need user password to connect xenforo with my gameserver

[Vasaken]

Hey guys,

so as explained in the title, i need every user's xenforo password, to allow them to login on my gameserver. I know where to find the password (xf_user_authenticate > field "remember_key"). But how could i get the password as it is hashed. Or how do i know how it is hashed, so i can do exactly the same hash ingame?

Thanks in advance!

- Vasaken

 

[Jake Bunce]

http://xenforo.com/community/threads/password-formula.32191/#post-367845

 

[Vasaken]

Thank you for the quick reply.
So Iam currently using this method to hash stuff. I've tried SHA-1 & SHA-256 but I got different keys with both of them using the "remember_key".

public static String sha256(String base) {
    try{
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        byte[] hash = digest.digest(base.getBytes("UTF-8"));
        StringBuffer hexString = new StringBuffer();

        for (int i = 0; i < hash.length; i++) {
            String hex = Integer.toHexString(0xff & hash[i]);
            if(hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }

        return hexString.toString();
    } catch(Exception ex){
      throw new RuntimeException(ex);
    }
}

Thanks in advance!

- Vasaken

EDIT: I found out that there is some "Salt" missing, but how can I find out whats the salt?

 

[Jeremy]

The remember key is *not* the hashed version of the password. The remember key is a separate hash (not sure what it is comprised of) that is stored within the cookie to verify quickly it is that user.

 

[Vasaken]

Okay, thanks!

So where is the password stored? And how do i encrypt a String to look exactly like the xenforo password?

- Vasaken

 

[Jeremy]

Where is the game located? On the same server or completely different servers?

 

[Vasaken]

The gameserver and my forum are running on the same server.
Thanks for helping!

- Vasaken