viewing paste Unknown #1583 | Diff

Posted on the
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85
# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to: /home/lighta/Documents/Myscript/RO/Servs/rathena
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
Index: src/common/md5calc.c
--- src/common/md5calc.c Base (BASE)
+++ src/common/md5calc.c Locally Modified (Based On LOCAL)
@@ -16,6 +16,8 @@
 #define UINT_MAX 4294967295U
 #endif
 
+static const char MD5SALT[]="mykeyphrase";
+
 // Global variable
 static unsigned int *pX;
 
@@ -238,3 +240,10 @@
                output[i] = (char)(1 + rnd() % 255);
 
 }
+
+void MD5_StringSalt(const char * string, char * output)
+{
+    char passel[64+1];
+    sprintf(passel, "%s%s", string, MD5SALT);
+    MD5_String(passel, output);
+}
Index: src/common/md5calc.h
--- src/common/md5calc.h Base (BASE)
+++ src/common/md5calc.h Locally Modified (Based On LOCAL)
@@ -1,8 +1,10 @@
 #ifndef _MD5CALC_H_
 #define _MD5CALC_H_
 
-void MD5_String(const char * string, char * output);
+//void MD5_String(const char * string, char * output); //only use obf for security reason
 void MD5_Binary(const char * string, unsigned char * output);
 void MD5_Salt(unsigned int len, char * output);
 
+void MD5_StringSalt(const char * string, char * output);
+
 #endif /* _MD5CALC_H_ */
Index: src/login/login.c
--- src/login/login.c Base (BASE)
+++ src/login/login.c Locally Modified (Based On LOCAL)
@@ -267,7 +267,7 @@
        char tmpstr[64+1], md5str[32+1];
 
        safesnprintf(tmpstr, sizeof(tmpstr), "%s%s", str1, str2);
-       MD5_String(tmpstr, md5str);
+       MD5_StringSalt(tmpstr, md5str);
 
        return (0==strcmp(passwd, md5str));
 }
@@ -1432,7 +1432,7 @@
                                ShowStatus("Request for connection of %s (ip: %s).\n", sd->userid, ip);
                                safestrncpy(sd->passwd, password, NAME_LENGTH);
                                if( login_config.use_md5_passwds )
-                                       MD5_String(sd->passwd, sd->passwd);
+                                       MD5_StringSalt(sd->passwd, sd->passwd);
                                sd->passwdenc = 0;
                        }
                        else
@@ -1486,7 +1486,7 @@
                        safestrncpy(sd->userid, (char*)RFIFOP(fd,2), NAME_LENGTH);
                        safestrncpy(sd->passwd, (char*)RFIFOP(fd,26), NAME_LENGTH);
                        if( login_config.use_md5_passwds )
-                               MD5_String(sd->passwd, sd->passwd);
+                               MD5_StringSalt(sd->passwd, sd->passwd);
                        sd->passwdenc = 0;
                        sd->version = login_config.client_version_to_connect; // hack to skip version check
                        server_ip = ntohl(RFIFOL(fd,54));
Index: src/map/script.c
--- src/map/script.c Base (BASE)
+++ src/map/script.c Locally Modified (Based On LOCAL)
@@ -14328,7 +14328,7 @@
 
        tmpstr = script_getstr(st,2);
        md5str = (char *)aMalloc((32+1)*sizeof(char));
-       MD5_String(tmpstr, md5str);
+       MD5_StringSalt(tmpstr, md5str);
        script_pushstr(st, md5str);
        return 0;
 }
Viewed 562 times, submitted by lighta.