• 0

[VB.NET] Encrypting password in MD5

Asked by todd,

 Share

Question

Veteran

todd

Posted
Posted

I'm working on an Oscar client.. basically, I send the server a request for an "auth key" and the server sends the "auth key" which should be used to encrypt the password in MD5.

(to server) auth key please!

(to client) heres your auth key (in decimal): 50 54 49 50 54 48 55 57 55

(to server) here's my encrypted password: xxxxxxxxxx (how do i get this?)

Because there are no official Oscar protocol specs, I don't understand how I'm supposed to use MD5 to encrypt the password with this "auth key".

The reference I'm looking at is here: http://iserverd1.khstu.ru/oscar/snac_17_02.html

  Quote
You'll need password (note: I have that), authkey from SNAC(17,07) (note: I have that) and RFC 1321 md5 routines:

  #define AIM_MD5_STRING "AOL Instant Messenger (SM)"

  /* first we need md5-hash of our password */

  md5_init(&state);

  md5_append(&state, (const md5_byte_t *)passwd, strlen(passwd));

  md5_finish(&state, (md5_byte_t *)pass_hash);

  /* calculate md5-hash to send to server */

  md5_init(&state);

  md5_append(&state, (const md5_byte_t *)authkey, strlen(authkey));

  md5_append(&state, (const md5_byte_t *)pass_hash, sizeof(pass_hash));

  md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));

  md5_finish(&state, (md5_byte_t *)auth_hash);

  /* Now we ready send to server auth_hash array (16 bytes long) */

Obviously, this is in C (or c++ .. i dont know).. but appearantly, that's how you create the end result, but I can't make heads or tails of it.. how would I do it in vb.net?

Link to comment
https://www.neowin.net/forum/topic/240845-vbnet-encrypting-password-in-md5/
Share on other sites

5 answers to this question

Recommended Posts

  • 0
Enthusiast

FireRabbit

Posted
Posted

An oscar client? You are a brave my friend.

Public Shared Function MD5(ByVal stringIn As String) As Byte()
     ' You will need to make sure this is the encoding the server is expecting
     Dim bytesIn() As Byte = System.Text.Encoding.ASCII.GetBytes(stringIn)
     Dim bytesOut() As Byte = New System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(bytesIn)
     Return bytesOut
End Function

Remember MD5 isnt encryption, it's just a one-way hash algorithm.

  • 0
Veteran

todd

Posted
  • Author
Posted

I was expecting a function that took two parameters (password, authkey).. for the most part, I couldve come up with that.. what I didnt understand in the original code was appending the authkey and password hash (as opposed to just concatenating the two strings), and how that changed the result.. so this doesnt help too much, but thanks anyway :) If you know how to do this though with appending, it will help a lot :yes:

do you have experience with the oscar protocol?

  • 0
Enthusiast

FireRabbit

Posted
Posted

Ah I see, you are going to need to do something like:

Dim passwordBytes() As Byte = MD5(myPassword)
Dim authBytes() As Byte = ' However you get this
Dim sendBytes(passwordBytes.Length + authBytes.Length - 1) As Byte
Array.Copy(passwordBytes, 0, sendBytes, 0, passwordBytes.Length)
Array.Copy(authBytes, 0, sendBytes, passwordBytes.Length, authBytes.Length)

  • 0
Grand Master

azcodemonkey

Posted
Posted

I don't know if this is correct. I'm not familiar with md5_append. Does it hash what's being stored?

Please note that this is just an example, not a full solution. I don't do those, unless I'm getting paid. ;)

	 Dim authkey_hash As Byte() =  {50, 54, 49, 50, 54, 48, 55, 57, 55}
 	 Const AIM_MD5_STRING As String = "AOL Instant Messenger (SM)"
 	 Dim data As Byte() = ASCIIEncoding.ASCII.GetBytes(textBox1.Text)
 	 Dim md5 As MD5 = New MD5CryptoServiceProvider
 	 Dim pass_hash As Byte() = md5.ComputeHash(data)
 	 Dim AIM_MD5_HASH As Byte() = ASCIIEncoding.ASCII.GetBytes(AIM_MD5_STRING)
 	 Dim auth_hash(pass_hash.Length + authkey_hash.Length + AIM_MD5_HASH.Length) As Byte
 	 Array.Copy(authkey_hash, 0, auth_hash, 0, authkey_hash.Length)
 	 Array.Copy(pass_hash, 0, auth_hash, authkey_hash.Length - 1, pass_hash.Length)
 	 Array.Copy(AIM_MD5_HASH, 0, auth_hash, (authkey_hash.Length - 1) + (pass_hash.Length - 1), AIM_MD5_HASH.Length)
 	 md5 = New MD5CryptoServiceProvider
 	 Dim send_hash As Byte() = md5.ComputeHash(auth_hash)
 	 textBox2.Text = ASCIIEncoding.ASCII.GetString(send_hash)

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • RollBack Rx Pro 12.9 Build 2710971022

      By Copernic · Posted

      RollBack Rx Pro 12.9 Build 2710971022 by Razvan Serea RollBack Rx is a robust system restore utility that enables home users and IT professionals to easily restore a PC to a time before certain events occurred. In essence, it turns your PC into a Instant Time Machine. Regardless of what happens to your PC your can quickly and easily restore your PC to a previous time. Making it easy to rescue you from any PC disaster - saving time, money and PC trouble. Windows System Restore only restores Windows system files and some program files. In addition, if Windows crashes to a point were Windows itself can not boot up (ie. BSOD*) you would not be able to access your Windows System Restore points. In contrast, the RollBack Rx technology works at the sector level of the hard drive and restores everything! - right down to the last byte of data. It sits below Windows. So even if Windows crashes, there’s a sub-console (mini OS) that boots prior to windows. This allows you to access Rollback Rx and go back to a point in time when your system was working trouble-free. Key Features Go back to any previous point in time within seconds. Go back minutes, hours, days, weeks, or even months to any previous snapshot. Does not affect computer performance, uses minimal system resources. Supports unlimited snapshots. Creates a complete system snapshot without having to restart the system. Reverse any system crash within seconds (even if Windows cannot startup). Back out of any failed program, OS updates, and botched updates. Recover from any malware or virus attack within seconds. Works with VMWare and Virtual Machines, both as a host or within the virtual machine as a client. Supports Multi-boot, Multi OS workstations. Lock snapshots to prevent deletion. Intuitive GUI based snapshot manager. Explore, browse, and retrieve files and folders from any snapshot. Drag and drop them into your active system. Roll backwards as well as forwards to any available system snapshot. Allows users to safely test any software. Fast, 100% complete uninstaller. Retrieve files from a crashed PC, even if Windows cannot boot. Access control – manage levels of multiple user and administrative privileges. Automatically schedule snapshots to be taken on a fixed schedule or upon execution of specific files (ie. setup.exe) as well as manually. 256 bit AES snapshot encryption. Prevent unauthorized data theft in case of a stolen laptop. Group Management and Enterprise Network Administration Control (FREE utility). Comes with Stealth Mode where you can hide the RollBack Rx tray icon and splash screen (seen during bootup) Change the startup hotkey for sub-console access (default is HOME). Built-in snapshot defragmenter which will optimize system resources and recover free space. Option to keep files and folders unchanged when you roll-back. Advanced setup configuration wizard for system administrators which will set deployment options and predefined RollBack Rx settings. Offers detailed program operation logging. Supports all industry-standard deployment options including silent installations and pre-installation configuration. Explore RollBack Rx Pro with a 14-day trial, fully functional on Windows 11, 10, 8, and Windows 7 SP1** (32 and 64-bit). RollBack Rx Pro 12.9 Build 2710971022 changelog: General Add PnpLockdown in shieldm.inf Fix registry exclusion problem in Windows 11 24H2 release Add detailed logging for file filter driver Add detailed logging for Windows update Add time stamp to kernel drivers Change kernel driver and Win32 IRP structure Other small bug fixes / typos reported through tech support Endpoint Manager Add client report dashboard Add sound effect when receiving a EPM message. Keep EPM message history Fix bug that oversized Windows symbol files cannot be downloaded Download: RollBack Rx Pro 12.9 | 61.0 MB (Shareware) View: RollBack Rx Home Page Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Universal Media Server 14.12.1

      By Copernic · Posted

      Universal Media Server 14.12.1 by Razvan Serea Universal Media Server is a DLNA-compliant UPnP Media Server. UMS was started by SubJunk, an official developer of PMS, in order to ensure greater stability and file-compatibility. The program streams or transcodes many different media formats with little or no configuration. It is powered by MEncoder, FFmpeg, tsMuxeR, AviSynth, MediaInfo and more, which combine to offer support for a wide range of media formats. Because it is written in Java, Universal Media Server supports all major operating systems, with versions for Windows, Linux and Mac OS X. To see a comparison of popular media servers, click here. Universal Media Server 14.12.1 changelog: General Added status page to readme Fixed videos not being marked as fully played (#5373) (thanks, @Fredo1650!) Fixed adding YouTube channels from handle URLs (URLs with @ in them) Fixed handling special characters on Linux (#5100) (thanks, @LaTeteDansLesEtoiles!) Fixed directory browsing crash (#5189) (thanks, @jt-gilkeson!) Fixed FFmpeg on Linux x86_64 and arm64 (#5465) (thanks, @KanjiMonster!) Fixed logspam like "Could not hydrate device or its services from descriptor" (#5292) (thanks, MTOakey!) Fixed broken YouTube video playback Fixed web interface E2E testing on CI using outdated code because of overeager caching Fixed broken video playback when burning subtitles to H.265 via FFmpeg (#5486) Improved logging Translation updates via Crowdin Chinese (Simplified) (59%) (thanks, 無情天!) Dutch (41%) (thanks, Matthias!) Hungarian (86%) (thanks, Zoltán Rózsa!) Japanese (69%) (thanks, Yukihuru!) Download: Universal Media Server 14.12.1 | 203.0 MB (Open Source) Download: Other operating systems View: Universal Media Server Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Reddit takes legal action, says Anthropic trained Claude on Reddit posts without permission

      By Chay Meredith · Posted

      You sign your rights to reddit when you write on their platform. Free labour for them to make money. The AI companies should also take advantage of that free labour.
    • Brave 1.79.123

      By Copernic · Posted

      Brave 1.79.123 by Razvan Serea Brave Browser is a lightning-fast, secure web browser that stands out from the competition with its focus on privacy, security, and speed. With features like HTTPS Everywhere and built-in tracker blocking, Brave keeps your online activities safe from prying eyes. Brave is one of the safest browsers on the market today. It blocks third-party data storage. It protects from browser fingerprinting. And it does all this by default. Speed - Brave is built on Chromium, the same technology that powers Google Chrome, and is optimized for speed, providing a fast and responsive browsing experience. Brave Browser also features Brave Rewards, a system that rewards users with Basic Attention Tokens (BAT) for viewing opt-in ads. This innovative system provides an alternative revenue model for content creators and a way to support the Brave community. Brave 1.79.123 changelog: Leo Improved citation UI. (#45761) General [Security] Fixed missing DDNS navigation throttle for subframes as reported on HackerOne by newfunction. (#46703) Fixed crash which occurred when clicking on the “View site information” icon in the address bar while having “Don’t allow sites to scroll and zoom shared tabs” enabled. (#46566) Fixed crash which occurred with the “Save autofill” prompt in certain cases. (#45546) Upgraded Chromium to 137.0.7151.104. (#46712) (Changelog for 137.0.7151.104) Download: Brave Browser 64-bit | 1.2 MB (Freeware) Download: Brave Browser 32-bit View: Brave Homepage | Offline Installers | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Wikipedia suffers backlash from human editors over AI summaries, prompting feature pause

      By samw61 · Posted

      A summary of the article shouldn't be an issue in theory, as the information is all based within the document itself. The problem with a lot of AI models is that they are trained off both Wikipedia as a primary source and other secondary websites which have less reliable information. As an encyclopaedia it is no doubt going to have bias in one way or another, all encyclopaedias do. The difference is that there is a process for a lot of this information to be figured out whether or not it is an opinion, or the source of that information, and to be aware of the possible bias in the first place, even your own bias as a reader. The way many people understand languages these days is quite limited, particularly in certain areas of the world. This is obvious in many types of "journalism" where some articles are thinly disguised opinion pieces, Where language is carefully curated to push a point of view despite it looking like fact. This is partly why a lot of the Western world is now so divided.

  • Recent Achievements

    • Apprentice
      Adrian Williams went up a rank
      Apprentice
    • Reacting Well
      BashOrgRu earned a badge
      Reacting Well
    • Collaborator
      CHUNWEI earned a badge
      Collaborator
    • Apprentice
      Cole Multipass went up a rank
      Apprentice
    • Posting Machine
      David Uzondu earned a badge
      Posting Machine

  • Popular Contributors

    1. 1
      +primortal
      519
    2. 2
      ATLien_0
      260
    3. 3
      +Edouard
      191
    4. 4
      +FloatingFatMan
      175
    5. 5
      snowy owl
      133
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!