Jump to content

How To get account password


DanTDM

Recommended Posts

What you can do, which will be very unpopular with your players and generally a very big liability, is store the plaintext password the user entered when registering (for example, in setAccountData). This is very insecure, as whenever you'll get hacked, passwords will leak out in plaintext. This would also cause privacy concern for those who use the same password for a range of servers, forums or other services. I urge you not to do what I outlined above.

Edited by MrTasty
  • Like 2
Link to comment
On 24/11/2016 at 6:37 PM, MKH said:

You can unhash it, download sqlbrowser or any program to open registry.db and un-hash it
If you need any help PM me

You cannot know the password it's a binary code which you can't read it so i don't think that's the solution 

btw nice Neji jaloul's pic xD 

Edited by Jinx099
  • Like 1
Link to comment

MTA hardcoded account system is in internal.db, not registry.db (table accounts). The internal one stores account names, their corresponding hashed password, IP and the serial (idk whether that's the ones used when registering, or last login) (columns name, password, ip, serial).

The passwords are hashed into a uniform-length 97-character long hex code, composed on a SHA256 of the password, the version of the hash and the salt.

What @DanTDM posted is not the MTA hardcoded account system but his own login system based on executeSQLQuery, and stores passwords in plaintext (not a good idea imo).

Edited by MrTasty
Link to comment
On 11/26/2016 at 9:23 PM, Bonsai said:

Did you just post passwords of players from your server? :o

That doesn't really look hashed :P

but you don't know my server xD so not a problem

thank you all for helping but i have fixed the problem it was a login panel i had in the server was old but it's working

Link to comment

Please be respectful towards the people that play on your server and offer a secure method of storing their passwords. A lot of people use the same password for a lot of stuff which is a problem(and partially their fault).

Making sure it's hashed and at least somewhat protected really is not hard, but shows that you respect their privacy.

Link to comment
32 minutes ago, DanTDM said:

i have a security mod for accounts work with serial of the player so no one can enter only with the owner of the account

 

Yeah, and if I someone knows one of that players, and he uses the same password for his Google Account, this won't help him much.

Also it doesn't make sense to bind the account to the serial at all. What if they change their computer.

Link to comment
6 hours ago, DanTDM said:

i have a security mod for accounts work with serial of the player so no one can enter only with the owner of the account

 

You have not the choice to post those passwords publicly in order that every one can see. You can make your own database and get all the password that you want(not recommended) but NO ONE is going to help you to get those default passwords.

Link to comment
On 12/1/2016 at 4:35 AM, Gaberiel said:

You have not the choice to post those passwords publicly in order that every one can see. You can make your own database and get all the password that you want(not recommended) but NO ONE is going to help you to get those default passwords.

but i changed there password in this pic not real but i am giving you a same kind of my problem

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...