Like im getting e34e802dd3fa0ea9e99524c41b44e3bc69c7d886sq as a password
|
Hey, how can I get other peoples password on 718+ based server, ::getpass not working, could I do it via source?
Like im getting e34e802dd3fa0ea9e99524c41b44e3bc69c7d886sq as a password
Wrong section i dont think people will be able to help you here go to 503+ section
OT:
Disable the encrypting in the playersaving
Just ctrl+f your source for md5
and comment the method out or something like that
im not even sure if it uses md5 encryption
Your server has rsa enabled. Probably have to disable it or something. Idk, my server doesn't have rsa, but gonna be adding it sooner or later
I don't think that's RSA, isn't it just hashing the entered password and checking it against the hash in the character file?
I believe it's md5, you could always try cracking it.
In any case, what valid reason could you have for needing their actual password?
I don't even know much about it but I know its encryption that encrypts the packets that the client and server send to each other, like passwords. For example, if your passwords Karma, without rsa, it'll just be sent as Karma, with rsa it'll be sent aigdjemsndkieh. People have this on their server to prevent people from hacking player accounts and to stop cheat engines and clients from cheating/hacking. My server didn't have rsa and once had some kid hack about 100 or more player accounts and dropped their banks.
okay, you guys clearly don't understand what rsa is used for in the client.
rsa is public/private key encryption. data encrypted with the public key (the one everyone has) can only be decrypted with the private key (the one that only the server has). the client only uses rsa encryption during login to encrypt your username, password, uid, and the isaac seed. it also sends a byte with the value of 10, but that's only there so that the server can test the integrity of the encrypted block. if the first byte is anything other than 10, the encryption failed - the public and private keys don't match. the "hacker" didn't get into your player's accounts because you didn't have rsa. isaac is used for encrypting (i guess would be the right word) the opcode for each packet so that it appears like random data to a third party observer. if you don't encrypt the login block (which also contains the isaac seed), then someone monitoring your network traffic could definitely get your password. i doubt the "hacker" could monitor their network data. with isaac enabled, you can't inject packets because the next packet the client sends would have an out of sync opcode. you can always use cheat engine to modify the client's data. it's up to the server to validate the data the client is sending the server (never trust the client).
i'd go ahead and say that most servers use md5 to hash the password so that, in the event of a data breach, the password is "safe." the only way you can get the password is by taking the md5 hash and brute forcing it - generating guess hashes and matching them to see if they are the same. you can't get the original input string from md5.
so that answers that.
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |