[Hack] Decode

[tasha]

i have created a script used to break base64 pass into into SHA1::

 

hope it helps

 

<style type="text/css">
<!--
.style3 {font-size: 24px}
.style1 {color: #CC0000}
-->
</style>
<?
echo("<title>L2J Pass Break</title>");
$pass = $_POST['decode']; 
$unpass3 = base64_decode($pass);


$array = unpack("H*", $unpass3);
foreach ($array as $key => $value)
$unpass2 = $array[1];


echo("<span class=style1><b><u>Decoding Password</u></b></span>");

echo("<br><b>Base 64:</b> $pass<br>");
echo("<b>Unpacked:</b> $unpass3<br>");
echo("<br><b>SHA1:</b> $unpass2<br>");
?>
<form name="form1" method="post" action="">
  <div align="center">
    <input type="text" name="decode">
    <input type="submit" value="Decode">
  </div>
</form>
<br><br><br><center><i>Created by Tasha</center></i>

[Emrys]

What does i do ? how can be used? if it is an exploit then a mod move it ...

[Hax0r]

Just a question, what encryption does l2j use?

[Emrys]

Just a question, what encryption does l2j use?

If you say about the password of users then it is encored on MD5

[Hax0r]

I'm pretty sure it's not md5.

 

It's base64 -.-

[Angel Of Death]

The L2j Encryption algorithm first encodes the pass to UTF8, then to SHA1, then packs it with "H*"

and last but not least to base 64...

[tasha]

base64_encode(pack('H*', sha1(PASSWORD HERE)))

[danvandan]

base64_decode(pack("H*", sha1(utf8_decode(PASSWORD HERE))))

[Horus]

base64_decode(pack("H*", sha1(utf8_decode(PASSWORD HERE))))

So it reverts back to teh original one ?

[Angel Of Death]

The encryption is one-way, it's irreversible... and that's because there is no SHA1 decode algorithm...

[Horus]

The encryption is one-way, it's irreversible... and that's because there is no SHA1 decode algorithm...

Thought so.Just like md5 ^^

[Hexen]

true

[snag]

so what is this all about? it do smth with pwd' s from db?

[danvandan]

So it reverts back to teh original one ?

yes

[gibslime]

Thought so.Just like md5 ^^

 

Ehm....MD5 CAN be reversed...done it a million times...that's why forum accounts are getting hacked all the time.And by forum,I speak in general,not this specific one.