Jump to content
MaxCheaters Official Group on Discord
Top.MaxCheaters.com is now OPEN – Lineage 2 Top Listing
  • 0

C#+Asp.net Wrong Password Encryption.

renobizarro

Asked by renobizarro,

 Share

Question

renobizarro Apprentice

renobizarro

Posted
Posted

I'm working on a Player Control Panel for their accounts, it should let players register accounts, change password and recover password.

 

everything was working good, but when i tried encription it went wrong, it works with some passwords but with others it doesn't, I'm using this script to encrypt passwords, shared by Simple2008

 

http://www.maxcheaters.com/topic/106006-sharec-l2off-password-encryption/

 

the thing is that this script does work with some passwords and not with all passwords players uses.

 

for example:

 

root  -> 0xB1BE70E9A83F19192CB593935EC4E2E2  --> my encription

root  -> 0xB1BE70E9A83F19192CB593935EC4E2E2  --> l2pass.exe

 

cafecafe150  -> 0x31F7E38C3108CA12BB3ECC18D54F6969  --> my encription

cafecafe150  -> 0x31F7E38C3108CD15BC39C81CD14B6D6D  --> l2pass.exe

 

as you can see, it encrypts only some passwords

 

I'm doing it as follows(in code)

encpw ep = new encpw();
var pw = ep.encpwd(txtNewPassword.Text);
Response.Write(BitConverter.ToString(pw).Replace("-", ""));

encpw is the next code:

public byte[] encpwd(string password)
{
var key = new byte[16];
long one, two, three, four;
var dst = new byte[16];
var nBytes = password.Length;

for (var i = 0; i < nBytes; i++)
{
key[i] = Encoding.ASCII.GetBytes(password.Substring(i, 1))[0];
dst[i] = key[i];
}

long rslt = @key[0] + @key[1] * 256 + @key[2] * 65536 + @key[3] * 16777216;
one = rslt * 213119 + 2529077;
one = one - ToInt32(one / 4294967296) * 4294967296;

rslt = @key[4] + @key[5] * 256 + @key[6] * 65536 + @key[7] * 16777216;
two = rslt * 213247 + 2529089;
two = two - ToInt32(two / 4294967296) * 4294967296;

rslt = @key[8] + @key[9] * 256 + @key[10] * 65536 + @key[11] * 16777216;
three = rslt * 213203 + 2529589;
three = three - ToInt32(three / 4294967296) * 4294967296;

rslt = @key[12] + @key[13] * 256 + @key[14] * 65536 + @key[15] * 16777216;
four = rslt * 213821 + 2529997;
four = four - ToInt32(four / 4294967296) * 4294967296;

key[3] = ParseInt(one / 16777216);
key[2] = ParseInt((((Int32)(one - @key[3] * 16777216)) / 65535));
key[1] = ParseInt((one - @key[3] * 16777216 - @key[2] * 65536) / 256);
key[0] = ParseInt((one - @key[3] * 16777216 - @key[2] * 65536 - @key[1] * 256));

key[7] = ParseInt(two / 16777216);
key[6] = ParseInt((two - @key[7] * 16777216) / 65535);
key[5] = ParseInt((two - @key[7] * 16777216 - @key[6] * 65536) / 256);
key[4] = ParseInt((two - @key[7] * 16777216 - @key[6] * 65536 - @key[5] * 256));

key[11] = ParseInt(three / 16777216);
key[10] = ParseInt((three - @key[11] * 16777216) / 65535);
key[9] = ParseInt((three - @key[11] * 16777216 - @key[10] * 65536) / 256);
key[8] = ParseInt((three - @key[11] * 16777216 - @key[10] * 65536 - @key[9] * 256));

key[15] = ParseInt(four / 16777216);
key[14] = ParseInt((four - @key[15] * 16777216) / 65535);
key[13] = ParseInt((four - @key[15] * 16777216 - @key[14] * 65536) / 256);
key[12] = ParseInt((four - @key[15] * 16777216 - @key[14] * 65536 - @key[13] * 256));

dst[0] = ParseInt(dst[0] ^ @key[0]);

for (var i = 1; i < dst.Length; i++)
dst[i] = ParseInt(@dst[i] ^ @dst[i - 1] ^ @key[i]);

for (var i = 0; i < dst.Length; i++)
if (dst[i] == 0)
dst[i] = 102;

return dst;
}

private static int ToInt32(long val)
{
return Convert.ToInt32(val);
}

private static byte ParseInt(long val)
{
return BitConverter.GetBytes(val)[0];
}

any ideas of what would be causing this?

5 answers to this question

Recommended Posts

  • 0
tk422 Newbie

tk422

Posted
Posted (edited)

Rather than use L2Hash, use either SHA1 or MD5. This can be changed in hAuthD.ini.

 

While this doesn't directly answer your question it is much easier and also "more secure" in that there are far less collisions.

 

If you go with SHA1 remember to extend the width of the password field to 20 bytes.

Edited by tk422
  • 0
tk422 Newbie

tk422

Posted
Posted

You can try the version we used to use but it's written in JavaScript for NodeJS.

 

http://puu.sh/iKTJE/2c4fc47a08.zip

 

Does the auth server included in your pack do anything special that hAuthD doesn't?

 

If not, it's really the better and simpler solution...

 

You could also try contacting XeL.

His administration panel has an account creator that uses L2Hash.

Might be willing to help out or give you the source.

  • 0
xeL Apprentice

xeL

Posted
Posted

You can try the version we used to use but it's written in JavaScript for NodeJS.

 

http://puu.sh/iKTJE/2c4fc47a08.zip

 

Does the auth server included in your pack do anything special that hAuthD doesn't?

 

If not, it's really the better and simpler solution...

 

You could also try contacting XeL.

His administration panel has an account creator that uses L2Hash.

Might be willing to help out or give you the source.

I will help him with source when I'm back from holiday :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing


  • Posts

    • Databay
      █ 7,000,000+ RESIDENTIAL PROXIES ✅ FROM 0.65$ / GB █

      By Databay · Posted

      This is a bump: https://databay.com/
    • Splicho
      L2 Wiki for Interlude (show all classes and detailed info)

      By Splicho · Posted

      Lol
    • yoelcasares
      [Collection] Npcs,Codes,Tools,Guides,Sources

      By yoelcasares · Posted

      have link improved?
    • Constellation
      JewStor Service ➤ Verified Accounts, Drop Service etc.

      By Constellation · Posted

      Inventory restock: Premium business accounts are now available.   ✔ Wallester Business EU 🇪🇺|💳 Unlimited virtual cards, physical cards, 🏦 multi-currency IBAN, ₿ crypto & stablecoin deposits. ✔ Stripe Business UK 🇬🇧|💳 Instant virtual cards (Visa/Mastercard), high-conversion checkout, multi-currency payouts, ₿ crypto payments, no-code payment links. ✔ Mercury Business US 🇺🇸|🏦 US checking & savings, 💳 unlimited virtual cards, domestic & International wires, native stablecoin settlement. ✔ Payset Business EU 🇪🇺|🏦 Multiple IBANs, UK sort code, SEPA Instant, 💳 unlimited virtual cards, multi-currency accounts. ✔ Novo Business US 🇺🇸|🏦 Business checking account, ACH payments & invoicing, 💳 virtual & physical cards, novo boost.
    • THEFINK
      🧵 [FREE RELEASE] L2Updater + AntiCheat + Build System + Ful

      By THEFINK · Posted

      Let me see if I understand correctly, older gentlemen, when a newcomer shows up to create modern things with the help of AI, doing what you charge them to do, you point the finger and laugh. I believe that's why everything is stagnant. The product isn't for programming experts, it's for newcomers. Don't buy from you if they can do it themselves using this base. You're going to deliver a similar product, maybe even worse than this one, so why are you complaining? PowerShell, as you well know, started with it, then came new platforms and new apps, new creation models, all with different languages; I chose the simplest one for my taste. This is about being organized and knowing how to choose the right words for each situation. It's not 100%, but it already gives a good impression. Nothing is 100%, so a topic written by AI, and all the code that you charge an absurd amount for to prohibit and sell hacks, could be open source so that everyone can create new practices, new models, new information for passing packets, prohibiting the use of cheats that cause server owners to break so much. Let's remember that the Admin doesn't always shut down the server; it's the players who find problems and take advantage by buying and reselling items, and they say that the GM shuts down the server every week, but that's a lie. What they do is duplicate items with packages and sell them, but perhaps this could give some future developers a starting point to create their own protection following the model in the initial documentation. Because none of you answer a question from a newbie, you think you're superior because you have knowledge, but with AI, people like that can have the same knowledge as you, but with less practice. And if they practice a lot, 10,000 hours, they can be as good as all of you older developers in the L2J field.

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..