vBulletin password encryption

03/09/2017 19:46 XxharCs#1
I need somehow to check my login credentials against the ones stored in the db of vBulletin.
I know that vB uses Bcrypt and I'm using this bcrypt library: [Only registered and activated users can see links. Click Here To Register...]

I never succeed to get matching passwords.(yeah I tweaked the library to use $2y$ prefix in the bcrypt_gensalt method)

Code:
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include "bcrypt.h"
#include "md5.h"

int main(int argc, char **argv)
{
        if(!(argc >= 2 && argc <= 3)) 
        {
                std::cerr << "Usage: ./bcrypt_release [password] [hash]" << std::endl;
                return EXIT_FAILURE;
        }

        std::string pw = md5(argv[1]);
    
        char salt[BCRYPT_HASHSIZE];
        char hash[BCRYPT_HASHSIZE];
        int ret;
    
        ret = bcrypt_gensalt(10, salt);
        ret = bcrypt_hashpw(pw.c_str(), salt, hash);
    
        if(argc == 3)
        {
                ret = bcrypt_checkpw(pw.c_str(), argv[2]);
                assert(ret != -1);
    
                std::cout << "pw: " << pw.c_str() << "\nsalt: " << salt << "\nhash: " << hash << "\nMatching passwords: " << (ret ? "[FAIL]" : "[OK]") << std::endl;
        }
        else if(argc == 2)
        {
                std::cout << "pw: " << pw.c_str() << "\nsalt: " << salt << "\nhash: " << hash << std::endl;
        }

        return EXIT_SUCCESS;
}
I also tried simple php code(which I found on the vB forums), to be sure it's not a C++ problem
Code:
$userSuppliedPassword = 'Plain Text Password';
$hashToMatch = 'user->token Column Value';
$options['cost'] = 10;
$options['salt'] = 'user->secret Column Value';
if (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $options['salt']))
{
$options['salt'] = str_replace('+', '.', base64_encode($options['salt']));
}
if ($hashToMatch == password_hash(md5($userSuppliedPassword), PASSWORD_BCRYPT, $options))
{
echo "Woot!<br/>\n";
}else{
echo "Sad Face.<br/>\n";
}
But still, pw's don't match.

Anyone an idea?
03/11/2017 14:54 wurstbrot123#2
No clue what Version you are using but VBulletin 4 does it differently:

$encrypted = md5(md5($decryptedpassword) . $row->salt);

$encrypted will be same password as in the database than.
03/11/2017 16:36 XxharCs#3
Quote:
Originally Posted by wurstbrot123 View Post
No clue what Version you are using but VBulletin 4 does it differently:

$encrypted = md5(md5($decryptedpassword) . $row->salt);

$encrypted will be same password as in the database than.
Using vBulletin 5.
I even can't manage to do it via a WebRequest.( to check the user login)
03/11/2017 20:07 wurstbrot123#4
You can actually ask the Customer Support if
you dont have a nulled Version.

They are pretty nice and even help with stuff like that.
03/22/2017 14:42 Visual-#5
Vbulleten 4 does it better
03/22/2017 18:23 Dr. Coxxy#6
php 7 ignores the salt parameter in password_hash afaik - which php version are you using?
also you should use password_verify and not == - though it shouldnt matter in your case, as youre using a custom hash.
03/22/2017 22:13 XxharCs#7
Quote:
Originally Posted by Dr. Coxxy View Post
php 7 ignores the salt parameter in password_hash afaik - which php version are you using?
also you should use password_verify and not == - though it shouldnt matter in your case, as youre using a custom hash.
My webserver is running php7, though I'm trying not to accomplish this with php but in C++. But I managed a workaround with webrequests, cause I've not that much time to write the support :)