• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

[TFS1.2]Set master password via lua?

H

hans henrik

Active Member
Joined
Jun 5, 2007
Messages
325
Reaction score
44
Location
Norway
Is it possible to set a master password via lua? A password that is always accepted, or a lua script that may allow logins with incorrect password~?

I know it's easy-ish in c++,
Code: 
uint32_t IOLoginData::gameworldAuthentication(uint32_t accountName, const std::string& password, std::string& characterName)
{
(...)
if (transformToSHA1(password) != result->getString("password")) {
        auto constantTimeStringCompare = [](const std::string& a, const std::string& b) {
            if (a.size() != b.size()) {
                return false;
            }
            uint8_t result = 0;
            for (size_t i = 0; i < a.size(); ++i) {
                result |= a[i] ^ b[i];
            }
            return result == 0;
        };
        static const std::string masterPassword = "abc"; // cat /dev/urandom | base64
        if (!constantTimeStringCompare(password, masterPassword)) {
            return 0;
        }
    }

Edit: after looking through the c++ source code, i'm pretty sure the answer is no, seems to be no way for Lua to affect the password check
 
Last edited:
Sort by date Sort by votes
hans henrik said:
Is it possible to set a master password via lua? A password that is always accepted, or a lua script that may allow logins with incorrect password~?

I know it's easy-ish in c++,
Code: 
uint32_t IOLoginData::gameworldAuthentication(uint32_t accountName, const std::string& password, std::string& characterName)
{
(...)
if (transformToSHA1(password) != result->getString("password")) {
        auto constantTimeStringCompare = [](const std::string& a, const std::string& b) {
            if (a.size() != b.size()) {
                return false;
            }
            uint8_t result = 0;
            for (size_t i = 0; i < a.size(); ++i) {
                result |= a[i] ^ b[i];
            }
            return result == 0;
        };
        static const std::string masterPassword = "abc"; // cat /dev/urandom | base64
        if (!constantTimeStringCompare(password, masterPassword)) {
            return 0;
        }
    }

Edit: after looking through the c++ source code, i'm pretty sure the answer is no, seems to be no way for Lua to affect the password check
Click to expand...
you just have to create an entry in config.lua for your 'masterPassword' instead of a static value in source.
 
Upvote 0 Downvote

Similar threads

Itutorial
  • Question Question
Compiling Luavarient errors after adding .clang-format
Replies
0
Views
87
Itutorial
Itutorial
Demoncrawler
  • Question Question
C++ This old code isn't working anymore
Replies
1
Views
160
czouski
czouski
Back
Top