Jump to content

Recommended Posts

Posted

Since I wasn't able to find it anywhere on the net I decided to make it myself.

For whoever needs it in the future :)

 

   private static byte[] Encrypt(string password)
   {
    var key = new byte[16];
       long one, two, three, four;
       var dst = new byte[16];
       var nBytes = password.Length;

       for (var i = 0; i < nBytes; i++ )
       {
           key[i] = Encoding.ASCII.GetBytes(password.Substring(i, 1))[0];
           dst[i] = key[i];
       }

    long rslt  = @key[0] + @key[1]*256 + @key[2]*65536 + @key[3]*16777216;
    one = rslt * 213119 + 2529077;
       one = one - ToInt32(one / 4294967296) * 4294967296;

    rslt  = @key[4] + @key[5]*256 + @key[6]*65536 + @key[7]*16777216;
       two = rslt * 213247 + 2529089;
       two = two - ToInt32(two / 4294967296) * 4294967296;

    rslt  = @key[8] + @key[9]*256 + @key[10]*65536 + @key[11]*16777216;
       three = rslt * 213203 + 2529589;
       three = three - ToInt32(three / 4294967296) * 4294967296;

    rslt  = @key[12] + @key[13]*256 + @key[14]*65536 + @key[15]*16777216;
       four = rslt * 213821 + 2529997;
       four = four - ToInt32(four / 4294967296) * 4294967296;

       key[3] = ParseInt(one / 16777216);
       key[2] = ParseInt((((Int32)(one - @key[3] * 16777216)) / 65535));
       key[1] = ParseInt((one - @key[3] * 16777216 - @key[2] * 65536) / 256);
       key[0] = ParseInt((one - @key[3] * 16777216 - @key[2] * 65536 - @key[1] * 256));

       key[7] = ParseInt(two / 16777216);
       key[6] = ParseInt((two - @key[7] * 16777216) / 65535);
       key[5] = ParseInt((two - @key[7] * 16777216 - @key[6] * 65536) / 256);
       key[4] = ParseInt((two - @key[7] * 16777216 - @key[6] * 65536 - @key[5] * 256));

       key[11] = ParseInt(three / 16777216);
       key[10] = ParseInt((three - @key[11] * 16777216) / 65535);
       key[9] = ParseInt((three - @key[11] * 16777216 - @key[10] * 65536) / 256);
       key[8] = ParseInt((three - @key[11] * 16777216 - @key[10] * 65536 - @key[9] * 256));

       key[15] = ParseInt(four / 16777216);
       key[14] = ParseInt((four - @key[15] * 16777216) / 65535);
       key[13] = ParseInt((four - @key[15] * 16777216 - @key[14] * 65536) / 256);
       key[12] = ParseInt((four - @key[15] * 16777216 - @key[14] * 65536 - @key[13] * 256));

       dst[0] = ParseInt(dst[0] ^ @key[0]);

       for (var i = 1; i < dst.Length; i++)
           dst[i] = ParseInt(@dst[i] ^ @dst[i - 1] ^ @key[i]);

       for (var i = 0; i < dst.Length; i++)
           if (dst[i] == 0)
               dst[i] = 102;
               
return dst;
   }

   private static int ToInt32(long val)
   {
       return Convert.ToInt32(val);
   }
   
   private static byte ParseInt(long val)
   {
       return BitConverter.GetBytes(val)[0];
   }

Posted

It's a simple conversion of every single registration script in asp/php's encryption method for storing passwords when users register.

 

Infact it's scarily alot of copy paste, just wit a few changes to C#/.NET syntax.

 

Not quite sure how it's useful, if you can't do this you wouldn't mess with it in the first place.

Posted

in English please?  ;D

That was English.

 

A side note, this hashing algorithm is notoriously insecure, and has an incredibly alarming collision rate.

You should use hAuthD and enable hint's custom md5 password encryption, which is a hell of a lot more secure.

Posted

That was English.

 

A side note, this hashing algorithm is notoriously insecure, and has an incredibly alarming collision rate.

You should use hAuthD and enable hint's custom md5 password encryption, which is a hell of a lot more secure.

 

U MAD?! U NO LIKE BRUT FOUS?!

Posted

.... what a big fuzz for nothing

Thanks for sharing your awesomeness Anders

 

If you can improve the algorithm just do so and share it?

C# is widely used to create web applications so it's not strange I'm sharing this at all.

Posted

.... what a big fuzz for nothing

Thanks for sharing your awesomeness Anders

 

If you can improve the algorithm just do so and share it?

C# is widely used to create web applications so it's not strange I'm sharing this at all.

 

Do you even know how the system of authentication works together with the first registration of a users information?

In general how authentication processes has to be tied with the user info it has from whatever previous source?

 

It sounds like you don't.

Posted

Great for pointing out that you do know how it works.

Thanks for contributing it to this topic. Really useful information.

 

Just like your fantastic useful information of saving people 3 minutes with this.

 

Lets forget the fact that'd Anarchy pointed out how crap and weak the "hash" if you can call it that is, in l2.

Not me.

 

Using a new hash, you can google for it.

Am i awesome for posting a SHA2 or ever SHA1 hash copy pasted from somewhere?

Won't really help when no authentication process known in L2 supports it, will it? ;)

 

Your a kid who's butthurt over not getting praise, but instead someone saying what you share is pretty much already shared, in another script/language.

Which is what i did - FYI - not insult you in anyway.

 

Stay in school kiddo :O

Posted

That was English.

 

A side note, this hashing algorithm is notoriously insecure, and has an incredibly alarming collision rate.

You should use hAuthD and enable hint's custom md5 password encryption, which is a hell of a lot more secure.

I think he meant he did not understand it

Posted

You must be really awesome that you can fix it in 3minutes. Thanks for pointing out how awesome you are again.

Still..  I don't really care what your opinion is about the "hash". Just shared it to I can save Anders 3min :)

(PS: I'm glad I'm still studying. Someone as awesome as you doesn't need school ;))

  • 2 weeks later...
Posted

There u go hCrypt in C#.

        using System;

       private const string MD5Password = "key";
       private static string hCrypt(string password)
       {
           var md5Password = MD5Password.ToCharArray();
           var s = (EncryptMD5(password) + EncryptMD5(MD5Password)).ToCharArray();
           int j = 0;
        for (var i = 0; i < s.Length; i++)
        {
               if (j >= MD5Password.Length) j = 0;

               var calcu = s[i] ^ md5Password[j];
            s[i] = (char)calcu;
	        j++;
        }
           return EncryptMD5(new string(s));
       }


       public static string EncryptMD5(string originalPassword)
       {
           return BitConverter.ToString(((new MD5CryptoServiceProvider()).ComputeHash(Encoding.UTF8.GetBytes(originalPassword)))).Replace("-", "").ToLower();
       }

Posted

There u go hCrypt in C#.

        private const string MD5Password = "key";
        private static string hCrypt(string password)
        {
            var md5Password = MD5Password.ToCharArray();
            var s = (EncryptMD5(password) + EncryptMD5(MD5Password)).ToCharArray();
            int j = 0;
        for (var i = 0; i < s.Length; i++)
        {
                if (j >= MD5Password.Length) j = 0;

                var calcu = s[i] ^ md5Password[j];
            s[i] = (char)calcu;
	        j++;
        }
            return EncryptMD5(new string(s));
        }


        public static string EncryptMD5(string originalPassword)
        {
            return BitConverter.ToString(((new MD5CryptoServiceProvider()).ComputeHash(Encoding.UTF8.GetBytes(originalPassword)))).Replace("-", "").ToLower();
        }

is seems good but look the first lines :S fix it!!!
  • Vision changed the title to C# L2Off Password encryption

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Posts

    • GoldRush launches tomorrow! July 18 16:00 GMT+3 Europe / International Register your account in the website, connect wallet and be ready to dominate!
    • 🏰 L2EXALTA LEGACY — Interlude x45 📅 Grand Opening: 31/07/2026 — 21:30 (GMT+3) 🌐 Website: https://l2exalta.org/ 💬 Discord: https://discord.gg/zNTCZD4AcT 📌 Wiki: https://l2exalta.org/en/wiki.html#progression   ⚙️ MAIN INFO Chronicle : Interlude Rates : x45 Adena : x50 Spoil : x1 Drop : x5 Safe Enchant : +3 Files : L2OFF   💰 ECONOMY EX Coin : dynamic market currency, mined from monsters, Raid Bosses and Grand Bosses value fluctuates over time Exalta Vouchers : premium currency used for store, donations and EX Coin exchange Exchange : convert EX Coin into Exalta Vouchers Investment options : choose safer or riskier market strategies with EX Coin   ⚔️ PROGRESSION & GEAR Exalta Armors : signature top-tier gear line Forge System : upgrade weapons, armor and jewels with risk/reward mechanics Raid Boss progression tied to materials and prestige   🤖 AUTOFARM Access : Auto Hunting button, bottom-right UI Duration : controlled via tickets or in-game currency Route Mode : record custom farm routes Support Mode : healer/support builds auto-follow, heal and assist party Smart targeting logic with class-specific behavior (mage/archer/melee/support) Captcha designed not to interrupt legitimate AutoFarm sessions   🧪 BUFFER Exalta Buffer NPC/interface Scheme Buffer : save multiple buff loadouts Class presets for mage, fighter, support, PvP   🛠️ SMART GADGETS / QOL Autoloot filter Drop value tracker Boss timer tools Farm stats tracker Auto-consume system In-game server assistant   🗺️ DUNGEON FINDER / PVE Party matching with roles (Tank / Healer / DPS) Ready-check before teleport Monastery of Silence custom PvE zone Party-based reward structure   🎟️ DAILY PROGRESS / EXALTA PASS Daily and weekly tasks (farm, PvP, boss, check-in) Premium Pass track with extra rewards Monastery Daily Quest Reward boards for claiming progress   🏠 HOUSING & EXPEDITIONS Player residences with service NPCs Exalta Spirit Expeditions to themed territories Rewards vary by territory Owner-only access   🏆 PVP / TOURNAMENT Scheduled Tournament system Ranking points from wins/participation Spectator Mode for watching live matches PvP Statues for top-ranked players Anti-feed protections   🛡️ CLAN CONTENT Clan Civil War battlefield event Clan Dungeon Raid content DPS Meter for contribution tracking Support Credit system Classic siege/clan politics preserved   🏪 AUCTION / SHOPS Auction House with seller fee Black Market Dealer (limited-time special offers) Custom shops and multisells Confirmation prompts on purchases/sales   💳 DONATIONS / VIP Donation rewards linked to Exalta Vouchers VIP tiers with comfort/cosmetic bonuses Premium store Gift/promo codes for events   🎥 STREAMER / COMMUNITY Streamer Panel with visible stream links Viewer rewards system Streamer Points for cosmetics/vouchers In-game voice chat (global/party/clan/alliance/command)   🔒 FAIR PLAY Strong Anti-Bot protection Reward protection tied to valid client state Captcha on suspicious activity Staff investigation tools No bots, packet tools or modified clients allowed   👑 GRANDBOSS SPAWNS Orfen : 1 day + 1h random Core : 1 day + 1h random Queen Ant : 1 day 6h + 1h random Zaken : 2 days 12h + 1h random Baium : 5 days + 1h random Antharas : 8 days + 1h random Valakas : 11 days + 1h random   🏅 OLYMPIAD Runs Thursday, Friday, Saturday Heroes change monthly Balanced and fair matchmaking
    • yup basically another one just in case https://drive.google.com/file/d/1UtccbD9e50x3WEnQBab2PTZnBHwpcGYM/view?usp=sharing LineageWarrior.FMagic (CollideActors = True; > False) LineageWarrior.FOrc (CollideActors = True; > False) LineageWarrior.FShaman (CollideActors = True; > False) LineageWarrior.MDarkElf (CollideActors = True; > False) LineageWarrior.MDwarf (CollideActors = True; > False) LineageWarrior.MElf (CollideActors = True; > False) LineageWarrior.MFighter (CollideActors = True; > False) LineageWarrior.MMagic (CollideActors = True; > False) LineageWarrior.MOrc (CollideActors = True; > False) LineageWarrior.MShaman (CollideActors = True; > False) LineageWarrior.FDwarf (CollideActors = True; > False) LineageWarrior.FElf (CollideActors = True; > False) LineageWarrior.FFighter (CollideActors = True; > False)
    • @l2naylondev Requiring a player to log in just for the sake of logging  seems exploitable. Someone could log in only to claim the reward and immediately leave, or repeatedly change their ip. So i guess  are there are additional protections in place ? such as locking the reward by account, character , and ip. It would also be useful to add a playtime requirement. For example, after logging in, the player would need to remain active for at least x playtime  before getting the reward or other parameters configurable by the xml.  I suggest improving the system before selling it. 
  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..