View Single Post
  #4  
Old 09-27-2014, 04:36 AM
Elgero Elgero is offline
Senior Member
 
Join Date: Feb 2012
Posts: 173
Elgero is on a distinguished road
Default

Re: wmsauthsign patch


Re-sharing is going to be a problem, because wmsAuthSign was designed to prevent that.

This is a base64 encoded string.

Code:
c2VydmVyX3RpbWU9OS8yNy8yMDE0IDc6MDg6MTAgQU0maGFzaF92YWx1ZT1NUzVkenBJeU5xdHBZRForVVBRQmRRPT0mdmFsaWRtaW51dGVzPTgw
Decoded it results in this string.

Code:
server_time=9/27/2014 7:08:10 AM&hash_value=MS5dzpIyNqtpYDZ+UPQBdQ==&validminutes=80



This is a base64 encoded string too.

Code:
MS5dzpIyNqtpYDZ+UPQBdQ==
Decoded it results in this MD5 hash.

Code:
312E5DCE923236AB6960367E50F40175
The above MD5 hash is created from:

ip address of the viewer
password stored on the server
server_time
validminutes

Hashing is one-way, so it cannot be decrypted to get the password.
Reply With Quote