EQEmulator Forums

EQEmulator Forums (https://www.eqemulator.org/forums/index.php)
-   Development::Development (https://www.eqemulator.org/forums/forumdisplay.php?f=590)
-   -   Password encryption information? (https://www.eqemulator.org/forums/showthread.php?t=27388)

freezzo 02-03-2009 01:49 PM
Password encryption information?
 
I was looking at the eq protocol information and I was curious if anyone knows how to decrypt this. The part in question is the 24byte password hash. Thanks in advance:

(3) Client sends login info.
23:57:05.842104 client.1538 > server.10002: 61
0x0000 1204 0001 339a 09be 0101 0100 4669 7a62 ....3..$....Fizb
0x0010 616e 3100 1db5 28f1 02a5 cde2 a513 23da an1...X2..b.V..!
0x0020 19d5 5dae b12d e6af e53b ed50 6e6f 6e65 ...O.,...e..none
0x0030 0000 0000 0000 0000 00e4 a6e1 e2 ...........m.

Flags set:
ASQ - Not sure.
ARQ - ACK Request.
ARSP - ACK Response.

Header Data:
dwSEQ - 0x0001: This is seqence number 0x0001 from the client.
Upon receiving, ignore any further packets <= dwSEQ.
dwARSP - 0x339a: Response to ARQ 0x339a.
dwARQ - 0x09be: Use this for responding.
ASQ_high - 0x01: Not sure.
ASQ_low - 0x01: Not sure.
dwOpCode - 0x0100: Send Login Info.
CRC32 - 0xe4a6e1e2: CRC Check.

Data:
The first thing sent is a null terminated username ("Fizban1" in this case).
After that, a 24-byte password hash is sent. The rest of the packet
doesn't seem to change between logins (not sure what 'none' is for).

Yeormom 02-03-2009 02:17 PM
The crypto has been cracked but not distributed.

freezzo 02-03-2009 02:26 PM
I am assuming this means you cannot help me? Is it possible to provide any hints for this or am I going to have to research it on my own?

PS. If its any consellation, I'm using very old version of the client, kunark release. So it wont interfere with what EqEmu is doing. And from my understanding the encryption has changed since then.

Thanks

Andrew80k 02-03-2009 02:32 PM
Unfortunately, Yeormom is correct. The crypto has been cracked but not distributed and we can not distribute it.

freezzo 02-03-2009 03:09 PM
I understand not wanting to distribute it. I was just curious if anyone would be able to provide some information or tips about how I can go about this with what I am assuming is a very old protocol used.

Thanks for the replies however.

Andrew80k 02-03-2009 04:09 PM
Well anything that anyone could provide you would have to be outside these forums. We have an agreement with the folks that created it that we would not contribute to its getting out. And that agreement goes back a LONG way so we are really not able to help you publicly.

Yeormom 02-03-2009 04:17 PM
We aren't trying to jerk you around freezzo. The circumvention of the client encryption is on the top end of the DMCA danger scale right along with publishing the box art as your own and is thus considered illegal in most forms on these forums, as Andrew is pointing out.

freezzo 02-03-2009 04:34 PM
No problem guys. I appreciate you taking the time. I just wasn't sure where to ask such information and I do not want to cause legal issues with it, so I will drop it here.

I guess its time to study up on some algorithms :)


All times are GMT -4. The time now is 05:07 AM.

Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.