Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
Continuum profile password encryption

 
Post new topic   Reply to topic Printable version
 View previous topic  Continuum Map & Lvz Editor Post :: Post Chatnut  View next topic  
Author Message
Doc Flabby
Server Help Squatter


Joined: Feb 26 2006
Posts: 636
Offline

PostPosted: Thu Jun 08, 2006 11:57 am    Post subject: Continuum profile password encryption Reply to topic Reply with quote

I'm trying to create a new installer for continuum that is easier for new players to use.

The current system of creating profiles i think is quite confusing so i was going to guide them though creating a username in installer. My problem is im not sure how the passwords are encrpyted, does anyone know? I know the passwords have no salt and some part of the encryption features XOR encryption i think.

Just to make this clear.

I want to know how to encrypt passwords NOT how to decrpyt them. Im not interested in decrypting them at all.
Back to top
View users profile Send private message Add User to Ignore List
Bak
?ls -s
0 in


Age:24
Gender:Gender:Male
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline

PostPosted: Thu Jun 08, 2006 5:36 pm    Post subject: Reply to topic Reply with quote

I suspect if you knew how to encrypt passwords you could also decrypt them
Back to top
View users profile Send private message Add User to Ignore List AIM Address
Doc Flabby
Server Help Squatter


Joined: Feb 26 2006
Posts: 636
Offline

PostPosted: Thu Jun 08, 2006 6:18 pm    Post subject: Reply to topic Reply with quote

that is highly likly but not what i am intrested in...

cracking the passwords is easier than creating them....Im just asking if somoene wants to save me some time if they already know the method they are created...

I mean otherwise i can just create a standard password and tell people to change it later...but it might not be such a good idea to have hundreds of newbies with the same password......
Back to top
View users profile Send private message Add User to Ignore List
Dr Brain
Flip-flopping like a wind surfer


Age:38
Gender:Gender:Male
Joined: Dec 01 2002
Posts: 3502
Location: Hyperspace
Offline

PostPosted: Thu Jun 08, 2006 8:13 pm    Post subject: Reply to topic Reply with quote

If it's only XOR, then entering in the crypted password will result in the cleartext pass. That'd let you know really quickly if it's XOR.
_________________
Hyperspace Owner

Smong> so long as 99% deaths feel lame it will always be hyperspace to me
Back to top
View users profile Send private message Add User to Ignore List AIM Address Yahoo Messenger MSN Messenger
D1st0rt
Miss Directed Wannabe


Age:36
Gender:Gender:Male
Joined: Aug 31 2003
Posts: 2247
Location: Blacksburg, VA
Offline

PostPosted: Sat Jun 10, 2006 12:56 pm    Post subject: Reply to topic Reply with quote

I can't imagine Priit even being remotely involved in something that uses just XOR
_________________

Back to top
View users profile Send private message Add User to Ignore List Visit posters website
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sat Jun 10, 2006 2:32 pm    Post subject: Reply to topic Reply with quote

I believe mr ekted coded up the profile password system- didn't he?
_________________
Performance is often the art of cheating carefully. - James Gosling
Back to top
View users profile Send private message Add User to Ignore List
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Jun 10, 2006 2:40 pm    Post subject: Reply to topic Reply with quote

Hmm, downloaded some XOR source code and did an encryption and it came out not as clear text. I added a decrypt to it and decrypted the encrypted and it was right.

A noobish way to encrypt / decrypt would be:
[Note: I know below is NOT XOR]
Code: Show/Hide

#include   <iostream>
#include   <fstream>
#include   <stdio.h>
using namespace std;

#define      ENCRYPTION_FORMULA      (int) Byte + 29

#define      DECRYPTION_FORMULA      (int) Byte - 29

                                 
int Encrypt (char * FILENAME, char * NEW_FILENAME)   
{
   ifstream inFile;
   ofstream outFile;

   char Byte;

   inFile.open(FILENAME, ios::in | ios::binary);
   outFile.open(NEW_FILENAME, ios::out | ios::binary);

   while(!inFile.eof())   
   {
      char NewByte;

      Byte = inFile.get();   

      if (inFile.fail())      
         return 0;
      NewByte = ENCRYPTION_FORMULA;   
      outFile.put(NewByte);
   }

   inFile.close();
   outFile.close();

   return 1;
}

int Decrypt (char * FILENAME, char * NEW_FILENAME)   
{
   ifstream inFile;
   ofstream outFile;

   char Byte;

   inFile.open(FILENAME, ios::in | ios::binary);
   outFile.open(NEW_FILENAME, ios::out | ios::binary);

   while(!inFile.eof())   
   {
      char NewByte;
      
      Byte = inFile.get();   

      if (inFile.fail())      
         return 0;
      NewByte = DECRYPTION_FORMULA;
      outFile.put(NewByte);
   }

   inFile.close();
   outFile.close();

   return 1;
}


int main()
{

   char EncFile[200];
   char NewEncFile[200];

   char DecFile[200];
   char NewDecFile[200];

   int Choice;

   cout << "NOTE: Be sure to encrypt the file with the same file extension."<<endl;
   cout << "1. Encrypt\n2. Decrypt"<<endl;
   cin >> Choice;

   switch(Choice)
   {
   case 1:
      cout << "Enter the input Filename:    ";
      cin >> EncFile;

      cout << "Enter the output Filename:   ";
      cin >> NewEncFile;

      Encrypt(EncFile, NewEncFile);
      break;

   case 2:
      cout << "Enter the input Filename:    ";
      cin >> DecFile;

      cout << "Enter the output Filename:   ";
      cin >> NewDecFile;

      Decrypt(DecFile, NewDecFile);
      break;
   }


   return 0;
}


It works, what it does is you enter the file with the main text that you want to encrypt and then you enter the output file name.

Example:
input.txt
output.txt

If you wanted to decrypt you follow the same syntax.
output.txt (because thats the encrypted file)
hooker.txt (because I am sexy)
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sat Jun 10, 2006 4:12 pm    Post subject: Reply to topic Reply with quote

^-^ Caesar Cipher
Back to top
View users profile Send private message Add User to Ignore List
Bak
?ls -s
0 in


Age:24
Gender:Gender:Male
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline

PostPosted: Sat Jun 10, 2006 5:26 pm    Post subject: Reply to topic Reply with quote

yeah and the length of the ciphertext is equal to the length of the plaintext, which isn't how continuum passwords work.
Back to top
View users profile Send private message Add User to Ignore List AIM Address
D1st0rt
Miss Directed Wannabe


Age:36
Gender:Gender:Male
Joined: Aug 31 2003
Posts: 2247
Location: Blacksburg, VA
Offline

PostPosted: Sat Jun 10, 2006 6:35 pm    Post subject: Reply to topic Reply with quote

CypherJF wrote:
I believe mr ekted coded up the profile password system- didn't he?

As I understand it, Ekted did all of the gui/windows forms stuff, but I'm still under the impression that Priit wouldn't put his name on something that used just xor for encryption anywhere down the line.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sat Jun 10, 2006 7:20 pm    Post subject: Reply to topic Reply with quote

Who here is saying the password is XOR? I wish people would get off of it already. lol icon_smile.gif
Back to top
View users profile Send private message Add User to Ignore List
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Jun 10, 2006 7:53 pm    Post subject: Reply to topic Reply with quote

Wasn't there a program that cracked the old subbill and listed passwords. I know I saw it somewhere. I downloaded all these files (was not looking for anything malicous) and it came up. I tested it out with my password and it got it right. What about the Gashi "cheat" didn't it send the profile.dat information? Did they find out how to decrypt it? I don't really remeber much about what it did, only it stole profile information.

Anyways to help the guy out... Continuum has to send the password to the biller to log in, right. Well if that password is encrypted you could view catid's source and see how it's being decrypted (assuming it doesn't undergo more than one encryption). If passwords in continuum are not encrypted when sent to the biller, then no.

I downloaded a password revealer once because I forgot a password I used but it stayed in the ICQ Box, so I revealed it and found out what it was. It was easier than changing it. The tools works with continuum too. I am assuming the Gashi guys got the profile info and loaded it into their continuum folder. Then they used a revealer and BAM.

Just my thoughts, now you can flame away at me and everything I did wrong.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
CommieCausey
Newbie


Age:40
Gender:Gender:Male
Joined: May 27 2006
Posts: 10
Location: California
Offline

PostPosted: Sat Jun 10, 2006 10:39 pm    Post subject: Reply to topic Reply with quote

Maybe I am wrong here but it seems to me Doc Flabby is asking for the encryption used to store the profile's password into the registry.

This is alot simpler than Continuum or even SubSpace's encryption and involves no keys. The password is decrypted from the registry before it is used to login (and encrypted again). It's just encrypted to hide it from the prying eyes of regedit-ers. It's also stored in profile.dat.

I would be willing to help Doc by giving him code to do it. Would anyone have objections to me helping him?


Last edited by CommieCausey on Sat Jun 10, 2006 11:46 pm, edited 1 time in total
Back to top
View users profile Send private message Add User to Ignore List Send email
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Jun 10, 2006 10:53 pm    Post subject: Reply to topic Reply with quote

Not at all, as long as he releases the source to me . :)
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
CommieCausey
Newbie


Age:40
Gender:Gender:Male
Joined: May 27 2006
Posts: 10
Location: California
Offline

PostPosted: Sun Jun 11, 2006 4:59 am    Post subject: Reply to topic Reply with quote

I came back to check the topic and noticed he didn't want to decrypt them anyways oops! So I guess it is pretty harmless. C source code attached hope it helps you Doc.

Ok I get an error when I try to upload it so I will just copy/paste it is pretty short.

Code: Show/Hide

/* Continuum profile password encryption
*
* CommieCausey (commiecausey@gmail.com)
* 7/10/06
*/

#define PLAINTEXT_MAX 32
#define CYPHERTEXT_MAX 72

#include <string.h>

long algo(long arg)
{
    long eax, ecx;

    ecx = arg;
    eax = ecx << 5;
    eax -= ecx;

    eax = ecx + eax * 300 + 0xC091;
    return eax % 0x38F40;
}

void encPassword(const char *plaintext, char cyphertext[CYPHERTEXT_MAX+1])
{
    char padded[PLAINTEXT_MAX+1];
    long eax, ebx=1, edx, ebp=0, key=0;
    int i, write=0;

    strcpy(padded, plaintext);
    for(i=strlen(padded); i<=PLAINTEXT_MAX; ++i)
        padded[i] = 0;

    for(i=0; i<PLAINTEXT_MAX; ++i) {
        eax = padded[i];
        key ^= eax;
        ebp += eax * 91;

        ++eax;
        ebx *= eax;
    }

    key = (algo(ebx + key) << 16) | algo(ebx += ebp);

    for(i=0; i<0x64; ++i) {
        ebx = (algo(key >> 16) << 16) ^ algo(key);
        key = ebx;
    }

    /* start writing to string */
    for(ebp=key, ebx=i=0; i<PLAINTEXT_MAX; ++i) {
        key = algo(key);
        eax = padded[i];
        eax ^= (key & 0xFF);
        sprintf(cyphertext+write, "%02X", eax);
        write += 2;

        if(i == 6) {
            edx = ebp ^ 0x6A93C4F2;
            sprintf(cyphertext+write, "%08X", edx);
            write += 8;
        }
    }
}
Back to top
View users profile Send private message Add User to Ignore List Send email
Doc Flabby
Server Help Squatter


Joined: Feb 26 2006
Posts: 636
Offline

PostPosted: Sun Jun 11, 2006 7:47 am    Post subject: Reply to topic Reply with quote

CommieCausey wrote:
I came back to check the topic and noticed he didn't want to decrypt them anyways oops! So I guess it is pretty harmless. C source code attached hope it helps you Doc.

Ok I get an error when I try to upload it so I will just copy/paste it is pretty short.


Thank you, thats exactly what i needed icon_smile.gif
Back to top
View users profile Send private message Add User to Ignore List
Doc Flabby
Server Help Squatter


Joined: Feb 26 2006
Posts: 636
Offline

PostPosted: Mon Jun 12, 2006 8:22 am    Post subject: Reply to topic Reply with quote

After much further investigation turns out i didnt need this after all. passwords created in the profile.dat file automatically get converted to the registry type.
Back to top
View users profile Send private message Add User to Ignore List
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> Misc User Apps All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 657 page(s) served in previous 5 minutes.

phpBB Created this page in 0.464183 seconds : 42 queries executed (79.1%): GZIP compression disabled