|
You last visited: Today at 12:17
Advertisement
password hash at packet 1052
Discussion on password hash at packet 1052 within the CO2 Private Server forum part of the Conquer Online 2 category.
08/03/2013, 02:51
|
#1
|
elite*gold: 0 
Join Date: Sep 2012
Posts: 775
Received Thanks: 329
|
password hash at packet 1052
does the client still send the password hash at offset 8 at packet 1052 after using hybird loader and that new password crypto stuff ?
is it possible to retrieve the password from the hash or just hash the password at the db and compare ?
|
|
|
|
08/03/2013, 07:17
|
#2
|
elite*gold: 0
Join Date: Aug 2010
Posts: 992
Received Thanks: 1,110
|
I don't have the answer for your first question because i don't know how hybrid loader works. However to answer your second question, if the end result is being sent to the server as an MD5 hash then the answer is NO Because MD5 is a one way hash function.
|
|
|
|
|
08/05/2013, 11:29
|
#3
|
elite*gold: 20
Join Date: Mar 2006
Posts: 6,126
Received Thanks: 2,518
|
To answer your question abit better, if this is for a private server what you need to do is use the same hash when you create the password and store the hash in the database, then you compare the two hashes when someone logs in.
|
|
|
|
|
08/05/2013, 11:54
|
#4
|
elite*gold: 0
Join Date: Oct 2009
Posts: 768
Received Thanks: 550
|
Since you're using Hybrid's loader, you are running on a patch that its already using SRP for password verification, in which case, you cannot do what Korvacs said, because the SRP is a random based algorithm which will never provide the same password hash (which is a one way hash like MD5). And although the server still sends a random integer when a new client is connected, I do not think it still used.
On the other hand if you want to do the hash yourself, you can do it with that loader. All you have to do is write the computed hash with the first packet thats being sent. That happens in the hooked sent function, in something like
|
|
|
|
|
08/05/2013, 11:57
|
#5
|
elite*gold: 20
Join Date: Mar 2006
Posts: 6,126
Received Thanks: 2,518
|
Alternatively you could brute force the hash every time someone logs in, it might have an impact on the login time though 
|
|
|
|
|
08/05/2013, 17:44
|
#6
|
elite*gold: 0
Join Date: Nov 2009
Posts: 754
Received Thanks: 544
|
Quote:
Originally Posted by Korvacs
Alternatively you could brute force the hash every time someone logs in, it might have an impact on the login time though |
Srp only allows 1 authentication attempt per session.
|
|
|
|
|
08/06/2013, 00:28
|
#7
|
elite*gold: 20
Join Date: Jan 2008
Posts: 2,012
Received Thanks: 2,885
|
The exploit for the longest time was choose A s.t. (A%N)=0 if you did this, for about a year you could log into any account given just the account name. If you want to know why, I can explain the math, but I don't think anyone will care too much. The tl;dr of it is what happens when u raise x^0 for any x?
Discovered this before we even knew the algorithm was called SRP 6a. Lol
|
|
|
|
|
08/06/2013, 11:48
|
#8
|
elite*gold: 20
Join Date: Mar 2006
Posts: 6,126
Received Thanks: 2,518
|
Quote:
Originally Posted by ImmuneOne
Srp only allows 1 authentication attempt per session.
|
I meant brute force the hash, as in since you have the plain text password in the database, repeatedly hash this using the algorithm until you get a match.
And this was meant as a joke, so naturally its not meant to be practical. 
|
|
|
|
 |
Similar Threads
|
password hash
08/19/2013 - Zero - 3 Replies
simple and efficient script
save as html or php and open in your browser to generate account sql
<SCRIPT language=JavaScript>
<!--
var hex_chr = "0123456789abcdef";
function rhex(num)
{
str = "";
for(j = 0; j <= 3; j++)
|
autoit compile with hash password
05/20/2012 - AutoIt - 14 Replies
hey guys i need to know how to make autoit compile the hack with a password so when anyone decompile it it ask him for a password not when he start using it only when decompiling
|
Perl md5 password hash for server DB
07/14/2008 - Conquer Online 2 - 6 Replies
A while back, I came across this perl script that would create md5 hex password hashes that you could use/modify to inject into the SQL DB.
I've written my own perl script that creates an md5 hex hash, but it doesn't make them correctly and I don't know why...
What I'm looking for is someone that knows where this perl script is that i found...
Thanks for any help.
In the DB the pass for test is hashed
6422c85d887752500da6084df367eb73
|
Login Packet Password Hash
11/06/2006 - Conquer Online 2 - 1 Replies
Hello,
I am trying to make a standalone bot, but i cannot figure out how to encrypt the password. Can anyone explain the routine for encrypting the password?
Thanks in advance,
ChaoTao
|
JTR - password hash
06/20/2006 - Technical Support - 0 Replies
Hoi,
ich versuch mich gerade in John einzuarbeiten und bräuchte ein wenig Hilfe, da ich so keinen Plan von dem programm habe.
ich geh also command, cd ins John dir und mach erstmal john -i:alpha passwd.txt
In der passwd hab ich folgendes drin:
e249c79b3a6d4970b0808e8350e72a6f
Antwort: no password hashes loaded
|
All times are GMT +1. The time now is 12:17.
|
|
