|
Lafiel Takaaki
Registered User
Join date: 2 Oct 2007
Posts: 29
|
11-28-2007 21:10
For some reason, i fail to verify a transmission with help of MD5 hash. I'm not really sure, if its an issue with PHP5s MD5 function, or something else wrong... Code in SL looks like
integer MD5_NONCE = 1234567890;
string DataString = "var1=data1&var2=data2"; http_id = llHTTPRequest(SERVER_URL+"/index.php?hash="+llMD5String(DataString, MD5_NONCE), [HTTP_METHOD, "POST",HTTP_MIMETYPE, "application/x-www-form-urlencoded"], dataString); llOwnerSay("Datastring: "+clickStats_DataString);
and on PHP side (using PHP 5.2.5): define("MD5_NONCE",1234567890);
function verifyIncomingData($dataArray, $hash) { $datastring = ""; $i = 0; foreach($dataArray as $key => $value) { if($i>0) $datastring .= "&";
$datastring .= "{$key}={$value}"; $i++; }
$myhash = md5($datastring.":".MD5_NONCE); Echo "Debug: Calculated MD5 = {$myhash}; Orginal hash: {$hash}\n"; Echo "Debug: String: {$datastring} | Nonce: ".MD5_NONCE."\n";
if($myhash==$hash) { return true; } else { return false; } }
if(verifyIncomingData($_POST, $_GET["hash"])) { Echo "Successful."; }
From what the debut output, both strings looks exactly same and both using same nonce value. Also the order is same and i can't see any spaces or anything else after the strings. I have a guess, but i'm not sure if that can be the cause. As we know, LSL uses UTF-8. Could this be a problem? Any clues? P.S. I remember that there was a similar thread, with an example how to encode it, but after 2 hours of searching i couldn't find it. But i'm pretty sure, i implemented it, pretty much like that one example. Just dont get two equal hashes.
|
|
Osgeld Barmy
Registered User
Join date: 22 Mar 2005
Posts: 3,336
|
11-28-2007 21:58
im no php expert, but ive always had to trim strings coming out SL, i know you said it looks like theres no trailing stuff but it never looked that way to me either
|
|
Emma Nowhere
Registered User
Join date: 15 Aug 2006
Posts: 29
|
11-29-2007 05:04
Never had a problem with this as long as i remember the nonce suffix. Try comparing string length and seeing if that's an issue. The utf-8 should not be the source of the problem. I'd have thought your nonce value might be too large but you said the two hashs appear identical.
|
|
Day Oh
Registered User
Join date: 3 Feb 2007
Posts: 1,257
|
11-29-2007 05:09
The problem  is llMD5String("mystring", 2) gives you an MD5 hash for "mystring:2" But Strife Onizuka, in his or her awesome magnificence, has recently written an epic MD5 function! http://wiki.secondlife.com/wiki/MD5
|
|
Lafiel Takaaki
Registered User
Join date: 2 Oct 2007
Posts: 29
|
11-29-2007 12:00
From: Day Oh The problem  is llMD5String("mystring", 2) gives you an MD5 hash for "mystring:2" well, that's what the PHP5 Script does too with $myhash = md5($datastring.":".MD5_NONCE);
|
|
Tyken Hightower
Automagical
Join date: 15 Feb 2006
Posts: 472
|
11-29-2007 12:16
From: Day Oh The problem  is llMD5String("mystring", 2) gives you an MD5 hash for "mystring:2" But Strife Onizuka, in his or her awesome magnificence, has recently written an epic MD5 function! http://wiki.secondlife.com/wiki/MD5The LL function will always be faster. If you don't like the way it salts your input, then salt it yourself. Combine in an integer or a secret key by using string functions to insert it in whatever way you like.
|
|
Day Oh
Registered User
Join date: 3 Feb 2007
Posts: 1,257
|
11-29-2007 12:16
Oh... :| Sorry about that, I didn't even look (tests) llOwnerSay(llMD5String("var1=data1&var2=data2", 1234567890)); llOwnerSay(UTF8_MD5("var1=data1&var2=data2:1234567890"  ); <?php print(md5("var1=data1&var2=data2:1234567890"  ); ?> all give me 418140897151118e5fa8901a44d536f8
|
|
Strife Onizuka
Moonchild
Join date: 3 Mar 2004
Posts: 5,887
|
11-29-2007 22:46
And guess what? It even runs properly in LSLEditor (it only required getting a few bugs fixed in LSLEditor). I will work on optimizing it more but no promises. I will not be porting MD4 or MD5 collision attacks. Be weary how you use MD5. http://hashkiller.com/crack/Hashing functions I have written implementations for: http://wiki.secondlife.com/wiki/MD4http://wiki.secondlife.com/wiki/MD5http://wiki.secondlife.com/wiki/SHA1http://wiki.secondlife.com/wiki/SHA2 - 224 & 256
_____________________
Truth is a river that is always splitting up into arms that reunite. Islanded between the arms, the inhabitants argue for a lifetime as to which is the main river. - Cyril Connolly
Without the political will to find common ground, the continual friction of tactic and counter tactic, only creates suspicion and hatred and vengeance, and perpetuates the cycle of violence. - James Nachtwey
|
|
Day Oh
Registered User
Join date: 3 Feb 2007
Posts: 1,257
|
12-01-2007 21:23
Any luck? If not, can we see the debug output? I'm not quite learned, but it seems strange that you're referencing both $_POST and $_GET, and I thought they were both arrays
|