Jump to content
TrinityCore
darki73

6.x password hash generation

Recommended Posts

So i guess it is pretty obvious about what am i going to ask =)

Problem is, previousle we could just sha1 username and password separated by colon and here is the sha_pass_hash.

The problem i am facing right now, is that according to https://github.com/TrinityCore/TrinityCore/blob/86b98686a95e23247ecb774fb23ecd5b8d94b97b/src/server/game/Accounts/BattlenetAccountMgr.cpp#L177 Trinity now uses SHA256, so the hashes do not match anymore. The thing is, password length in database is 40 symbols (exactly as many as in sha1 hash), but sha256 hash length is 64 characters long. I am confused...

I've tried to recreate whole "Cryptography" thing on PHP but, guess what, failed.

Can somebody explain me how the password is generated nowadays?

Thank you for your attention. 

Share this post


Link to post
Share on other sites

There seem to be 2 password hashes generated.
One for the username and pass in auth.account and one for the username and pass in auth.battlenet_accounts.

The latter contains what you look for.

I didnt actually look into the code so no idea if the account table password is used etc.

Share this post


Link to post
Share on other sites

How did you try generating them? Can you share code?
How did you test your generations?
Did you try generating both of them or only one of them, which one?

It looks to me like both of them are done the same way (with different hashes), except in the bnet one the username is hashed and then hashed with the password.
Also the bnet one will be reversed, which means that instead of being 12345 it is 54321 (the bytes converted to hex will be in reverse order)

All parts (username, password, email) will be converted to uppercase before hashing. (see Utf8ToUpperOnlyLatin function)

 

How it looks to me:
normal hash - make everything uppercase, use sha1 to hash username:password. it should be noted that username is probably the 1#1 string.
bnet hash - make everything uppercase, use sha256 to hash email then use sha256 to hash hashedemail:password and that hash is reversed. Now email is used as the "username".

The c++ code enforces some restrictions like length, characters the emails etc can contain and so.

https://github.com/TrinityCore/TrinityCore/blob/86b98686a95e23247ecb774fb23ecd5b8d94b97b/src/server/game/Accounts/AccountMgr.cpp#L387
https://github.com/TrinityCore/TrinityCore/blob/86b98686a95e23247ecb774fb23ecd5b8d94b97b/src/server/game/Accounts/BattlenetAccountMgr.cpp#L177

Share this post


Link to post
Share on other sites

I am checking against hashes which are made by the worldserver application.

I've managed to get hash for battlenet_accounts with following function

strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash("sha256",strtoupper(hash("sha256", strtoupper($username)).":".strtoupper($password))))))));

Now i have some thoughts about the account table... Will share if i will succeed

 

Share this post


Link to post
Share on other sites

Well... i pretended that i am really stupid (well, it seems that actually i am) and tried to simply use the username column from the account database... It worked, hash for the account database is the 

$username = '1#1';
echo sha1(strtoupper($username . ':' . $password))

Share this post


Link to post
Share on other sites
On 05/01/2017 at 11:36 AM, darki73 said:

I am checking against hashes which are made by the worldserver application.

I've managed to get hash for battlenet_accounts with following function

strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash("sha256",strtoupper(hash("sha256", strtoupper($username)).":".strtoupper($password))))))));

Now i have some thoughts about the account table... Will share if i will succeed

 

On 05/01/2017 at 11:43 AM, darki73 said:

Well... i pretended that i am really stupid (well, it seems that actually i am) and tried to simply use the username column from the account database... It worked, hash for the account database is the 

$username = '1#1';
echo sha1(strtoupper($username . ':' . $password))

Thanks, now I can create a web app to create accounts. I'll share it later!

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By BRABUS
      Hi all, im trying now to make an php custom market for buying an items in website, and i would ask for help. Which is the proper way to add/send items to player with in-game mail?
      I need to add new entry in mail, mail_item, and item_instance ???
      Something like that? 
      $mail->insert( 'mail', array( 'messageType' => 0, 'stationery' => 61, 'mailTemplateId' => 0, 'sender' => 1, 'receiver' => 2, 'subject' => 'Market item', 'body' => 'You have successfully buyed an item from market!', 'has_items' => 1, 'checked' => 0 ), array( '%d', '%d', '%d', '%d', '%d', '%s', '%s', '%d', '%d' ) ); $mail->insert( 'mail_items', array( 'mail_id' => 44, 'item_guid' => 61, // ???? 'receiver' => 0 ), array( '%d', '%d', '%d' ) );  
      Thanks.
    • By lalalastab
      I've been trying to implement my own simple cms solution without php, but can't figure out the formatting of the SOAP requests. I was wondering if anyone was able to explain where I can find the wsdl schema? Googling only really gives results for php...
      edit2 solved after 2 days. feel free to close. code was updated with correct structure. make sure to set basic authentication headers in your request.
      <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:ns1="urn:TC">
          <SOAP-ENV:Header>
          </SOAP-ENV:Header>
          <SOAP-ENV:Body>
               <ns1:executeCommand>
                   <command>server info</command>
               </ns1:executeCommand>
          </SOAP-ENV:Body>
      </SOAP-ENV:Envelope>
      The code is enough to get to the authorization stage but I'm not sure how to log in.
      Thanks!
    • By HolyNitzan
      Hey Guys,
      I'm  using the last build of TrinityCore for WoD, currently using latest TDB release, I noticed that there are no spawns in Draenor, I would like to konw how could I solve it? is the TDB not populated with Draenor mobs/npc spawns?
    • By Shinzon
      I have searched all over the forums and can't find anything that exactly matches this. 
      I can connect fine to the server using my windows client, but when I try to connect using my mac client it immediately bounces back stating "You have been disconnected from the server". 
      I have the correct IP address in the config.wtf (And realmlist in the DB) but still can't connect. 
      I of course can't apply the connection patcher, because the EXE isn't mac compatible. 
      Is there something else I need to do to connect with mac?
      Here is my connection.log if it helps (NOTE that the ".logon.battle.net" I can't get rid of... there is no where config.wtf that has that).
       
      3/14 13:10:21.966  Login program=WoW platform=Mc64 locale=enUS 3/14 13:10:22.097  Component WoW.Mc64.20886 3/14 13:10:22.097  Component WoW.base.20726 3/14 13:10:22.099  Battle.net is Component Bnet.Mc64.37165 3/14 13:10:22.099  LOGIN: state: LOGIN_STATE_CONNECTING result: LOGIN_OK  3/14 13:10:22.145  Failed to resolve “108.26.241.19”.logon.battle.net 3/14 13:10:22.145  LOGIN: state: LOGIN_STATE_FAILED result: DISCONNECTED  3/14 13:10:22.145  Login program=WoW platform=Mc64 locale=enUS 3/14 13:10:22.145  Component WoW.Mc64.20886 3/14 13:10:22.145  Component WoW.base.20726 3/14 13:10:22.154  Battle.net is Component Bnet.Mc64.37165 3/14 13:10:23.298  Client Disconnect due to reason:8 3/14 13:12:54.053  LOGIN: state: LOGIN_STATE_CONNECTING result: LOGIN_OK  3/14 13:12:54.073  Failed to resolve “192.168.1.130”.logon.battle.net 3/14 13:12:54.151  LOGIN: state: LOGIN_STATE_FAILED result: DISCONNECTED  3/14 13:12:54.151  Login program=WoW platform=Mc64 locale=enUS 3/14 13:12:54.173  Component WoW.Mc64.20886 3/14 13:12:54.173  Component WoW.base.20726 3/14 13:12:54.308  Battle.net is Component Bnet.Mc64.37165 3/14 13:12:54.309  Client Disconnect due to reason:8  
       
       
    • By FreddyLIE
      Hello,
      (sorry for bad english)
      i was trying out the 6.X Core and there was no Spawns in Dreanor.
      So i want to Sniff them from Live and add them my Self. If i manage to get it to work i will share my Work.
      I need some help.
      Im complete new to sniffing/parsing. And the last time i was setting up a Privatserver is some years ago.
      Some month ago i made my degree in Software dev. so i got "some" C# & SQL knowledge.
      Im compiling the Core and Parser myself.

      My sniffing attemps
      I was walking around in Dreanor/Gorgrond for testing to get some spawns.
      I got a 2MB .pkt Package and try to parse the creatures and i got some data out that looks not correct to me.

      - The names of the creatures not working, looks like some utf-8 problem.
      - The data dont look correct, and dont match the TDB tables. for example:
      [...] modelid1=32784, modelid2=117440512, name='�', rank=1852130080, family=1851877746, type=1866932324 [...]

      The parsed SQL is producing errors like this:
      Out of range value for column 'modelid2' at row 1
      Out of range value for column 'rank' at row 1
      Out of range value for column 'family' at row 1
      [...]

      Can you help me getting this to work?

      See attachments.
      - FreddyLIE
      WowPacketParser.exe.config
      2016_06_10_22_33_04_21742_2016-06-10_19-55-38_0E9CA614.pkt.sql
      2016_06_10_22_33_02_log.txt
×