Help password hashing with BnetAuth

Goran · April 14, 2007, 05:10 PM

I've done it to log in and stuff but when i do something similar it doesn't work. Look below for the code:

Public Sub ChangePassword()

Dim ClientToken As Long
Dim pwHash3 As String
Dim Password As Integer
ClientToken = GetTickCount()
Password = BotVar.NewPassword
pwHash3 = String(7 * 4, vbNullChar)
a pwHash3, BotVar.ServerTokenMCP, Password
With pBuffer
.InsertDWORD ClientToken
.InsertDWORD BotVar.ServerTokenMCP
.InsertDWORD BotVar.PasswordHash
.InsertDWORD pwHash3
.InsertNTString BotVar.UserNameLAP
.SendPacketLAP &H31
End With
End Sub

What am I doing wrong?

I'm NUB no flaming please

Barabajagal · April 14, 2007, 05:15 PM

Make sure it's converted to lowercase... and what's with the 7*4?

Also, What's with the ServerTokenMCP? MCP is for realm servers, not for bnet servers. Change Password goes like this:
Client Token DWORD
Server Token DWORD
Double Hash (Password, Client Token, and Server Token) STRING
Hash (Password) STRING
Username NTSTRING

I'm pretty sure the hashes are STRINGs, not DWORDs.

Goran · April 14, 2007, 05:39 PM

My problem is that I can't hash the passwords correctly. Like...

Public Declare Function a Lib "bnetauth.dll" Alias "A" (ByVal outbuf As String, ByVal ServerKey As Long, ByVal Password As String) As Long
Public Declare Function A2 Lib "bnetauth.dll" (ByVal outbuf As String, ByVal Key As Long) As Long
Public Declare Function C Lib "bnetauth.dll" (ByVal outbuf As String, ByVal serverhash As Long, ByVal prodid As Long, ByVal val1 As Long, ByVal val2 As Long, ByVal Seed As Long) As Long
Public Declare Function X Lib "bnetauth.dll" (ByVal outbuf As String, ByVal Password As String) As Long
Public Declare Function z Lib "bnetauth.dll" Alias "Z" (ByVal FileExe As String, ByVal FileStormDll As String, ByVal FileBnetDll As String, ByVal HashText As String, ByRef Version As Long, ByRef CheckSum As Long, ByVal EXEInfo As String, ByVal MPQName As String) As Long

Those are the declares for BnetAuth.. I don't really know which one to use for Double Hashing and can I not use the hash from when I logged in with the account?

Barabajagal · April 14, 2007, 05:54 PM

The double-hash is the same as the logon. The single hash is the new password.

l2k-Shadow · April 14, 2007, 06:25 PM

Hashes are DWORD arrays.

Single Hash = Hash(Password)
Double Hash = Hash(ClientToken & ServerToken & Hash(Password))

Barabajagal · April 14, 2007, 06:45 PM

I'm just wondering... What the HELL is the point of hashing the password, if all you need to log in or change the password is the hash? I mean... say you have a packetlogger trojan on a computer. A user logs in and changes their password. You get the new password hash through the logger. You get a bot's source (or more likely write a bot) and make it hash the password with the clienttoken and servertoken. Bam, you log in without knowing their password. Or am I missing something somewhere?

Hdx · April 14, 2007, 07:02 PM

You are correct.
Except for the fact that people USUALLY don't change there passwords. So they only send the single hashed password when they create the account, and if the account is jsut created, whats the point of nabbing it?
~Hdx
PS: FreeGeek is fun!

Goran · April 14, 2007, 07:11 PM

Ok so here is the new code..

Public Sub ChangePassword()

Dim ClientToken As Long
Dim NewHash As String
ClientToken = GetTickCount()
Password = LCase(BotVar.NewPassword)
X NewHash, Password
With pBuffer
.InsertDWORD ClientToken
.InsertDWORD BotVar.ServerTokenMCP
.InsertDWORD BotVar.PasswordHash
.InsertDWORD NewHash
.InsertNTString BotVar.UserNameLAP
.SendPacketLAP &H31
End With
End Sub

Has client token, X is the function on BnetAuth for a single pass hash Newhash being the hash and Password being the pass. I set the password lowercase like you said I should. Made both hashes DWORDS. Is all this correct?

(BotVar.ServerTokenMCP IS the ServerToken.. long story.. & BotVar.PasswordHash is the old Pass hash from login which I stored in there.)

EDIT: Error! ByRef argument type mismatch. Its highlighting NewHash and I assume maybe its not declared correctly.

l2k-Shadow · April 14, 2007, 07:18 PM

you're passing a string to a function which accepts a 32-bit signed integer.

Goran · April 14, 2007, 07:43 PM

So Dim NewHash as String should be an Integer instead?

Barabajagal · April 14, 2007, 07:48 PM

Long.

l2k-Shadow · April 14, 2007, 07:51 PM

Quote from: Goran on April 14, 2007, 07:43 PM
So Dim NewHash as String should be an Integer instead?

you're clueless about what you're attempting to achieve.

Quote
(DWORD)       Client Token
(DWORD)       Server Token
(DWORD[5])    Old password hash
(DWORD[5])    New password hash
(STRING)     Account name

Hell-Lord · April 14, 2007, 08:03 PM

Quote(InsertDWORD) =ClientToken
(InsertDWORD) = ServerToken
(InsertString) =doubleHashPassword (Old Password)
(InsertString) = hashPassword (New Password)
(InsertNTString) = Username

That would work to right?

Barabajagal · April 14, 2007, 08:03 PM

It really is easier to deal with them as a non-null terminated string in VB...

Goran · April 14, 2007, 08:22 PM

We all start somewhere, Shadow.

Help password hashing with BnetAuth

Barabajagal

Barabajagal

Barabajagal

Barabajagal

Barabajagal