• Welcome to Valhalla Legends Archive.
 

CalcHashBuf??

Started by XTRB, April 30, 2003, 11:22 AM

Previous topic - Next topic

XTRB

No offense guys, but I'm still not really figuring out how to use X if it's a real function within bNetAuth.dll.

Kp

Quote from: XTRB on May 03, 2003, 11:45 AM
No offense guys, but I'm still not really figuring out how to use X if it's a real function within bNetAuth.dll.
IIRC, BNLS was recently modified to provide greater flexibility in hash computation.  If you give up on bnetauth.dll, you might look at using BNLS -- which would have the added benefit of freeing your client from carrying around version check hashes.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

l)ragon

Quote from: Camel on May 02, 2003, 04:13 PM
Quote from: Arta[vL] on May 01, 2003, 07:06 PM
I do indeed realise that, but it's perhaps an elusive point. I think I'll add a clarification @ bnetdocs.

good idea. i had to explain to like, three people how blizzard actually has no idea what your pre-hashed password is (and for this reason, it is impossible for them to restore lost password).

In some special case's however, they can infact change your hash to a password that they make.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

tA-Kane

Quote from: dRAgoN on May 03, 2003, 02:56 PMIn some special case's however, they can infact change your hash to a password that they make.
You're implying that when they do this, they have to know your password in order to change it. This is incorrect. All they would need to do is use a different packet or command (most likely only accessable to admins), which simply replaces the account's stored hash data with the new password's hash, instead of checking to see if the old password hash is the same as the stored password hash.
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

Yoni

Quote from: Kp on May 03, 2003, 12:29 PM
IIRC, BNLS was recently modified to provide greater flexibility in hash computation.  If you give up on bnetauth.dll, you might look at using BNLS -- which would have the added benefit of freeing your client from carrying around version check hashes.
Not that recently. And yes, since mid-February, the BNLS_HASHDATA (0x0b) message may be used to "double-hash" your data in one message - so you just send the password (and the key), and it replies with the double-hash.

l)ragon

Quote from: tA-Kane on May 03, 2003, 05:06 PM
Quote from: dRAgoN on May 03, 2003, 02:56 PMIn some special case's however, they can infact change your hash to a password that they make.
You're implying that when they do this, they have to know your password in order to change it. This is incorrect. All they would need to do is use a different packet or command (most likely only accessable to admins), which simply replaces the account's stored hash data with the new password's hash, instead of checking to see if the old password hash is the same as the stored password hash.

and where did i imply that they had to know the prev. password?
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

tA-Kane

Quote from: dRAgoN on May 04, 2003, 03:41 AMand where did i imply that they had to know the prev. password?
Maybe you didn't mean to imply it, but to me you had implied it when you said that they could change the password and you didn't say that they didn't need to know the old password. :-\

As such, I had posted a clarification of your words (with use of an example of how it may be accomplished), for others who may have assumed what I thought you had implied.
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

l)ragon

Quote from: tA-Kane on May 04, 2003, 04:12 PM
Quote from: dRAgoN on May 04, 2003, 03:41 AMand where did i imply that they had to know the prev. password?
Maybe you didn't mean to imply it, but to me you had implied it when you said that they could change the password and you didn't say that they didn't need to know the old password. :-\

As such, I had posted a clarification of your words (with use of an example of how it may be accomplished), for others who may have assumed what I thought you had implied.

it's ok you'll figure me out one of these days ^^.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*