myBB Passwords c# client

Question

I'm working on a loader / client where my forum users will use their myBB information to login to my application. I know it's not good to have the database connection in the application. But I am also going to store their hwid on the database so I would need to connect to it anyway.

However, they store the passwords like this:

$hashedpsw = md5(md5($salt).md5($plainpassword));

And my attempt to recreate that passwords looks like this:

string salt = "D4UFUd6U"; // get salt from db
string password = "test!";// get password from user
MD5 md5 = new MD5CryptoServiceProvider();

// Create md5 hash of salt
byte[] saltBytes = Encoding.Default.GetBytes(salt);
byte[] saltHashBytes = md5.ComputeHash(salt);
string saltHash = System.BitConverter.ToString(saltHashBytes);

// Create your md5(password + md5(salt)) hash
byte[] passwordBytes = Encoding.Default.GetBytes(password + saltHash);
byte[] passwordHashBytes = md5.ComputeHash(salt);
string passwordHash = BitConverter.ToString(passwordHashBytes);

But I get the following error:

cannot convert from 'string' to 'System.IO.Stream'

byte[] saltHashBytes = md5.ComputeHash(salt);` and `byte[] passwordHashBytes = md5.ComputeHash(salt);` — Joakim Carlsson, Oct 07 '15 at 11:35

score 2 · Accepted Answer · edited May 23 '17 at 12:29

ComputeHash wants an IO.Stream or a Byte[] as input, and as the error specifies, can't convert from your strings to IO.Stream implicitly.

The following is an example of how you can convert a string to a stream (stolen from this answer):

public Stream GenerateStreamFromString(string s)
{
    MemoryStream stream = new MemoryStream();
    StreamWriter writer = new StreamWriter(stream);
    writer.Write(s);
    writer.Flush();
    stream.Position = 0;
    return stream;
}

This would alter your code to the following:

string salt = "D4UFUd6U"; // get salt from db
string password = "test!";// get password from user
MD5 md5 = new MD5CryptoServiceProvider();

// Create md5 hash of salt
byte[] saltBytes = Encoding.Default.GetBytes(salt);
byte[] saltHashBytes;
using( Stream saltStream = GenerateStreamFromString(salt))
{
    salteHashBytes = md5.ComputeHash(saltStream);
}
string saltHash = System.BitConverter.ToString(saltHashBytes);

// Create your md5(password + md5(salt)) hash
byte[] passwordBytes = Encoding.Default.GetBytes(password + saltHash);
byte[] passwordHashBytes;
using( Stream saltStream = GenerateStreamFromString(salt))
{
    passwordHashBytes = md5.ComputeHash(saltStream);
}
string passwordHash = BitConverter.ToString(passwordHashBytes);

Anytime you use a stream, it is always recommended that you wrap it in a using statement so that it is properly closed when you're finished with it, even if an exception is thrown. byte[] saltHashBytes; using(Stream saltStream = GenerateStreamFromString(salt)) { saltHashBytes = md5.ComputeHash(saltStream); } — Jerren Saunders, Oct 07 '15 at 12:06
Edited. I didn't put in code to check if the *HashBytes array variable is null before it is passed into the BitConverter.ToString() method though. — Jerren Saunders, Oct 07 '15 at 12:13
You've got to leave at least something as an exercise to the reader :) — Tobbe, Oct 07 '15 at 12:20

score 1 · Answer 2 · answered Oct 07 '15 at 11:38

You use the MD5CryptoServiceProvider class to encrypt using md5 hash algorithm. First add the following namespaces:

using System.Text;
using System.Security.Cryptography;

Second, try a function like this.

public static string Encrypt(string content)
{
   MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
   byte[] bytes = Encoding.ASCII.GetBytes(content);
   bytes = md5.ComputeHash(data);
   string result = Encoding.ASCII.GetString(bytes);
   return result;
}

myBB Passwords c# client

2 Answers2