Printable View
Hi all,
My server goes up.
account maker makes account
web site makes account ( Ive no errors by new account )
But by login invalid password
I look in sql enterp- Ive seen account but the password is still weird
Ive linked the ODBC MuOnlineJoinDB to Me_MuOnline
Ive done the Encrytia thing
Ive searched for over 12 hours now
Has any1 any ideas ?
You right, but nothing wrong there. Take a look:
1) Create hash with _direct_ req to SQL extend procedure
DECLARE @hash BINARY(16)
EXEC master.dbo.XP_MD5_EncodeKeyVal 'test1', 'test1', @hash OUT
Select @hash
produce:
--login---password-----hash--------
test1 test1 0xC57C4B1188D5B9A1C03200E3B8E1B85B
and server do not accept it
BUT
DECLARE @test varchar(10)
DECLARE @hash BINARY(16)
set @test = 'test1'
EXEC master.dbo.XP_MD5_EncodeKeyVal @test, @test, @hash OUT
Select @hash
Produce right value - 0x87AADB30D0E7E192E0BCAEA1EC8D5752
2) Create hash with MuAccountCreate.exe produce
0x87AADB30D0E7E192E0BCAEA1EC8D5752 for the same login/password
and game server accept it
Аs we can see 0xC57C4B1188D5B9A1C03200E3B8E1B85B != 0x87AADB30D0E7E192E0BCAEA1EC8D5752
so server do not accept hash from XP_MD5_EncodeKeyVal direct req ( without casting varibles as varchar 10)
3) Inderect req to XP_MD5_EncodeKeyVal through
CREATE FUNCTION [dbo].[fn_md5] (@data VARCHAR(10), @data2 VARCHAR(10))
RETURNS BINARY(16) AS
BEGIN
DECLARE @hash BINARY(16)
EXEC master.dbo.XP_MD5_EncodeKeyVal @data, @data2, @hash OUT
RETURN @hash
END
SELECT dbo.fn_md5('test1','test1')
Returns right hash value - 0x87AADB30D0E7E192E0BCAEA1EC8D5752
So - cast varibles first as proper type, then make requests.
--BTW--------------------
Who knows how MU md5 encoder mix login and password data when create hash?
I try variable ways, but no one out result like MuAccountCreate.exe did, look:
farm# md5 -s test1test1
MD5 ("test1test1") = 42b72f913c3201fc62660d512f5ac746
farm# md5 -s "test1 test1"
MD5 ("test1 test1") = 183900f4d50e6bd80b9c9e86163848ee
farm# md5 -s "test1,test1"
MD5 ("test1,test1") = 3ced1c42b511962dbe2dc12a10a014a8
farm# md5 -s "test1:test1"
MD5 ("test1:test1") = 723210cefac9372c968e5bfd98cb022b
farm# md5 -s "test1 test1"
MD5 ("test1 test1") = ca896c95faf692366b207515c28cea2a
farm# md5 -s "test1\ttest1"
MD5 ("test1\ttest1") = ee7f8fa31c9b8d10668423d7016c5765
farm# md5 -s "test1"
MD5 ("test1") = 5a105e8b9d40e1329780d62ea2265d8a
farm# md5 -s "test1.test1"
MD5 ("test1.test1") = 554545be418f316ec7c7cdf7b10ef7d5
tech# md5 -s "test1 test1 "
MD5 ("test1 test1 ") = 719a45230490d8745ab6e25d3c97a6b4
May be there needs some XOR, do not know, simple ways is wrong.
As we can see something is not quite right but it only happens on SOME servers.
Can any1 say what I should do i.e: delete SQL and start over or is there a solution.
It seems that these SQL procedures are spead all this section some are different to others and to the untrained eye thats not good.
Any way of getting all this together in one place and finding out what works and what not ( I would do it but Im one of the untrained eyes ).
This md5 is not easy, is it realy needed if so for what ? ( protection )?
>As we can see something is not quite right but it only happens on SOME servers.
Yes, its happens when you use request to XP_MD5_EncodeKeyVal without right cast its arguments, like
EXEC master.dbo.XP_MD5_EncodeKeyVal 'test1', 'test1', @hash OUT
You need to use type cast first, like this:
DECLARE @test varchar(10)
DECLARE @hash BINARY(16)
set @test = 'test1'
EXEC master.dbo.XP_MD5_EncodeKeyVal @test, @test, @hash OUT
Select @hash
Or use function for hash opetations
>This md5 is not easy, is it realy needed if so for what ? ( protection )?
Yes:
1) Bad admins (or other ppl who have db access by some reason) cant give some third persons account passwords anymore. Only with hash replacement works.
2) If you steal account db, you needs to bruteforce password hashes before use it.
I think I understand but Im still not sure how to use this infomation.
Could you write it step for step for me as Im fairly new to this :(
DECLARE @eddy69 varchar(10)
DECLARE @hash BINARY(16)
set @eddy69 = 'bandit'
EXEC master.dbo.XP_MD5_EncodeKeyVal @eddy69, @eddy69, @hash OUT
Select @hash
= 0x6EE017E17943FCA740EAA6CFDE810CF4
SELECT dbo.fn_md5('bandit','bandit')
=Server: Msg 208, Level 16, State 1, Line 1
Invalid object name 'dbo.fn_md5'.
OK GOT MY SERVER RUNNING LAST NIGHT, I could login and play (LAN).
This morning I tryed to login and my password is blocked again !!!
Any ideas whats up ?