• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

need user password to connect xenforo with my gameserver

#1
Hey guys,

so as explained in the title, i need every user's xenforo password, to allow them to login on my gameserver. I know where to find the password (xf_user_authenticate > field "remember_key"). But how could i get the password as it is hashed. Or how do i know how it is hashed, so i can do exactly the same hash ingame?

Thanks in advance!

- Vasaken
 
#3
Thank you for the quick reply.
So Iam currently using this method to hash stuff. I've tried SHA-1 & SHA-256 but I got different keys with both of them using the "remember_key".

Code:
public static String sha256(String base) {
    try{
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        byte[] hash = digest.digest(base.getBytes("UTF-8"));
        StringBuffer hexString = new StringBuffer();

        for (int i = 0; i < hash.length; i++) {
            String hex = Integer.toHexString(0xff & hash[i]);
            if(hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }

        return hexString.toString();
    } catch(Exception ex){
      throw new RuntimeException(ex);
    }
}
Thanks in advance!

- Vasaken

EDIT: I found out that there is some "Salt" missing, but how can I find out whats the salt?
 
Last edited:

Jeremy

Well-known member
#4
The remember key is *not* the hashed version of the password. The remember key is a separate hash (not sure what it is comprised of) that is stored within the cookie to verify quickly it is that user.
 
#5
Okay, thanks!

So where is the password stored? And how do i encrypt a String to look exactly like the xenforo password?

- Vasaken