Closed eperry closed 2 months ago
tkausl
commented
1 year ago This hash is created by the client, not the server. It takes the username and password as unicode strings (I assume thats UTF16, seems to be LittleEndian) and does 1001 rounds of sha1, each time adding the username as salt.
Pseudocode:
username = "x" //UTF16LE
password = "x" //UTF16LE
salt = username
hash = password
do 1001 times:
hash = sha1(hash + salt)
jdhirst
commented
2 months ago Closing as solved. Please re-open if you have further questions
eperry
commented
1 month ago So sorry for never responding, I was close to the solution, I fed your sudo code in to chatgpt and it came out close to what I had.
And once I implemented it, I was getting exact matches. Now I can continue forward on a web interface to set passwords. :D
I am currently having fun exploring the database.
I was thinking on writing a registration page so we could disable the auto creation.
I am trying to write it on Nodejs and not c++ but for the life of me, and unhelpful help of chatgpt I can't figure out why in the DB account hash table it shows as a binary but the code shows it is creating a md5 ASCII hex in the create account function
If anyone can help explain the exact algorithm I can bang out a basic web page for registration and maybe other features.