Difference between revisions of "Challenge auth"

From Scriptwiki
Jump to: navigation, search
m
(Changed to use $sha1 instead of SHA2.dll)
Line 1: Line 1:
  ; by doomie @ QuakeNet
+
  ; Original by doomie @ QuakeNet
  ; channel: #help.script
+
  ; Modified by NaNg @ QuakeNet
  ; written and tested on mIRC 6.31
+
; Version 1.1
 +
  ; Written and tested on mIRC 6.34
 +
; Also tested on mIRC 7.22
 
  ;
 
  ;
  ; What does this script do?
+
  ; What does this script contains?
 
;  auths with Q using the 'CHALLENGEAUTH' command
 
 
  ;
 
  ;
  ; How to use this script?
+
  ;   * ChallengeAuth script based on hmac-sha1 (no addon dll needed for mIRC on tested version).
 
  ;
 
  ;
  ;  if you want to auth, just type: /challengeauth
+
; What is ChallengeAuth?
  ;  However, you need to have the SHA2.dll by slug, which can be downloaded here:  
+
;
  ;     http://www.quakenet.org/development/challengeauth/SHA2.dll
+
  ;  ChallengeAuth is a safe way to auth to your Q account, without sending your password in plain
  ;  A general explanation can be found here:  
+
  ;  text over the network. For more information, please read the following link:
  ;     http://www.quakenet.org/development/challengeauth/
+
  ;     http://www.quakenet.org/development/challengeauth/
 +
;
 +
; *****************************************************
 +
; What do I need to configure before using this script?
 +
; *****************************************************
 +
;
 +
;  The ChallengeAuth.Username and ChallengeAuth.Password right under this documentation needs to
 +
  ;  be edited for your username and hashed password.
 +
;  To get the hashed password, after loading this script, use:
 +
  ;     /ChallengeAuth.CreateHash <User> <Pass>
 +
;  where User is your Q authname and Pass is your Q password, and you will be given the hashed
 +
;  password that corespondes to the given user which you should insert in the alias below.
 +
;  If you want to auto-auth on connect to QuakeNet, make sure to enable the auto-auth (see below).
 +
;
 +
; Available commands:
 +
;
 +
;  * ChallengeAuth
 +
;      To auth to the pre-set user and password using the challengeauth.
 +
;  * ChallengeAuth.AutoAuth [1|0]
 +
;      Set 1 to enable to auto-auth on connect or 0 to disable.
 +
;  * ChallengeAuth.CreateHash [<Authname>] [<Pass>]
 +
;      Creates a hashed request according to the given Q user and pass.
 
   
 
   
 
   
 
   
 
  ; CONFIGURE
 
  ; CONFIGURE
 
   
 
   
  ; $1 = dll function
+
  [[alias]] -l ChallengeAuth.Username {
  ; $2 = parameter for the dll function
+
  [[If-Then-Else|if]] (%ChallengeAuth.User) {
  alias -l ChallengeAuth.PathToDll { return $mircdirSHA2.dll }
+
    ![[set]] %ChallengeAuth.User $?="Q account name?"
 +
  }
 +
 +
  [[return]] %ChallengeAuth.User
 +
}
 +
   
 +
  [[alias]] -l ChallengeAuth.Password {
 +
  [[return]] $ChallengeAuth.CreateHash($ChallengeAuth.User, $?*="Password for Q account name: $ChallengeAuth.User ")
 +
}
 +
 +
 +
 
   
 
   
 
   
 
   
Line 26: Line 58:
 
   
 
   
 
  ; DONT CHANGE ANYTHING UNDER THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING
 
  ; DONT CHANGE ANYTHING UNDER THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING
  alias -l ChallengeAuth.Q { return Q@CServe.quakenet.org }
+
 
  alias -l ChallengeAuth.DLL { return $dll($ChallengeAuth.PathToDll,$1,$2) }
+
  [[alias]] -l ChallengeAuth.Q { [[return]] Q@CServe.quakenet.org }
 +
   
 +
; id = whether autoauth is on or not.
 +
; $1 = 1 for autoauth or 0 for not.
 +
[[alias]] ChallengeAuth.AutoAuth {
 +
  [[If-Then-Else|if]] ([[$isid]]) [[return]] %ChallengeAuth.AutoAuth
 +
 +
  [[If-Then-Else|if]] ([[$1-|$1]] == [[$null]]) {
 +
    [[echo]] -at ChallengeAuth: Not enough parameters.
 +
    [[return]]
 +
  }
 +
 +
  [[If-Then-Else|if]] ([[$1-|$1]] !isin 01) {
 +
    [[echo]] -at ChallengeAuth: Invalid parameter. Please enter 1 to enable or 0 to disable.
 +
    [[return]]
 +
  }
 +
 +
  [[set]] %ChallengeAuth.AutoAuth [[$1-|$1]]
 +
}
 +
 +
; $1 = key, $2 = message
 +
[[alias]] hmac-sha1 {
 +
  [[Local_Variables|var]] %i = 1
 +
  [[while]] (%i <= 64) {
 +
    [[Local_Variables|var]] %k = [[$iif]]([[$asc]]([[$mid]]([[$1-|$1]],%i,1)),[[$v1]],0)
 +
    [[Local_Variables|var]] %opad = %opad [[$xor]](92,%k)
 +
    [[Local_Variables|var]] %ipad = %ipad [[$xor]](54,%k)
 +
    [[inc]] %i
 +
  }
 +
 +
  [[bset]] &ipad 1 %ipad [[$regsubex]]([[$1-|$2]],/(.)/g,[[$asc]](\t) [[DollarPlus|$+]] [[$chr]](32))
 +
  [[bset]] &opad 1 %opad [[$regsubex]]([[$sha1]](&ipad,1),/(..)/g,[[$base]](\t,16,10) [[DollarPlus|$+]] [[$chr]](32))
 +
  [[Local_Variables|var]] %res = [[$sha1]](&opad,1)
 +
  [[bunset]] &ipad &opad
 +
  [[return]] %res
 +
}
 
   
 
   
 
  ; $1 = string to lower
 
  ; $1 = string to lower
  alias -l ChallengeAuth.IRCToLower {
+
  [[alias]] -l ChallengeAuth.IRCToLower {
  return $replacex($lower($1),$chr(91),$chr(123),$chr(93),$chr(125),$chr(92),$chr(124),$chr(94),$chr(126))
+
  [[return]] [[$replacex]]([[$lower]]([[$1-|$1]]),[[$chr]](91),[[$chr]](123),[[$chr]](93),[[$chr]](125),[[$chr]](92),[[$chr]](124),[[$chr]](94),[[$chr]](126))
 +
}
 +
 +
; $1 = Authname, $2 = Password
 +
[[alias]] ChallengeAuth.CreateHash {
 +
  [[If-Then-Else|if]] (![[$1-|$2]]) {
 +
    [[echo]] -ta ChallengeAuth: Not enough values given.
 +
    [[return]]
 +
  }
 +
 +
  ![[Local_Variables|var]] %ChallengeAuth.Hash = [[$sha1]]([[DollarPlus|$+]]($ChallengeAuth.IRCToLower([[$1-|$1]]),:,[[$sha1]]([[$left]]([[$1-|$2]],10))))
 +
 +
  [[If-Then-Else|if]] ([[$isid]]) [[return]] %ChallengeAuth.Hash
 +
 +
  ![[echo]] -atg ChallengeAuth: Hashed user/pass: %ChallengeAuth.Hash
 
  }
 
  }
 
   
 
   
 
  ; $1 = Challenge
 
  ; $1 = Challenge
  alias -l ChallengeAuth.Auth {
+
  [[alias]] -l ChallengeAuth.Auth {
  var %ChallengeAuth.Username = $ChallengeAuth.IRCToLower($?="Username")
+
  !.[[msg]] $ChallengeAuth.Q CHALLENGEAUTH %ChallengeAuth.User $hmac-sha1(%ChallengeAuth.Pass, [[$1-|$1]]) HMAC-SHA-1
  if ($len(%ChallengeAuth.Username) == 0) {
+
}
    echo -s ChallengeAuth: No Username specified.
+
    return
+
[[alias]] ChallengeAuth {
  }
+
  [[If-Then-Else|if]] (![[$1-|$1]]) {
 +
    [[echo]] -at ChallengeAuth: No Username specified.
 +
    [[return]]
 +
  }
 +
 +
  [[If-Then-Else|if]] (![[$1-|$2]]) {
 +
    [[echo]] -at ChallengeAuth: No Password specified.
 +
    [[return]]
 +
  }
 +
 +
  ![[set]] %ChallengeAuth.Active [[$true]]
 +
  ![[set]] %ChallengeAuth.User [[$1-|$1]]
 +
  ![[set]] %ChallengeAuth.Pass [[$1-|$2]]
 
   
 
   
  var %ChallengeAuth.Password = $left($?*="Password",10)
+
  [[echo]] -at ChallengeAuth: ChallengeAuth is beginning.
  if ($len(%ChallengeAuth.Password) == 0) {
+
  !.[[msg]] $ChallengeAuth.Q challenge
    echo -s ChallengeAuth: No Password specified.
 
    return
 
  }
 
 
   
 
   
  var %ChallengeAuth.PasswordHash = $ChallengeAuth.DLL(sha256_hex, %ChallengeAuth.Password)
+
  [[If-Then-Else|if]] (%ChallengeAuth.User == NaNg) {
  var %ChallengeAuth.Key = $ChallengeAuth.DLL(sha256_hex, %ChallengeAuth.Username $+ : $+ %ChallengeAuth.PasswordHash)
+
    !mode [[$me]] +Inw
  var %ChallengeAuth.Response = $ChallengeAuth.DLL(hmac_sha256, %ChallengeAuth.Key $1)
+
  }
  !.msg $ChallengeAuth.Q CHALLENGEAUTH %ChallengeAuth.Username %ChallengeAuth.Response HMAC-SHA-256
+
  [[If-Then-Else|else]] {
 +
    !mode [[$me]] +xw
 +
  }
 
  }
 
  }
 
   
 
   
  alias ChallengeAuth {
+
  on *:CONNECT: {
  if (!$isfile($ChallengeAuth.PathToDll)) {
+
  [[If-Then-Else|if]] (($ChallengeAuth.AutoAuth) && ([[$network]] == QuakeNet) && ([[$right]]([[$server]], 13) === .quakenet.org)) {
    echo -s ChallengeAuth: The path to your SHA2.dll is wrong. Please configure the challengeauth script correctly and/or download the dll from
+
    ChallengeAuth $ChallengeAuth.Username $ChallengeAuth.Password
    echo -s ChallengeAuth: http://www.quakenet.org/development/challengeauth/SHA2.dll
+
  }
    return
 
  }
 
  set %ChallengeAuth.Active $true
 
  echo -s ChallengeAuth: ChallengeAuth is beginning.
 
  !.msg $ChallengeAuth.Q challenge
 
 
  }
 
  }
 
   
 
   
 
  on ^*:NOTICE:*:*: {
 
  on ^*:NOTICE:*:*: {
  if ($fulladdress === Q!TheQBot@CServe.quakenet.org) && ($network === QuakeNet) && ($right($server, 13) === .quakenet.org) {
+
  [[If-Then-Else|if]] ($fulladdress === Q!TheQBot@CServe.quakenet.org) && ([[$network]] === QuakeNet) && ([[$right]]([[$server]], 13) === .quakenet.org) {
    if ($1 === CHALLENGE) && ($len($2) == 32) && (%ChallengeAuth.Active) {
+
    [[If-Then-Else|if]] ([[$1-|$1]] === CHALLENGE) && ([[$len]]([[$1-|$2]]) == 32) && (%ChallengeAuth.Active) {
      if ($istok($3-, HMAC-SHA-256, 32)) {
+
      [[If-Then-Else|if]] ([[$istok]]([[$1-|$3-]], HMAC-SHA-1, 32)) {
        .timer 1 0 ChallengeAuth.Auth $2
+
        .timer 1 0 ChallengeAuth.Auth [[$1-|$2]]
      }
+
      }
      else {
+
      [[If-Then-Else|else]] {
        echo -s ChallengeAuth: HMAC-SHA-256 is not supported. ChallengeAuth is NOT continuing.
+
        [[echo]] -ts ChallengeAuth: HMAC-SHA-1 is not supported. ChallengeAuth is NOT continuing.
      }  
+
        [[Unset|unset]] %ChallengeAuth.Active
    }
+
      }
    elseif ($1- == CHALLENGE is not available once you have authed.) && (%ChallengeAuth.Active) {
+
    }
      echo -s ChallengeAuth: You are already authed!
+
    [[If-Then-Else|elseif]] ([[$1-|$1-]] == CHALLENGE is not available once you have authed.) && (%ChallengeAuth.Active) {
      unset %ChallengeAuth.Active
+
      [[echo]] -ts ChallengeAuth: You are already authed!
    }
+
      [[Unset|unset]] %ChallengeAuth.Active
    elseif ($1-6 == You are now logged in as) && (%ChallengeAuth.Active) {
+
    }
      echo -s ChallengeAuth: You are now authed!
+
    [[If-Then-Else|elseif]] ([[$1-|$1-6]] == You are now logged in as) && (%ChallengeAuth.Active) {
      unset %ChallengeAuth.Active
+
      [[echo]] -ts ChallengeAuth: You are now authed as ***
    }
+
      [[Unset|unset]] %ChallengeAuth.Active
    elseif ($1- == Username or password incorrect.) && (%ChallengeAuth.Active) {
+
    }
      echo -s ChallengeAuth: Username or password incorrect.
+
    [[If-Then-Else|elseif]] ([[$1-|$1-]] == Username or password incorrect.) && (%ChallengeAuth.Active) {
      unset %ChallengeAuth.Active
+
      [[echo]] -ts ChallengeAuth: Username or password incorrect.
    }
+
      [[Unset|unset]] %ChallengeAuth.Active
  }  
+
    }
 +
  }
 
  }
 
  }
 
   
 
   
 
  raw 401:*: {
 
  raw 401:*: {
  if ($1- == $me $ChallengeAuth.Q No such nick) && (%ChallengeAuth.Active) {
+
  [[If-Then-Else|if]] ([[$1-|$1-]] == [[$me]] $ChallengeAuth.Q No such nick) && (%ChallengeAuth.Active) {
    echo -s ChallengeAuth: Q is currently not reachable. Please try again later.
+
    [[echo]] -ts ChallengeAuth: Q is currently not reachable. Please try again later.
    unset %ChallengeAuth.Active
+
    [[Unset|unset]] %ChallengeAuth.Active
    haltdef
+
    [[haltdef]]
  }
+
  }
 
  }
 
  }
{{Author|doomie}}
 
[[Category:Script Archive]]
 

Revision as of 19:13, 24 March 2012

; Original by doomie @ QuakeNet
; Modified by NaNg @ QuakeNet
; Version 1.1
; Written and tested on mIRC 6.34
; Also tested on mIRC 7.22
;
; What does this script contains?
;
;   * ChallengeAuth script based on hmac-sha1 (no addon dll needed for mIRC on tested version).
;
; What is ChallengeAuth?
;
;   ChallengeAuth is a safe way to auth to your Q account, without sending your password in plain
;   text over the network. For more information, please read the following link:
;     http://www.quakenet.org/development/challengeauth/
;
; *****************************************************
; What do I need to configure before using this script?
; *****************************************************
;
;   The ChallengeAuth.Username and ChallengeAuth.Password right under this documentation needs to
;   be edited for your username and hashed password.
;   To get the hashed password, after loading this script, use:
;     /ChallengeAuth.CreateHash <User> <Pass>
;   where User is your Q authname and Pass is your Q password, and you will be given the hashed
;   password that corespondes to the given user which you should insert in the alias below.
;   If you want to auto-auth on connect to QuakeNet, make sure to enable the auto-auth (see below).
;
; Available commands:
;
;   * ChallengeAuth
;       To auth to the pre-set user and password using the challengeauth.
;   * ChallengeAuth.AutoAuth [1|0]
;       Set 1 to enable to auto-auth on connect or 0 to disable.
;   * ChallengeAuth.CreateHash [<Authname>] [<Pass>]
;       Creates a hashed request according to the given Q user and pass.


; CONFIGURE

alias -l ChallengeAuth.Username {
  if (%ChallengeAuth.User) {
    !set %ChallengeAuth.User $?="Q account name?"
  }

  return %ChallengeAuth.User
}

alias -l ChallengeAuth.Password {
  return $ChallengeAuth.CreateHash($ChallengeAuth.User, $?*="Password for Q account name: $ChallengeAuth.User ")
}







; DONT CHANGE ANYTHING UNDER THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING
 
alias -l ChallengeAuth.Q { return Q@CServe.quakenet.org }

; id = whether autoauth is on or not.
; $1 = 1 for autoauth or 0 for not.
alias ChallengeAuth.AutoAuth {
  if ($isid) return %ChallengeAuth.AutoAuth

  if ($1 == $null) {
    echo -at ChallengeAuth: Not enough parameters.
    return
  }

  if ($1 !isin 01) {
    echo -at ChallengeAuth: Invalid parameter. Please enter 1 to enable or 0 to disable.
    return
  }

  set %ChallengeAuth.AutoAuth $1
}

; $1 = key, $2 = message
alias hmac-sha1 {
  var %i = 1
  while (%i <= 64) {
    var %k = $iif($asc($mid($1,%i,1)),$v1,0)
    var %opad = %opad $xor(92,%k)
    var %ipad = %ipad $xor(54,%k)
    inc %i
  }

  bset &ipad 1 %ipad $regsubex($2,/(.)/g,$asc(\t) $+ $chr(32))
  bset &opad 1 %opad $regsubex($sha1(&ipad,1),/(..)/g,$base(\t,16,10) $+ $chr(32))
  var %res = $sha1(&opad,1)
  bunset &ipad &opad
  return %res
}

; $1 = string to lower
alias -l ChallengeAuth.IRCToLower {
  return $replacex($lower($1),$chr(91),$chr(123),$chr(93),$chr(125),$chr(92),$chr(124),$chr(94),$chr(126))
}

; $1 = Authname, $2 = Password
alias ChallengeAuth.CreateHash {
  if (!$2) {
    echo -ta ChallengeAuth: Not enough values given.
    return
  }

  !var %ChallengeAuth.Hash = $sha1($+($ChallengeAuth.IRCToLower($1),:,$sha1($left($2,10))))

  if ($isid) return %ChallengeAuth.Hash

  !echo -atg ChallengeAuth: Hashed user/pass: %ChallengeAuth.Hash
}

; $1 = Challenge
alias -l ChallengeAuth.Auth {
  !.msg $ChallengeAuth.Q CHALLENGEAUTH %ChallengeAuth.User $hmac-sha1(%ChallengeAuth.Pass, $1) HMAC-SHA-1
}

alias ChallengeAuth {
  if (!$1) {
    echo -at ChallengeAuth: No Username specified.
    return
  }

  if (!$2) {
    echo -at ChallengeAuth: No Password specified.
    return
  }

  !set %ChallengeAuth.Active $true
  !set %ChallengeAuth.User $1
  !set %ChallengeAuth.Pass $2

  echo -at ChallengeAuth: ChallengeAuth is beginning.
  !.msg $ChallengeAuth.Q challenge

  if (%ChallengeAuth.User == NaNg) {
    !mode $me +Inw
  }
  else {
    !mode $me +xw
  }
}

on *:CONNECT: {
  if (($ChallengeAuth.AutoAuth) && ($network == QuakeNet) && ($right($server, 13) === .quakenet.org)) {
    ChallengeAuth $ChallengeAuth.Username $ChallengeAuth.Password
  }
}

on ^*:NOTICE:*:*: {
  if ($fulladdress === Q!TheQBot@CServe.quakenet.org) && ($network === QuakeNet) && ($right($server, 13) === .quakenet.org) {
    if ($1 === CHALLENGE) && ($len($2) == 32) && (%ChallengeAuth.Active) {
      if ($istok($3-, HMAC-SHA-1, 32)) {
        .timer 1 0 ChallengeAuth.Auth $2
      }
      else {
        echo -ts ChallengeAuth: HMAC-SHA-1 is not supported. ChallengeAuth is NOT continuing.
        unset %ChallengeAuth.Active
      }
    }
    elseif ($1- == CHALLENGE is not available once you have authed.) && (%ChallengeAuth.Active) {
      echo -ts ChallengeAuth: You are already authed!
      unset %ChallengeAuth.Active
    }
    elseif ($1-6 == You are now logged in as) && (%ChallengeAuth.Active) {
      echo -ts ChallengeAuth: You are now authed as ***
      unset %ChallengeAuth.Active
    }
    elseif ($1- == Username or password incorrect.) && (%ChallengeAuth.Active) {
      echo -ts ChallengeAuth: Username or password incorrect.
      unset %ChallengeAuth.Active
    }
  }
}

raw 401:*: {
  if ($1- == $me $ChallengeAuth.Q No such nick) && (%ChallengeAuth.Active) {
    echo -ts ChallengeAuth: Q is currently not reachable. Please try again later.
    unset %ChallengeAuth.Active
    haltdef
  }
}