• Welcome to Valhalla Legends Archive.
 

Understanding how hashing works

Started by BaDDBLooD, August 16, 2004, 11:34 PM

Previous topic - Next topic

BaDDBLooD

Ok, i was talking with UserLoser about Packet 0x50, learned a few things;  Still have a few questions.

When blizzard sends you back 0x50

You recieve a Revision Number?

There are a Couple Responses

0x00 = XSHA-1 ( Why is it Called XSHA-1, What's with PSUEDO Sha-1, Broken Sha-1, and all that stuff )
0x01 = SRP
0x02 = Modified SRP? or What!?

What is Server Key? Some time of Authentication Signature?

What is UDP Value?

Filetime, Used in order to upgrade patch or something?

Version FileName, No idea what this is used for.
Hash Command, All Randomly Generated By the server.  Where S is Constant and found in... Storm.dll??? What is this used for?

Server Signature? What is this used for?

Thanks Alot

- BaDDBLooD
There are only two kinds of people who are really fascinating: people who know absolutely everything, and people who know absolutely nothing.

ChR0NiC

Quote from: BaDDBLooD on August 16, 2004, 11:34 PM
Ok, i was talking with UserLoser about Packet 0x50, learned a few things;  Still have a few questions.
0x00 = XSHA-1 ( Why is it Called XSHA-1, What's with PSUEDO Sha-1, Broken Sha-1, and all that stuff )
0x01 = SRP
0x02 = Modified SRP? or What!?

0x01 <- W3 Beta
0x02 <- W3 and W3XP Standard SHA-1

BaDDBLooD

There are only two kinds of people who are really fascinating: people who know absolutely everything, and people who know absolutely nothing.

ChR0NiC

#3
You had the Broken SHA-1 correct, but the other two needed some correcting.

BaDDBLooD

There are only two kinds of people who are really fascinating: people who know absolutely everything, and people who know absolutely nothing.

iago

SRP is the authentication that Warcraft 3 uses to verify passworsd.  It's a 4-part process, and you can find official documetnation at http://srp.stanford.edu .
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Soul Taker

#6
Quote from: BaDDBLooD on August 17, 2004, 12:33 AM
Where does SRP Come in than?
Hashing used to log in your account with the NLS (revision 0x1 or 0x2).

Edit: SCREW YOU iago

ChR0NiC

#7
Here is some Psuedo Code for SHA-1 I doubt it is the exact same as Broken SHA-1 but here ya go.

A description of SHA-1

a = h0 = 0x67452301
b = h1 = 0xEFCDAB89
c = h2 = 0x98BADCFE
d = h3 = 0x10325476
e = h4 = 0xC3D2E1F0
(Pre-processing:)
paddedmessage = (message) append 1
while length(paddedmessage) < 512n - 64:
paddedmessage = paddedmessage append 0
paddedmessage = paddedmessage append (length(message) in 64-bit format)
(Process the message in successive 512-bit chunks:)
while 512-bit chunk(s) remain(s):
break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15
(Extend the sixteeen 32-bit words into eighty 32-bit words:)
for i from 16 to 79:
w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1
(Main loop:)
for i from 0 to 79:
temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32)
where:
(0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999
(20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1
(40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC
(60 <= i <= 79): f(b,c,d) = (b xor c xor d), k = 0xCA62C1D6
e = d
d = c
c = b leftrotate 30
b = a
a = temp
h0 = h0 + a
h1 = h1 + b
h2 = h2 + c
h3 = h3 + d
h4 = h4 + e
digest = hash = h0 append h1 append h2 append h3 append h4
Note: Instead of the formulation from FIPS PUB 180-1 shown, the following may be used for improved efficiency:

(0 <= i <= 19): f(b,c,d) = (d xor (b and (c xor d)))
(40 <= i <= 59): f(b,c,d) = (b and c) or (d and (b or c)))


Oh and in case you didn't know SHA = Secure Hash Algorithm and the -1 means the version. Battle.net modified this a little bit and is called Broken SHA-1, just their own kind of version I believe.

Soul Taker


BaDDBLooD

#9
Quote from: Soul Taker on August 17, 2004, 12:36 AM
Quote from: BaDDBLooD on August 17, 2004, 12:33 AM
Where does SRP Come in than?
Hashing used to log in your account with the NLS (revision 0x1 or 0x2).

Edit: SCREW YOU iago

So what are the Resvision Status codes? You guys got me all fricking Confused now!

0x00 = Broken SHA-1
0x01 = SRP For WAR3 Beta
0x02 = SRP for WAR3/W3XP

Broken SHA-1 And SRP are both used to hash passwords?

EDIT: Can you guys answer all my other questions as well?
There are only two kinds of people who are really fascinating: people who know absolutely everything, and people who know absolutely nothing.

ChR0NiC

I believe SRP is used to hash W3 passwords only and SHA-1 is used to hash old product passwords and all cdkey'd products, though I am informed from a reliable source :P

BaDDBLooD

What exactly is SRP Sha-1 used to hash?
There are only two kinds of people who are really fascinating: people who know absolutely everything, and people who know absolutely nothing.

UserLoser.

Also, Diablo II and Starcraft both support the logon version 0x01. (Or NLS Revision as some refer to it as)

UserLoser.

#13
Quote from: BaDDBLooD on August 16, 2004, 11:34 PM
Ok, i was talking with UserLoser about Packet 0x50, learned a few things;  Still have a few questions.

When blizzard sends you back 0x50

You recieve a Revision Number?

There are a Couple Responses

0x00 = XSHA-1 ( Why is it Called XSHA-1, What's with PSUEDO Sha-1, Broken Sha-1, and all that stuff )
0x01 = SRP
0x02 = Modified SRP? or What!?

What is Server Key? Some time of Authentication Signature?

What is UDP Value?

Filetime, Used in order to upgrade patch or something?

Version FileName, No idea what this is used for.
Hash Command, All Randomly Generated By the server.  Where S is Constant and found in... Storm.dll??? What is this used for?

Server Signature? What is this used for?

Thanks Alot

- BaDDBLooD

ServerKey: Used for hashing password and CDKey.
UDPValue: Sent back in UDP packet 0x9.
Filetime: FILETIME struct of the filetime for the versioning MPQ.
Filename: Contains the versioning .DLL, which is then downloaded from Battle.net by the Blizzard clients (or such clients as UserLoserBot), then extracts the .DLL and calls CheckRevision later on.
Hash command: Used for CheckRevision to calculate checksum.
Server signature: Used to verify the server's signature based on it's IP address

BaDDBLooD

How is the Server key used to hash password / cdkey

How Can starcraft/Diablo2 use NLS Revison 0x01?.. lost me there

What exactly is the FILETIME used for?

What is the Checksum used for that comes from the hash command?

I STill don't understand what Server Signature is.
There are only two kinds of people who are really fascinating: people who know absolutely everything, and people who know absolutely nothing.