Converting passwords (Normal -> Md5)

[themad]

Changing all the passwords of all accounts in your server store method.
[normal to md5]

Currently there are two types of JoinServers released. One that works with MD5 hashed passwords and one that works with normal alphanumeric passwords. Since its not possible to convert a md5 hash to its original varchar string, I am going to explain how to make it the other way around.

In cryptography, MD5 (Message-Digest algorithm 5) is a widely-used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files.

Why do people use MD5 hashed passwords?
- Hell should i know ? They just do, usually its required for security measures, in case 'the big bad hacker' sneaks by the back door and gets into your database, but little does he know that you use md5 and he can't leech any useful info:harhar:.
-------------
Why the hell did i created this guide? (Sup, don't this guy have better things to do?)
- You are reading it so....

Here we go.. Open the MSSQL Query Analyzer

1. We make sure that we have the WZ_MD5_MOD.dll in the /Tools/Binn/ directory of our Microsoft SQL Server.
2. Creating the Extended md5 Stored Procedures to the Master DB
   
   Code:

   use Master
   GO
   if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[XP_MD5_CheckValue]') and OBJECTPROPERTY(id, N'IsProcedure') = 1)
   drop procedure [dbo].[XP_MD5_CheckValue]
   GO
   
   SET QUOTED_IDENTIFIER OFF 
   GO
   SET ANSI_NULLS OFF 
   GO
   
   exec sp_addextendedproc N'XP_MD5_CheckValue', N'WZ_MD5_MOD.dll'
   GO
   SET QUOTED_IDENTIFIER OFF 
   GO
   SET ANSI_NULLS ON 
   GO
   
   if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[XP_MD5_EncodeKeyVal]') and OBJECTPROPERTY(id, N'IsProcedure') = 1)
   drop procedure [dbo].[XP_MD5_EncodeKeyVal]
   GO
   
   SET QUOTED_IDENTIFIER OFF 
   GO
   SET ANSI_NULLS OFF 
   GO
   
   exec sp_addextendedproc N'XP_MD5_EncodeKeyVal', N'WZ_MD5_MOD.dll'
   GO
   SET QUOTED_IDENTIFIER OFF 
   GO
   SET ANSI_NULLS ON 
   GO

3. Backup your database. If you mess it up i'll never hear the end of it!
   
4. Now we create a field in the MEMB_INFO table to store passwords in (temporary)
   
   Code:

   use MuOnline
   alter table memb_info add temphash varbinary(17);

5. The key function that will make our dreams come true ^^ (haven't tested it..wrote it here)
   
   Code:

   DECLARE @hash binary(16),
       @myvarpass varchar(10),
       @accid    varchar(10);
   DECLARE mytest SCROLL CURSOR FOR SELECT memb___id,memb__pwd FROM MEMB_INFO
   OPEN mytest
   FETCH NEXT FROM mytest INTO @accid, @myvarpass;
   while (@@fetch_status = 0) BEGIN
       EXEC master..XP_MD5_EncodeKeyVal @myvarpass, @accid, @hash OUT;
       UPDATE MEMB_INFO SET temphash = @hash WHERE memb___id = @accid;
       FETCH NEXT FROM mytest INTO @accid, @myvarpass;
   END
   CLOSE mytest
   DEALLOCATE mytest

6. Now lets change the type of the memb__pwd column.
   
   Code:

   alter table memb_info drop column memb__pwd;
   alter table memb_info add memb__pwd varbinary(17);

7. And now for the coup de grace.
   
   Code:

   update memb_info set memb__pwd=temphash;
   alter table memb_info drop column temphash;

8. Sup? I want answers !
   

I get all the credits for this cuz i'm a greedy MOFO. Sue me !!

p.s. got l33t ?

[MentaL]

[Liselotte]

hmm im on step five, when i execute the query, it gives me this error:

Disallowed implicit conversion from data type varchar to data type varbinary, table 'MuOnline.dbo.MEMB_INFO', column 'memb__pwd'. Use the CONVERT function to run this query.

any idea?

Edit:
nvm, i got it working. on the last step, i have this:

(644 row(s) affected)

Server: Msg 3728, Level 16, State 1, Line 2
'temphash' is not a constraint.
Server: Msg 3727, Level 16, State 1, Line 2
Could not drop constraint. See previous errors.

well the query is working but dont know the last 2 errors.

[themad]

hmm im on step five, when i execute the query, it gives me this error:


any idea?

Edit:
nvm, i got it working. on the last step, i have this:


well the query is working but dont know the last 2 errors.

yea..happens..btw you shouldn't have continues this way..but i guess if its working there is np..
updated and fixed it..leaving this guide :)

[Liselotte]

ok, well its working 100%. thanks man, really need it. Sex? ^^

[gordon_ak47]

Warning: mssql_query(): message: Disallowed implicit conversion from data type varchar to data type varbinary, table 'MuOnline.dbo.MEMB_INFO', column 'memb__pwd'. Use the CONVERT function to run this query. (severity 16) in D:\AppServ\www\modules\doreg.php on line 196

What i need to do?

[gordon_ak47]

nice work i don't know what doing this query but is Work. I have md5 in mssql and the server is md5 too but on site with this query still working the registration :) THX

[themad]

Warning: mssql_query(): message: Disallowed implicit conversion from data type varchar to data type varbinary, table 'MuOnline.dbo.MEMB_INFO', column 'memb__pwd'. Use the CONVERT function to run this query. (severity 16) in D:\AppServ\www\modules\doreg.php on line 196

What i need to do?

well..to find a web that supports MD5 hashed passwords and use it. :)

[scoobydxb]

I have made followed ur guide and really worked. Great Guide.

Question, now that i have an MD5 password for all the accounts, how will i be able to migrate these accounts to a 1.00.16 DB that has Me_Muonline.bak

[thepatan55]

Exlente I worked with the web
Mu web 0.9
but the login I have to try twice to enter

MEMB_INFO:
add in table
temphash varbinary(17)

and query analyzer in db MuOnline

update memb_info set memb__pwd=temphash;
alter table memb_info drop column temphash;


SP_MD5_ENCODE_VALUE
edit

CREATE PROCEDURE SP_MD5_ENCODE_VALUE

@btInStr varchar(10),
@btInStrIndex varchar(10)
AS
BEGIN
DECLARE mytest SCROLL CURSOR FOR SELECT memb___id,memb__pwd FROM MEMB_INFO
DECLARE @btOutVal BINARY(16)
OPEN mytest
EXEC master..XP_MD5_EncodeKeyVal @btInStr, @btInStrIndex, @btOutVal OUT
UPDATE MEMB_INFO SET temphash = @btOutVal WHERE memb___id = @btInStrIndex
FETCH NEXT FROM mytest INTO @btInStrIndex, @btInStr;

END
GO

[rexor12]

Warning: mssql_query(): message: Disallowed implicit conversion from data type varchar to data type varbinary, table 'MuOnline.dbo.MEMB_INFO', column 'memb__pwd'. Use the CONVERT function to run this query. (severity 16) in D:\AppServ\www\modules\doreg.php on line 196

What i need to do?

You just have to go into Enterprise Manager, open the MuOnline database, right click on MEMB_INFO table, click Design table and where you see the line
memb__pwd, change the value "varbinary" to "varchar", then close the window. It'll ask for save, choose yes, of course. :D

[pitic]

i want an tutorial about Converting passwords (Normal -> Md5)

with all passes :) please

[barry952]

Worked 100 percent..thx dude