AeroXbird Posted January 22, 2011 Posted January 22, 2011 Hello, I have been working with the mta-paradise system for over 3 months now, and i need some help to decode the way they encrypt passwords, because i simply cannot figure that out. I am trying to use the database in PHP, but i'm stuck since i cannot figure out how the passwords are encrypted, so i cant finish the login system. If anybody knows how it generates the passwords, help would be appreciated Greets, AeroXbird
Pistolebob Posted January 22, 2011 Posted January 22, 2011 (edited) -- generate a salt (SHA1) local salt = '' local chars = { 'a', 'b', 'c', 'd', 'e', 'f', 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 } for i = 1, 40 do salt = salt .. chars[ math.random( 1, #chars ) ] end And then it does this: exports.sql:query_free( "INSERT INTO wcf1_user (username,salt,password) VALUES ('%s', '%s', SHA1(CONCAT('%s', SHA1(CONCAT('%s', '" .. sha1( password ) .. "')))))", username, salt, salt, salt ) So I think it stores the SHA1 hash of the password. Seems like the salt is random..... Edited January 22, 2011 by Guest
AeroXbird Posted January 22, 2011 Author Posted January 22, 2011 Well i did come far enough to determine that, but the SHA1(CONCAT(lotsofbullshit)) does simply not make any sense to me. Is there any way to do the same thing, but much easier? Because i'm not really good when it comes to mysql.
Pistolebob Posted January 22, 2011 Posted January 22, 2011 Hmm. When a player logins: function performLogin( source, token, isPasswordAuth, ip ) if source and ( isPasswordAuth or not triedTokenAuth[ source ] ) then triedTokenAuth[ source ] = true if token then if #token == 80 then local info = exports.sql:query_assoc_single( "SELECT userID, username, banned, activationCode, SUBSTRING(LOWER(SHA1(CONCAT(userName,SHA1(CONCAT(password,salt))))),1,30) AS salts, userOptions FROM wcf1_user WHERE CONCAT(SHA1(CONCAT(username, '%s')),SHA1(CONCAT(salt, SHA1(CONCAT('%s',SHA1(CONCAT(salt, SHA1(CONCAT(username, SHA1(password)))))))))) = '%s' LIMIT 1", getPlayerHash( source, ip ), getPlayerHash( source, ip ), token ) p[ source ] = nil if not info then if isPasswordAuth then triggerClientEvent( source, getResourceName( resource ) .. ":loginResult", source, 1 ) -- Wrong username/password end return false You could let them login with PHP, and then takes the SHA1 hash of the password, then compare it to the hash value in the MySQL database.
AeroXbird Posted January 22, 2011 Author Posted January 22, 2011 I really appreciate your help, but you arent really helping me forward on this, because i already seen this before. Its because of that, that i am seeking help.
xUltimate Posted February 3, 2011 Posted February 3, 2011 Sorry for the bump, but I've been trying to do this same thing and I still have no luck.
DutchCaffeine Posted February 3, 2011 Posted February 3, 2011 Don't figure it out, just change the way mta-paradise hashes the passwords... and btw if you are a real programmer, you can figure this one out real easy
xUltimate Posted February 4, 2011 Posted February 4, 2011 I tried altering the passwords but it's just like "omg wtf bbq you cant do this, banning user" Off Topic: I dont know why I was looking at your signature, your right your pust is up there
DutchCaffeine Posted February 6, 2011 Posted February 6, 2011 Later this they I will try to look at it, and make it possible to check the passwords in php.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now