|
You last visited: Today at 12:45
Advertisement
Need help with checking passwords!
Discussion on Need help with checking passwords! within the CO2 Private Server forum part of the Conquer Online 2 category.
02/09/2012, 00:17
|
#1
|
elite*gold: 0 
Join Date: Jan 2011
Posts: 286
Received Thanks: 71
|
Need help with checking passwords!
Code:
AuthClient Client = Sender.Wrapper as AuthClient;
if (Sender.RecvSize == 52)
{
byte[] Recv = param;
if (BitConverter.ToUInt16(Recv, 2) == 0x41B)
{
byte i = 0;
Client.Username = Encoding.ASCII.GetString(Recv, 4, 16).Trim(new char[] { (char)0x0000 });
Client.Password = "";
while (i < 16)
{
Client.Password += Recv[i + 16].ToString("X2");
i = (byte)(i + 1);
}
Alright, so based on that, it's trying to take the password and convert it to hexadecimal format I believe. The question is, does anyone know how to make a PHP script that will register the passwords into a format that X2 can read or can anyone tell me how to make this just read the password that the user entered?
|
|
|
|
02/09/2012, 12:38
|
#2
|
elite*gold: 0
Join Date: Apr 2008
Posts: 759
Received Thanks: 285
|
PHP Code:
function hexEncode($str=NULL){
if(is_null($str)){
return FALSE;
}
$hexStr = "";
for($i=0;isset($str[$i]);$i++){
$char = dechex(ord($str[$i]));
$hexStr .= $char;
}
return "0x".$hexStr;
}
|
|
|
|
|
02/09/2012, 13:18
|
#3
|
elite*gold: 0
Join Date: Dec 2011
Posts: 1,537
Received Thanks: 785
|
Why do you want it to be in hex anyways? You should hash it instead.
|
|
|
|
|
02/09/2012, 20:38
|
#4
|
elite*gold: 0
Join Date: Jan 2011
Posts: 286
Received Thanks: 71
|
Quote:
Originally Posted by Mr_PoP
PHP Code:
function hexEncode($str=NULL){
if(is_null($str)){
return FALSE;
}
$hexStr = "";
for($i=0;isset($str[$i]);$i++){
$char = dechex(ord($str[$i]));
$hexStr .= $char;
}
return "0x".$hexStr;
}
|
Edit: Upon trying to register an account and then logging in, it failed. =/
Here is the password I registered under: 123456789
Here is what the database read the password from the client as: "00000000C88AF1DF3AA3F4E7A9E65C3C"
And here is what is registered in the database: 0x313233343536373839
Quote:
Originally Posted by I don't have a username
Why do you want it to be in hex anyways? You should hash it instead.
|
I don't want it to be in hex, the problem is, I haven't learned how to encrypt/decrypt with code yet so I don't know how to change it to that. =[
|
|
|
|
|
02/09/2012, 20:59
|
#5
|
elite*gold: 20
Join Date: Jun 2006
Posts: 3,296
Received Thanks: 925
|
Just a simple question but what is it that you're trying to achieve? A register page that is capable of encrypting passwords compatible with CO?
|
|
|
|
|
02/09/2012, 21:11
|
#6
|
elite*gold: 0
Join Date: Jan 2011
Posts: 286
Received Thanks: 71
|
Quote:
Originally Posted by Kiyono
Just a simple question but what is it that you're trying to achieve? A register page that is capable of encrypting passwords compatible with CO?
|
Basically, but encrypting passwords that the source I have can read. ._.
My two options are to either find a PHP script that will register the passwords right, or remove the current password reading system, and just have it read the password from the client as a string, straight on.
|
|
|
|
|
02/09/2012, 21:14
|
#7
|
elite*gold: 20
Join Date: Jun 2006
Posts: 3,296
Received Thanks: 925
|
Quote:
Originally Posted by xBlackPlagu3x
Basically, but encrypting passwords that the source I have can read. ._.
My two options are to either find a PHP script that will register the passwords right, or remove the current password reading system, and just have it read the password from the client as a string, straight on.
|
Which source are you using? A lot of the newer released source store the password as plain text.
|
|
|
|
|
02/09/2012, 22:35
|
#8
|
elite*gold: 0
Join Date: Jan 2011
Posts: 286
Received Thanks: 71
|
Quote:
Originally Posted by Kiyono
Which source are you using? A lot of the newer released source store the password as plain text.
|
Arco's 5017
|
|
|
|
|
02/09/2012, 23:09
|
#9
|
elite*gold: 20
Join Date: Jun 2006
Posts: 3,296
Received Thanks: 925
|
Since Arco's 5017 is based of Hybrid's base, this should work:
ctrl + f for public static void AuthReceive(HybridWinsockClient Sender, byte[] param)
//edit delete this part:
Code:
while (i < 16)
{
Client.Password += Recv[i + 16].ToString("X2");
i = (byte)(i + 1);
}
And stick this there.
Code:
Client.Password = "";
byte[] passarray = new byte[16];
Buffer.BlockCopy(Recv, 20, passarray, 0, 16);
Client.Password = ConquerPasswordCryptographer.Decrypt(passarray).TrimEnd('\0');
Console.WriteLine(Client.Password);
And put this somewhere:
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
namespace ConquerServer_Basic
{
public sealed class ConquerPasswordCryptographer
{
private static uint[] _key = new uint[] {
0xEBE854BC, 0xB04998F7, 0xFFFAA88C, 0x96E854BB,
0xA9915556, 0x48E44110, 0x9F32308F, 0x27F41D3E,
0xCF4F3523, 0xEAC3C6B4, 0xE9EA5E03, 0xE5974BBA,
0x334D7692, 0x2C6BCF2E, 0xDC53B74, 0x995C92A6,
0x7E4F6D77, 0x1EB2B79F, 0x1D348D89, 0xED641354,
0x15E04A9D, 0x488DA159, 0x647817D3, 0x8CA0BC20,
0x9264F7FE, 0x91E78C6C, 0x5C9A07FB, 0xABD4DCCE,
0x6416F98D, 0x6642AB5B };
private static uint LeftRotate(uint dwVar, uint dwOffset)
{
uint dwTemp1, dwTemp2;
dwOffset = dwOffset & 0x1F;
dwTemp1 = dwVar >> (int)(32 - dwOffset);
dwTemp2 = dwVar << (int)dwOffset;
dwTemp2 = dwTemp2 | dwTemp1;
return dwTemp2;
}
private static uint RightRotate(uint dwVar, uint dwOffset)
{
uint dwTemp1, dwTemp2;
dwOffset = dwOffset & 0x1F;
dwTemp1 = dwVar << (int)(32 - dwOffset);
dwTemp2 = dwVar >> (int)dwOffset;
dwTemp2 = dwTemp2 | dwTemp1;
return dwTemp2;
}
public static byte[] Encrypt(string password)
{
byte[] result = new byte[16];
Encoding.ASCII.GetBytes(password).CopyTo(result, 0);
BinaryReader reader = new BinaryReader(new MemoryStream(result, false));
uint[] passInts = new uint[4];
for (uint i = 0; i < 4; i++)
passInts[i] = (uint)reader.ReadInt32();
uint temp1, temp2;
for (int i = 1; i >= 0; i--)
{
temp1 = _key[5] + passInts[(i * 2) + 1];
temp2 = _key[4] + passInts[i * 2];
for (int j = 0; j < 12; j++)
{
temp2 = LeftRotate(temp1 ^ temp2, temp1) + _key[j * 2 + 6];
temp1 = LeftRotate(temp1 ^ temp2, temp2) + _key[j * 2 + 7];
}
passInts[i * 2] = temp2;
passInts[i * 2 + 1] = temp1;
}
BinaryWriter writer = new BinaryWriter(new MemoryStream(result, true));
for (uint i = 0; i < 4; i++)
writer.Write((int)passInts[i]);
return result;
}
public static string Decrypt(byte[] bytes)
{
BinaryReader reader = new BinaryReader(new MemoryStream(bytes, false));
uint[] passInts = new uint[4];
for (uint i = 0; i < 4; i++)
passInts[i] = (uint)reader.ReadInt32();
uint temp1, temp2;
for (int i = 1; i >= 0; i--)
{
temp1 = passInts[(i * 2) + 1];
temp2 = passInts[i * 2];
for (int j = 11; j >= 0; j--)
{
temp1 = RightRotate(temp1 - _key[j * 2 + 7], temp2) ^ temp2;
temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;
}
passInts[i * 2 + 1] = temp1 - _key[5];
passInts[i * 2] = temp2 - _key[4];
}
BinaryWriter writer = new BinaryWriter(new MemoryStream(bytes, true));
for (uint i = 0; i < 4; i++)
writer.Write((int)passInts[i]);
for (int i = 0; i < 16; i++)
if (bytes[i] == 0)
return Encoding.ASCII.GetString(bytes, 0, i);
return Encoding.ASCII.GetString(bytes);
}
}
}
You can now use plain text passwords.
|
|
|
|
|
02/09/2012, 23:46
|
#10
|
elite*gold: 0
Join Date: Jan 2011
Posts: 286
Received Thanks: 71
|
Thank you Kiyono! It reads the password perfectly, but now my only problem is it keeps disconnecting the client because it says that it lost the connection to the server. =/ But thank you for helping me get one thing solved!
|
|
|
|
|
02/09/2012, 23:53
|
#11
|
elite*gold: 20
Join Date: Mar 2006
Posts: 6,126
Received Thanks: 2,518
|
If you decrypt to plain text you should really hash it to md6 and then compare that to an md6 hash in the database which the website would use, far more secure than plain text in the database.
|
|
|
|
|
02/10/2012, 00:14
|
#12
|
elite*gold: 0
Join Date: Jan 2011
Posts: 286
Received Thanks: 71
|
Quote:
Originally Posted by Korvacs
If you decrypt to plain text you should really hash it to md6 and then compare that to an md6 hash in the database which the website would use, far more secure than plain text in the database.
|
Thanks for the advice, and I might actually do that, but first I need to be able to login. =/
|
|
|
|
|
02/10/2012, 11:51
|
#13
|
elite*gold: 20
Join Date: Jun 2006
Posts: 3,296
Received Thanks: 925
|
Since you're considering using hashed passwords in the database, here's a useful piece of code from Fusion Origins:
Code:
public class SHA2
{
public static string sha256encrypt(string phrase)
{
UTF8Encoding encoder = new UTF8Encoding();
SHA256Managed sha256hasher = new SHA256Managed();
byte[] hashedDataBytes = sha256hasher.ComputeHash(encoder.GetBytes(phrase));
return byteArrayToString(hashedDataBytes);
}
private static string byteArrayToString(byte[] inputArray)
{
StringBuilder output = new StringBuilder("");
for (int i = 0; i < inputArray.Length; i++)
{
output.Append(inputArray[i].ToString("X2"));
}
return output.ToString();
}
}
So instead of Client.Password = ConquerPasswordCryptographer.Decrypt(passarray).Tr imEnd('\0');
Client.Password = SHA2.sha256encrypt(ConquerPasswordCryptographer.De crypt(passarray).TrimEnd('\0'));
Then just make the register script encrypt them to sha256 too and compare these 2.
|
|
|
|
|
02/10/2012, 12:00
|
#14
|
elite*gold: 20
Join Date: Mar 2006
Posts: 6,126
Received Thanks: 2,518
|
Yes, fully forgot i even used SHA2 in that source, thanks for reminding me!
|
|
|
|
Similar Threads
|
Passwords does not match
02/08/2009 - Dekaron Private Server - 6 Replies
Thats what it says everytime I try to login on my server.
I use a clean account database, so I cant use a already-existing account and just edit it :S
Any fix for this?
|
PK Passwords
09/30/2007 - Kal Online - 131 Replies
This will be a collection of privat server pk passwords
Standart:
JKSYEHAB#9052
Kalmax Files:
KALMAXAX#6969
Eather Server
H3J2J89PCYXWG
|
to got pk-passwords
04/30/2007 - Kal Online - 12 Replies
Hab hier noch nix der artiges gefunden :) versucht es mal muesste klappen ;)
I got nice tool finding PK password
This only work AFTER you unpack the engine
|
All times are GMT +1. The time now is 12:46.
|
|
