[Security]Bcrypt hash algorithm in Shaiya

04/28/2020 13:37 [ADM]Sky#1
Hi!

Example of implementing the BCrypt algorithm for Shaiya servers.

Step 1
Quote:
EXEC sp_configure 'CLR ENABLED' , '1'
GO
RECONFIGURE
GO
ALTER DATABASE PS_UserData SET TRUSTWORTHY ON
GO
Step 2
Execute the file BCrypt_assembly.sql, which is located below.


Step 3 (BCrypt-Function)
Quote:
CREATE FUNCTION [dbo].[BCrypt](@password [nvarchar](4000), @rounds [int])
RETURNS [nvarchar](4000) WITH EXECUTE AS CALLER
AS
EXTERNAL NAME [BCrypt].[BCryptPackage.UserDefinedFunctions].[BCrypt]
GO
EXEC sys.sp_addextendedproperty @name=N'AutoDeployed', @value=N'yes' , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',@level1name=N'BCrypt'
GO
EXEC sys.sp_addextendedproperty @name=N'SqlAssemblyFile', @value=N'BCryptAssembly' , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',@level1name=N'BCrypt'
GO
EXEC sys.sp_addextendedproperty @name=N'SqlAssemblyFileLine', @value=813 , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',@level1name=N'BCrypt'
This step is optional, because the hash itself will be created by the site, but thanks to this function, you can perform verification.

Step 4(CheckPassword function)
Quote:
CREATE FUNCTION [dbo].[CheckPassword](@password [nvarchar](4000), @hashed [nvarchar](4000))
RETURNS [bit] WITH EXECUTE AS CALLER
AS
EXTERNAL NAME [BCrypt].[BCryptPackage.UserDefinedFunctions].[CheckPassword]
GO
EXEC sys.sp_addextendedproperty @name=N'AutoDeployed', @value=N'yes' , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',
@level1name=N'CheckPassword'
GO
EXEC sys.sp_addextendedproperty @name=N'SqlAssemblyFile', @value=N'BCryptAssembly' , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',
@level1name=N'CheckPassword'
GO
EXEC sys.sp_addextendedproperty @name=N'SqlAssemblyFileLine', @value=820 , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',
@level1name=N'CheckPassword'
If you get an error, you need to change the database compatibility level.

[Only registered and activated users can see links. Click Here To Register...]

Step 5
Now run it to check.
Quote:
DECLARE @passwd VARCHAR(60)
DECLARE @crypted_passwd VARCHAR(60)
SET @passwd = 'weakPassword1234'
select @crypted_passwd = dbo.Bcrypt('weakPassword1234',10)
print @crypted_passwd
-- Check if the passwords match
select dbo.CheckPassword(@passwd,@crypted_passwd)
Сheck result:
[Only registered and activated users can see links. Click Here To Register...]

Step 6
Execute the file usp_Try_GameLogin_Taiwan.sql, which is located below.

Сheck result:
[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...]

Very important:
PHP once made the Bcrypt function, but the first versions of it did not work correctly. This is why they started changing the prefix at the beginning of the hash to indicate that it is a new version, but this is not suitable for us to check in the database, so we will do this little trick.

[Only registered and activated users can see links. Click Here To Register...]

PHP Code:
$pw 'test9080';

$PwHash password_hash($pwPASSWORD_BCRYPT);
echo $PwHash;
echo "<br>";

$PwHash str_replace("$2y$""$2a$"$PwHash);
echo $PwHash
[Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...]

I wish you the best of everything!
04/28/2020 21:50 [BSG]Reeya#2
Very Nice Release, thanks Sky :)
04/29/2020 00:04 bannedwrong1#3
Perfectly :) gret
04/29/2020 01:18 admkraken81#4
Thanks you working