AeroXbird Posted January 22, 2011 Share Posted January 22, 2011 Hello, I have been working with the mta-paradise system for over 3 months now, and i need some help to decode the way they encrypt passwords, because i simply cannot figure that out. I am trying to use the database in PHP, but i'm stuck since i cannot figure out how the passwords are encrypted, so i cant finish the login system. If anybody knows how it generates the passwords, help would be appreciated Greets, AeroXbird Link to comment
Pistolebob Posted January 22, 2011 Share Posted January 22, 2011 (edited) -- generate a salt (SHA1) local salt = '' local chars = { 'a', 'b', 'c', 'd', 'e', 'f', 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 } for i = 1, 40 do salt = salt .. chars[ math.random( 1, #chars ) ] end And then it does this: exports.sql:query_free( "INSERT INTO wcf1_user (username,salt,password) VALUES ('%s', '%s', SHA1(CONCAT('%s', SHA1(CONCAT('%s', '" .. sha1( password ) .. "')))))", username, salt, salt, salt ) So I think it stores the SHA1 hash of the password. Seems like the salt is random..... Edited January 22, 2011 by Guest Link to comment
AeroXbird Posted January 22, 2011 Author Share Posted January 22, 2011 Well i did come far enough to determine that, but the SHA1(CONCAT(lotsofbullshit)) does simply not make any sense to me. Is there any way to do the same thing, but much easier? Because i'm not really good when it comes to mysql. Link to comment
Pistolebob Posted January 22, 2011 Share Posted January 22, 2011 Hmm. When a player logins: function performLogin( source, token, isPasswordAuth, ip ) if source and ( isPasswordAuth or not triedTokenAuth[ source ] ) then triedTokenAuth[ source ] = true if token then if #token == 80 then local info = exports.sql:query_assoc_single( "SELECT userID, username, banned, activationCode, SUBSTRING(LOWER(SHA1(CONCAT(userName,SHA1(CONCAT(password,salt))))),1,30) AS salts, userOptions FROM wcf1_user WHERE CONCAT(SHA1(CONCAT(username, '%s')),SHA1(CONCAT(salt, SHA1(CONCAT('%s',SHA1(CONCAT(salt, SHA1(CONCAT(username, SHA1(password)))))))))) = '%s' LIMIT 1", getPlayerHash( source, ip ), getPlayerHash( source, ip ), token ) p[ source ] = nil if not info then if isPasswordAuth then triggerClientEvent( source, getResourceName( resource ) .. ":loginResult", source, 1 ) -- Wrong username/password end return false You could let them login with PHP, and then takes the SHA1 hash of the password, then compare it to the hash value in the MySQL database. Link to comment
AeroXbird Posted January 22, 2011 Author Share Posted January 22, 2011 I really appreciate your help, but you arent really helping me forward on this, because i already seen this before. Its because of that, that i am seeking help. Link to comment
xUltimate Posted February 3, 2011 Share Posted February 3, 2011 Sorry for the bump, but I've been trying to do this same thing and I still have no luck. Link to comment
DutchCaffeine Posted February 3, 2011 Share Posted February 3, 2011 Don't figure it out, just change the way mta-paradise hashes the passwords... and btw if you are a real programmer, you can figure this one out real easy Link to comment
xUltimate Posted February 4, 2011 Share Posted February 4, 2011 I tried altering the passwords but it's just like "omg wtf bbq you cant do this, banning user" Off Topic: I dont know why I was looking at your signature, your right your pust is up there Link to comment
DutchCaffeine Posted February 6, 2011 Share Posted February 6, 2011 Later this they I will try to look at it, and make it possible to check the passwords in php. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now