People have started reporting failed passwords being sent to Battle.net with JavaOp2 lately, raising this question in my mind:
Before hashing the password, is there anything that needs to be done to it? They're reporting mixed-cases failing, and my password works but is all lowercase. I'm inferring that it needs to be put to lowercase before hashing. Is this correct?
Quote from: Joex86] link=topic=16408.msg165958#msg165958 date=1172612782]
People have started reporting failed passwords being sent to Battle.net with JavaOp2 lately, raising this question in my mind:
Before hashing the password, is there anything that needs to be done to it? They're reporting mixed-cases failing, and my password works but is all lowercase. I'm inferring that it needs to be put to lowercase before hashing. Is this correct?
No. Makes no sense on why something would have to be lowercased because the server doesn't really know your password. The only reason bot developers are suggested to lowercase password pre-hash is because the official Blizzard clients lowercase your password no matter what before creating/logging on
The game converts all passwords to lower case before hashing. If a user creates an account with a game, it will be lower case hashed. This makes for a nifty ability to create accounts in bots that can not be logged in on games or bots that don't support upper-case passwords. Your safest bet is to convert all passwords to lower-case, and possibly have an upper-case option.
Quote from: [RealityRipple] on February 27, 2007, 04:29 PM
The game converts all passwords to lower case before hashing. If a user creates an account with a game, it will be lower case hashed. This makes for a nifty ability to create accounts in bots that can not be logged in on games or bots that don't support upper-case passwords. Your safest bet is to convert all passwords to lower-case, and possibly have an upper-case option.
Interesting. I'm definitely going to be experimenting with that.
Quote from: Joex86] link=topic=16408.msg165958#msg165958 date=1172612782]
People have started reporting failed passwords being sent to Battle.net with JavaOp2 lately, raising this question in my mind:
Before hashing the password, is there anything that needs to be done to it? They're reporting mixed-cases failing, and my password works but is all lowercase. I'm inferring that it needs to be put to lowercase before hashing. Is this correct?
What clients are they reporting this for.
Quote from: [RealityRipple] on February 27, 2007, 04:29 PM
The game converts all passwords to lower case before hashing. If a user creates an account with a game, it will be lower case hashed. This makes for a nifty ability to create accounts in bots that can not be logged in on games or bots that don't support upper-case passwords. Your safest bet is to convert all passwords to lower-case, and possibly have an upper-case option.
Having an upper-case option, though, would mean that the user would be unable to log on with the official client.
I said that:
Quote from: [RealityRipple] on February 27, 2007, 04:29 PM
This makes for a nifty ability to create accounts in bots that can not be logged in on games or bots that don't support upper-case passwords.
Quote from: l)ragon on February 28, 2007, 02:43 AM
Quote from: Joex86] link=topic=16408.msg165958#msg165958 date=1172612782]
People have started reporting failed passwords being sent to Battle.net with JavaOp2 lately, raising this question in my mind:
Before hashing the password, is there anything that needs to be done to it? They're reporting mixed-cases failing, and my password works but is all lowercase. I'm inferring that it needs to be put to lowercase before hashing. Is this correct?
What clients are they reporting this for.
W2BN.
Joe, have you tested for yourself to confirm this problem? I unfortunately do not have a W2BN cdkey so I cannot test for myself.
The password gets lowercased prior to being hashed on all official clients... no?
Quote from: l2k-Shadow on March 02, 2007, 12:23 AM
The password gets lowercased prior to being hashed on all official clients... no?
Yes, but Joe was allowing his users to have mixed case passwords and it was functional. Until he started having the W2BN issue. But it appears he's having no problems with other clients.
Is he using the 0x29 instead of the 0x3a? That MAY be why.
You have no idea what you're talking about.
Quote from: rabbit on March 03, 2007, 10:31 AM
You have no idea what you're talking about.
Unnecessary.
The older account logon packet, the 0x29, is used by W2BN. Most bot developers aim for perfect emulation, so maybe he used that packet. Since BNetdocs is down, I am unable to confirm this, but I believe in the 0x29 the password is only hashed
once. Even if I am wrong, it would be nice to know that he's using the 0x29 instead of the norm, 0x3a.
Both 0x29 and 0x3a hashing algos are the same.
The only difference is the clients that use them (All clients can use either or except wc3 IIRC)
And 0x3A returns more results besides Success/Fail.
(Invalid, To Few chrs, account doesn't exist, I think are most of them)
Which is why it is recommended over 0x29.
But this topic has been addressed, so everyone quit repeating what was already said MANY times before on this forum -.-
~Hdx