• 0

[VB.NET] Encrypting password in MD5


Question

I'm working on an Oscar client.. basically, I send the server a request for an "auth key" and the server sends the "auth key" which should be used to encrypt the password in MD5.

(to server) auth key please!

(to client) heres your auth key (in decimal): 50 54 49 50 54 48 55 57 55

(to server) here's my encrypted password: xxxxxxxxxx (how do i get this?)

Because there are no official Oscar protocol specs, I don't understand how I'm supposed to use MD5 to encrypt the password with this "auth key".

The reference I'm looking at is here: http://iserverd1.khstu.ru/oscar/snac_17_02.html

  Quote
You'll need password (note: I have that), authkey from SNAC(17,07) (note: I have that) and RFC 1321 md5 routines:

  #define AIM_MD5_STRING "AOL Instant Messenger (SM)"

  /* first we need md5-hash of our password */

  md5_init(&state);

  md5_append(&state, (const md5_byte_t *)passwd, strlen(passwd));

  md5_finish(&state, (md5_byte_t *)pass_hash);

  /* calculate md5-hash to send to server */

  md5_init(&state);

  md5_append(&state, (const md5_byte_t *)authkey, strlen(authkey));

  md5_append(&state, (const md5_byte_t *)pass_hash, sizeof(pass_hash));

  md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));

  md5_finish(&state, (md5_byte_t *)auth_hash);

  /* Now we ready send to server auth_hash array (16 bytes long) */

Obviously, this is in C (or c++ .. i dont know).. but appearantly, that's how you create the end result, but I can't make heads or tails of it.. how would I do it in vb.net?

Link to comment
https://www.neowin.net/forum/topic/240845-vbnet-encrypting-password-in-md5/
Share on other sites

5 answers to this question

Recommended Posts

  • 0

An oscar client? You are a brave my friend.

Public Shared Function MD5(ByVal stringIn As String) As Byte()
     ' You will need to make sure this is the encoding the server is expecting
     Dim bytesIn() As Byte = System.Text.Encoding.ASCII.GetBytes(stringIn)
     Dim bytesOut() As Byte = New System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(bytesIn)
     Return bytesOut
End Function

Remember MD5 isnt encryption, it's just a one-way hash algorithm.

  • 0

I was expecting a function that took two parameters (password, authkey).. for the most part, I couldve come up with that.. what I didnt understand in the original code was appending the authkey and password hash (as opposed to just concatenating the two strings), and how that changed the result.. so this doesnt help too much, but thanks anyway :) If you know how to do this though with appending, it will help a lot :yes:

do you have experience with the oscar protocol?

  • 0

Ah I see, you are going to need to do something like:

Dim passwordBytes() As Byte = MD5(myPassword)
Dim authBytes() As Byte = ' However you get this
Dim sendBytes(passwordBytes.Length + authBytes.Length - 1) As Byte
Array.Copy(passwordBytes, 0, sendBytes, 0, passwordBytes.Length)
Array.Copy(authBytes, 0, sendBytes, passwordBytes.Length, authBytes.Length)

  • 0

I don't know if this is correct. I'm not familiar with md5_append. Does it hash what's being stored?

Please note that this is just an example, not a full solution. I don't do those, unless I'm getting paid. ;)

	 Dim authkey_hash As Byte() =  {50, 54, 49, 50, 54, 48, 55, 57, 55}
 	 Const AIM_MD5_STRING As String = "AOL Instant Messenger (SM)"
 	 Dim data As Byte() = ASCIIEncoding.ASCII.GetBytes(textBox1.Text)
 	 Dim md5 As MD5 = New MD5CryptoServiceProvider
 	 Dim pass_hash As Byte() = md5.ComputeHash(data)
 	 Dim AIM_MD5_HASH As Byte() = ASCIIEncoding.ASCII.GetBytes(AIM_MD5_STRING)
 	 Dim auth_hash(pass_hash.Length + authkey_hash.Length + AIM_MD5_HASH.Length) As Byte
 	 Array.Copy(authkey_hash, 0, auth_hash, 0, authkey_hash.Length)
 	 Array.Copy(pass_hash, 0, auth_hash, authkey_hash.Length - 1, pass_hash.Length)
 	 Array.Copy(AIM_MD5_HASH, 0, auth_hash, (authkey_hash.Length - 1) + (pass_hash.Length - 1), AIM_MD5_HASH.Length)
 	 md5 = New MD5CryptoServiceProvider
 	 Dim send_hash As Byte() = md5.ComputeHash(auth_hash)
 	 textBox2.Text = ASCIIEncoding.ASCII.GetString(send_hash)

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • This was cool back in the day when done properly - loved having icons of specific devices.
    • Microsoft quietly burying a massive Windows 7 hardware driver feature as Windows 11 kills it by Sayan Sen Last month Microsoft announced a big update for Windows hardware drivers. The company declared that it was killing Windows Device metadata and the Windows Metadata and Internet Services (WMIS). For those wondering what it is, device metadata, as the name suggests, is the collection of additional, user-facing information that an original equipment manufacturer (OEM) provides about a hardware device. The feature was introduced with Windows 7 and can include stuff like icons, logos, descriptive texts, among other things, that help the Windows UI display details about such devices in places like Task Manager or Device Manager. This was a huge deal back in the day when Windows 7 debuted. The company called the feature "Device Stage" and Microsoft described it as a "new visual interface" that essentially worked like a "multi-function version of Autoplay where it displays all the applications, services, and information related to your device." It is often considered synonymous with the Windows "Devices and Printers" Control Panel applet. Neowin did an in-depth overview of the feature when it first launched which you can find in its dedicated article here. The Windows OS was able to obtain the device experience metadata from the WMIS, but now that the feature is being deprecated, Microsoft has begun removing information about Device Stage from its official support documents. Neowin noticed while browsing that a support article regarding automatic Windows hardware drivers was updated for Windows 11 and 10 sometime last year after the release of Windows 11 24H2. Previously, this article was geared for Windows 7 and was much longer. It also contained information about Device Stage, which, as mentioned above, was a headlining feature on Windows 7. In the said article, the section "If Windows can't find information about your device in Device Stage" has been deleted. You can find the archived version of the support page here. Aside from shortening the amount of information on the page, Microsoft has also added some more details on it. The company has now tried to define what the Microsoft Basic Display Adapter is, how updating drivers through Device Manager works, as well as a thorough and detailed troubleshooting section for common hardware driver errors on Windows, including one for USB-C. You can find all the new details on the updated support page here on Microsoft's website.
    • Sounds creepy to say the least. Don't need nor want AI having access to my history. They're claiming it to be an "offline" model now, but how can we guarantee they don't go behind our backs and change that?
    • Exactly! Without those fundamentals you've mentioned, Democracy is literally just Demonstration of Crazy, nothing to be proud of in such system.
  • Recent Achievements

    • Veteran
      Yonah went up a rank
      Veteran
    • First Post
      viraltui earned a badge
      First Post
    • Reacting Well
      viraltui earned a badge
      Reacting Well
    • Week One Done
      LunaFerret earned a badge
      Week One Done
    • Week One Done
      Ricky Chan earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      481
    2. 2
      +FloatingFatMan
      264
    3. 3
      snowy owl
      238
    4. 4
      ATLien_0
      233
    5. 5
      Edouard
      176
  • Tell a friend

    Love Neowin? Tell a friend!