Comments (27)
just validate the encrypted password like almost any other account system does
We need the private key to decrypt the password and then check it against the password in the db
from grasscutter.
just validate the encrypted password like almost any other account system does
from grasscutter.
on first login, the password can be anything, -> save the rsa encrypted password sent by client and save it as the account password -> profit
from grasscutter.
on first login, the password can be anything, -> save the rsa encrypted password sent by client and save it as the account password -> profit
RSA encryption contains things like salt, the encryption results are different after entering the same password
from grasscutter.
[15:13:30] [INFO] {"account":"MlgmXyysd","password":"esrL7MEvqJ6RsWRQm0OdzGSdD1EQyuFDjMDDcVJYHoyl28m4oH0KJpKw7+PkNb2mCyBtPxwfpl3U1SDnHHRLv2oG8hM9OTAq+QsouTe56tiMgLilcb94GJY6IilycWvu2xRZn/TLqhoacSOw8H/ZwbY6Gd/Lei/bqENVIAsMtog=","is_crypto":true}
[15:13:34] [INFO] {"account":"MlgmXyysd","password":"B2RMEx/mJ/zYWWOe6BOYuwqcq51QVkG73DGDFzyzGJdjLzZaJTk00dLE2jHRNOwfS5501IUeQmQmzjS/zicnRiFB8Ktng7k2ets7EN939g7xfq5U/0LMybVfJuLGZjQ1OGvVtLBMc6juBjRlz+gqw8R5odmtjC/dAenHj6fShJ4=","is_crypto":true}
[15:13:38] [INFO] {"account":"MlgmXyysd","password":"nd4LoTtci82CqKmswtQfyNBb7kVWS953/wANfKmZju8IgP/kBjeUxY9EwujKnex+AmXF43FrA5l+LAw1llTlwifNmzVEoU2yNa8Y3F4Oa9mhD7rDfuFtmWvhHHn+EJBQM0DtHmm7WK68oAfsZkb+GE62263RapheE04iuMaUY6Q=","is_crypto":true}
Three consecutive login requests, the password I entered is 1
from grasscutter.
on first login, the password can be anything, -> save the rsa encrypted password sent by client and save it as the account password -> profit
RSA encryption contains things like salt, the encryption results are different after entering the same password
Yes, it is GCM mechanism, like aes256-gcm
from grasscutter.
Some useful props
registry:
HKEY_CURRENT_USER\SOFTWARE\miHoYo\原神\
(CNREL)
GENERAL_DATA_h*
MIHOYOSDK_ADL_PROD_*_h*
username length limit: 50
from grasscutter.
I think we can start with a third-party login
from grasscutter.
我想我们可以从登录
For example, BiliGame third party login
from grasscutter.
For example, BiliGame third party login
No such option on mobile client
from grasscutter.
比如BiliGame第三方登录
手机客户端没有这个选项
Bilibili Channel service
from grasscutter.
我想我们可以从登录
比如BiliGame第三方登录
Biligame provides a set of tools to test whether the protocol works properly. Maybe we can use this tool
from grasscutter.
Bilibili Channel service
No use, login will be redirected to Hoyoverse
from grasscutter.
It seems possible to log in using biligame by modifying the configuration
from grasscutter.
It seems possible to log in using biligame by modifying the configuration
impossible, only Hoyoverse username & password login option on CNRELiOS
from grasscutter.
好像可以通过修改配置使用biligame登录
不可能,CNRELiOS 上只有 Hoyoverse 用户名和密码登录选项
I just studied biligame. It seems that it is only applicable to Android and windows
from grasscutter.
I just studied biligame. It seems that it is only applicable to Android and windows
Why don't you give it a try? No bilibiligame after passing the proxy
from grasscutter.
我刚学了biligame。好像只适用于安卓和windows
你为什么不试一试?通过代理后没有bilibiligame
We may hijack Twitter's web login and replace Twitter's login page and authentication JS with our own page, which should be feasible
from grasscutter.
We may hijack Twitter's web login and replace Twitter's login page and authentication JS with our own page, which should be feasible
There is no third party login option
from grasscutter.
我们可能会劫持推特的网页登录,将推特的登录页面和认证JS替换为我们自己的页面,应该是可行的
没有第三方登录选项
We need to verify when we log in. It seems that this will make the game pop up captcha. Can we replace captcha's web page with a password input box
from grasscutter.
我们可能会劫持推特的网页登录,将推特的登录页面和认证JS替换为我们自己的页面,应该是可行的
没有第三方登录选项
I just went to confirm that captcha is indeed a web page. Maybe we can use this to change the original captcha check to password check
from grasscutter.
I think implementing in-game login is a nice and possible idea.
from grasscutter.
can we connect both web register and in-game login to the same db? Just wondering cuz I've seen a game used that method
from grasscutter.
can we connect both web register and in-game login to the same db? Just wondering cuz I've seen a game used that method
I think that's already the case. BTW, my minecraft also uses this method.
from grasscutter.
account username with random hash as password?
Account is password
from grasscutter.
How about this one? add login/register endpoint to grasscutter, use launcher or web or anything to get jwt, payload of jwt is token, username, and uid. Use that token to login ( username column ). Other platform is supported if we use web to generate that jwt
from grasscutter.
Already fixed by multiple solutions
from grasscutter.
Related Issues (20)
- [Bug] 一直准备下载资源,并报错4206
- 游戏服务器端口拒绝连接 HOT 1
- 版本更新请求 HOT 12
- [Bug] Missing Scripts HOT 1
- [Bug] 烹饪j界面看不到任何食材,核心1.7.4 HOT 1
- [Bug] ley line is missing in the game
- [Bug] 怎么在多个IP上启动服务器
- [Bug] Can’t change language to Japanese-Jp
- [Bug] Newly registered accounts play the opening storyline twice.新注册的账号会播放两遍开场剧情
- 如何重置珍珠纪行奖励和时间,重新新的一轮奖励获取? How to reset the Pearl Battle Pass rewards and time, and obtain a new round of rewards?
- 流明石触媒无法升级。 HOT 1
- [Bug] Memory leak 内存泄露
- [Bug] 如何重置珍珠纪行奖励和时间,重新新的一轮奖励获取? How to reset the Pearl Battle Pass rewards and time, and obtain a new round of rewards?
- [Bug] Call unchecked GetServerTime HOT 2
- [Bug] 角色q技能图标一直闪烁,按住前进角色一顿一顿的需要怎么解决
- [Bug] spiralabyss Countdown error HOT 1
- [Bug] 传送用不了
- project HOT 1
- [Feature Request] 怎么一键点亮所有的神像和传送锚点? HOT 1
- [Bug] GenerateEffectiveLombokConfig
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from grasscutter.