need user password to connect xenforo with my gameserver

Hey guys,

so as explained in the title, i need every user's xenforo password, to allow them to login on my gameserver. I know where to find the password (xf_user_authenticate > field "remember_key"). But how could i get the password as it is hashed. Or how do i know how it is hashed, so i can do exactly the same hash ingame?

Thanks in advance!

- Vasaken
Thank you for the quick reply.
So Iam currently using this method to hash stuff. I've tried SHA-1 & SHA-256 but I got different keys with both of them using the "remember_key".

public static String sha256(String base) {
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        byte[] hash = digest.digest(base.getBytes("UTF-8"));
        StringBuffer hexString = new StringBuffer();

        for (int i = 0; i < hash.length; i++) {
            String hex = Integer.toHexString(0xff & hash[i]);
            if(hex.length() == 1) hexString.append('0');

        return hexString.toString();
    } catch(Exception ex){
      throw new RuntimeException(ex);
Thanks in advance!

- Vasaken

EDIT: I found out that there is some "Salt" missing, but how can I find out whats the salt?
Last edited:


Well-known member
The remember key is *not* the hashed version of the password. The remember key is a separate hash (not sure what it is comprised of) that is stored within the cookie to verify quickly it is that user.
Okay, thanks!

So where is the password stored? And how do i encrypt a String to look exactly like the xenforo password?

- Vasaken