• Welcome to Valhalla Legends Archive.
 

Sending passwords to Battle.net?

Started by Joe[x86], February 27, 2007, 03:46 PM

Previous topic - Next topic

Joe[x86]

People have started reporting failed passwords being sent to Battle.net with JavaOp2 lately, raising this question in my mind:

Before hashing the password, is there anything that needs to be done to it? They're reporting mixed-cases failing, and my password works but is all lowercase. I'm inferring that it needs to be put to lowercase before hashing. Is this correct?
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

UserLoser

Quote from: Joex86] link=topic=16408.msg165958#msg165958 date=1172612782]
People have started reporting failed passwords being sent to Battle.net with JavaOp2 lately, raising this question in my mind:

Before hashing the password, is there anything that needs to be done to it? They're reporting mixed-cases failing, and my password works but is all lowercase. I'm inferring that it needs to be put to lowercase before hashing. Is this correct?

No.  Makes no sense on why something would have to be lowercased because the server doesn't really know your password.  The only reason bot developers are suggested to lowercase password pre-hash is because the official Blizzard clients lowercase your password no matter what before creating/logging on

Barabajagal

The game converts all passwords to lower case before hashing. If a user creates an account with a game, it will be lower case hashed. This makes for a nifty ability to create accounts in bots that can not be logged in on games or bots that don't support upper-case passwords. Your safest bet is to convert all passwords to lower-case, and possibly have an upper-case option.

Don Cullen

Quote from: [RealityRipple] on February 27, 2007, 04:29 PM
The game converts all passwords to lower case before hashing. If a user creates an account with a game, it will be lower case hashed. This makes for a nifty ability to create accounts in bots that can not be logged in on games or bots that don't support upper-case passwords. Your safest bet is to convert all passwords to lower-case, and possibly have an upper-case option.

Interesting. I'm definitely going to be experimenting with that.
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

l)ragon

Quote from: Joex86] link=topic=16408.msg165958#msg165958 date=1172612782]
People have started reporting failed passwords being sent to Battle.net with JavaOp2 lately, raising this question in my mind:

Before hashing the password, is there anything that needs to be done to it? They're reporting mixed-cases failing, and my password works but is all lowercase. I'm inferring that it needs to be put to lowercase before hashing. Is this correct?
What clients are they reporting this for.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

MyndFyre

Quote from: [RealityRipple] on February 27, 2007, 04:29 PM
The game converts all passwords to lower case before hashing. If a user creates an account with a game, it will be lower case hashed. This makes for a nifty ability to create accounts in bots that can not be logged in on games or bots that don't support upper-case passwords. Your safest bet is to convert all passwords to lower-case, and possibly have an upper-case option.

Having an upper-case option, though, would mean that the user would be unable to log on with the official client.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Barabajagal

I said that:
Quote from: [RealityRipple] on February 27, 2007, 04:29 PM
This makes for a nifty ability to create accounts in bots that can not be logged in on games or bots that don't support upper-case passwords.

Joe[x86]

Quote from: l)ragon on February 28, 2007, 02:43 AM
Quote from: Joex86] link=topic=16408.msg165958#msg165958 date=1172612782]
People have started reporting failed passwords being sent to Battle.net with JavaOp2 lately, raising this question in my mind:

Before hashing the password, is there anything that needs to be done to it? They're reporting mixed-cases failing, and my password works but is all lowercase. I'm inferring that it needs to be put to lowercase before hashing. Is this correct?
What clients are they reporting this for.

W2BN.
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

Don Cullen

Joe, have you tested for yourself to confirm this problem? I unfortunately do not have a W2BN cdkey so I cannot test for myself.
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

l2k-Shadow

The password gets lowercased prior to being hashed on all official clients... no?
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Don Cullen

Quote from: l2k-Shadow on March 02, 2007, 12:23 AM
The password gets lowercased prior to being hashed on all official clients... no?

Yes, but Joe was allowing his users to have mixed case passwords and it was functional. Until he started having the W2BN issue. But it appears he's having no problems with other clients.
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

brew

Is he using the 0x29 instead of the 0x3a? That MAY be why.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

rabbit

You have no idea what you're talking about.
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

brew

#13
Quote from: rabbit on March 03, 2007, 10:31 AM
You have no idea what you're talking about.

Unnecessary.
The older account logon packet, the 0x29, is used by W2BN. Most bot developers aim for perfect emulation, so maybe he used that packet. Since BNetdocs is down, I am unable to confirm this, but I believe in the 0x29 the password is only hashed once. Even if I am wrong, it would be nice to know that he's using the 0x29 instead of the norm, 0x3a.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

rabbit

Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.