Jump to content
MaxCheaters Official Group on Discord
Top.MaxCheaters.com is now OPEN – Lineage 2 Top Listing
L2JForge.live Interlude Premium Emulator

Create a password account

duartegabriel
 Share

Recommended Posts

duartegabriel Newbie

duartegabriel

Posted
Posted

Hello everyone;

 

I'm starting in the world of Lineage 2 OFF (interlude) and would like to know some things ... (if you can).

I am developing a panel and I want to create the account for it, but I can not create the user password in the binary value that is needed.

How do I create the user password in the format required to be able to enter the game?

I am using PHP on my panel.

 

Thanks...

DenArt Designs Newbie

DenArt Designs

Posted
Posted

this is not an secure way to make queries in database but in short you check database for username and password since there is no function to verify a password you just check if its the same so you have to recreate it

if you execute the following query it will return the user's data so you can check later if you have a row > 0 you set the session variables and you make the login action

"SELECT * FROM user_auth WHERE account='" . $login . "' AND password=" . encrypt($pass);

about the query to make it safe google prepared statements and how to bind a variable.

 

take from here some ideas

 

Function to encrypt password in PHP 

function encrypt($str)
	{
		$key = array ();
		$dst = array ();
		$i = 0;

		$nBytes = strlen($str);
		while ($i < $nBytes)
		{
			$i ++;
			$key[$i] = ord(substr($str, $i - 1, 1));
			$dst[$i] = $key[$i];
		}
		for ($i = 1; $i <= 16; $i ++)
		{
			if (! isset($key[$i]))
			{
				$key[$i] = 0;
			}
			if (! isset($dst[$i]))
			{
				$dst[$i] = 0;
			}
		}

		$rslt = $key[1] + $key[2] * 256 + $key[3] * 65536 + $key[4] * 16777216;
		$one = $rslt * 213119 + 2529077;
		$one = $one - intval($one / 4294967296) * 4294967296;

		$rslt = $key[5] + $key[6] * 256 + $key[7] * 65536 + $key[8] * 16777216;
		$two = $rslt * 213247 + 2529089;
		$two = $two - intval($two / 4294967296) * 4294967296;

		$rslt = $key[9] + $key[10] * 256 + $key[11] * 65536 + $key[12] * 16777216;
		$three = $rslt * 213203 + 2529589;
		$three = $three - intval($three / 4294967296) * 4294967296;

		$rslt = $key[13] + $key[14] * 256 + $key[15] * 65536 + $key[16] * 16777216;
		$four = $rslt * 213821 + 2529997;
		$four = $four - intval($four / 4294967296) * 4294967296;

		$key[1] = $one & 0xFF;
		$key[2] = ($one >> 8) & 0xFF;
		$key[3] = ($one >> 16) & 0xFF;
		$key[4] = ($one >> 24) & 0xFF;

		$key[5] = $two & 0xFF;
		$key[6] = ($two >> 8) & 0xFF;
		$key[7] = ($two >> 16) & 0xFF;
		$key[8] = ($two >> 24) & 0xFF;

		$key[9] = $three & 0xFF;
		$key[10] = ($three >> 8) & 0xFF;
		$key[11] = ($three >> 16) & 0xFF;
		$key[12] = ($three >> 24) & 0xFF;

		$key[13] = $four & 0xFF;
		$key[14] = ($four >> 8) & 0xFF;
		$key[15] = ($four >> 16) & 0xFF;
		$key[16] = ($four >> 24) & 0xFF;

		$dst[1] = $dst[1] ^ $key[1];

		$i = 1;
		while ($i < 16)
		{
			$i ++;
			$dst[$i] = $dst[$i] ^ $dst[$i - 1] ^ $key[$i];
		}

		$i = 0;
		while ($i < 16)
		{
			$i ++;
			if ($dst[$i] == 0)
			{
				$dst[$i] = 102;
			}
		}

		$encrypt = "0x";
		$i = 0;
		while ($i < 16)
		{
			$i ++;
			if ($dst[$i] < 16)
			{
				$encrypt = $encrypt . "0" . dechex($dst[$i]);
			}
			else
			{
				$encrypt = $encrypt . dechex($dst[$i]);
			}
		}
		return $encrypt;
	}

 

Nightw0lf Mentor

Nightw0lf

Posted
Posted (edited)
On 9/17/2019 at 9:27 AM, DenArt Designs said:

"SELECT * FROM user_auth WHERE account='" . $login . "' AND password=" . encrypt($pass);

On 9/17/2019 at 9:27 AM, DenArt Designs said:

this is not an secure way to make queries in database

On 9/18/2019 at 12:20 AM, duartegabriel said:

It worked.

read more about sql injection in google because login can do harm on your database

https://en.wikipedia.org/wiki/SQL_injection

use PDO or if you have old PHP

$login = mysql_real_escape_string($login);

or

$login = preg_replace("/[^a-zA-Z]/", "", $login);// this leaves only letters from a to z + capital

for numbers a-zA-Z0-9

Edited by Nightw0lf
  • 3 weeks later...
eressea Newbie

eressea

Posted
Posted

Also, if you can, use hauthd and MD5 passwords. NCsoft hash isn't really cryptographic and can be easily reversed to original password (or different string, but it works too, there are lot of collisions in results of this hashing function) so if anybody manages to steal your database, they'll be able to get passwords from it very quickly.

guytis Contributor

guytis

Posted
Posted
7 hours ago, eressea said:

Also, if you can, use hauthd and MD5 passwords. NCsoft hash isn't really cryptographic and can be easily reversed to original password (or different string, but it works too, there are lot of collisions in results of this hashing function) so if anybody manages to steal your database, they'll be able to get passwords from it very quickly.

 

intval(10 / 3)

 

reverse 3*3 = 10  good

Nightw0lf Mentor

Nightw0lf

Posted
Posted
23 hours ago, eressea said:

so if anybody manages to steal your database

depends on the permissions you give and the connection method you use (ofc how bad/old is the code).

PDO's hard to get pass through, proper sanitize, know what to expect on data but most panels have holes because creators never sanitize properly, few know how to make it but nobody does it.

15 hours ago, guytis said:

 

intval(10 / 3)

 

reverse 3*3 = 10  good

in case we have a password 123456789 yes its perfect

in case we have a password abc1234 you have a big error

your commend is not valid in any possible way regarding lineage or user/pass protection.

guytis Contributor

guytis

Posted
Posted
1 hour ago, Nightw0lf said:

depends on the permissions you give and the connection method you use (ofc how bad/old is the code).

PDO's hard to get pass through, proper sanitize, know what to expect on data but most panels have holes because creators never sanitize properly, few know how to make it but nobody does it.

in case we have a password 123456789 yes its perfect

in case we have a password abc1234 you have a big error

your commend is not valid in any possible way regarding lineage or user/pass protection.

its logic 3 * 3 not 10
its sarcasm...

Nightw0lf Mentor

Nightw0lf

Posted
Posted (edited)
1 hour ago, guytis said:

its logic 3 * 3 not 10
its sarcasm...

if you think that with this commend I meant that 3*3 = 10 you must be really stupid, prove me wrong with your full thought behind " intval " and "reverse check"

when i type my password: %$1'"53"(51)_$'hackcommand

Edited by Nightw0lf
guytis Contributor

guytis

Posted
Posted
On 10/10/2019 at 6:38 AM, Nightw0lf said:

if you think that with this commend I meant that 3*3 = 10 you must be really stupid, prove me wrong with your full thought behind " intval " and "reverse check"

when i type my password: %$1'"53"(51)_$'hackcommand

i say

 

int A =10;

int Z = inval(A / 3 );

int U = Z x 3;

 

//U === 9

 

If you think I'm wrong, grab a book first.
Donkey

Nightw0lf Mentor

Nightw0lf

Posted
Posted
1 hour ago, guytis said:

i say

 

int A =10;

int Z = inval(A / 3 );

int U = Z x 3;

 

//U === 9

 

If you think I'm wrong, grab a book first.
Donkey

Best sanitize of the year award goes to you.

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • Splicho
      L2JMobius ClassicLude P110 + Interface Source

      By Splicho · Posted

      Baylee the almighty legend
    • 911reg
      L2JMobius ClassicLude P110 + Interface Source

      By 911reg · Posted

    • advertisingman
      I will advertise free:posting your advertisement on forums.

      By advertisingman · Posted

      Please note:i will provide you with forum address for registration once buyer sends money(my commission) to forum guarantor's payment details. You can register on forum in any day and in any time,which are convenient for you,send code word in private message to forum guarantor(you will receive code word from buyer). If buyer does not purchase your product,you will need to wait private message(answer) from forum guarantor to compare code word. I will invite you in "forum deal". I will add your name,which you registered on forum,in "forum deal". Then you write in "forum deal": "buyer did not purchase product" and add code word(you will have this right according to clause in forum questionnaire). Forum guarantor will refund buyer((in full amount). If buyer purchases your product,buyer notifies forum guarantor and forum guarantor will send money to my payment details.   Sports exercise machines,jacuzzi,building materials,cosmetics,perfumes,shoes,clothing,furniture,bags,televisions,music centers,telephones,laptops,tablet computers,refrigerators,washing machines,microwaves,fans.  
    • eMommy
      L2JMobius ClassicLude P110 + Interface Source

      By eMommy · Posted

      Here is a L2JMobius Classic Interlude FULL server. The share includes full server source+datapack, patch, interface and the P110 client. The original build is L2JMobius. However it was bought from a user called "ClassicLude (https://classic-lude.org/)" which is also a huge scammer, selling free Mobius files for $500. I could not believe someone actually bought this, yet here we are.    Unfortunately the admin is a scammer and refused to pay his remaining balance of over $150 to me since he is too busy "working for Bill Gates" and opening the next big mega mall in ChatGPT city therefore not having enough money. The server itself garnered a massive 30 players so I can't really tell you if this is usable. Knowing its backstory and that it is Mobius based i can surmise that it is NOT suitable for serious users. This build is the result of typical AI slop and vibecode "admins" thinking they just "one shotted L2J" because they discovered how to prompt an agent.   I have made the following changes, some of which were regrettably butchered by the admin after he discovered how to download Cursor. Not much more was done due to the absolute displeasure and misery of having to work on a Mobius server.   - Updated files to JDK 22 - Added l2 reborn community board - Added preview system for skins including mounts/agathions - Added AIO npc (buffer/store/teleporter) - Added QuickVar system - Added Ranking system (pvp/pk/online/level and moar) - Added raid boss list on community board - Added drop search+shift click with itemtooltip on community board and npc - Added l2 reborn styled flash windows and window borders and L2UI_CT1 - Added custom donate coin icon in the store swf - Fixed some random bugs like Hot Springs monsters not giving the disease     Links Source+Datapack: https://drive.google.com/file/d/1uMaTzSxKtnLxXC-VoZyHYW_OXq7Oof5L/view?usp=sharing Interface+Compiler+Client tools: https://drive.google.com/file/d/14IJWyYSDOjMycHnJ749H9dRXuv2JeYK3/view?usp=sharing Full Client: https://drive.google.com/file/d/1P7Yd9wI0XcWlLMFDPSdfTZgWhW_9JEii/view?usp=sharing
    • paparas22
      i need help with c3 system...

      By paparas22 · Posted

      I logged in with this system, maybe its the patch shared by greenhope i don't remember i just downloaded it because i love C3 but no l2j or l2off c3 is good everything is buggy and this one too, also it has no geodata and i don't know if it has geoengine because i didn't see the config for it in the config folder. If someone had the latest l2jvn maybe it could be more stable but i don't think so at least without the source, if someone has it to share it that would be good  https://www.mediafire.com/file/mzodnsyi9qn4ap7/patch+560+for+c3.rar/file

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..