Jump to content

mta-paradise password generation


AeroXbird

Recommended Posts

Hello,

I have been working with the mta-paradise system for over 3 months now, and i need some help to decode the way they encrypt passwords, because i simply cannot figure that out.

I am trying to use the database in PHP, but i'm stuck since i cannot figure out how the passwords are encrypted, so i cant finish the login system.

If anybody knows how it generates the passwords, help would be appreciated :)

Greets,

AeroXbird

Link to comment

-- generate a salt (SHA1)

  
local salt = '' 
local chars = { 'a', 'b', 'c', 'd', 'e', 'f', 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 } 
for i = 1, 40 do 
salt = salt .. chars[ math.random( 1, #chars ) ] 
end 

And then it does this:

  
exports.sql:query_free( "INSERT INTO wcf1_user (username,salt,password) VALUES ('%s', '%s', SHA1(CONCAT('%s', SHA1(CONCAT('%s', '" .. sha1( password ) .. "')))))", username, salt, salt, salt ) 

So I think it stores the SHA1 hash of the password.

Seems like the salt is random.....

Edited by Guest
Link to comment

Hmm.

When a player logins:

function performLogin( source, token, isPasswordAuth, ip ) 
    if source and ( isPasswordAuth or not triedTokenAuth[ source ] ) then 
        triedTokenAuth[ source ] = true 
        if token then 
            if #token == 80 then 
                local info = exports.sql:query_assoc_single( "SELECT userID, username, banned, activationCode, SUBSTRING(LOWER(SHA1(CONCAT(userName,SHA1(CONCAT(password,salt))))),1,30) AS salts, userOptions FROM wcf1_user WHERE CONCAT(SHA1(CONCAT(username, '%s')),SHA1(CONCAT(salt, SHA1(CONCAT('%s',SHA1(CONCAT(salt, SHA1(CONCAT(username, SHA1(password)))))))))) = '%s' LIMIT 1", getPlayerHash( source, ip ), getPlayerHash( source, ip ), token ) 
                p[ source ] = nil 
                if not info then 
                    if isPasswordAuth then 
                        triggerClientEvent( source, getResourceName( resource ) .. ":loginResult", source, 1 ) -- Wrong username/password 
                    end 
                    return false 

You could let them login with PHP, and then takes the SHA1 hash of the password, then compare it to the hash value in the MySQL database.

Link to comment
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...