Jump to content
  • 0

C#+Asp.net Wrong Password Encryption.


Question

Posted

I'm working on a Player Control Panel for their accounts, it should let players register accounts, change password and recover password.

 

everything was working good, but when i tried encription it went wrong, it works with some passwords but with others it doesn't, I'm using this script to encrypt passwords, shared by Simple2008

 

http://www.maxcheaters.com/topic/106006-sharec-l2off-password-encryption/

 

the thing is that this script does work with some passwords and not with all passwords players uses.

 

for example:

 

root  -> 0xB1BE70E9A83F19192CB593935EC4E2E2  --> my encription

root  -> 0xB1BE70E9A83F19192CB593935EC4E2E2  --> l2pass.exe

 

cafecafe150  -> 0x31F7E38C3108CA12BB3ECC18D54F6969  --> my encription

cafecafe150  -> 0x31F7E38C3108CD15BC39C81CD14B6D6D  --> l2pass.exe

 

as you can see, it encrypts only some passwords

 

I'm doing it as follows(in code)

encpw ep = new encpw();
var pw = ep.encpwd(txtNewPassword.Text);
Response.Write(BitConverter.ToString(pw).Replace("-", ""));

encpw is the next code:

public byte[] encpwd(string password)
{
var key = new byte[16];
long one, two, three, four;
var dst = new byte[16];
var nBytes = password.Length;

for (var i = 0; i < nBytes; i++)
{
key[i] = Encoding.ASCII.GetBytes(password.Substring(i, 1))[0];
dst[i] = key[i];
}

long rslt = @key[0] + @key[1] * 256 + @key[2] * 65536 + @key[3] * 16777216;
one = rslt * 213119 + 2529077;
one = one - ToInt32(one / 4294967296) * 4294967296;

rslt = @key[4] + @key[5] * 256 + @key[6] * 65536 + @key[7] * 16777216;
two = rslt * 213247 + 2529089;
two = two - ToInt32(two / 4294967296) * 4294967296;

rslt = @key[8] + @key[9] * 256 + @key[10] * 65536 + @key[11] * 16777216;
three = rslt * 213203 + 2529589;
three = three - ToInt32(three / 4294967296) * 4294967296;

rslt = @key[12] + @key[13] * 256 + @key[14] * 65536 + @key[15] * 16777216;
four = rslt * 213821 + 2529997;
four = four - ToInt32(four / 4294967296) * 4294967296;

key[3] = ParseInt(one / 16777216);
key[2] = ParseInt((((Int32)(one - @key[3] * 16777216)) / 65535));
key[1] = ParseInt((one - @key[3] * 16777216 - @key[2] * 65536) / 256);
key[0] = ParseInt((one - @key[3] * 16777216 - @key[2] * 65536 - @key[1] * 256));

key[7] = ParseInt(two / 16777216);
key[6] = ParseInt((two - @key[7] * 16777216) / 65535);
key[5] = ParseInt((two - @key[7] * 16777216 - @key[6] * 65536) / 256);
key[4] = ParseInt((two - @key[7] * 16777216 - @key[6] * 65536 - @key[5] * 256));

key[11] = ParseInt(three / 16777216);
key[10] = ParseInt((three - @key[11] * 16777216) / 65535);
key[9] = ParseInt((three - @key[11] * 16777216 - @key[10] * 65536) / 256);
key[8] = ParseInt((three - @key[11] * 16777216 - @key[10] * 65536 - @key[9] * 256));

key[15] = ParseInt(four / 16777216);
key[14] = ParseInt((four - @key[15] * 16777216) / 65535);
key[13] = ParseInt((four - @key[15] * 16777216 - @key[14] * 65536) / 256);
key[12] = ParseInt((four - @key[15] * 16777216 - @key[14] * 65536 - @key[13] * 256));

dst[0] = ParseInt(dst[0] ^ @key[0]);

for (var i = 1; i < dst.Length; i++)
dst[i] = ParseInt(@dst[i] ^ @dst[i - 1] ^ @key[i]);

for (var i = 0; i < dst.Length; i++)
if (dst[i] == 0)
dst[i] = 102;

return dst;
}

private static int ToInt32(long val)
{
return Convert.ToInt32(val);
}

private static byte ParseInt(long val)
{
return BitConverter.GetBytes(val)[0];
}

any ideas of what would be causing this?

5 answers to this question

Recommended Posts

  • 0
Posted (edited)

Rather than use L2Hash, use either SHA1 or MD5. This can be changed in hAuthD.ini.

 

While this doesn't directly answer your question it is much easier and also "more secure" in that there are far less collisions.

 

If you go with SHA1 remember to extend the width of the password field to 20 bytes.

Edited by tk422
  • 0
Posted

You can try the version we used to use but it's written in JavaScript for NodeJS.

 

http://puu.sh/iKTJE/2c4fc47a08.zip

 

Does the auth server included in your pack do anything special that hAuthD doesn't?

 

If not, it's really the better and simpler solution...

 

You could also try contacting XeL.

His administration panel has an account creator that uses L2Hash.

Might be willing to help out or give you the source.

  • 0
Posted
  On 7/2/2015 at 6:12 PM, tk422 said:

You can try the version we used to use but it's written in JavaScript for NodeJS.

 

http://puu.sh/iKTJE/2c4fc47a08.zip

 

Does the auth server included in your pack do anything special that hAuthD doesn't?

 

If not, it's really the better and simpler solution...

 

You could also try contacting XeL.

His administration panel has an account creator that uses L2Hash.

Might be willing to help out or give you the source.

I will help him with source when I'm back from holiday :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...