Posts: 1,303
Threads: 23
Joined: May 2010
Well, hmm... Kyan explicitly stated, both his post and a PM to me, that he didn't think that he set an admin password, so I'm guessing he doesn't remember. Uhh, maybe try common passwords like 123, asdf, password, etc?
I tried creating a new PBEM with an admin password and then opening up the save file in Notepad to try and find where the game keeps the admin password, but failed [it popped up as weird symbols]. Anyone know an alternative method? Just to throw out an idea, perhaps some sort of code-editor application could open the save file in text form.
Played in: PBEM 4 [Formerly Jowy's Peter of Egypt] | PBEM 10 [Napoleon of the Dutch] | PBEM 11 [Shaka of France] | EitB XVI [Valledia of the Amurites] | PB7 [Darius of Rome] | Diplomacy 3 [Austria-Hungary] | PBEMm/o vs AutomatedTeller
Posts: 6,755
Threads: 131
Joined: Mar 2004
I tried guessing some, but didn't hit. You can try if you like, just run Pitboss and try to load any PBEM10 save.
The save files are compressed (like zipping), you won't see the admin password there as plain text. If Civ uses any kind of modern security practices, the admin password won't actually be in the save at all, just a hash of it. To get around this, we'd have to crack the Pitboss executable itself to disable the password check. (Or else crack meatbalz's or Kyan's heads, for getting into this mess.)
Posts: 2,521
Threads: 26
Joined: Oct 2010
This post is/might be kind of helpfull. This source code could be quite easily tweaked to output admin password from a save. I could even do that over next few days. Assuming someone gets me the MD5 library Gyathaar is using with that tool ( I'm not registered at CFC and don't plan to do that  ).
Otherwise it's still possible, but might turn into quite a pain as there's more than one way to md5 hash a string and figuring out how to reverse the process is not fun. Especialy in C.
Anyhow, it should get your game moving, so, any takers?
Posts: 6,755
Threads: 131
Joined: Mar 2004
That code isn't for BTS, only Warlords and vanilla. Look at the civs list, it has the civs only through Warlords. I've seen Gyathaar say that the BTS savegame protection needs to be cracked to do any editing, which I don't think has been done.
However, his note that you would have to do something in-game got me thinking... and searching the DLL, it looks like it does have access to the civ passwords. Stay tuned, I'm in hacking mode now.
edit: Never mind. Can't do this by changing the DLL - the custom assets check kicks in and rejects the attempt to load the save.
Posts: 2,521
Threads: 26
Joined: Oct 2010
Right. But that doesn't mean we have to give up
Good news - I found where the admin password is hidden within a BtS save
Better news - it's encrypted with a simple md5 hash
So if someone emails me the save I can probably recover it with a bit of brute-force approach.
So again, any takers ?
Posts: 6,755
Threads: 131
Joined: Mar 2004
I can pass along the save - what email address? erik at dos486.com for me, if you don't want to post publicly you can email me.
If we recover the admin password, we still need to do something to reset meatbalz's password. Plako, you did this for PBEM8? How did you do it - is there a simpler method than my thought of loading the save into Pitboss in order to kick the player into AI and then re-takeover?
Posts: 2,521
Threads: 26
Joined: Oct 2010
mistbinder at gmail dot com
From what I seen all the passwords are stored in the same way, so I could just crack all of them and put them up here. It might take a bit longer depending on how strong they are, but if meatbalz used a simple dictionary one all it will take is an online hash database.
Posts: 2,788
Threads: 10
Joined: Oct 2009
T-hawk Wrote:If we recover the admin password, we still need to do something to reset meatbalz's password. Plako, you did this for PBEM8? How did you do it - is there a simpler method than my thought of loading the save into Pitboss in order to kick the player into AI and then re-takeover?
I believe you could simply load meatbalz save with the admin password (I believe either his own password or the admin password works to play his turn) and then change his password from in game (might have to choose a couple pop-up options at the beginning of the turn if you have pop-ups turned on, but that's not a huge deal and could be noted for the next player).
Posts: 6,893
Threads: 42
Joined: Oct 2009
Shoot the Moon Wrote:I believe you could simply load meatbalz save with the admin password (I believe either his own password or the admin password works to play his turn) and then change his password from in game (might have to choose a couple pop-up options at the beginning of the turn if you have pop-ups turned on, but that's not a huge deal and could be noted for the next player).
This is exactly what I did in PBEM8.
Posts: 2,521
Threads: 26
Joined: Oct 2010
Okay. I think I got the admin password and four of six player passwords ( somebody did not set one and Cyneheard's is stronger than average and would require bruteforcing )
All sent back to T-Hawk since I'm at work and can't test if they work.
|
