SOAP Password Encription

Ideas and discussions on third party tools and utilities

Moderator: Forum Moderator

Post Reply
User avatar
Mutt-Li
Novice Crafter
Posts: 45
Joined: Fri Oct 22, 2010 7:06 pm

SOAP Password Encription

Post by Mutt-Li » Sun Dec 12, 2010 6:44 pm

Anyone know how to encrypt the password in a language other than Java
I need it to use the SOAP functions
:(

User avatar
Zimoon
Forum Moderator
Posts: 4817
Joined: Mon May 14, 2007 6:55 am
Location: Stockholm, SE
Contact:

Re: SOAP Password Encription

Post by Zimoon » Sun Dec 12, 2010 8:51 pm

I guess you can have a look at the source code for SWGAide and together with Google find what you need for Delphi, right? Also, moved this topic to 3:rd party chatting which seems more appropriate :)

/Zimoon

User avatar
Sobuno
Developer
Posts: 2589
Joined: Sun Mar 25, 2007 2:17 am
Contact:

Re: SOAP Password Encription

Post by Sobuno » Sun Dec 12, 2010 9:05 pm

PHP 5:

Code: Select all

function encryptPassword($rawPass)
{
	$client = new SoapClient("http://www.swgcraft.org/dev/soap/server.php?wsdl");
	$keyAndIv = $client->CryptKeyIV();
	$key = $keyAndIv->Key;
	$iv = $keyAndIv->IV;

	$td = mcrypt_module_open('rijndael-128', '', 'cbc', $iv);
	mcrypt_generic_init($td, $key, $iv);

	$pass = bin2hex(mcrypt_generic($td, $rawPass));

	mcrypt_generic_deinit($td);
	mcrypt_module_close($td);
	
	return $pass;
}
though I would advise against creating a seperate SoapClient for use internally in a function.

If you already know how to use SOAP, you just need to know how to use Rijndael-128 (Also known as AES-128); Wikipedia has a list of implementations for a variety of languages: http://en.wikipedia.org/wiki/AES_implementations#Delphi

User avatar
Mutt-Li
Novice Crafter
Posts: 45
Joined: Fri Oct 22, 2010 7:06 pm

Re: SOAP Password Encription

Post by Mutt-Li » Mon Dec 13, 2010 9:45 pm

after doing a google search on the mcrypt_generic_init function, i might have found a compatible lib,
will let you all know how things go

User avatar
Mutt-Li
Novice Crafter
Posts: 45
Joined: Fri Oct 22, 2010 7:06 pm

Re: SOAP Password Encription

Post by Mutt-Li » Mon Dec 13, 2010 11:48 pm

still no match on passwords
obviously using wrong encryption

Sobuno, can i get you to run your encryption with randomized keys , ivs and random passwords, and post the results
something like

key=43defacb45
iv=4563cd96a6d8
pass=thisisatest001
result=4c4c56c2d24a776b56c8e8f6a56e8

for each run (note i types the above in so it will be incorrect)

User avatar
Sobuno
Developer
Posts: 2589
Joined: Sun Mar 25, 2007 2:17 am
Contact:

Re: SOAP Password Encription

Post by Sobuno » Tue Dec 14, 2010 1:41 am

Key: d73d4154dbb7eafd
IV: a9d226b524283e5a
Pass: thisisatest001
Result: b1228d3120e582fa4715cccdd3bf2cac

Remember to use NULL-padding to pad to a multiple of 16:

Key: d73d4154dbb7eafd
IV: a9d226b524283e5a
Pass: thisisatest001\0\0
Result: b1228d3120e582fa4715cccdd3bf2cac

Key and IV obtained from the SOAP action CryptKeyIV

User avatar
Mutt-Li
Novice Crafter
Posts: 45
Joined: Fri Oct 22, 2010 7:06 pm

Re: SOAP Password Encription

Post by Mutt-Li » Tue Dec 14, 2010 9:04 am

I noticed the last half of your result is the same as the first half,
my results where the same as the first half of yours (and the same as the last half)
I tried doubling mine, but that didn't work,
I tried changing the case, (both single and doubled) that didn't work

can you please try this one, i want to see what happens with password over 16 characters long

Key := d73d4154dbb7eafd
IV := a9d226b524283e5a
Pass := thisisatest0011234
Result := 426F398AAB31398875537ACC5228EE3A30DC9CB73FEF25EF31C61E4FFBDB5B2A

other than that , im not sure what to try next

User avatar
Sobuno
Developer
Posts: 2589
Joined: Sun Mar 25, 2007 2:17 am
Contact:

Re: SOAP Password Encription

Post by Sobuno » Tue Dec 14, 2010 12:21 pm

Ah, no need to double it, that was just a mistake I made when outputting it.

Key: d73d4154dbb7eafd
IV: a9d226b524283e5a
Pass: thisisatest0011234
Result: 426f398aab31398875537acc5228ee3a30dc9cb73fef25ef31c61e4ffbdb5b2a

It seems your result is correct, what SOAP action are you trying to use?

Also, remember that you have to get your own key and IV from the CryptKeyIV SOAP action; the ones we're using to test here right now are just the ones I currently assigned to me.

Try showing us your request XML string. Here's mine for GetDetailedUserInfo:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?> 
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:swgcraft" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:GetDetailedUserInfo><login xsi:type="ns1:Login"><userid xsi:type="xsd:string">10</userid><md5pass xsi:type="xsd:string">encryptedPassGoesHere</md5pass></login></ns1:GetDetailedUserInfo></SOAP-ENV:Body></SOAP-ENV:Envelope> 
or formatted a bit:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?> 
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:swgcraft" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
	<SOAP-ENV:Body>
		<ns1:GetDetailedUserInfo>
			<login xsi:type="ns1:Login">
				<userid xsi:type="xsd:string">10</userid>
				<md5pass xsi:type="xsd:string">encryptedPassGoesHere</md5pass>
			</login>
		</ns1:GetDetailedUserInfo>
	</SOAP-ENV:Body>
</SOAP-ENV:Envelope> 

User avatar
Mutt-Li
Novice Crafter
Posts: 45
Joined: Fri Oct 22, 2010 7:06 pm

Re: SOAP Password Encription

Post by Mutt-Li » Tue Dec 14, 2010 4:26 pm

Thanks for the help, Finnally got it,
was parsing the user name , not userid

User avatar
Sobuno
Developer
Posts: 2589
Joined: Sun Mar 25, 2007 2:17 am
Contact:

Re: SOAP Password Encription

Post by Sobuno » Tue Dec 14, 2010 4:45 pm

Mutt-Li wrote:Thanks for the help, Finnally got it,
was parsing the user name , not userid
Great, looking forward to see what you use it for :)

Btw. if you feel any SOAP actions are missing, just tell me and I'll consider adding them.

Post Reply

Who is online

Users browsing this forum: No registered users and 12 guests