Author |
Message |
Doc Flabby Server Help Squatter
Joined: Feb 26 2006 Posts: 636 Offline
|
Posted: Thu Jun 08, 2006 11:57 am Post subject: Continuum profile password encryption |
|
|
|
|
I'm trying to create a new installer for continuum that is easier for new players to use.
The current system of creating profiles i think is quite confusing so i was going to guide them though creating a username in installer. My problem is im not sure how the passwords are encrpyted, does anyone know? I know the passwords have no salt and some part of the encryption features XOR encryption i think.
Just to make this clear.
I want to know how to encrypt passwords NOT how to decrpyt them. Im not interested in decrypting them at all. |
|
Back to top |
|
|
Bak ?ls -s 0 in
Age:25 Gender: Joined: Jun 11 2004 Posts: 1826 Location: USA Offline
|
Posted: Thu Jun 08, 2006 5:36 pm Post subject: |
|
|
|
|
I suspect if you knew how to encrypt passwords you could also decrypt them |
|
Back to top |
|
|
Doc Flabby Server Help Squatter
Joined: Feb 26 2006 Posts: 636 Offline
|
Posted: Thu Jun 08, 2006 6:18 pm Post subject: |
|
|
|
|
that is highly likly but not what i am intrested in...
cracking the passwords is easier than creating them....Im just asking if somoene wants to save me some time if they already know the method they are created...
I mean otherwise i can just create a standard password and tell people to change it later...but it might not be such a good idea to have hundreds of newbies with the same password...... |
|
Back to top |
|
|
Dr Brain Flip-flopping like a wind surfer
Age:38 Gender: Joined: Dec 01 2002 Posts: 3502 Location: Hyperspace Offline
|
Posted: Thu Jun 08, 2006 8:13 pm Post subject: |
|
|
|
|
If it's only XOR, then entering in the crypted password will result in the cleartext pass. That'd let you know really quickly if it's XOR. _________________ Hyperspace Owner
Smong> so long as 99% deaths feel lame it will always be hyperspace to me |
|
Back to top |
|
|
D1st0rt Miss Directed Wannabe
Age:36 Gender: Joined: Aug 31 2003 Posts: 2247 Location: Blacksburg, VA Offline
|
Posted: Sat Jun 10, 2006 12:56 pm Post subject: |
|
|
|
|
I can't imagine Priit even being remotely involved in something that uses just XOR _________________
|
|
Back to top |
|
|
CypherJF I gargle nitroglycerin
Gender: Joined: Aug 14 2003 Posts: 2582 Location: USA Offline
|
Posted: Sat Jun 10, 2006 2:32 pm Post subject: |
|
|
|
|
I believe mr ekted coded up the profile password system- didn't he? _________________ Performance is often the art of cheating carefully. - James Gosling |
|
Back to top |
|
|
BDwinsAlt Agurus's Posse
Age:33 Gender: Joined: Jun 16 2003 Posts: 1145 Location: Alabama Offline
|
Posted: Sat Jun 10, 2006 2:40 pm Post subject: |
|
|
|
|
Hmm, downloaded some XOR source code and did an encryption and it came out not as clear text. I added a decrypt to it and decrypted the encrypted and it was right.
A noobish way to encrypt / decrypt would be:
[Note: I know below is NOT XOR]
#include <iostream>
#include <fstream>
#include <stdio.h>
using namespace std;
#define ENCRYPTION_FORMULA (int) Byte + 29
#define DECRYPTION_FORMULA (int) Byte - 29
int Encrypt (char * FILENAME, char * NEW_FILENAME)
{
ifstream inFile;
ofstream outFile;
char Byte;
inFile.open(FILENAME, ios::in | ios::binary);
outFile.open(NEW_FILENAME, ios::out | ios::binary);
while(!inFile.eof())
{
char NewByte;
Byte = inFile.get();
if (inFile.fail())
return 0;
NewByte = ENCRYPTION_FORMULA;
outFile.put(NewByte);
}
inFile.close();
outFile.close();
return 1;
}
int Decrypt (char * FILENAME, char * NEW_FILENAME)
{
ifstream inFile;
ofstream outFile;
char Byte;
inFile.open(FILENAME, ios::in | ios::binary);
outFile.open(NEW_FILENAME, ios::out | ios::binary);
while(!inFile.eof())
{
char NewByte;
Byte = inFile.get();
if (inFile.fail())
return 0;
NewByte = DECRYPTION_FORMULA;
outFile.put(NewByte);
}
inFile.close();
outFile.close();
return 1;
}
int main()
{
char EncFile[200];
char NewEncFile[200];
char DecFile[200];
char NewDecFile[200];
int Choice;
cout << "NOTE: Be sure to encrypt the file with the same file extension."<<endl;
cout << "1. Encrypt\n2. Decrypt"<<endl;
cin >> Choice;
switch(Choice)
{
case 1:
cout << "Enter the input Filename: ";
cin >> EncFile;
cout << "Enter the output Filename: ";
cin >> NewEncFile;
Encrypt(EncFile, NewEncFile);
break;
case 2:
cout << "Enter the input Filename: ";
cin >> DecFile;
cout << "Enter the output Filename: ";
cin >> NewDecFile;
Decrypt(DecFile, NewDecFile);
break;
}
return 0;
}
|
It works, what it does is you enter the file with the main text that you want to encrypt and then you enter the output file name.
Example:
input.txt
output.txt
If you wanted to decrypt you follow the same syntax.
output.txt (because thats the encrypted file)
hooker.txt (because I am sexy) |
|
Back to top |
|
|
CypherJF I gargle nitroglycerin
Gender: Joined: Aug 14 2003 Posts: 2582 Location: USA Offline
|
Posted: Sat Jun 10, 2006 4:12 pm Post subject: |
|
|
|
|
^-^ Caesar Cipher |
|
Back to top |
|
|
Bak ?ls -s 0 in
Age:25 Gender: Joined: Jun 11 2004 Posts: 1826 Location: USA Offline
|
Posted: Sat Jun 10, 2006 5:26 pm Post subject: |
|
|
|
|
yeah and the length of the ciphertext is equal to the length of the plaintext, which isn't how continuum passwords work. |
|
Back to top |
|
|
D1st0rt Miss Directed Wannabe
Age:36 Gender: Joined: Aug 31 2003 Posts: 2247 Location: Blacksburg, VA Offline
|
Posted: Sat Jun 10, 2006 6:35 pm Post subject: |
|
|
|
|
CypherJF wrote: | I believe mr ekted coded up the profile password system- didn't he? |
As I understand it, Ekted did all of the gui/windows forms stuff, but I'm still under the impression that Priit wouldn't put his name on something that used just xor for encryption anywhere down the line. |
|
Back to top |
|
|
CypherJF I gargle nitroglycerin
Gender: Joined: Aug 14 2003 Posts: 2582 Location: USA Offline
|
Posted: Sat Jun 10, 2006 7:20 pm Post subject: |
|
|
|
|
Who here is saying the password is XOR? I wish people would get off of it already. lol |
|
Back to top |
|
|
BDwinsAlt Agurus's Posse
Age:33 Gender: Joined: Jun 16 2003 Posts: 1145 Location: Alabama Offline
|
Posted: Sat Jun 10, 2006 7:53 pm Post subject: |
|
|
|
|
Wasn't there a program that cracked the old subbill and listed passwords. I know I saw it somewhere. I downloaded all these files (was not looking for anything malicous) and it came up. I tested it out with my password and it got it right. What about the Gashi "cheat" didn't it send the profile.dat information? Did they find out how to decrypt it? I don't really remeber much about what it did, only it stole profile information.
Anyways to help the guy out... Continuum has to send the password to the biller to log in, right. Well if that password is encrypted you could view catid's source and see how it's being decrypted (assuming it doesn't undergo more than one encryption). If passwords in continuum are not encrypted when sent to the biller, then no.
I downloaded a password revealer once because I forgot a password I used but it stayed in the ICQ Box, so I revealed it and found out what it was. It was easier than changing it. The tools works with continuum too. I am assuming the Gashi guys got the profile info and loaded it into their continuum folder. Then they used a revealer and BAM.
Just my thoughts, now you can flame away at me and everything I did wrong. |
|
Back to top |
|
|
CommieCausey Newbie
Age:40 Gender: Joined: May 27 2006 Posts: 10 Location: California Offline
|
Posted: Sat Jun 10, 2006 10:39 pm Post subject: |
|
|
|
|
Maybe I am wrong here but it seems to me Doc Flabby is asking for the encryption used to store the profile's password into the registry.
This is alot simpler than Continuum or even SubSpace's encryption and involves no keys. The password is decrypted from the registry before it is used to login (and encrypted again). It's just encrypted to hide it from the prying eyes of regedit-ers. It's also stored in profile.dat.
I would be willing to help Doc by giving him code to do it. Would anyone have objections to me helping him?
Last edited by CommieCausey on Sat Jun 10, 2006 11:46 pm, edited 1 time in total |
|
Back to top |
|
|
BDwinsAlt Agurus's Posse
Age:33 Gender: Joined: Jun 16 2003 Posts: 1145 Location: Alabama Offline
|
Posted: Sat Jun 10, 2006 10:53 pm Post subject: |
|
|
|
|
Not at all, as long as he releases the source to me . :) |
|
Back to top |
|
|
CommieCausey Newbie
Age:40 Gender: Joined: May 27 2006 Posts: 10 Location: California Offline
|
Posted: Sun Jun 11, 2006 4:59 am Post subject: |
|
|
|
|
I came back to check the topic and noticed he didn't want to decrypt them anyways oops! So I guess it is pretty harmless. C source code attached hope it helps you Doc.
Ok I get an error when I try to upload it so I will just copy/paste it is pretty short.
/* Continuum profile password encryption
*
* CommieCausey (commiecausey@gmail.com)
* 7/10/06
*/
#define PLAINTEXT_MAX 32
#define CYPHERTEXT_MAX 72
#include <string.h>
long algo(long arg)
{
long eax, ecx;
ecx = arg;
eax = ecx << 5;
eax -= ecx;
eax = ecx + eax * 300 + 0xC091;
return eax % 0x38F40;
}
void encPassword(const char *plaintext, char cyphertext[CYPHERTEXT_MAX+1])
{
char padded[PLAINTEXT_MAX+1];
long eax, ebx=1, edx, ebp=0, key=0;
int i, write=0;
strcpy(padded, plaintext);
for(i=strlen(padded); i<=PLAINTEXT_MAX; ++i)
padded[i] = 0;
for(i=0; i<PLAINTEXT_MAX; ++i) {
eax = padded[i];
key ^= eax;
ebp += eax * 91;
++eax;
ebx *= eax;
}
key = (algo(ebx + key) << 16) | algo(ebx += ebp);
for(i=0; i<0x64; ++i) {
ebx = (algo(key >> 16) << 16) ^ algo(key);
key = ebx;
}
/* start writing to string */
for(ebp=key, ebx=i=0; i<PLAINTEXT_MAX; ++i) {
key = algo(key);
eax = padded[i];
eax ^= (key & 0xFF);
sprintf(cyphertext+write, "%02X", eax);
write += 2;
if(i == 6) {
edx = ebp ^ 0x6A93C4F2;
sprintf(cyphertext+write, "%08X", edx);
write += 8;
}
}
}
|
|
|
Back to top |
|
|
Doc Flabby Server Help Squatter
Joined: Feb 26 2006 Posts: 636 Offline
|
Posted: Sun Jun 11, 2006 7:47 am Post subject: |
|
|
|
|
CommieCausey wrote: | I came back to check the topic and noticed he didn't want to decrypt them anyways oops! So I guess it is pretty harmless. C source code attached hope it helps you Doc.
Ok I get an error when I try to upload it so I will just copy/paste it is pretty short.
|
Thank you, thats exactly what i needed |
|
Back to top |
|
|
Doc Flabby Server Help Squatter
Joined: Feb 26 2006 Posts: 636 Offline
|
Posted: Mon Jun 12, 2006 8:22 am Post subject: |
|
|
|
|
After much further investigation turns out i didnt need this after all. passwords created in the profile.dat file automatically get converted to the registry type. |
|
Back to top |
|
|
|