password hash at packet 1052

08/03/2013 02:51 go for it#1

does the client still send the password hash at offset 8 at packet 1052 after using hybird loader and that new password crypto stuff ?
is it possible to retrieve the password from the hash or just hash the password at the db and compare ?

08/03/2013 07:17 { Angelius }#2

I don't have the answer for your first question because i don't know how hybrid loader works. However to answer your second question, if the end result is being sent to the server as an MD5 hash then the answer is NO Because MD5 is a one way hash function.

08/05/2013 11:29 Korvacs#3

To answer your question abit better, if this is for a private server what you need to do is use the same hash when you create the password and store the hash in the database, then you compare the two hashes when someone logs in.

08/05/2013 11:54 -impulse-#4

Since you're using Hybrid's loader, you are running on a patch that its already using SRP for password verification, in which case, you cannot do what Korvacs said, because the SRP is a random based algorithm which will never provide the same password hash (which is a one way hash like MD5). And although the server still sends a random integer when a new client is connected, I do not think it still used.

On the other hand if you want to do the hash yourself, you can do it with that loader. All you have to do is write the computed hash with the first packet thats being sent. That happens in the hooked sent function, in something like

Code:

if(legacy)
{
...
}

08/05/2013 11:57 Korvacs#5

Alternatively you could brute force the hash every time someone logs in, it might have an impact on the login time though ;)

08/05/2013 17:44 ImmuneOne#6

Quote:

Originally Posted by Korvacs

Alternatively you could brute force the hash every time someone logs in, it might have an impact on the login time though ;)

Srp only allows 1 authentication attempt per session.

08/06/2013 00:28 InfamousNoone#7

The exploit for the longest time was choose A s.t. (A%N)=0 if you did this, for about a year you could log into any account given just the account name. If you want to know why, I can explain the math, but I don't think anyone will care too much. The tl;dr of it is what happens when u raise x^0 for any x?

Discovered this before we even knew the algorithm was called SRP 6a. Lol

08/06/2013 11:48 Korvacs#8

Quote:

Originally Posted by ImmuneOne

Srp only allows 1 authentication attempt per session.

I meant brute force the hash, as in since you have the plain text password in the database, repeatedly hash this using the algorithm until you get a match.

And this was meant as a joke, so naturally its not meant to be practical. :rolleyes: