Implement account system about grasscutter HOT 27 CLOSED

just validate the encrypted password like almost any other account system does

We need the private key to decrypt the password and then check it against the password in the db

from grasscutter.

just validate the encrypted password like almost any other account system does

from grasscutter.

on first login, the password can be anything, -> save the rsa encrypted password sent by client and save it as the account password -> profit

from grasscutter.

on first login, the password can be anything, -> save the rsa encrypted password sent by client and save it as the account password -> profit

RSA encryption contains things like salt, the encryption results are different after entering the same password

from grasscutter.

[15:13:30] [INFO] {"account":"MlgmXyysd","password":"esrL7MEvqJ6RsWRQm0OdzGSdD1EQyuFDjMDDcVJYHoyl28m4oH0KJpKw7+PkNb2mCyBtPxwfpl3U1SDnHHRLv2oG8hM9OTAq+QsouTe56tiMgLilcb94GJY6IilycWvu2xRZn/TLqhoacSOw8H/ZwbY6Gd/Lei/bqENVIAsMtog=","is_crypto":true}
[15:13:34] [INFO] {"account":"MlgmXyysd","password":"B2RMEx/mJ/zYWWOe6BOYuwqcq51QVkG73DGDFzyzGJdjLzZaJTk00dLE2jHRNOwfS5501IUeQmQmzjS/zicnRiFB8Ktng7k2ets7EN939g7xfq5U/0LMybVfJuLGZjQ1OGvVtLBMc6juBjRlz+gqw8R5odmtjC/dAenHj6fShJ4=","is_crypto":true}
[15:13:38] [INFO] {"account":"MlgmXyysd","password":"nd4LoTtci82CqKmswtQfyNBb7kVWS953/wANfKmZju8IgP/kBjeUxY9EwujKnex+AmXF43FrA5l+LAw1llTlwifNmzVEoU2yNa8Y3F4Oa9mhD7rDfuFtmWvhHHn+EJBQM0DtHmm7WK68oAfsZkb+GE62263RapheE04iuMaUY6Q=","is_crypto":true}

Three consecutive login requests, the password I entered is 1

from grasscutter.

on first login, the password can be anything, -> save the rsa encrypted password sent by client and save it as the account password -> profit

RSA encryption contains things like salt, the encryption results are different after entering the same password

Yes, it is GCM mechanism, like aes256-gcm

from grasscutter.

Some useful props

registry:
HKEY_CURRENT_USER\SOFTWARE\miHoYo\原神\ (CNREL)
GENERAL_DATA_h* MIHOYOSDK_ADL_PROD_*_h*

username length limit: 50

from grasscutter.

I think we can start with a third-party login

from grasscutter.

我想我们可以从登录

For example, BiliGame third party login

from grasscutter.

For example, BiliGame third party login

No such option on mobile client

from grasscutter.

比如BiliGame第三方登录

手机客户端没有这个选项

Bilibili Channel service

from grasscutter.

我想我们可以从登录

比如BiliGame第三方登录

Biligame provides a set of tools to test whether the protocol works properly. Maybe we can use this tool

from grasscutter.

Bilibili Channel service

No use, login will be redirected to Hoyoverse

from grasscutter.

It seems possible to log in using biligame by modifying the configuration

from grasscutter.

It seems possible to log in using biligame by modifying the configuration

impossible, only Hoyoverse username & password login option on CNRELiOS

from grasscutter.

好像可以通过修改配置使用biligame登录

不可能，CNRELiOS 上只有 Hoyoverse 用户名和密码登录选项

I just studied biligame. It seems that it is only applicable to Android and windows

from grasscutter.

I just studied biligame. It seems that it is only applicable to Android and windows

Why don't you give it a try? No bilibiligame after passing the proxy

from grasscutter.

我刚学了biligame。好像只适用于安卓和windows

你为什么不试一试？通过代理后没有bilibiligame

We may hijack Twitter's web login and replace Twitter's login page and authentication JS with our own page, which should be feasible

from grasscutter.

We may hijack Twitter's web login and replace Twitter's login page and authentication JS with our own page, which should be feasible

There is no third party login option

from grasscutter.

我们可能会劫持推特的网页登录，将推特的登录页面和认证JS替换为我们自己的页面，应该是可行的

没有第三方登录选项

We need to verify when we log in. It seems that this will make the game pop up captcha. Can we replace captcha's web page with a password input box

from grasscutter.

我们可能会劫持推特的网页登录，将推特的登录页面和认证JS替换为我们自己的页面，应该是可行的

没有第三方登录选项

I just went to confirm that captcha is indeed a web page. Maybe we can use this to change the original captcha check to password check

from grasscutter.

I think implementing in-game login is a nice and possible idea.

from grasscutter.

can we connect both web register and in-game login to the same db? Just wondering cuz I've seen a game used that method

from grasscutter.

can we connect both web register and in-game login to the same db? Just wondering cuz I've seen a game used that method

I think that's already the case. BTW, my minecraft also uses this method.

from grasscutter.

account username with random hash as password?
Account is password

from grasscutter.

How about this one? add login/register endpoint to grasscutter, use launcher or web or anything to get jwt, payload of jwt is token, username, and uid. Use that token to login ( username column ). Other platform is supported if we use web to generate that jwt

#158

from grasscutter.

Already fixed by multiple solutions

from grasscutter.