CalcHashBuf??

XTRB · May 03, 2003, 11:45 AM

No offense guys, but I'm still not really figuring out how to use X if it's a real function within bNetAuth.dll.

Kp · May 03, 2003, 12:29 PM

Quote from: XTRB on May 03, 2003, 11:45 AM
No offense guys, but I'm still not really figuring out how to use X if it's a real function within bNetAuth.dll.

IIRC, BNLS was recently modified to provide greater flexibility in hash computation. If you give up on bnetauth.dll, you might look at using BNLS -- which would have the added benefit of freeing your client from carrying around version check hashes.

l)ragon · May 03, 2003, 02:56 PM

Quote from: Camel on May 02, 2003, 04:13 PM
Quote from: Arta[vL] on May 01, 2003, 07:06 PM
I do indeed realise that, but it's perhaps an elusive point. I think I'll add a clarification @ bnetdocs.

good idea. i had to explain to like, three people how blizzard actually has no idea what your pre-hashed password is (and for this reason, it is impossible for them to restore lost password).

In some special case's however, they can infact change your hash to a password that they make.

tA-Kane · May 03, 2003, 05:06 PM

Quote from: dRAgoN on May 03, 2003, 02:56 PMIn some special case's however, they can infact change your hash to a password that they make.

You're implying that when they do this, they have to know your password in order to change it. This is incorrect. All they would need to do is use a different packet or command (most likely only accessable to admins), which simply replaces the account's stored hash data with the new password's hash, instead of checking to see if the old password hash is the same as the stored password hash.

Yoni · May 03, 2003, 06:10 PM

Quote from: Kp on May 03, 2003, 12:29 PM
IIRC, BNLS was recently modified to provide greater flexibility in hash computation. If you give up on bnetauth.dll, you might look at using BNLS -- which would have the added benefit of freeing your client from carrying around version check hashes.

Not that recently. And yes, since mid-February, the BNLS_HASHDATA (0x0b) message may be used to "double-hash" your data in one message - so you just send the password (and the key), and it replies with the double-hash.

l)ragon · May 04, 2003, 03:41 AM

Quote from: tA-Kane on May 03, 2003, 05:06 PM
Quote from: dRAgoN on May 03, 2003, 02:56 PMIn some special case's however, they can infact change your hash to a password that they make.
You're implying that when they do this, they have to know your password in order to change it. This is incorrect. All they would need to do is use a different packet or command (most likely only accessable to admins), which simply replaces the account's stored hash data with the new password's hash, instead of checking to see if the old password hash is the same as the stored password hash.

and where did i imply that they had to know the prev. password?

tA-Kane · May 04, 2003, 04:12 PM

Quote from: dRAgoN on May 04, 2003, 03:41 AMand where did i imply that they had to know the prev. password?

Maybe you didn't mean to imply it, but to me you had implied it when you said that they could change the password and you didn't say that they didn't need to know the old password. $:-\$

As such, I had posted a clarification of your words (with use of an example of how it may be accomplished), for others who may have assumed what I thought you had implied.

l)ragon · May 04, 2003, 08:08 PM

Quote from: tA-Kane on May 04, 2003, 04:12 PM
Quote from: dRAgoN on May 04, 2003, 03:41 AMand where did i imply that they had to know the prev. password?
Maybe you didn't mean to imply it, but to me you had implied it when you said that they could change the password and you didn't say that they didn't need to know the old password. $:-\$

As such, I had posted a clarification of your words (with use of an example of how it may be accomplished), for others who may have assumed what I thought you had implied.

it's ok you'll figure me out one of these days ^^.