|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 13:51
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 9 posts ] |
|
Author |
Message |
superstar
|
Post subject: hope someone can help me Posted: 21 Jul 2010 20:43 |
|
Joined: 21 Jul 2010 20:36 Posts: 2
|
So i forgot my password @ Xfire, and i used xfire.pwd, and then at epw 1 i get his long code e40d4fc73b0764556055810900744b3b27e1becd. i hope someone can get this code for me because i really don't know how to get this thing. Thank you in advance !
|
|
Top |
|
|
aluigi
|
Post subject: Re: hope someone can help me Posted: 21 Jul 2010 22:04 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
unfortunately the EPW field can't help you because it's only an hash so it's not reversable to the original password.
the following is the comment I left in the source code of xfirepwd: "Xfire stores only the custom hash (not spent time on it due to the lack of interest) of the password and then when the client logins it sends a salted hash"
|
|
Top |
|
|
superstar
|
Post subject: Re: hope someone can help me Posted: 21 Jul 2010 23:13 |
|
Joined: 21 Jul 2010 20:36 Posts: 2
|
hmmmm so that mean i can't get my password back like this?
|
|
Top |
|
|
aluigi
|
Post subject: Re: hope someone can help me Posted: 22 Jul 2010 10:17 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
unfortunately you can't, you can only continue to login in Xfire automatically but you can't recover the original password
|
|
Top |
|
|
Sethioz
|
Post subject: Re: hope someone can help me Posted: 28 Jul 2010 19:48 |
|
Joined: 24 Sep 2007 02:12 Posts: 1114 Location: http://sethioz.co.uk
|
first of, if it would be really your password, you would reset it, so you can say that you are trying to steal somebody's password (most likely your friends, which is lame, dont do that).
secondly, password hash can only be bruteforced or attacked using wordlist.
Luigi, what type of hash is this ? and small suggestion to you Luigi, there is a tool called passwordspro (im sure i have told you about it). it has plugin feature, any chance you can write a plugin that supports xfire hashes ? not that i want or need it, just a suggestion. lil bit offtopic, but im interested in phpbb3 hash support instead.
|
|
Top |
|
|
aluigi
|
Post subject: Re: hope someone can help me Posted: 29 Jul 2010 08:15 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
it's the SHA1 hash of a string composed by the following fields: - password - password (yes again) - "UltimateArena"
so if you password is "mypass" then EPW will be the SHA1 hash of the string "mypassmypassUltimateArena" which is: b73c7d20bec2ecd5781578efb81caccfeb8fbb39
|
|
Top |
|
|
Sethioz
|
Post subject: Re: hope someone can help me Posted: 01 Aug 2010 01:09 |
|
Joined: 24 Sep 2007 02:12 Posts: 1114 Location: http://sethioz.co.uk
|
so if you want to crack it, then SHA1 is supported by PasswordsPro and Cain. as i understood Luigi right ?! if you want to crack the password using wordlists or bruteforce, you must set the settings to dublicate the word and add UltimateArena after each password tried ?
for example if my password is "aliens" then SHA1 hash would collide with "aliensaliensUltimateArena" ?
so if you want to crack it, hit it with wordlists or bruteforce using passwordspro or cain. passwordspro is more professional and also more reliable with resume function, but cain is faster. also i think its possible to use SHA1 hash itself to log into "your" account. if you change the sent hash in packets, but im not sure how xfire works. Luigi does xfire send SHA1 hash over internet ? so it can be replaced or not. anyways im not interested in xfire, gamers lamers :)
|
|
Top |
|
|
aluigi
|
Post subject: Re: hope someone can help me Posted: 01 Aug 2010 08:25 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
yes for the "aliens" example.
if I'm not in error when it logins, xfire takes that hash and sends a new hash performed on that one plus another parameter got from the server. anyway if you take the password hash from a computer, encrypt it and place it in the logininfo.yaml file then you will be able to login using that account without problems.
|
|
Top |
|
|
Sethioz
|
Post subject: Re: hope someone can help me Posted: 01 Aug 2010 21:44 |
|
Joined: 24 Sep 2007 02:12 Posts: 1114 Location: http://sethioz.co.uk
|
i will test this theory some time if you won't. if somebody does test it, plz post results here, so i wont double test. im not interested in xfire, but im interested in this concept, to know if its possible.
|
|
Top |
|
|
|
Page 1 of 1
|
[ 9 posts ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|