[rodrigo286]

I need players registering in my direct forum of the game.

But I am having a problem in generating passwords.

The password scheme of IPB is as follows:

https://www.invisionpower.com/suppor...n-ipboard-r130

But even I generating MD5 do not succeed.

I searched here in the forum and found a stock of generating MD5, still does not work.

Can someone help me?

Thanks.

[LambdaLambda]

Well, that's weird! Comapre MD5 pass generated with PHP and SP.

#edit
I've tested that MD5 function for SP. It doesn't work properly.

[rodrigo286]

I try with Sslice hash but IPBOARD dont password...

STRING to MD5 by Sslice:

PHP Code:

// MD5 Routine from sslice :D

stock MD5String(const String:str[], String:output[], maxlen)
{
    decl x[2];
    decl buf[4];
    decl input[64];
    new i, ii;
    
    new len = strlen(str);
    
    // MD5Init
    x[0] = x[1] = 0;
    buf[0] = 0x67452301;
    buf[1] = 0xefcdab89;
    buf[2] = 0x98badcfe;
    buf[3] = 0x10325476;
    
    // MD5Update
    new in[16];

    in[14] = x[0];
    in[15] = x[1];
    
    new mdi = (x[0] >>> 3) & 0x3F;
    
    if ((x[0] + (len << 3)) < x[0])
    {
        x[1] += 1;
    }
    
    x[0] += len << 3;
    x[1] += len >>> 29;
    
    new c = 0;
    while (len--)
    {
        input[mdi] = str[c];
        mdi += 1;
        c += 1;
        
        if (mdi == 0x40)
        {
            for (i = 0, ii = 0; i < 16; ++i, ii += 4)
            {
                in[i] = (input[ii + 3] << 24) | (input[ii + 2] << 16) | (input[ii + 1] << 8) | input[ii];
            }
            // Transform
            MD5Transform(buf, in);
            
            mdi = 0;
        }
    }
    
    // MD5Final
    new padding[64] = {
        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
    };
    new inx[16];
    inx[14] = x[0];
    inx[15] = x[1];
    
    mdi = (x[0] >>> 3) & 0x3F;
    
    len = (mdi < 56) ? (56 - mdi) : (120 - mdi);
    in[14] = x[0];
    in[15] = x[1];
    
    mdi = (x[0] >>> 3) & 0x3F;
    
    if ((x[0] + (len << 3)) < x[0])
    {
        x[1] += 1;
    }
    
    x[0] += len << 3;
    x[1] += len >>> 29;
    
    c = 0;
    while (len--)
    {
        input[mdi] = padding[c];
        mdi += 1;
        c += 1;
        
        if (mdi == 0x40)
        {
            for (i = 0, ii = 0; i < 16; ++i, ii += 4)
            {
                in[i] = (input[ii + 3] << 24) | (input[ii + 2] << 16) | (input[ii + 1] << 8) | input[ii];
            }
            // Transform
            MD5Transform(buf, in);
            
            mdi = 0;
        }
    }
    
    for (i = 0, ii = 0; i < 14; ++i, ii += 4)
    {
        inx[i] = (input[ii + 3] << 24) | (input[ii + 2] << 16) | (input[ii + 1] << 8) | input[ii];
    }
    MD5Transform(buf, inx);
    
    new digest[16];
    for (i = 0, ii = 0; i < 4; ++i, ii += 4)
    {
        digest[ii] = (buf[i]) & 0xFF;
        digest[ii + 1] = (buf[i] >>> 8) & 0xFF;
        digest[ii + 2] = (buf[i] >>> 16) & 0xFF;
        digest[ii + 3] = (buf[i] >>> 24) & 0xFF;
    }
    
    FormatEx(output, maxlen, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
        digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7],
        digest[8], digest[9], digest[10], digest[11], digest[12], digest[13], digest[14], digest[15]);
}

stock MD5Transform_FF(&a, &b, &c, &d, x, s, ac)
{
    a += (((b) & (c)) | ((~b) & (d))) + x + ac;
    a = (((a) << (s)) | ((a) >>> (32-(s))));
    a += b;
}

stock MD5Transform_GG(&a, &b, &c, &d, x, s, ac)
{
    a += (((b) & (d)) | ((c) & (~d))) + x + ac;
    a = (((a) << (s)) | ((a) >>> (32-(s))));
    a += b;
}

stock MD5Transform_HH(&a, &b, &c, &d, x, s, ac)
{
    a += ((b) ^ (c) ^ (d)) + x + ac;
    a = (((a) << (s)) | ((a) >>> (32-(s))));
    a += b;
}

stock MD5Transform_II(&a, &b, &c, &d, x, s, ac)
{
    a += ((c) ^ ((b) | (~d))) + x + ac;
    a = (((a) << (s)) | ((a) >>> (32-(s))));
    a += b;
}

stock MD5Transform(buf[], in[])
{
    new a = buf[0];
    new b = buf[1];
    new c = buf[2];
    new d = buf[3];
    
    MD5Transform_FF(a, b, c, d, in[0], 7, 0xd76aa478);
    MD5Transform_FF(d, a, b, c, in[1], 12, 0xe8c7b756);
    MD5Transform_FF(c, d, a, b, in[2], 17, 0x242070db);
    MD5Transform_FF(b, c, d, a, in[3], 22, 0xc1bdceee);
    MD5Transform_FF(a, b, c, d, in[4], 7, 0xf57c0faf);
    MD5Transform_FF(d, a, b, c, in[5], 12, 0x4787c62a);
    MD5Transform_FF(c, d, a, b, in[6], 17, 0xa8304613);
    MD5Transform_FF(b, c, d, a, in[7], 22, 0xfd469501);
    MD5Transform_FF(a, b, c, d, in[8], 7, 0x698098d8);
    MD5Transform_FF(d, a, b, c, in[9], 12, 0x8b44f7af);
    MD5Transform_FF(c, d, a, b, in[10], 17, 0xffff5bb1);
    MD5Transform_FF(b, c, d, a, in[11], 22, 0x895cd7be);
    MD5Transform_FF(a, b, c, d, in[12], 7, 0x6b901122);
    MD5Transform_FF(d, a, b, c, in[13], 12, 0xfd987193);
    MD5Transform_FF(c, d, a, b, in[14], 17, 0xa679438e);
    MD5Transform_FF(b, c, d, a, in[15], 22, 0x49b40821);
    
    MD5Transform_GG(a, b, c, d, in[1], 5, 0xf61e2562);
    MD5Transform_GG(d, a, b, c, in[6], 9, 0xc040b340);
    MD5Transform_GG(c, d, a, b, in[11], 14, 0x265e5a51);
    MD5Transform_GG(b, c, d, a, in[0], 20, 0xe9b6c7aa);
    MD5Transform_GG(a, b, c, d, in[5], 5, 0xd62f105d);
    MD5Transform_GG(d, a, b, c, in[10], 9, 0x02441453);
    MD5Transform_GG(c, d, a, b, in[15], 14, 0xd8a1e681);
    MD5Transform_GG(b, c, d, a, in[4], 20, 0xe7d3fbc8);
    MD5Transform_GG(a, b, c, d, in[9], 5, 0x21e1cde6);
    MD5Transform_GG(d, a, b, c, in[14], 9, 0xc33707d6);
    MD5Transform_GG(c, d, a, b, in[3], 14, 0xf4d50d87);
    MD5Transform_GG(b, c, d, a, in[8], 20, 0x455a14ed);
    MD5Transform_GG(a, b, c, d, in[13], 5, 0xa9e3e905);
    MD5Transform_GG(d, a, b, c, in[2], 9, 0xfcefa3f8);
    MD5Transform_GG(c, d, a, b, in[7], 14, 0x676f02d9);
    MD5Transform_GG(b, c, d, a, in[12], 20, 0x8d2a4c8a);
    
    MD5Transform_HH(a, b, c, d, in[5], 4, 0xfffa3942);
    MD5Transform_HH(d, a, b, c, in[8], 11, 0x8771f681);
    MD5Transform_HH(c, d, a, b, in[11], 16, 0x6d9d6122);
    MD5Transform_HH(b, c, d, a, in[14], 23, 0xfde5380c);
    MD5Transform_HH(a, b, c, d, in[1], 4, 0xa4beea44);
    MD5Transform_HH(d, a, b, c, in[4], 11, 0x4bdecfa9);
    MD5Transform_HH(c, d, a, b, in[7], 16, 0xf6bb4b60);
    MD5Transform_HH(b, c, d, a, in[10], 23, 0xbebfbc70);
    MD5Transform_HH(a, b, c, d, in[13], 4, 0x289b7ec6);
    MD5Transform_HH(d, a, b, c, in[0], 11, 0xeaa127fa);
    MD5Transform_HH(c, d, a, b, in[3], 16, 0xd4ef3085);
    MD5Transform_HH(b, c, d, a, in[6], 23, 0x04881d05);
    MD5Transform_HH(a, b, c, d, in[9], 4, 0xd9d4d039);
    MD5Transform_HH(d, a, b, c, in[12], 11, 0xe6db99e5);
    MD5Transform_HH(c, d, a, b, in[15], 16, 0x1fa27cf8);
    MD5Transform_HH(b, c, d, a, in[2], 23, 0xc4ac5665);

    MD5Transform_II(a, b, c, d, in[0], 6, 0xf4292244);
    MD5Transform_II(d, a, b, c, in[7], 10, 0x432aff97);
    MD5Transform_II(c, d, a, b, in[14], 15, 0xab9423a7);
    MD5Transform_II(b, c, d, a, in[5], 21, 0xfc93a039);
    MD5Transform_II(a, b, c, d, in[12], 6, 0x655b59c3);
    MD5Transform_II(d, a, b, c, in[3], 10, 0x8f0ccc92);
    MD5Transform_II(c, d, a, b, in[10], 15, 0xffeff47d);
    MD5Transform_II(b, c, d, a, in[1], 21, 0x85845dd1);
    MD5Transform_II(a, b, c, d, in[8], 6, 0x6fa87e4f);
    MD5Transform_II(d, a, b, c, in[15], 10, 0xfe2ce6e0);
    MD5Transform_II(c, d, a, b, in[6], 15, 0xa3014314);
    MD5Transform_II(b, c, d, a, in[13], 21, 0x4e0811a1);
    MD5Transform_II(a, b, c, d, in[4], 6, 0xf7537e82);
    MD5Transform_II(d, a, b, c, in[11], 10, 0xbd3af235);
    MD5Transform_II(c, d, a, b, in[2], 15, 0x2ad7d2bb);
    MD5Transform_II(b, c, d, a, in[9], 21, 0xeb86d391);
    
    buf[0] += a;
    buf[1] += b;
    buf[2] += c;
    buf[3] += d;
} 


Thanks for helo=p

[API]

I know very little about IPB but I know a thing or two about PHP and security hashes. IPB (most likely) uses a salt which is why you are getting different results.

[rodrigo286]

Any idea how i do this password?

Thanks for help.

[LambdaLambda]

Quote:

Originally Posted by pimpinjuice I know very little about IPB but I know a thing or two about PHP and security hashes. IPB (most likely) uses a salt which is why you are getting different results.

No. Salt is assigned to members randomly. I have generated password in MD5 and Salt i took from my own database, and both - generated with IPB script, and script I used - are the same.

However, that function on SP you're using isn't correct. You can either request someone to create new MD5 function, or use PHP/JS function thats gonna be called by the server.

[rodrigo286]

I would then have to access the PHP, run the PHP Script in IPBoard to generate the password?

You have no idea how to do this with SM?

Extension?

New MD5 function, with salt?

Thanks.

[LambdaLambda]

Quote:

Where: $hash is the value stored in the database column members_pass_hash. $salt is the value stored in the database column members_pass_salt. $password is the plaintext password. The salt, is a string of 5 random characters including letters, numbers and symbols (specifically, ASCII characters 33-126, excluding 92). You can easily generate a salt using the IPSMember::generatePasswordSalt() method.

So if you want to create new account, then generating random 5 sumbols would do the job. Then using these 5 characters and text-password you could generate MD5 password (using algorithm you have posted in your first post). After you do that, simply do query that will fill up "members_pass_salt" field with these 5 symbols you generated and "members_pass_hash" with md5 result. You don't have to use IPB's script, you can easily create simple PHP script that would take your details such member id, password, and salt with GET. For security reasons, I would also comapre IP addresses; So you would create new member's record firstly, and you would use the PHP script only to update the password and SALT code. Then, to make sure that nobody else would use this script after, you would compare client's IP adress that runs the script, with IP address of person who have generated the record. Hope you got me.

[rodrigo286]

Initial Password:

PHP Code:

Text: BIGPIN
MD5 Hash: 1d866dfd69e01ddda87c4aff3698104d 


Salt:

PHP Code:

Text: ABC12 


Initial Password + Salt:

PHP Code:

Text: BIGPINABC12
MD5 Hash: 6ddbbb2cc77ead41da74f998fdf2fb32 


Final Password:

PHP Code:

Password: 

MD5 Hash: 6ddbbb2cc77ead41da74f998fdf2fb32
Salt: ABC12
Key: ? 


Do not get it right.

Thanks.