• Welcome to Valhalla Legends Archive.
 

Help password hashing with BnetAuth

Started by Goran, April 14, 2007, 05:10 PM

Previous topic - Next topic

Goran

I've done it to log in and stuff but when i do something similar it doesn't work. Look below for the code:

Public Sub ChangePassword()

Dim ClientToken As Long
Dim pwHash3 As String
Dim Password As Integer
ClientToken = GetTickCount()
Password = BotVar.NewPassword
pwHash3 = String(7 * 4, vbNullChar)
a pwHash3, BotVar.ServerTokenMCP, Password
With pBuffer
.InsertDWORD ClientToken
.InsertDWORD BotVar.ServerTokenMCP
.InsertDWORD BotVar.PasswordHash
.InsertDWORD pwHash3
.InsertNTString BotVar.UserNameLAP
.SendPacketLAP &H31
End With
End Sub

What am I doing wrong?

I'm NUB no flaming please :'(

Barabajagal

#1
Make sure it's converted to lowercase... and what's with the 7*4?

Also, What's with the ServerTokenMCP? MCP is for realm servers, not for bnet servers. Change Password goes like this:
Client Token DWORD
Server Token DWORD
Double Hash (Password, Client Token, and Server Token) STRING
Hash (Password)  STRING
Username NTSTRING

I'm pretty sure the hashes are STRINGs, not DWORDs.

Goran

#2
My problem is that I can't hash the passwords correctly. Like...

Public Declare Function a Lib "bnetauth.dll" Alias "A" (ByVal outbuf As String, ByVal ServerKey As Long, ByVal Password As String) As Long
Public Declare Function A2 Lib "bnetauth.dll" (ByVal outbuf As String, ByVal Key As Long) As Long
Public Declare Function C Lib "bnetauth.dll" (ByVal outbuf As String, ByVal serverhash As Long, ByVal prodid As Long, ByVal val1 As Long, ByVal val2 As Long, ByVal Seed As Long) As Long
Public Declare Function X Lib "bnetauth.dll" (ByVal outbuf As String, ByVal Password As String) As Long
Public Declare Function z Lib "bnetauth.dll" Alias "Z" (ByVal FileExe As String, ByVal FileStormDll As String, ByVal FileBnetDll As String, ByVal HashText As String, ByRef Version As Long, ByRef CheckSum As Long, ByVal EXEInfo As String, ByVal MPQName As String) As Long

Those are the declares for BnetAuth.. I don't really know which one to use for Double Hashing and can I not use the hash from when I logged in with the account?

Barabajagal

The double-hash is the same as the logon. The single hash is the new password.

l2k-Shadow

Hashes are DWORD arrays.

Single Hash = Hash(Password)
Double Hash = Hash(ClientToken & ServerToken & Hash(Password))
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Barabajagal

I'm just wondering... What the HELL is the point of hashing the password, if all you need to log in or change the password is the hash? I mean... say you have a packetlogger trojan on a computer. A user logs in and changes their password. You get the new password hash through the logger. You get a bot's source (or more likely write a bot) and make it hash the password with the clienttoken and servertoken. Bam, you log in without knowing their password. Or am I missing something somewhere?

Hdx

You are correct.
Except for the fact that people USUALLY don't change there passwords. So they only send the single hashed password when they create the account, and if the account is jsut created, whats the point of nabbing it?
~Hdx
PS: FreeGeek is fun!

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Goran

#7
Ok so here is the new code..

Public Sub ChangePassword()

Dim ClientToken As Long
Dim NewHash As String
ClientToken = GetTickCount()
Password = LCase(BotVar.NewPassword)
X NewHash, Password
With pBuffer
.InsertDWORD ClientToken
.InsertDWORD BotVar.ServerTokenMCP
.InsertDWORD BotVar.PasswordHash
.InsertDWORD NewHash
.InsertNTString BotVar.UserNameLAP
.SendPacketLAP &H31
End With
End Sub

Has client token, X is the function on BnetAuth for a single pass hash Newhash being the hash and Password being the pass.  I set the password lowercase like you said I should. Made both hashes DWORDS. Is all this correct?

(BotVar.ServerTokenMCP IS the ServerToken.. long story.. & BotVar.PasswordHash is the old Pass hash from login which I stored in there.)


EDIT: Error! ByRef argument type mismatch.  Its highlighting NewHash and I assume maybe its not declared correctly.

l2k-Shadow

you're passing a string to a function which accepts a 32-bit signed integer.
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Goran

So Dim NewHash as String should be an Integer instead?


l2k-Shadow

Quote from: Goran on April 14, 2007, 07:43 PM
So Dim NewHash as String should be an Integer instead?

you're clueless about what you're attempting to achieve.

Quote
(DWORD)       Client Token
(DWORD)       Server Token
(DWORD[5])    Old password hash
(DWORD[5])    New password hash
(STRING)     Account name
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Hell-Lord

Quote(InsertDWORD)  =ClientToken
(InsertDWORD) = ServerToken
(InsertString) =doubleHashPassword (Old Password)
(InsertString) = hashPassword (New Password)
(InsertNTString) = Username

That would work to right?

Barabajagal

It really is easier to deal with them as a non-null terminated string in VB...

Goran