Luigi Auriemma

I am trying to re-write your code for gslogincheck into another language and I am having some difficulties.

What I don't understand is when i get to the do_md5() function.



This gives me 16 characters which are all different ASCII values, and when the function finishes the end result is not the md5 value I have seen for it elsewhere.

"foobar" gives me a72b1248299b9fa5c786bdc84bb92286 with that function and 3858f62230ac3c915f300c664312c63f on a hash calculator.

So it scrambles up the md5 value? Or do I have it wrong?


Also, can you check to see if the login is associated with a game by changing one of the proceeding values from the client response?

do_md5 performs a standard md5 hash calculation over a string, in fact if you place a printf("XXX %s\n", out); at th end of this function (line 300), when you use the password foobar you will see:

XXX 3858f62230ac3c915f300c664312c63f
XXX 8ae6acfceab25de4c0f40c0cf149491c

the first is do_md5 on the password and the second on the special string containing the client and server challenge and so changes all the times.

About your last question, I don't know.
As far as I know a Gamespy account is a normal wide account so it's not associated to a particular game or service.

Oh okay, thank you, I got it now

I have a strange error here now, When I try to log in with my BF2 username it does not work, but when I search for the profile via profile id (\getprofile) it spits out



but I still cannot log in with that, only my other gamespy id works. It gives me the "The uniquenick provided is incorrect"

My ultimate goal is to be able to check a bf2 username and password to verify it.

I had the same problem (unique nick incorrect), and it has to do with the final string you send to the server. In the gamename field, use something that isn't a real game, instead of battlefield2. I use "battlefield6". While it isn't a real game, it for some reason doesn't give the "uniquenick incorrect" error on certain names. I think it has to do with whether or not the nickname you are checking is the primary one on the gamespy account. Gamespy accounts are actually email addresses with multiple nicknames that can be in them. I'm not exactly sure how it all works, but it definitely has to do with that gamename and where it stands in the account. Changing the gamename allowed for all names to be checked properly, and not give the unique nick incorrect error. Anyways... in order to have all names work properly, you can set your code up like the following example:

Username: testuser
Password: hello123

1) Open the socket to connect to: gpcm.gamespy.com:29900
2) Server replies with something like: \lc\1\challenge\ABCDEFGHIJ\id\1\final\
3) Parse that string, and get only the challenge part (ABCDEFGHIJ) into a variable or something.
3) Now, the response you want to send to the server (given the challenge, username, and password above) would be:

\login\\challenge\1234567890abcdef1234567890abcdef\uniquenick\testuser\response\25e2cd7cdb06f2a6115d50e661815b04\port\8765\productid\10492\gamename\battlefield6\namespaceid\12\sdkrevision\3\id\1\final\

- 1234567890abcdef1234567890abcdef can be anything. Just make it a random string of 32 characters in length, and hexidecimal
- 25e2cd7cdb06f2a6115d50e661815b04 is just the md5 hash of the following data:

md5hashofpassword+48spaces+nickname+random32characterstring+10digitchallengestring+md5hashofpassword

---- 48spaces is just 48 empty spaces, not the actual string "48spaces"
---- random32characterstring is the random 32 character hex string we generated above: 1234567890abcdef1234567890abcdef
---- 10digitchallengestring is the string the server first sent us when we connected
---- the rest should be obvious. just make it 1 long string, all 1 word, without the +'s... and then md5 the entire thing. If you use the data from my example, 25e2cd7cdb06f2a6115d50e661815b04 should be the correct result.

The rest of the string (\port\8765\productid\10492\gamename\battlefield6\namespaceid\12\sdkrevision\3\id\1\final\ ) I keep the exact same every check, especially the battlefield6 so i get accurate replies :P.

That was probably more than you wanted to know, and I'm sure you knew most of that already, but I like to explain stuff in detail to make sure it's understood. I have worked in-depth on the bf2 username/password checking... so let me know if there's anything I can clarify.

Edit: I also forgot to mention that I change the productid to 10492 as shown above. By default, I think it's 10493. So you might want to keep that changed too :P.

awesome, it works great now, thanks!

hi guys, sorry to bump such an old topic but i was just reading through.

when i wrote my user/pass list check using luigi's tool, i used a different productid and never got the problem you did. so i think you are using incorrect product id. the value should be "\\productid\\10493", i hope this helps you.

edit:

a method i use in cases where i only have email and possible password is to use luigi's gamespy searching code, search by the e-mail address i have for a gamespy account. save the information returned by gamespy database search, of which includes the accounts PID#. so, i then wrote a function called IsBF2PID() which makes use of the site bf2monitor.com, which allows search for bf2 by pid. this will allow you to know if the pid associated with that gamespy account is active for a bf2 login check, otherwise discard that check and move on to next.

maybe this will give you some ideas ;) i found it very easy with c++

do you refer to the "gsplayers" tool?

yes, that is correct Luigi. i couldn't remember the name of it at the time of posting ;)