Luigi Auriemma

Hi, im rewriting your gamespy login emulator at the moment (works great btw) for e.g. mysql support.

I have some problems: Ive done a bit of research with wireshark and with your c source (i dont see through completely btw) but i stuck here:
The server send "\lc\1\challenge\<random>\id\1\final\" and the clients answers with (gpcm.gamespy.com):
"\login\\challenge\<random>\uniquenick\<accname>\response\<dunno what this is>\port\1624\productid\10493\gamename\battlefield2d\namespaceid\12\id\1\final\".
What i dont understand is: The server answers with a ok if you enter the correct password ("\lc\2\...") but gives you an error if you dont. But i cant see the password anywhere in the data sent by the client. <dunno what this is> seems to be an md5 hash but when i try to decrypt it with common md5 decrypters it wont give me back my password (in fact it doesnt even give back anything).

Can you help me luigi?

Luigi helped me out with this one in 2006 via an email! Oh how the time flies by... The response field contains your password, and a bit more. Here's how it's generated:

md5(md5pass + 48spaces + username + clientchallenge + serverchallenge + md5pass)

md5pass: the md5 hash of your password
48spaces: Just like it says, 48 spaces (I think 0x20 in hex is 1 space)
username: self explanatory, your username
clientchallenge: the challenge sent by your client. i think this can be anything, but I usually make it a random 32 character hexadecimal string
serverchallenge: the challenge sent by the gamespy server when you connected. usually this is 10 characters long
md5pass: again, the md5 hash of your password

Do an md5 hash of all these put together in 1 string, and you have your response hash.

excellt. Thanks very much.
Let me guess: Your a python guy :)

php :P