot of systems to encrypt a password with a non-reversible hash before sending it. The same hash is applied to the password on file server-side to make the comparison. I haven't actually looked at the password too closely but i have had to implement it's usage as many here will know. You may be right and it may be reversible but I very much doubt it. (just FYI, the protocol is encrypted and the password is encrypted further)

Never tried to write a decryption algorithm, but as far as I remember it's byte-wise encryption which is reversible. Anyway the hash of the password is enough in order to login. [/b][/quote]
the pw encryption is 4 byte at once if i remember correct

Quote:

Originally posted by Qonquer@Nov 10 2005, 20:51 Actually no, the last part of the password hash is installation specific. So without actually knowing the unique installation id there is no way to use it. (so long as your password is over 8 characters)

How would the server know the InstallationID then? It needs to verify the password somehow.

Quote:

Originally posted by chocoman4k+Nov 10 2005, 20:55--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (chocoman4k @ Nov 10 2005, 20:55)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--Qonquer@Nov 10 2005, 20:51 Actually no, the last part of the password hash is installation specific. So without actually knowing the unique installation id there is no way to use it. (so long as your password is over 8 characters)

How would the server know the InstallationID then? It needs to verify the password somehow. [/b][/quote]
there is a standart byte pattern that is used for the password
i made a password generator and can generate password hashes for my bots but i never reversed it

dun ask me, as i said i aint looked into it completely. I had to use the password hash in order to allow people to log into the private server and I noticed the last part of the hash was always different for different clients even if the password was the same. If you did attempt to log in with a hash from another client using a proxy, it's possible that somewhere down the line the server would attempt to verify the install id with the client.

of course it could be some mechanism for TQ to track what accounts have been used on the same client.

sorry the link is working again now

Ultima: Yea, those being used to init the encryption context.
Qonquer: When the last few bytes of the "hash" change it must be either very weak hashing or no hashing at all. (encryption)
I think the last few bytes change cause not the whole buffer is being zeroed, instead some random bytes remain from other functions which are being encrypted and sent to the server.

Btw. I have fully reversed the init_ctx function and half of the password encrypt function, got bored of translating it to C some day although ultimatehaker needed it :P

That's possible however in that case they would appear purely random. but they are always the same fro the same client install. even after shut down/ reboot etc...

ultimate can u plz post like to ur manager thing :)

Well lets say it like this, in BJX emulator I encrypted those passwords myself and I cleared the buffer fully, and logging in always worked. Btw. try using passwords with maximum password length :P I think the "hash" will always stay the same. No random numbers at the end as the whole buffer is being filled with the password.

ultimate hacker ur hack manger links are down..

You were blocked from the private server for witholding information we needed. You couldve saved us hours of work by just sharing what you had.

Quote:

Originally posted by chocoman4k@Nov 10 2005, 21:19 Well lets say it like this, in BJX emulator I encrypted those passwords myself and I cleared the buffer fully, and logging in always worked. Btw. try using passwords with maximum password length :P I think the "hash" will always stay the same. No random numbers at the end as the whole buffer is being filled with the password.

i never tested if i could leave the last byts empty^^
maybe those doesnt matter and its an encryption and no hash cause they put a 00 byte for string termination after the password however my pass algo works maybe i should make the decryption of the encrypted passwords work

I asked you for the fb packet description more than once, and you just replied with ^^ or :).
I don't leech from the community either. I've used the pecket en/decryption tutorial, but I wouldn't take credit for it. I did reverse the skill packet myself, without help from here. And I do contribute everything I find to this community.
I am as much a member of epvp as you are, and just because I help in the development of a private server doesn't make me a leecher.

edit..full credit to ulti :D Is it workin?