ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE. Software > Finished Programs

DONE: create a stand alone app that implements oplop

<< < (2/3) > >>

for the final password: ZmU2YjY1  You can see that this isn't even close to what it's supposed to be: sar4_zIs
-skwire (November 29, 2012, 01:34 PM)
--- End quote ---
I have the same results you get, and I'm using PascalScript (of Inno Setup fame ;))
Wonder Now I see how he manages to get an underscore in the Base64'd result, as that's not in my Base64 characterset (A-Z, a-z, + and / filled-up with = at the end as needed) :tellme:

Found it: base64url, has - and _ instead of + and /

But the result is still not even close :(

But the result is still not even close :(
-Ath (November 29, 2012, 02:43 PM)
--- End quote ---
Checked the MD5 results of PascalScript with the values shown in the MD5 wiki page, and they're exactly the same, so most presumable he used his own secret password instead of 'secret password' for the example. Now let's see if we can hack his Amazon account... :greenclp:

so most presumable he used his own secret password instead of 'secret password' for the example-Ath (November 29, 2012, 02:57 PM)
--- End quote ---

I don't think so since I ran the "Amazon/secret password" combo on his web implementation and got the correct output.

Oops, why didn't we 'see' that?  :-[
My current result:
Concatenated string: secret passwordAmazon
MD5 result: 0xb1aaf8ff322cc425df0589656079154b
Base64 encoded: sar4_zIsxCXfBYllYHkVSw==
Oplop password: sar4_zIs

The culprit is the red marked 0x, the output of both our MD5 encoders is a bin to hex-string conversion. That has to be recoded into binary data, then fed to a base64url encoder to get the desired result :up:

And the concatenation is expected to be "secret password" + "mnemonic", and not the other way around :tellme:
(saw that when I eventually re-did the implementation in AutoIt, just for the fun of it :P)

--- Code: AutoIt ---#include <Crypt.au3>#include "Base64.au3" ; oplop, returns private_password + mnemonic -> oplop passwordhashFunc oplop($secret, $mnemonic)    Local $i, $b = False    ; Next 2 Global vars should be Local, now global only for msgbox use :-)    Global $md5 = _Crypt_HashData($secret & $mnemonic , $CALG_MD5)    Global $base64 = StringReplace(StringReplace(_Base64Encode($md5, 256), "/","_"), "+","-") ; additional conversions for base64url    Local $r = ""    For $i = 1 To 8        If StringRegExp(StringMid($base64, $i, 1), "\d") Then $b = True    Next    If Not $b Then        $i = 8        While $i <= StringLen($base64)            If StringRegExp(StringMid($base64, $i, 1), "\d") Then                If Not $b Then                    $b = True                    $r &= StringMid($base64, $i, 1)                Else                    $r &= StringMid($base64, $i, 1)                EndIf            Else                If $b Then $i = StringLen($base64)            EndIf            $i += 1        WEnd    EndIf    Return StringLeft($r & $base64, 8)EndFunc Local $secret = "secret password", $mnemonic = "Amazon" Local $result = oplop($secret, $mnemonic) MsgBox(0,"test","Concatenated string: " & $secret & $mnemonic & @CRLF & "MD5 result : " & $md5 & @CRLF & "Base64 encoded : " & $base64 & @CRLF & "Oplop password: " & $result)
It uses the base64 coding routines found here

Thanks everyone.

mouser - thanks for the comments and idea about NANY 2013 entry.

skwire and Ath - thanks for the time you have put into this, I do appreciate it.

The reason I asked about in in AutoIT is exactly as skwire surmised, I have used it before.  I code, but I would not say I am a coder (yet).

I tried to get the "Base64.au3" from the link you posted, but everytime I get the zip file, it shows as corrupt.  Is there any other location for that include file?

Thanks very much.


[0] Message Index

[#] Next page

[*] Previous page

Go to full version