Fix a vulnerability in password encryption

* There was an error in the encryption used to save passwords, now it's really harder to decrypt the password from the config file * Other minor changes
2025-12-02 16:06:51 +01:00 · 2013-01-26 14:38:48 -02:00
parent 18af9a45ee
commit 07959ddc04
11 changed files with 72 additions and 20 deletions
--- a/src/client/const.h
+++ b/src/client/const.h
@@ -349,6 +349,7 @@ namespace Otc
        GameLoginPending = 35,
        GameNewSpeedLaw = 36,
        GameForceFirstAutoWalkStep = 37,
+        GameLoginUUID = 38,
        // 51-100 reserved to be defined in lua
        LastGameFeature = 101
    };
--- a/src/client/protocolgamesend.cpp
+++ b/src/client/protocolgamesend.cpp
@@ -24,6 +24,8 @@
 #include "game.h"
 #include "client.h"
 #include <framework/core/application.h>
+#include <framework/platform/platform.h>
+#include <framework/util/crypt.h>

 void ProtocolGame::send(const OutputMessagePtr& outputMessage)
 {
@@ -97,6 +99,12 @@ void ProtocolGame::sendLoginPacket(uint challengeTimestamp, uint8 challengeRando
        paddingBytes -= 8 + m_characterName.length() + m_accountPassword.length();
    }

+    if(g_game.getFeature(Otc::GameLoginUUID)) {
+        std::string uuid = g_crypt.getMachineUUID();
+        msg->addString(uuid);
+        paddingBytes -= 2 + uuid.length();
+    }
+
    if(g_game.getFeature(Otc::GameChallengeOnLogin)) {
        msg->addU32(challengeTimestamp);
        msg->addU8(challengeRandom);