Password Hashing

Page 1 of 2 12 LastLast
Results 1 to 25 of 32
  1. #1

    Password Hashing

    Well, I would like to do password hashing on MatchServer.

    I found out that it was fairly easier on the client since I knew what to hook and do a detour on, but anyone could just take it and copy it.

    Could anyone tell me what function I should hook on the MatchServer with the address (if possible), or provide the detour details/detour?


  2. #2
    much coder t0p lel Team Zebra is offline
    MemberRank
    Mar 2009 Join Date
    234Posts

    Re: Password Hashing

    Can't think of the exact function or address off the top of my head, but what I would do is change your register page to encrypt the password, then hook the function in MatchServer that does the Match.ResponseLogin packet. Once it receives the packet from the client, encrypt it before you compare it to the password that's in the DB using the same algo as what's in your register page. I might look into it when I get time, but I'm not promising anything. It shouldn't be too hard to do.

  3. #3

    Re: Password Hashing

    Could you show me how the detour for the MatchServer would look like?

  4. #4
    much coder t0p lel Team Zebra is offline
    MemberRank
    Mar 2009 Join Date
    234Posts

    Re: Password Hashing

    It'd work the same as a detour for any other program. I don't know the address or function to detour, I haven't looked at Matchserver or any dumps of it for this sort of thing, I'm just talking off the top of my head. I'd have to investigate it.

  5. #5
    Mako is insane. ThePhailure772 is offline
    MemberRank
    Sep 2007 Join Date
    1,115Posts

    Re: Password Hashing

    MatchServer - Hook OnResponseLogin, edit size of string check.
    PHP - the algorithm you want to use. ie: md5(), sha1()

  6. #6

    Re: Password Hashing

    I've looked into the dumps.

    I know what algorithm I'd use, I just need to find out the detour and stuff.

    Are the parameters for this function related to the detour? If it is, I'll have to find its address of this function. May take me some time.

    Code:
    Function       : static, [0x0005f870][0x0001:0x0005e870], len = 0000043c, protected: void __thiscall MMatchServer::OnMatchLogin(struct MUID,char const *,char const *,int,unsigned long)
    FuncDebugStart :   static, [0x0005f89d][0x0001:0x0005e89d]
    FuncDebugEnd   :   static, [0x0005fc85][0x0001:0x0005ec85]
    Data           :   enregistered edx, Object Ptr, Type: class MMatchServer * const, this
    Data           :   ebp Relative, [0x00000004], Param, Type: struct MUID, CommUID
    Data           :   ebp Relative, [0x0000000c], Param, Type: const char *, szUserID
    Data           :   ebp Relative, [0x00000010], Param, Type: const char *, szPassword
    Data           :   ebp Relative, [0x00000014], Param, Type: int, nCommandVersion
    Data           :   ebp Relative, [0x00000018], Param, Type: unsigned long, nChecksumPack
    Data           :   ebp Relative, [0xffffff70], Local, Type: unsigned int, nAID
    Data           :   ebp Relative, [0xffffff6c], Local, Type: class MCommObject *, pCommObj
    Data           :   ebp Relative, [0xffffff88], Local, Type: class std::basic_string<char,std::char_traits<char>,std::allocator<char> >, strCountryCode3
    Data           :   ebp Relative, [0xffffff78], Local, Type: struct MUID, AllocUID
    Data           :   ebp Relative, [0xffffffc4], Local, Type: struct MMatchAccountInfo, accountInfo
    Data           :   ebp Relative, [0xffffffa4], Local, Type: char[0x20], szDBPassword
    Data           :   ebp Relative, [0xffffff6b], Local, Type: bool, bFreeLoginIP
    Data           :   ebp Relative, [0xffffff6c], Local, Type: bool, bIsPremiumIP

  7. #7
    GunZ Developer dacharles is offline
    MemberRank
    Oct 2006 Join Date
    476Posts

    Re: Password Hashing

    Quote Originally Posted by Linear88 View Post
    I've looked into the dumps.

    I know what algorithm I'd use, I just need to find out the detour and stuff.

    Are the parameters for this function related to the detour? If it is, I'll have to find its address of this function. May take me some time.

    Code:
    Function       : static, [0x0005f870][0x0001:0x0005e870], len = 0000043c, protected: void __thiscall MMatchServer::OnMatchLogin(struct MUID,char const *,char const *,int,unsigned long)
    FuncDebugStart :   static, [0x0005f89d][0x0001:0x0005e89d]
    FuncDebugEnd   :   static, [0x0005fc85][0x0001:0x0005ec85]
    Data           :   enregistered edx, Object Ptr, Type: class MMatchServer * const, this
    Data           :   ebp Relative, [0x00000004], Param, Type: struct MUID, CommUID
    Data           :   ebp Relative, [0x0000000c], Param, Type: const char *, szUserID
    Data           :   ebp Relative, [0x00000010], Param, Type: const char *, szPassword
    Data           :   ebp Relative, [0x00000014], Param, Type: int, nCommandVersion
    Data           :   ebp Relative, [0x00000018], Param, Type: unsigned long, nChecksumPack
    Data           :   ebp Relative, [0xffffff70], Local, Type: unsigned int, nAID
    Data           :   ebp Relative, [0xffffff6c], Local, Type: class MCommObject *, pCommObj
    Data           :   ebp Relative, [0xffffff88], Local, Type: class std::basic_string<char,std::char_traits<char>,std::allocator<char> >, strCountryCode3
    Data           :   ebp Relative, [0xffffff78], Local, Type: struct MUID, AllocUID
    Data           :   ebp Relative, [0xffffffc4], Local, Type: struct MMatchAccountInfo, accountInfo
    Data           :   ebp Relative, [0xffffffa4], Local, Type: char[0x20], szDBPassword
    Data           :   ebp Relative, [0xffffff6b], Local, Type: bool, bFreeLoginIP
    Data           :   ebp Relative, [0xffffff6c], Local, Type: bool, bIsPremiumIP
    u should find OnResponseLogin D: and i think edit that vars too mmm

  8. #8
    Praise the Sun! Solaire is offline
    MemberRank
    Dec 2007 Join Date
    Undead BurgLocation
    2,862Posts

    Re: Password Hashing

    The function is called OnMatchLogin.

    bool __stdcall OnMatchLoginHook(struct MUID, char *UserID, const char *Password, int CommandVersion, DWORD ChecksumPack, BYTE MD5Value[]) {
    }

    Have fun.

  9. #9

    Re: Password Hashing

    I would need to find the address now.

    Do I return true in my detour?
    Last edited by Linear88; 01-08-09 at 01:54 PM.

  10. #10
    much coder t0p lel Team Zebra is offline
    MemberRank
    Mar 2009 Join Date
    234Posts

    Re: Password Hashing

    Well I got a DLL written up but I can't really find the address to OnMatchLogin in the newer versions, even though I have an older address I can't seem to update this one. I suck with Olly lol. If someone has the address, I can test my DLL and if it works, I'll post it.

  11. #11
    Proficient Member -Lambda- is offline
    MemberRank
    Jan 2007 Join Date
    SpainLocation
    157Posts

    Re: Password Hashing

    Code:
    #define MMATCHSERVER_ONMATCHLOGIN        0x004328E0

  12. #12

    Re: Password Hashing

    Thanks Lambda! My DLL should be working now. I will need to test it.

    How did you find the address anyway?

    I was looking for it and I passed that. =/
    Last edited by Linear88; 01-08-09 at 01:52 PM.

  13. #13
    Proficient Member -Lambda- is offline
    MemberRank
    Jan 2007 Join Date
    SpainLocation
    157Posts

    Re: Password Hashing

    I had the function address for a long time, but to find an address just copy a few unique bytes of the function and search for those bytes in the other exe.

  14. #14

    Re: Password Hashing

    The problem is, where do I get the unique bytes/signatures?

    I have the test.txt and it's for the client, but there isn't any for MatchServer.

  15. #15
    Praise the Sun! Solaire is offline
    MemberRank
    Dec 2007 Join Date
    Undead BurgLocation
    2,862Posts

    Re: Password Hashing

    There is one for the MatchServer, I had it a while back but lost it. Nobody will share it as everyone is being ego here at the community. Gunner might have it, I'll ask him whenever I talk to him.

  16. #16
    Proficient Member -Lambda- is offline
    MemberRank
    Jan 2007 Join Date
    SpainLocation
    157Posts

    Re: Password Hashing

    I have sent to gunner the PDB and the exe a few days ago, here is the dump of the functions.

    http://rapidshare.com/files/26250600...PDB___Dump.rar

    You need to add the imagebase of the exe (0x400000) to each function, so for example for the OnMatchLogin the function address is 0x006A130, so 0x400000 + 0x006A130= 0x46A130 = OnMatchLogin.


    Enjoy it.
    Last edited by -Lambda-; 01-08-09 at 03:06 PM.

  17. #17
    Mako is insane. ThePhailure772 is offline
    MemberRank
    Sep 2007 Join Date
    1,115Posts

    Re: Password Hashing

    00436B40 (ZPostCommand)
    00437027 (Login Case)
    004328E0 (OnResponseLogin)

  18. #18
    Praise the Sun! Solaire is offline
    MemberRank
    Dec 2007 Join Date
    Undead BurgLocation
    2,862Posts

    Re: Password Hashing

    Quote Originally Posted by -Lambda- View Post
    I have sent to gunner the PDB and the exe a few days ago, here is the dump of the functions.

    http://rapidshare.com/files/26250600...PDB___Dump.rar

    You need to add the imagebase of the exe (0x400000) to each function, so for example for the OnMatchLogin the function address is 0x006A130, so 0x400000 + 0x006A130= 0x46A130 = OnMatchLogin.


    Enjoy it.
    Thanks, didn't know you have it.

  19. #19
    much coder t0p lel Team Zebra is offline
    MemberRank
    Mar 2009 Join Date
    234Posts

    Re: Password Hashing

    Hmm. Well MatchServer keeps crashing when I try to login with my DLL injected, so I don't know what's up. I'll try to get it figured out.

  20. #20
    Proficient Member -Lambda- is offline
    MemberRank
    Jan 2007 Join Date
    SpainLocation
    157Posts

    Re: Password Hashing

    Quote Originally Posted by Team Zebra View Post
    Hmm. Well MatchServer keeps crashing when I try to login with my DLL injected, so I don't know what's up. I'll try to get it figured out.
    For me too, it works well with 10-50 clients but with more it crashes the matchserver, i had to write my own class hook library to hook the function without crash the matchserver

  21. #21
    much coder t0p lel Team Zebra is offline
    MemberRank
    Mar 2009 Join Date
    234Posts

    Re: Password Hashing

    Well for me it crashes no matter what. I think the address you gave me is for the wrong version of MatchServer, I'm testing with the June 2007 files. Because no matter what code I put in my hook, it crashes. Or it could be a variety of stuff. I found out through this little project that the version of Detours I'm using doesn't allow you to call the original function without a crash, and Lance's detour class doesn't compile under VC2005. It's a work in progress, lmao.

  22. #22
    Proficient Member -Lambda- is offline
    MemberRank
    Jan 2007 Join Date
    SpainLocation
    157Posts

    Re: Password Hashing

    The address is for the June 2007 files, it works fine for me :S

  23. #23
    Rival Gamers Owner own_prox is offline
    MemberRank
    Jul 2007 Join Date
    HellLocation
    1,077Posts

    Re: Password Hashing

    its just the function is old :p i asked phail why i couldn't use what was in the pdb i have the new one now works fine thats how fatal's antihack hasnt been bypassed i got a hashed password on long

    there:
    DWORD ZPostLoginAddress = 0x004C3E20;
    CDetour ZPostLoginDet;
    Last edited by own_prox; 02-08-09 at 12:20 AM.

  24. #24

    Re: Password Hashing

    @ownprox: That's for the client.

    I got it working, but it's giving me Cannot Access Server and I have no idea on what to return on what conditions.
    Last edited by Linear88; 02-08-09 at 07:06 AM.

  25. #25
    much coder t0p lel Team Zebra is offline
    MemberRank
    Mar 2009 Join Date
    234Posts

    Re: Password Hashing

    Did you make sure your MatchServer didn't crash?

    And you shouldn't be returning anything yourself. Just return the original function, but pass it the hashed password and keep everything else the same.



Page 1 of 2 12 LastLast

Advertisement