Need help with checking passwords!

xBlackPlagu3x · 02/09/2012, 00:17

Code:

AuthClient Client = Sender.Wrapper as AuthClient;
            if (Sender.RecvSize == 52)
            {     
                byte[] Recv = param;
                if (BitConverter.ToUInt16(Recv, 2) == 0x41B)
                {
                    byte i = 0;
                    Client.Username = Encoding.ASCII.GetString(Recv, 4, 16).Trim(new char[] { (char)0x0000 });
                    Client.Password = "";
                    while (i < 16)
                    {
                        Client.Password += Recv[i + 16].ToString("X2");
                        i = (byte)(i + 1);
                    }

Alright, so based on that, it's trying to take the password and convert it to hexadecimal format I believe. The question is, does anyone know how to make a PHP script that will register the passwords into a format that X2 can read or can anyone tell me how to make this just read the password that the user entered?

Mr_PoP · 02/09/2012, 12:38

PHP Code:


			

function hexEncode($str=NULL){

        if(is_null($str)){
                return FALSE;
        }

        $hexStr = "";

        for($i=0;isset($str[$i]);$i++){
                $char = dechex(ord($str[$i]));
                $hexStr .= $char;
        }

        return "0x".$hexStr;

}

~~I don't have a username~~ · 02/09/2012, 13:18

Why do you want it to be in hex anyways? You should hash it instead.

xBlackPlagu3x · 02/09/2012, 20:38

Quote:

Originally Posted by Mr_PoP

PHP Code:

function hexEncode($str=NULL){ if(is_null($str)){ return FALSE; } $hexStr = ""; for($i=0;isset($str[$i]);$i++){ $char = dechex(ord($str[$i])); $hexStr .= $char; } return "0x".$hexStr; }

Edit: Upon trying to register an account and then logging in, it failed. =/
Here is the password I registered under: 123456789
Here is what the database read the password from the client as: "00000000C88AF1DF3AA3F4E7A9E65C3C"
And here is what is registered in the database: 0x313233343536373839

Quote:

Originally Posted by I don't have a username

Why do you want it to be in hex anyways? You should hash it instead.

I don't want it to be in hex, the problem is, I haven't learned how to encrypt/decrypt with code yet so I don't know how to change it to that. =[

Kiyono · 02/09/2012, 20:59

Just a simple question but what is it that you're trying to achieve? A register page that is capable of encrypting passwords compatible with CO?

xBlackPlagu3x · 02/09/2012, 21:11

Quote:

Originally Posted by Kiyono

Just a simple question but what is it that you're trying to achieve? A register page that is capable of encrypting passwords compatible with CO?

Basically, but encrypting passwords that the source I have can read. ._.
My two options are to either find a PHP script that will register the passwords right, or remove the current password reading system, and just have it read the password from the client as a string, straight on.

Kiyono · 02/09/2012, 21:14

Quote:

Originally Posted by xBlackPlagu3x

Basically, but encrypting passwords that the source I have can read. ._.
My two options are to either find a PHP script that will register the passwords right, or remove the current password reading system, and just have it read the password from the client as a string, straight on.

Which source are you using? A lot of the newer released source store the password as plain text.

xBlackPlagu3x · 02/09/2012, 22:35

Quote:

Originally Posted by Kiyono

Which source are you using? A lot of the newer released source store the password as plain text.

Arco's 5017

Kiyono · 02/09/2012, 23:09

Since Arco's 5017 is based of Hybrid's base, this should work:
ctrl + f for public static void AuthReceive(HybridWinsockClient Sender, byte[] param)
//edit delete this part:

Code:

while (i < 16)
                    {
                        Client.Password += Recv[i + 16].ToString("X2");
                        i = (byte)(i + 1);
                    }

And stick this there.

Code:

 Client.Password = "";
                    byte[] passarray = new byte[16];
                    Buffer.BlockCopy(Recv, 20, passarray, 0, 16);
                    Client.Password = ConquerPasswordCryptographer.Decrypt(passarray).TrimEnd('\0');
                    Console.WriteLine(Client.Password);

And put this somewhere:

Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;

namespace ConquerServer_Basic
{
     public sealed class ConquerPasswordCryptographer
     {
          private static uint[] _key = new uint[] {
                                        0xEBE854BC, 0xB04998F7, 0xFFFAA88C, 0x96E854BB, 
                                        0xA9915556, 0x48E44110, 0x9F32308F, 0x27F41D3E, 
                                        0xCF4F3523, 0xEAC3C6B4, 0xE9EA5E03, 0xE5974BBA, 
                                        0x334D7692, 0x2C6BCF2E, 0xDC53B74,  0x995C92A6, 
                                        0x7E4F6D77, 0x1EB2B79F, 0x1D348D89, 0xED641354, 
                                        0x15E04A9D, 0x488DA159, 0x647817D3, 0x8CA0BC20, 
                                        0x9264F7FE, 0x91E78C6C, 0x5C9A07FB, 0xABD4DCCE, 
                                        0x6416F98D, 0x6642AB5B };

          private static uint LeftRotate(uint dwVar, uint dwOffset)
          {
               uint dwTemp1, dwTemp2;

               dwOffset = dwOffset & 0x1F;
               dwTemp1 = dwVar >> (int)(32 - dwOffset);
               dwTemp2 = dwVar << (int)dwOffset;
               dwTemp2 = dwTemp2 | dwTemp1;

               return dwTemp2;
          }

          private static uint RightRotate(uint dwVar, uint dwOffset)
          {
               uint dwTemp1, dwTemp2;

               dwOffset = dwOffset & 0x1F;
               dwTemp1 = dwVar << (int)(32 - dwOffset);
               dwTemp2 = dwVar >> (int)dwOffset;
               dwTemp2 = dwTemp2 | dwTemp1;

               return dwTemp2;
          }

          public static byte[] Encrypt(string password)
          {
               byte[] result = new byte[16];
               Encoding.ASCII.GetBytes(password).CopyTo(result, 0);
               BinaryReader reader = new BinaryReader(new MemoryStream(result, false));
               uint[] passInts = new uint[4];
               for (uint i = 0; i < 4; i++)
                    passInts[i] = (uint)reader.ReadInt32();

               uint temp1, temp2;
               for (int i = 1; i >= 0; i--)
               {
                    temp1 = _key[5] + passInts[(i * 2) + 1];
                    temp2 = _key[4] + passInts[i * 2];
                    for (int j = 0; j < 12; j++)
                    {
                         temp2 = LeftRotate(temp1 ^ temp2, temp1) + _key[j * 2 + 6];
                         temp1 = LeftRotate(temp1 ^ temp2, temp2) + _key[j * 2 + 7];
                    }
                    passInts[i * 2] = temp2;
                    passInts[i * 2 + 1] = temp1;
               }

               BinaryWriter writer = new BinaryWriter(new MemoryStream(result, true));
               for (uint i = 0; i < 4; i++)
                    writer.Write((int)passInts[i]);
               return result;
          }

          public static string Decrypt(byte[] bytes)
          {
               BinaryReader reader = new BinaryReader(new MemoryStream(bytes, false));
               uint[] passInts = new uint[4];
               for (uint i = 0; i < 4; i++)
                    passInts[i] = (uint)reader.ReadInt32();

               uint temp1, temp2;
               for (int i = 1; i >= 0; i--)
               {
                    temp1 = passInts[(i * 2) + 1];
                    temp2 = passInts[i * 2];
                    for (int j = 11; j >= 0; j--)
                    {
                         temp1 = RightRotate(temp1 - _key[j * 2 + 7], temp2) ^ temp2;
                         temp2 = RightRotate(temp2 - _key[j * 2 + 6], temp1) ^ temp1;
                    }
                    passInts[i * 2 + 1] = temp1 - _key[5];
                    passInts[i * 2] = temp2 - _key[4];
               }

               BinaryWriter writer = new BinaryWriter(new MemoryStream(bytes, true));
               for (uint i = 0; i < 4; i++)
                    writer.Write((int)passInts[i]);
               for (int i = 0; i < 16; i++)
                    if (bytes[i] == 0)
                         return Encoding.ASCII.GetString(bytes, 0, i);
               return Encoding.ASCII.GetString(bytes);
          }
     }
}

You can now use plain text passwords.

xBlackPlagu3x · 02/09/2012, 23:46

Thank you Kiyono! It reads the password perfectly, but now my only problem is it keeps disconnecting the client because it says that it lost the connection to the server. =/ But thank you for helping me get one thing solved!

Korvacs · 02/09/2012, 23:53

If you decrypt to plain text you should really hash it to md6 and then compare that to an md6 hash in the database which the website would use, far more secure than plain text in the database.

xBlackPlagu3x · 02/10/2012, 00:14

Quote:

Originally Posted by Korvacs

If you decrypt to plain text you should really hash it to md6 and then compare that to an md6 hash in the database which the website would use, far more secure than plain text in the database.

Thanks for the advice, and I might actually do that, but first I need to be able to login. =/

Kiyono · 02/10/2012, 11:51

Since you're considering using hashed passwords in the database, here's a useful piece of code from Fusion Origins:

Code:

public class SHA2
    {
        public static string sha256encrypt(string phrase)
        {
            UTF8Encoding encoder = new UTF8Encoding();
            SHA256Managed sha256hasher = new SHA256Managed();
            byte[] hashedDataBytes = sha256hasher.ComputeHash(encoder.GetBytes(phrase));
            return byteArrayToString(hashedDataBytes);
        }

        private static string byteArrayToString(byte[] inputArray)
        {
            StringBuilder output = new StringBuilder("");
            for (int i = 0; i < inputArray.Length; i++)
            {
                output.Append(inputArray[i].ToString("X2"));
            }
            return output.ToString();
        }
    }

So instead of Client.Password = ConquerPasswordCryptographer.Decrypt(passarray).Tr imEnd('\0');
Client.Password = SHA2.sha256encrypt(ConquerPasswordCryptographer.De crypt(passarray).TrimEnd('\0'));

Then just make the register script encrypt them to sha256 too and compare these 2.

Korvacs · 02/10/2012, 12:00

Yes, fully forgot i even used SHA2 in that source, thanks for reminding me!