Jump to content
MaxCheaters Official Group on X
MaxCheaters Official Group on Discord
--> Place your ad text here <--

Create a password account

duartegabriel
 Share

Recommended Posts

duartegabriel Newbie

duartegabriel

Posted
Posted

Hello everyone;

 

I'm starting in the world of Lineage 2 OFF (interlude) and would like to know some things ... (if you can).

I am developing a panel and I want to create the account for it, but I can not create the user password in the binary value that is needed.

How do I create the user password in the format required to be able to enter the game?

I am using PHP on my panel.

 

Thanks...

DenArt Designs Newbie

DenArt Designs

Posted
Posted

this is not an secure way to make queries in database but in short you check database for username and password since there is no function to verify a password you just check if its the same so you have to recreate it

if you execute the following query it will return the user's data so you can check later if you have a row > 0 you set the session variables and you make the login action

"SELECT * FROM user_auth WHERE account='" . $login . "' AND password=" . encrypt($pass);

about the query to make it safe google prepared statements and how to bind a variable.

 

take from here some ideas

 

Function to encrypt password in PHP 

function encrypt($str)
	{
		$key = array ();
		$dst = array ();
		$i = 0;

		$nBytes = strlen($str);
		while ($i < $nBytes)
		{
			$i ++;
			$key[$i] = ord(substr($str, $i - 1, 1));
			$dst[$i] = $key[$i];
		}
		for ($i = 1; $i <= 16; $i ++)
		{
			if (! isset($key[$i]))
			{
				$key[$i] = 0;
			}
			if (! isset($dst[$i]))
			{
				$dst[$i] = 0;
			}
		}

		$rslt = $key[1] + $key[2] * 256 + $key[3] * 65536 + $key[4] * 16777216;
		$one = $rslt * 213119 + 2529077;
		$one = $one - intval($one / 4294967296) * 4294967296;

		$rslt = $key[5] + $key[6] * 256 + $key[7] * 65536 + $key[8] * 16777216;
		$two = $rslt * 213247 + 2529089;
		$two = $two - intval($two / 4294967296) * 4294967296;

		$rslt = $key[9] + $key[10] * 256 + $key[11] * 65536 + $key[12] * 16777216;
		$three = $rslt * 213203 + 2529589;
		$three = $three - intval($three / 4294967296) * 4294967296;

		$rslt = $key[13] + $key[14] * 256 + $key[15] * 65536 + $key[16] * 16777216;
		$four = $rslt * 213821 + 2529997;
		$four = $four - intval($four / 4294967296) * 4294967296;

		$key[1] = $one & 0xFF;
		$key[2] = ($one >> 8) & 0xFF;
		$key[3] = ($one >> 16) & 0xFF;
		$key[4] = ($one >> 24) & 0xFF;

		$key[5] = $two & 0xFF;
		$key[6] = ($two >> 8) & 0xFF;
		$key[7] = ($two >> 16) & 0xFF;
		$key[8] = ($two >> 24) & 0xFF;

		$key[9] = $three & 0xFF;
		$key[10] = ($three >> 8) & 0xFF;
		$key[11] = ($three >> 16) & 0xFF;
		$key[12] = ($three >> 24) & 0xFF;

		$key[13] = $four & 0xFF;
		$key[14] = ($four >> 8) & 0xFF;
		$key[15] = ($four >> 16) & 0xFF;
		$key[16] = ($four >> 24) & 0xFF;

		$dst[1] = $dst[1] ^ $key[1];

		$i = 1;
		while ($i < 16)
		{
			$i ++;
			$dst[$i] = $dst[$i] ^ $dst[$i - 1] ^ $key[$i];
		}

		$i = 0;
		while ($i < 16)
		{
			$i ++;
			if ($dst[$i] == 0)
			{
				$dst[$i] = 102;
			}
		}

		$encrypt = "0x";
		$i = 0;
		while ($i < 16)
		{
			$i ++;
			if ($dst[$i] < 16)
			{
				$encrypt = $encrypt . "0" . dechex($dst[$i]);
			}
			else
			{
				$encrypt = $encrypt . dechex($dst[$i]);
			}
		}
		return $encrypt;
	}

 

Nightw0lf Experienced

Nightw0lf

Posted
Posted (edited)
On 9/17/2019 at 9:27 AM, DenArt Designs said:

"SELECT * FROM user_auth WHERE account='" . $login . "' AND password=" . encrypt($pass);

On 9/17/2019 at 9:27 AM, DenArt Designs said:

this is not an secure way to make queries in database

On 9/18/2019 at 12:20 AM, duartegabriel said:

It worked.

read more about sql injection in google because login can do harm on your database

https://en.wikipedia.org/wiki/SQL_injection

use PDO or if you have old PHP

$login = mysql_real_escape_string($login);

or

$login = preg_replace("/[^a-zA-Z]/", "", $login);// this leaves only letters from a to z + capital

for numbers a-zA-Z0-9

Edited by Nightw0lf
  • 3 weeks later...
eressea Newbie

eressea

Posted
Posted

Also, if you can, use hauthd and MD5 passwords. NCsoft hash isn't really cryptographic and can be easily reversed to original password (or different string, but it works too, there are lot of collisions in results of this hashing function) so if anybody manages to steal your database, they'll be able to get passwords from it very quickly.

guytis Contributor

guytis

Posted
Posted
7 hours ago, eressea said:

Also, if you can, use hauthd and MD5 passwords. NCsoft hash isn't really cryptographic and can be easily reversed to original password (or different string, but it works too, there are lot of collisions in results of this hashing function) so if anybody manages to steal your database, they'll be able to get passwords from it very quickly.

 

intval(10 / 3)

 

reverse 3*3 = 10  good

Nightw0lf Experienced

Nightw0lf

Posted
Posted
23 hours ago, eressea said:

so if anybody manages to steal your database

depends on the permissions you give and the connection method you use (ofc how bad/old is the code).

PDO's hard to get pass through, proper sanitize, know what to expect on data but most panels have holes because creators never sanitize properly, few know how to make it but nobody does it.

15 hours ago, guytis said:

 

intval(10 / 3)

 

reverse 3*3 = 10  good

in case we have a password 123456789 yes its perfect

in case we have a password abc1234 you have a big error

your commend is not valid in any possible way regarding lineage or user/pass protection.

guytis Contributor

guytis

Posted
Posted
1 hour ago, Nightw0lf said:

depends on the permissions you give and the connection method you use (ofc how bad/old is the code).

PDO's hard to get pass through, proper sanitize, know what to expect on data but most panels have holes because creators never sanitize properly, few know how to make it but nobody does it.

in case we have a password 123456789 yes its perfect

in case we have a password abc1234 you have a big error

your commend is not valid in any possible way regarding lineage or user/pass protection.

its logic 3 * 3 not 10
its sarcasm...

Nightw0lf Experienced

Nightw0lf

Posted
Posted (edited)
1 hour ago, guytis said:

its logic 3 * 3 not 10
its sarcasm...

if you think that with this commend I meant that 3*3 = 10 you must be really stupid, prove me wrong with your full thought behind " intval " and "reverse check"

when i type my password: %$1'"53"(51)_$'hackcommand

Edited by Nightw0lf
guytis Contributor

guytis

Posted
Posted
On 10/10/2019 at 6:38 AM, Nightw0lf said:

if you think that with this commend I meant that 3*3 = 10 you must be really stupid, prove me wrong with your full thought behind " intval " and "reverse check"

when i type my password: %$1'"53"(51)_$'hackcommand

i say

 

int A =10;

int Z = inval(A / 3 );

int U = Z x 3;

 

//U === 9

 

If you think I'm wrong, grab a book first.
Donkey

Nightw0lf Experienced

Nightw0lf

Posted
Posted
1 hour ago, guytis said:

i say

 

int A =10;

int Z = inval(A / 3 );

int U = Z x 3;

 

//U === 9

 

If you think I'm wrong, grab a book first.
Donkey

Best sanitize of the year award goes to you.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


  • Posts

    • johnlega
      [L2J]L2 Saga of Eternia - L2SoE

      By johnlega · Posted

      Opening December 6th at 19:00 (GMT +3)! Open Beta Test from November 30th!   https://l2soe.com/   🌟 Introducing L2 Saga of Eternia: A Revolution in Lineage 2 High Five! 🌟   Dear Lineage 2 enthusiasts, Prepare to witness the future of private servers! L2 Saga of Eternia is not just another High Five project—it’s a game-changing experience designed to compete with the giants of the Lineage 2 private server scene. Built for the community, by the community, we’re here to raise the bar in quality, innovation, and longevity. What Sets Us Apart? 💎 No Wipes, Ever Say goodbye to the fear of losing your progress. Our server is built to last and will never close. Stability and consistency are our promises to you. ⚔️ Weekly New Content Our dedicated development team ensures fresh challenges, events, and updates every week. From custom quests to exclusive features, there will always be something exciting to explore. 💰 No Pay-to-Win Skill and strategy matter most here. Enjoy a balanced gameplay environment where your achievements come from effort, not your wallet. 🌍 A Massive Community With 2000+ players expected, join a vibrant and active community of like-minded adventurers ready to conquer the world of Aden. 🏆 Fair and Competitive Gameplay Our systems are designed to promote healthy competition while avoiding abusive mechanics and exploits. 🔧 Professional Development From advanced bug fixes to carefully curated content, we pride ourselves on smooth performance, no lag, and unparalleled server quality. Key Features Chronicle: High Five with unique interface Rate: Dynamic x10 rates Class Balance: Carefully fine-tuned for a fair experience PvP Focused: PvP Ranking & aura display effect for 3 Top PvPers every week Custom Events: Seasonal and permanent events to keep you engaged Additional Features:   Custom Endgame Content: Introduce unique dungeons, raids, or zones unavailable in other servers. Player-Driven Economy: Implement a strong market system and avoid overinflated drops or rewards. Epic Siege Battles: Announce special large-scale sieges and PvP events. Incentives for Streamers and Clans: Attract influencers and big clans to boost server publicity. Roadmap Transparency: Share a public roadmap of planned updates to build trust and excitemen   Here you can read all the features: https://l2soe.com/features   Video preview: Join the Revolution! This is your chance to be part of something legendary. L2 Saga of Eternia is not just a server; it’s a movement to redefine what Lineage 2 can be. Whether you’re a seasoned veteran or a newcomer to the world of Aden, we invite you to experience Lineage 2 at its finest.   Official Launch Date: December 6th 2024 Website: https://l2soe.com/ Facebook: https://www.facebook.com/l2soe Discord: https://discord.com/invite/l2eternia   Let’s build the ultimate Lineage 2 experience together. See you in-game! 🎮
    • rlfem123
      How To Run Your L2OFF Server on Linux

      By rlfem123 · Posted

      That's like a tutorial on how to run l2 on MacOS Xd but good job for the investigation. 
    • ENMENM
      WTS ELMORELAB TEON X1 SS 75 CHEAP

      By ENMENM · Posted

      small update: dc robe set sold   wts adena 1kk = 1.5$ 
    • UTCHIHAmkt
      DISCORD TOKEN 1.99$ 7 YEARS AGED | FULL VERIFIED

      By UTCHIHAmkt · Posted

      DISCORD : utchiha_market telegram : https://t.me/utchiha_market SELLIX STORE : https://utchihamkt.mysellix.io/ Join our server for more products : https://discord.gg/hood-services https://campsite.bio/utchihaamkt
    • ScreamForMe
      L2 Reborn selling adena little stash i got

      By ScreamForMe · Posted

      Why adena in this sever so expensive 🙂

  • Topics

×
×
  • Create New...