• 0

[VB.NET] Encrypting password in MD5


Question

I'm working on an Oscar client.. basically, I send the server a request for an "auth key" and the server sends the "auth key" which should be used to encrypt the password in MD5.

(to server) auth key please!

(to client) heres your auth key (in decimal): 50 54 49 50 54 48 55 57 55

(to server) here's my encrypted password: xxxxxxxxxx (how do i get this?)

Because there are no official Oscar protocol specs, I don't understand how I'm supposed to use MD5 to encrypt the password with this "auth key".

The reference I'm looking at is here: http://iserverd1.khstu.ru/oscar/snac_17_02.html

  Quote
You'll need password (note: I have that), authkey from SNAC(17,07) (note: I have that) and RFC 1321 md5 routines:

  #define AIM_MD5_STRING "AOL Instant Messenger (SM)"

  /* first we need md5-hash of our password */

  md5_init(&state);

  md5_append(&state, (const md5_byte_t *)passwd, strlen(passwd));

  md5_finish(&state, (md5_byte_t *)pass_hash);

  /* calculate md5-hash to send to server */

  md5_init(&state);

  md5_append(&state, (const md5_byte_t *)authkey, strlen(authkey));

  md5_append(&state, (const md5_byte_t *)pass_hash, sizeof(pass_hash));

  md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));

  md5_finish(&state, (md5_byte_t *)auth_hash);

  /* Now we ready send to server auth_hash array (16 bytes long) */

Obviously, this is in C (or c++ .. i dont know).. but appearantly, that's how you create the end result, but I can't make heads or tails of it.. how would I do it in vb.net?

Link to comment
https://www.neowin.net/forum/topic/240845-vbnet-encrypting-password-in-md5/
Share on other sites

5 answers to this question

Recommended Posts

  • 0

An oscar client? You are a brave my friend.

Public Shared Function MD5(ByVal stringIn As String) As Byte()
     ' You will need to make sure this is the encoding the server is expecting
     Dim bytesIn() As Byte = System.Text.Encoding.ASCII.GetBytes(stringIn)
     Dim bytesOut() As Byte = New System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(bytesIn)
     Return bytesOut
End Function

Remember MD5 isnt encryption, it's just a one-way hash algorithm.

  • 0

I was expecting a function that took two parameters (password, authkey).. for the most part, I couldve come up with that.. what I didnt understand in the original code was appending the authkey and password hash (as opposed to just concatenating the two strings), and how that changed the result.. so this doesnt help too much, but thanks anyway :) If you know how to do this though with appending, it will help a lot :yes:

do you have experience with the oscar protocol?

  • 0

Ah I see, you are going to need to do something like:

Dim passwordBytes() As Byte = MD5(myPassword)
Dim authBytes() As Byte = ' However you get this
Dim sendBytes(passwordBytes.Length + authBytes.Length - 1) As Byte
Array.Copy(passwordBytes, 0, sendBytes, 0, passwordBytes.Length)
Array.Copy(authBytes, 0, sendBytes, passwordBytes.Length, authBytes.Length)

  • 0

I don't know if this is correct. I'm not familiar with md5_append. Does it hash what's being stored?

Please note that this is just an example, not a full solution. I don't do those, unless I'm getting paid. ;)

	 Dim authkey_hash As Byte() =  {50, 54, 49, 50, 54, 48, 55, 57, 55}
 	 Const AIM_MD5_STRING As String = "AOL Instant Messenger (SM)"
 	 Dim data As Byte() = ASCIIEncoding.ASCII.GetBytes(textBox1.Text)
 	 Dim md5 As MD5 = New MD5CryptoServiceProvider
 	 Dim pass_hash As Byte() = md5.ComputeHash(data)
 	 Dim AIM_MD5_HASH As Byte() = ASCIIEncoding.ASCII.GetBytes(AIM_MD5_STRING)
 	 Dim auth_hash(pass_hash.Length + authkey_hash.Length + AIM_MD5_HASH.Length) As Byte
 	 Array.Copy(authkey_hash, 0, auth_hash, 0, authkey_hash.Length)
 	 Array.Copy(pass_hash, 0, auth_hash, authkey_hash.Length - 1, pass_hash.Length)
 	 Array.Copy(AIM_MD5_HASH, 0, auth_hash, (authkey_hash.Length - 1) + (pass_hash.Length - 1), AIM_MD5_HASH.Length)
 	 md5 = New MD5CryptoServiceProvider
 	 Dim send_hash As Byte() = md5.ComputeHash(auth_hash)
 	 textBox2.Text = ASCIIEncoding.ASCII.GetString(send_hash)

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Firefox 139.0.4 by Razvan Serea Firefox is a fast, full-featured Web browser. It offers great security, privacy, and protection against viruses, spyware, malware, and it can also easily block pop-up windows. The key features that have made Firefox so popular are the simple and effective UI, browser speed and strong security capabilities. Firefox has complete features for browsing the Internet. It is very reliable and flexible due to its implemented security features, along with customization options. Firefox includes pop-up blocking, tab-browsing, integrated Google search, simplified privacy controls, a streamlined browser window that shows you more of the page than any other browser and a number of additional features that work with you to help you get the most out of your time online. Download: Firefox 64-bit | Firefox 32-bit | ARM64 | ~60.0 MB (Freeware) Download: Firefox 139.0.4 for Linux | 64-bit | ~90.0 MB Download: Firefox for MacOS | 127.0 MB View: Firefox Home Page | Release Notes Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Joplin 3.3.13 by Razvan Serea Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. The notes are searchable, can be copied, tagged and modified either from the applications directly or from your own text editor. Notes exported from Evernote can be imported into Joplin, including the formatted content (which is converted to Markdown), resources (images, attachments, etc.) and complete metadata (geolocation, updated time, created time, etc.). Plain Markdown files can also be imported. The notes can be securely synchronised using end-to-end encryption with various cloud services including Nextcloud, Dropbox, OneDrive and Joplin Cloud. Full text search is available on all platforms to quickly find the information you need. The app can be customised using plugins and themes, and you can also easily create your own. The application is available for Windows, Linux, macOS, Android and iOS. A Web Clipper, to save web pages and screenshots from your browser, is also available for Firefox and Chrome. Features Web Clipper for Firefox and Chrome. End To End Encryption (E2EE). Note history (revisions). Synchronisation with various services, including Nextcloud, Dropbox, WebDAV and OneDrive. Offline first, so the entire data is always available on the device even without an internet connection. Import Enex files (Evernote export format) and Markdown files. Export JEX files (Joplin Export format) and raw files. Support notes, to-dos, tags and notebooks. Sort notes by multiple criteria - title, updated time, etc. Support for alarms (notifications) in mobile and desktop applications. Markdown notes, which are rendered with images and formatting in the desktop and mobile applications. Support for extra features such as math notation and checkboxes. Choice of both Markdown and Rich Text (WYSIWYG) editors. File attachment support - images are displayed, other files are linked and can be opened in the relevant application. Inline display of PDF, video and audio files. Goto Anything feature. Search functionality. Geo-location support. Supports multiple languages. External editor support - open notes in your favorite external editor with one click in Joplin. Extensible functionality through plugin and data APIs. Custom CSS support for customisation of both the rendered markdown and overall user interface. Customisable layout allows toggling, movement and sizing of various elements. Keyboard shortcuts are editable and allow binding of most Joplin commands with export/import functionality. Joplin 3.3.13 changelog: Fixed: Fix printing (#12244) (#12240 by @personalizedrefrigerator) Download: Joplin 3.3.13 | Joplin Portable | ~300 MB (Open Source) Download: MacOS | Android | Linux | iOS View: Joplin Home Page | GitHub project page Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Apple: lets take our inspiration from Windows 7/Vista and call it innovative
    • Nice! My $100 refurbished iPad 8 that I bought last year for a small project (and still runs like new cuz it's been mostly in storage the past several months) will get this v26 upgrade. I'm definitely gonna scope out OS26 on this device before upgrading my also-supported refurbished iPhone SE 3rd Gen (only got it for the 5G UW support).
    • Hello, The separate discussion about VLC has been moved to its own thread at  Regards, Aryeh Goretsky  
  • Recent Achievements

    • Dedicated
      MadMung0 earned a badge
      Dedicated
    • Rookie
      CHUNWEI went up a rank
      Rookie
    • Enthusiast
      the420kid went up a rank
      Enthusiast
    • Conversation Starter
      NeoToad777 earned a badge
      Conversation Starter
    • Week One Done
      VicByrd earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      ATLien_0
      267
    3. 3
      +FloatingFatMan
      257
    4. 4
      Edouard
      203
    5. 5
      snowy owl
      178
  • Tell a friend

    Love Neowin? Tell a friend!