Android Question mD5 encryption lib is different to php.md5 encryption??

Oldmanenzo

Member
Licensed User
Hello everyone
I try to explain better the problem
On my server, I have two databases, the first is to vbulletin where you placed the forum and the other database that uses my application. I used the PHP file to Erel, which interface beautifully the Android application with the database created by me. At this point I would like the application to be used exclusively by our members forum, so I thought to make an initial login through another php file type "login.php" going to charge the users table fields username and field password vbulletin that clearly is encoded in md5.
Looking around a bit came off the library "Encryption", but to tests performed, using my account, I noticed that the password stored in the table vbulletin has a coding completely different from the one that comes out with
Dim txt as Byte
txt = "password test" .GetBytes ("UTF8")
txt = md.GetMessageDigest (txt, "MD5")
I went to watch a bit of the file login.php vbulletin and from what I could understand (php not understand anything, or God is not who understands much about this but I try to make do) and it seems that using the php function convert .md5 to convert the incoming password in md5 format and then compare with the one stored on the database.
What I wonder, if the format is different, if there is a pious soul to help me write a function in php that returns the number of the user's post if the conditions are met username and password, or "password and / or username is wrong. "
If this condition is met put in my database in the user table the device ID. Naturally, this information would be made before requesting id and password control, because if the device is to say that is logged.
Using this code for the device to be stored change file.exist with e db query

B4X:
Sub GetDeviceId As String
   Dim r As Reflector
   Dim Api As Int
   Api = r.GetStaticField("android.os.Build$VERSION", "SDK_INT")
   If Api < 9 Then
      'Old device
      If File.Exists(File.DirInternal, "__id") Then
         Return File.ReadString(File.DirInternal, "__id")
      Else
         Dim id As Int
         id = Rnd(0x10000000, 0x7FFFFFFF)
         File.WriteString(File.DirInternal, "__id", id)
         Return id
      End If
   Else
      'New device
      Return r.GetStaticField("android.os.Build", "SERIAL")
   End If
End Sub
 

Oldmanenzo

Member
Licensed User
Erel Thanks for the answer
in fact there is no actual code but only evidence that I am making to understand the difference, this is what I've done to date to see the differences of what is stored in the password field of vbulettin with what I write. What you get is only capital letters and numbers, while that which is stored in the password field (char (32)) are numbers, uppercase and lowercase letters

B4X:
Sub Activity_Create(FirstTime As Boolean)
    'Do not forget to load the layout file created with the visual designer. For example:
    'Activity.LoadLayout("Layout1")
    Activity.LoadLayout ("frmmain")
    Dim  md As MessageDigest
    Dim  ByteCon As ByteConverter
    Dim  PasswordHash () As Byte
    Dim p As String="silvana347370pelosi"
    PasswordHash = md.GetMessageDigest (p.GetBytes ( "UTF8" ), "MD5" )
    Dim md5string As String
    md5string = ByteCon.HexFromBytes(PasswordHash)
    Msgbox (md5string, " Questo è l'MD5 " )
 

Oldmanenzo

Member
Licensed User
Can you post the relevant php code?
erel excuse me, I had not read php and I put the test code in b4.
For the php code I thought to use the same code to connect with my database, obviously changing the connection parameters to connect to the db vbutlletin, send the query, and receive pwd and user and other parameter do a comparison in the program b4
 

Oldmanenzo

Member
Licensed User
Ok Erel, this morning I put down a bit of code to control.
In jobdone the variable "txt" is different from the variable "md5string".
The data of the query are returned perfectly, but the two strings are different, and the password is the same. I hope to solve this problem, because I do not know how to control the password in md5

B4X:
Sub Globals
    'These global variables will be redeclared each time the activity is created.
    'These variables can only be accessed from this module.
    Dim Label1 As Label
    Dim Label2 As Label
    Private BtnCerca As Button
    Dim PROVA  ="Prova" As String
    Dim md5string As String
End Sub

Sub Activity_Create(FirstTime As Boolean)
    'Do not forget to load the layout file created with the visual designer. For example:
    'Activity.LoadLayout("Layout1")
    Activity.LoadLayout ("frmmain")
    Dim myquery As String ="SELECT username, password, email, posts FROM user WHERE username ='Enzo'"
    ExecuteRemoteQuery(myquery, PROVA)
'    Activity.Title ="Portolano"
'    Activity.TitleColor =Colors.Green
'    Label1.TextColor =Colors.Green
'    Label2.TextColor =Colors.Red
'    Label1.TextSize =20
'    Label2.TextSize =12
End Sub

Sub Activity_Resume

End Sub

Sub Activity_Pause (UserClosed As Boolean)

End Sub

Sub Activity_Click
'    StartActivity(ricerca)
End Sub

Sub ExecuteRemoteQuery(Query As String, JobName As String)
    Dim job As HttpJob
    job.Initialize(JobName, Me)
    job.PostString("http://www.caravan-forum.it/portolano/login.php", Query)
End Sub

Sub JobDone(Job As HttpJob)
    If Job.Success Then
    Dim res As String
        res = Job.GetString
        Log("Response from server: " & res)
        Dim parser As JSONParser
        parser.Initialize(res)
        Dim COUNTRIES As List
        COUNTRIES = parser.NextArray 'returns a list with maps
        Select Job.JobName
            Case PROVA
                Dim password() As Byte
                Dim txt As String
                Dim m As Map
                Dim  ByteCon As ByteConverter
                m=COUNTRIES.Get (0)
                txt=m.Get ("password")
                password=txt.GetBytes ("UTF8")
                txt= ByteCon.HexFromBytes (password)
                Log(txt)
                Dim  md As MessageDigest
                Dim  PasswordHash () As Byte
                Dim p As String="oldmanenzo347370"
                PasswordHash = md.GetMessageDigest (p.GetBytes ( "UTF8" ), "MD5" )
                Dim md5string As String
                md5string = ByteCon.HexFromBytes(PasswordHash)
                Log(md5string)
             
                ProgressDialogHide
        End Select
    Else
        ToastMessageShow("Error: " & Job.ErrorMessage, True)
    End If
    Job.Release
End Sub
 

Oldmanenzo

Member
Licensed User
Thanks Douglas, I had a look at your code, but I think I have a problem different from yours. I have to enter user and password from my phone, turn the password entered in MD5, load the data from the database and compare the two passwords in MD5. And this is where I get lost completely.
 

Oldmanenzo

Member
Licensed User
thanks Erel
I read an article you indicated, and I think I understand what the code is "salt", in fact they are three random characters that are added, or at least I think, to generate the final password.
Given that the field salt is present in the user table of vbulletin and inside contains random characters of variable length, the last test I have left to do and add the password generated by md5 salt with the code in the database.
$hash = MD5 (MD5 ($password) + $salt)
I interpret this code like this:
encoding the pwd in MD5 then add the hex value of "salt" and encoding all in MD5 "Hash" should contain the final value of pwd in MD5.
The problem is that I do not know how to sum the two hexadecimal values as in the example code as partial.
I end up a matrix salt () and a pwd () hexadecimal I should add.
This is the last test I have left to do because at this point I have to give up the problem.

B4X:
Select Job.JobName
            Case PROVA
                Dim salt() As Byte
                Dim pwd () As Byte
                Dim txt As String
                Dim m As Map
                Dim  ByteCon As ByteConverter
                m=COUNTRIES.Get (0)
                txt=m.Get ("salt")
                salt=txt.GetBytes ("UTF8")
                Dim  md As MessageDigest
                Dim p As String="oldmanenzo347370"
                pwd = md.GetMessageDigest (p.GetBytes ("UTF8"), "MD5")
at this point I should add up the hexadecimal values of pwd and salt and repeat encoding md5 to see if the result is correct.
 

Oldmanenzo

Member
Licensed User
At this point I raise my hands and I surrender.
I've tried everything
1) I added "salt" to pwd clear
2) I coded in the MD5 pwd and added at the end "salt" and MD5 recoding
3) I coded the pwd MD5 and MD5 "salt" added the pwd "salt" coded and recoded all in MD5
4) I tried to codify pwd in MD5 and "salt" in SHA-1 added salt to pwd coded and recoded all in MD5
I do not know what more evidence do, I think the pwd in vbulettin is uncontrollable if not with their code in php

to those who want to and we can these parameters

PWD in vbulettin field 37bf73f607fcdaf5d5ef9856e83f7c7c
SALT in vbulettin field t%kgcH~)@<Oe*,Dtru6:{(/+7\f+#" including the quotes finals
PWD clear "prova"

Thank you all for your cooperation and suggestions, even if I could not get any results.
 
Top