• Welcome to Valhalla Legends Archive.
 

Help password hashing with BnetAuth

Started by Goran, April 14, 2007, 05:10 PM

Previous topic - Next topic

Yegg

Quote from: brew on April 14, 2007, 10:02 PM
Quote from: Yegg on April 14, 2007, 09:28 PM
I've thought about this before, but I have no desire to create such a thing. With relative ease, someone could create a simple program that grabs the client and server token and the hash of a password and easily obtain the password correct? Of course, they would have to write a reverse of the hashing function, but that shouldn't really be too difficult. This idea is very practical, is it?
Uh... Reality is right. It's not ment to be reversed. Please, TRY to find the original value of ANY md5 hash without using a rainbow table. Also another hole in your theory: How would the person "decoding" the hash know the client token and server token? Now please tell me, HOW the hell is decoding a double broken sha-1 hash pratical at all?

IIRC, the client and server token are located in another packet.

l2k-Shadow

#31
Quote from: brew on April 14, 2007, 09:46 PM
Quote from: l2k-Shadow on April 14, 2007, 07:51 PM

you're clueless about what you're attempting to achieve.

Quote
(DWORD)       Client Token
(DWORD)       Server Token
(DWORD[5])    Old password hash
(DWORD[5])    New password hash
(STRING)     Account name

    "If CreateHash <> "" Then
        InsertNonNTString CreateHash
        InsertNTString Username
        SendPacket &H3D"
- l2uthless ops

Those were my bad coding habits 2 and half years ago when I was learning to program, however it did do the job, while Goran's function obviously is not doing the job.

@Yegg: When double hashing you hash the hash of the password hence the term "double hash", which is why you still can't obtain plain text even if you know client and server tokens.
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Yegg

Quote from: l2k-Shadow on April 14, 2007, 11:18 PM
Quote from: brew on April 14, 2007, 09:46 PM
Quote from: l2k-Shadow on April 14, 2007, 07:51 PM

you're clueless about what you're attempting to achieve.

Quote
(DWORD)       Client Token
(DWORD)       Server Token
(DWORD[5])    Old password hash
(DWORD[5])    New password hash
(STRING)     Account name

    "If CreateHash <> "" Then
        InsertNonNTString CreateHash
        InsertNTString Username
        SendPacket &H3D"
- l2uthless ops

Those were my bad coding habits 2 and half years ago when I was learning to program, however it did do the job, while Goran's function obviously is not doing the job.

@Yegg: When double hashing you hash the hash of the password hence the term "double hash", which is why you still can't obtain plain text even if you know client and server tokens.

Ya, makes sense. Thanks.

Goran

#33
1:12:56 AM) 0000:  FF 25 08 00 9E 3F 02 34                           ÿ%.ž?4........
(1:12:56 AM) 0000:  FF 50 66 00 00 00 00 00 87 1C 40 F0 94 E2 15 00   ÿPf.....‡@ð"â.
0010:  00 4D 89 7E 99 CB C6 01 76 65 72 2D 49 58 38 36   .M‰~™ËÆver-IX86
0020:  2D 37 2E 6D 70 71 00 43 3D 32 34 32 34 39 38 35   -7.mpq.C=2424985
0030:  32 36 20 41 3D 32 38 32 32 35 35 30 38 30 31 20   26 A=2822550801
0040:  42 3D 31 36 30 39 39 39 36 38 32 20 34 20 41 3D   B=160999682 4 A=
0050:  41 2D 53 20 42 3D 42 5E 43 20 43 3D 43 2D 41 20   A-S B=B^C C=C-A
0060:  41 3D 41 5E 42 00                                 A=A^B...........
(1:12:56 AM) 0000:  FF 51 09 00 00 00 00 00 00                        ÿQ..............
(1:12:56 AM) 0000:  FF 4C 16 00 49 58 38 36 4D 69 6E 64 53 69 67 68   ÿL.IX86MindSigh
0010:  74 2E 6D 70 71 00                                 t.mpq...........
(1:12:56 AM) 0000:  FF 3A 08 00 00 00 00 00                           ÿ:.............


Looks like its getting caught on Login...
I know I'm supposed to send it before EnterChat which I'm doing.  I'm doing it on &H0 is received for 3A.  Doing both...

BNCSPacketsLAP.ChangePass
BNCSPacketsLAP.EnterChat

Right after eachother.. should I be putting change pass somewhere else?

Barabajagal

You shouldn't send enter chat until you've received the ChangePass response.

brew

oooh.... nice job goran. (sarcastic)
You CAN'T send these packets after the 0x3a (if 0x00 response):
0x31
0x3D
You CAN send these packets before the 0x3a
0x31
0x3D
If you pass the 0x3a, you can only send the packets 0x0A, 0x0C
Also, just a note: Any value higher then 0x02 in the 0x0C for join flags will result in a default of 0x01 (firstjoin)
If you fail the 0x3a for any reason, you could send these:
0x31
0x3A
0x3D
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

raylu

You can also send 0x0B, but that's almost not worth mentioning.

I'm hoping BNCSPacketsLAP is something you wrote yourself?
Pie?

|