On older client, the password was stored as plaintext in the memory and was sent as plaintext in the MsgRegister packet. It was easy to get the password of players :rolleyes:Quote:
I'll throw my few words and confirm, The password is never stored at a static address nor in plain text.
You can however mod the conquer.exe to store the plaintext in a static addr.
Exactly. You could even run wireshark on a public network and get the password of players by watching the packets carefully.Quote:
That.. makes no sense. There's no reason the password would be stored after login, and especially not decrypted. As far as I know, the variable the password is stored in is nulled after you're forwarded to the game server..Quote:
there is no more Rc5
old Password Cryptography is using for hidden the place of password in HexDump but it decrypt after you login ... old Password Cryptography now isn't useful in last patch
Well if you understand how to modify the structure of the machine code (not sure if you can do that with Olly, actually) you can just throw in a MOV or etc, or even push it into the free store, can't you?Quote:
You can however mod the conquer.exe to store the plaintext in a static addr.
I agree, those addresses are way off, and there's nothing like that anywhere around that range either. That's either a modified client, or extremely old client.Quote:
And yes the password is never stored as a plain text in the exe at least not in the current patch client's and the screen shoots you saw are not for the last patch.. i can tell by looking at the addresses in the cpu window.
if most can find where is the password stored then why will be surprised that its already encrypted ? !! was it encrypted by Logic ? or magic ?Quote:
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
And most of you will be able to find where the password is stored in the exe, and once a smart ass finds it he'll be surprised that its already encrypted and that its useless unless he has the balls locate where the password is being encrypted, and the balls to reverse the encrypting process, and when you finally figure all this shit out you will notes that every time you enter a new digit into the password field the *Already encrypted password* will be re encrypted again and the digit that you just entered is no longer available because its been replaced with a Star* and Zeroxelli answers are no where near any of this stuff.
However... the best way to do it is by capturing and recording each digit that's being entered in the password field ignoring the whole password encryption and when the client login you encrypt that password the way you want and send it to the server.
So yeah man up and have some balls.. and maybe you will get somewhere on your own because that's what i did after i asked 3 members on this forum who claims to know everything about it and most of them gave me a bunch of bullshit answers that proves they are full of shit and they know nothing about it...
No, he's saying that the new plain-text value will be encrypted. i.e. you had the encrypted version of 65 the first time, and then you type in 66. You now have the encrypted value of 6566Quote:
means was there was call for a encryption function or dll or whatever . ... OR was it just - VOwala - password encryptied ??!!
and : the already encrypted password will be Re-encrypted ...
is that means if i have two digits ... the first one will have double encryption ? or you mean it will decryept and re-encrypt both togther ?
and if ur answer is double encrypted . is that means i will have to rotate the encryption like
digit 1 ( rotate password.length) , digit 2( rotate password length-1 ) ??? or the encryption is diff each time .
Actually, it's decrypted using the plain-text from the password field itself. There's no decryption in the cycle at all (or there shouldn't be, last I checked.) But regardless, it is not saved after you login, especially in decrypted form. You must be using a modified client and/or an older client.Quote:
No need to post about it.Quote:
i'll make video to you see it .. im correctQuote:
No need to post about it.
Ok sure, I'll be waiting to see it then.Quote:
|
|
ok ... i dont care:D if you want show it in TeamViewer ... ok .. send your Email address in private MessageQuote: