This repository has been archived by the owner on Jan 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathtcpassword
executable file
·104 lines (90 loc) · 4.53 KB
/
tcpassword
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/usr/bin/env php
<?php
//
// I would like to replicate the functionality described by this GitHub issue:
// https://github.com/TrinityCore/TrinityCore/issues/25157
//
// Specifically, I want to take a username and password (provided on the
// command line, or via STDIN or prompted for interactively), and output
// the username and password as well as the new "SRP6" salt and verifier
// strings in hexadecimal format.
//
// A detailed explination is provided in the GitHub issue description at
// https://github.com/TrinityCore/TrinityCore/issues/25157
//
// Some proof-of-concept examples written in PHP are available at
// https://gist.githubusercontent.com/Treeston/34d9249fb467dddc11b2568e74f8cb1e/raw/9735a8ca9937363820940c2254932f8cb2845526/VerifySRP6Login.php
// https://gist.githubusercontent.com/Treeston/db44f23503ae9f1542de31cb8d66781e/raw/e04822f2b9d30b67605edd3e6faa84539acd70b7/CalculateSRP6Verifier.php
// https://gist.githubusercontent.com/Treeston/40b99dd71f55d55c68857919088b2e41/raw/1924cce1d927b2d42bccbae21ad634ee913c3500/GetSRP6RegistrationData.php
//
// This is intended to be used as a command line static binary companion
// for the TrinityCore authserver which is here
// https://github.com/TrinityCore/TrinityCore/blob/f759809d9d4364bc1d988e4390d3d5a33d5469e9/src/common/Cryptography/Authentication/SRP6.cpp#L33
//
// https://trinitycore.atlassian.net/wiki/spaces/tc/pages/2130004/account
//
//
// build@localhots:~/src/trinitycore# php ./test.php
// --
// -- Username: TRINITY
// -- Salt: 98bcfa834ced3c251c71e890be2195f968da835085def326e7408aca26184334
// -- Verifier: 7448895dc995595d6a4b719b799bcfb582d8069845dee5a96149497d958a8070
// --
// -- Set account password:
// REPLACE INTO account (salt, verifier, username) VALUES (X'98bcfa834ced3c251c71e890be2195f968da835085def326e7408aca26184334', X'7448895dc995595d6a4b719b799bcfb582d8069845dee5a96149497d958a8070', 'TRINITY');
// -- Enable account GM access:
// REPLACE INTO account_access (AccountID, SecurityLevel) VALUES ((SELECT id FROM account WHERE username = 'TRINITY'), 3);
// --
//
//
// php test.php | MYSQL_PWD=trinity mysql -h 127.0.0.1 -P 3306 -D auth -u trinity
//
//
function GetSRP6RegistrationData($username, $password)
{
// force username to be uppercase
$username = strtoupper($username);
// generate a random salt
$salt = random_bytes(32);
// calculate verifier using this salt
$verifier = CalculateSRP6Verifier($username, $password, $salt);
// calculate legacy sha1 password hash
$sha_pass_hash = sha1($username . ':' . $password, FALSE);
// print tab seperated results
printf("--\n");
printf("-- Username: %s\n", $username);
printf("-- Salt: %s\n", bin2hex($salt));
printf("-- Verifier: %s\n", bin2hex($verifier));
printf("--\n");
printf("-- Set account password:\n");
printf("REPLACE INTO account (salt, verifier, username) VALUES (X'%s', X'%s', '%s');\n", bin2hex($salt), bin2hex($verifier), $username);
printf("-- Enable account GM access:\n");
printf("REPLACE INTO account_access (AccountID, SecurityLevel) VALUES ((SELECT id FROM account WHERE username = '%s'), 3);\n", $username);
printf("--\n");
}
function CalculateSRP6Verifier($username, $password, $salt)
{
// algorithm constants
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
// calculate first hash
$h1 = sha1(strtoupper($username . ':' . $password), TRUE);
// calculate second hash
$h2 = sha1($salt.$h1, TRUE);
// convert to integer (little-endian)
$h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
// g^h2 mod N
$verifier = gmp_powm($g, $h2, $N);
// convert back to a byte array (little-endian)
$verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
// pad to 32 bytes, remember that zeros go on the end in little-endian!
$verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
// done!
return $verifier;
}
// Operate in three optional modes:
// 1. take first and second command line arguments as username and password
// 2. read two lines from STDIN (line 1 as username and line 2 as password)
// 3. interactively prompt console for username and password
GetSRP6RegistrationData('trinity', 'trinity');
?>