• Unfortunately, we have experienced significant hard drive damage that requires urgent maintenance and rebuilding. The forum will be a state of read only until we install our new drives and rebuild all the configurations needed. Please follow our Facebook page for updates, we will be back up shortly! (The forum could go offline at any given time due to the nature of the failed drives whilst awaiting the upgrades.) When you see an Incapsula error, you know we are in the process of migration.

Looking for a solution to the password problem

D

dkoluris

Newbie Spellweaver
Joined
May 8, 2023
Messages
5
Reaction score
1
As you may be aware, the state of the server has a major drawback. It does not properly check for the `-Password` field, at least according to my tests. For example, if I auto-create a new account using `-LoginID' on the command line, the account is created under `Local Accounts` in `CreateDB` and does not store the `-Password` parameter at all.

Now, in `BLAuth01.json` config file, there is an entry for Auth Type, which is set to `Local`. I tried changing this to `Web` with no luck, running the instance crashes it. The log file mentions that there is no type `Web` Authentication supported.

Does anyone have any other ideas or clues on how to proceed with this?
 
Sort by date Sort by votes
kasanostra

kasanostra

Newbie Spellweaver
10 Happy Years
Joined
May 15, 2006
Messages
36
Reaction score
3
dkoluris said:
As you may be aware, the state of the server has a major drawback. It does not properly check for the `-Password` field, at least according to my tests. For example, if I auto-create a new account using `-LoginID' on the command line, the account is created under `Local Accounts` in `CreateDB` and does not store the `-Password` parameter at all.

Now, in `BLAuth01.json` config file, there is an entry for Auth Type, which is set to `Local`. I tried changing this to `Web` with no luck, running the instance crashes it. The log file mentions that there is no type `Web` Authentication supported.

Does anyone have any other ideas or clues on how to proceed with this?
Click to expand...

From what I found in the .dll files, there are 2 connections. Maybe it'll help you with something

Code: 
 private void CreateAuthHandler()
        {
            string authType = AuthConfig.Instance.AuthType;
            if (authType == "Local")
            {
                this.mAuthHandler = new LocalAuthHandler();
                return;
            }
            if (authType == "Neowiz")
            {
                this.mAuthHandler = new NeowizAuthHandler();
                return;
            }
            BLLog.Error(string.Format("not support AuthType. {0}", AuthConfig.Instance.AuthType));
            Environment.Exit(-1);
        }

Code: 
 using System;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading.Tasks;

namespace BLAuthServer
{
    internal class NeowizAuthHandler : AuthHandler
    {
        public NeowizAuthHandler()
        {
        }

        public async Task<bool> Login(ELoginPlatform loginPlatform, string authkey, int connectionId, string onetimeKey, string alivekey, long startTicks, string remoteIp, EnterWorldLog enterWorldLog)
        {
            bool flag = false;
            if (AuthServerApp.Instance.mJorbiTask != null)
            {
                flag = (loginPlatform != ELoginPlatform.STEAM ? await AuthServerApp.Instance.mJorbiTask.Login(loginPlatform, authkey, connectionId, onetimeKey, alivekey, startTicks, remoteIp, enterWorldLog) : await AuthServerApp.Instance.mJorbiTask.LoginSteam(loginPlatform, authkey, connectionId, onetimeKey, alivekey, startTicks, remoteIp, enterWorldLog));
            }
            return flag;
        }

        public async Task Logout(string accountName)
        {
            await Task.FromResult<int>(0);
        }

        public async Task<bool> Relogin(ELoginPlatform loginPlatform, string authkey, int connectionId, string onetimeKey, long startTicks, string remoteIp, EnterWorldLog enterWorldLog)
        {
            bool flag = await this.Login(loginPlatform, authkey, connectionId, onetimeKey, string.Empty, startTicks, remoteIp, enterWorldLog);
            return flag;
        }
    }
}
 
Upvote 0
The Best DDoS Protected Servers
D

dkoluris

Newbie Spellweaver
Joined
May 8, 2023
Messages
5
Reaction score
1
Very interesting, thank you. I attempted to use `Neowiz`, unfortunately this needs some other API which is not provided.

I wonder if we overcome this problem by intercepting the first incoming connection on port `9900` and look for stored username & password, a custom way of doing things. If username & password don't match in MSSQL, then disconnect client.

EDIT:
In case someone else finds it interesting, this is the first `GET` response from 127.0.0.1:9900

Code: 
{
    "aesKey": "J28+lEFVpiBmWu4eR6Ve/Nxjb6/v6/WrqnDGp1mxl6g=",
    "authServerPort": 9993,
    "hashKey": "2r3S2/hieOd48Klf08WwQrdwGFSDvwKp9niILFvUn1A=",
    "id": 2,
    "iv": "xhSkLjh9+RfXMVh2Xc0bwA==",
    "sequeneceNumber": 27899
}

Another sample, for comparison:

Code: 
{
    "aesKey": "E5A1ljT2Ahzx3PTnrSoGFbEIRcwRFud5F0aCZ6aM/Gw=",
    "authServerPort": 9993,
    "hashKey": "O0yDlKrCGiMwp3IO2CzdW8LVjOc6mr04noFx/dHAMDU=",
    "id": 1,
    "iv": "8DHm+TLvb5v6wnzljAnE4w==",
    "sequeneceNumber": 24691
}

If I knew how to intercept all TCP traffic for my localhost I would research further. Let me know if anyone else has an idea.
 
Last edited:
Upvote 0
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
153
Guests online
11,853
Total visitors
12,006
Totals may include hidden visitors.

Forum statistics

Threads
429,198
Messages
4,590,913
Members
281,307
Latest member
ismodev
Most visitors online was 12720 , on 2 May 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top