Challenge auth

From Scriptwiki
Jump to: navigation, search
; Original by doomie @ QuakeNet
; Modified by NaNg @ QuakeNet
; Version 1.2
; Written and tested on mIRC 6.34
; Also tested on mIRC 7.22
;
; What does this script contains?
;
;   * ChallengeAuth script based on hmac-sha1 (no addon dll needed for mIRC on tested version).
;
; What is ChallengeAuth?
;
;   ChallengeAuth is a safe way to auth to your Q account, without sending your password in plain
;   text over the network. For more information, please read the following link:
;     http://www.quakenet.org/development/challengeauth/
;
; *****************************************************
; What do I need to configure before using this script?
; *****************************************************
;
;   You don't need to configure ANYTHING! The scripts can work as is, by executing /ChallengeAuth.
;   If you'd like for it to auto-auth on connect, use /ChallengeAuth.AutoAuth 1.
;   The script will pop up windows asking your username (first time only) and password (every time).
;
; If you don't want it to pop the password window every time, follow these instructions:
;
;   The ChallengeAuth.Username and ChallengeAuth.Password right under this documentation needs to
;   be edited for your username and hashed password.
;   To get the hashed password, after loading this script, use:
;     /ChallengeAuth.CreateHash <User> <Pass>
;   where User is your Q account name and Pass is your Q password, and you will be given the hashed
;   password that corresponds to the given user which you should insert in the alias below, e.g:
;     alias -l ChallengeAuth.Password { return <Hashed_Password> }
;
; Available commands:
;
;   * ChallengeAuth
;       To auth to the pre-set user and password using the challengeauth.
;   * ChallengeAuth.AutoAuth [1|0]
;       Set 1 to enable to auto-auth on connect or 0 to disable.
;   * ChallengeAuth.CreateHash [<Authname>] [<Pass>]
;       Creates a hashed request according to the given Q user and pass.


; CONFIGURE

alias -l ChallengeAuth.Username {
  if (!%ChallengeAuth.User) {
    !set %ChallengeAuth.User $?="Q account name?"
  }

  return %ChallengeAuth.User
}

alias -l ChallengeAuth.Password {
  return $ChallengeAuth.CreateHash($ChallengeAuth.Username, $?*="Password for Q account name: $ChallengeAuth.Username ")
}







; DONT CHANGE ANYTHING UNDER THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING
 
alias -l ChallengeAuth.Q { return Q@CServe.quakenet.org }

; id = whether autoauth is on or not.
; $1 = 1 for autoauth or 0 for not.
alias ChallengeAuth.AutoAuth {
  if ($isid) return %ChallengeAuth.AutoAuth

  if ($1 == $null) {
    echo -at ChallengeAuth: Not enough parameters.
    return
  }

  if ($1 !isin 01) {
    echo -at ChallengeAuth: Invalid parameter. Please enter 1 to enable or 0 to disable.
    return
  }

  set %ChallengeAuth.AutoAuth $1
  echo -at ChallengeAuth: Automatic authentication is now $iif(%ChallengeAuth.AutoAuth, ON, OFF)
}

; $1 = key, $2 = message
alias hmac-sha1 {
  var %i = 1
  while (%i <= 64) {
    var %k = $iif($asc($mid($1,%i,1)),$v1,0)
    var %opad = %opad $xor(92,%k)
    var %ipad = %ipad $xor(54,%k)
    inc %i
  }

  bset &ipad 1 %ipad $regsubex($2,/(.)/g,$asc(\t) $+ $chr(32))
  bset &opad 1 %opad $regsubex($sha1(&ipad,1),/(..)/g,$base(\t,16,10) $+ $chr(32))
  var %res = $sha1(&opad,1)
  bunset &ipad &opad
  return %res
}

; $1 = string to lower
alias -l ChallengeAuth.IRCToLower {
  return $replacex($lower($1),$chr(91),$chr(123),$chr(93),$chr(125),$chr(92),$chr(124),$chr(94),$chr(126))
}

; $1 = Authname, $2 = Password
alias ChallengeAuth.CreateHash {
  if (!$2) {
    echo -ta ChallengeAuth: Not enough values given.
    return
  }

  !var %ChallengeAuth.Hash = $sha1($+($ChallengeAuth.IRCToLower($1),:,$sha1($left($2,10))))

  if ($isid) return %ChallengeAuth.Hash

  !echo -atg ChallengeAuth: Hashed user/pass: %ChallengeAuth.Hash
}

; Unsets challengeauth vars
alias -l ChallengeAuth.Clear {
  !unset %ChallengeAuth.Active
  !unset %ChallengeAuth.Pass
}

; $1 = Challenge
alias -l ChallengeAuth.Auth {
  !.msg $ChallengeAuth.Q CHALLENGEAUTH %ChallengeAuth.User $hmac-sha1(%ChallengeAuth.Pass, $1) HMAC-SHA-1
}

alias ChallengeAuth {
  ; If username and password weren't supplied, use the defaults.
  if (!$1) {
    tokenize 32 $ChallengeAuth.Username $ChallengeAuth.Password
  }

  if (!$2) {
    echo -at ChallengeAuth: No Password specified.
    return
  }

  !set %ChallengeAuth.Active $true
  !set %ChallengeAuth.User $1
  !set %ChallengeAuth.Pass $2

  echo -at ChallengeAuth: ChallengeAuth is beginning.
  !.msg $ChallengeAuth.Q challenge
}

on *:CONNECT: {
  if (($ChallengeAuth.AutoAuth) && ($network == QuakeNet) && ($right($server, 13) === .quakenet.org)) {
    ChallengeAuth $ChallengeAuth.Username $ChallengeAuth.Password
  }
}

on ^*:NOTICE:*:?: {
  ChallengeAuth.ExecuteInput $1-
}

on ^*:TEXT:*:?: {
  ChallengeAuth.ExecuteInput $1-
}

alias -l ChallengeAuth.ExecuteInput {

  if ($fulladdress === Q!TheQBot@CServe.quakenet.org) && ($network === QuakeNet) && ($right($server, 13) === .quakenet.org) {
    if ($1 === CHALLENGE) && ($len($2) == 32) && (%ChallengeAuth.Active) {
      if ($istok($3-, HMAC-SHA-1, 32)) {
        .timer 1 0 ChallengeAuth.Auth $2
      }
      else {
        echo -ts ChallengeAuth: HMAC-SHA-1 is not supported. ChallengeAuth is NOT continuing.
        ChallengeAuth.Clear
      }
    }
    elseif ($1- == CHALLENGE is not available once you have authed.) && (%ChallengeAuth.Active) {
      echo -ts ChallengeAuth: You are already authed!
      ChallengeAuth.Clear
    }
    elseif ($1-6 == You are now logged in as) && (%ChallengeAuth.Active) {
      echo -ts ChallengeAuth: You are now authed as ***
      ChallengeAuth.Clear
    }
    elseif ($1- == Username or password incorrect.) && (%ChallengeAuth.Active) {
      echo -ts ChallengeAuth: Username or password incorrect.
      ChallengeAuth.Clear
    }
  }
}

raw 401:*: {
  if ($1- == $me $ChallengeAuth.Q No such nick) && (%ChallengeAuth.Active) {
    echo -ts ChallengeAuth: Q is currently not reachable. Please try again later.
    ChallengeAuth.Clear
    haltdef
  }
}

See also