summaryrefslogtreecommitdiff
path: root/doc/md5_hashcheck.txt
blob: d9064b1ab1fc49036c41730190e2d59aed181810 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
//===== Hercules Documentation ===============================
//= MD5 Hash Check
//===== By: ==================================================
//= Hercules Dev Team
//===== Current Version: =====================================
//= 20140208
//===== Description: =========================================
//= This file outlines the login server's MD5 hash check.
//============================================================

The login server is able to perform a check of the client's MD5 hash.
This will ensure that a user has not tampered with the client and that
the client is the one specific to your server.

The client can only send the correct MD5 hash to the server on certain
server types, so a client diff may be required to ensure the hash is
sent.
Please refer to your client diff tool manual for the appropriate patch
(i.e. in NEMO it's called "Force Send Client Hash Packet", in other
tools or diffs it may have similar names.)

The serverside settings for the hash check are located in
conf/login.conf:

// Client MD5 hash check
// If turned on, the login server will check if the client's hash matches
// the value below, and will not connect tampered clients.
// Note: see doc/md5_hashcheck.txt for more details.
client_hash_check: off

// Client MD5 hashes
// The client with the specified hash can be used to log in by players with
// a group_id equal to or greater than the given value.
// If you specify 'disabled' as hash, players with a group_id greater than or
// equal to the given value will be able to log in regardless of hash (and even
// if their client does not send a hash at all.)
// Format: group_id, hash
// Note: see doc/md5_hashcheck.txt for more details.
client_hash: 0, 113e195e6c051bb1cfb12a644bb084c5
client_hash: 10, cb1ea78023d337c38e8ba5124e2338ae
client_hash: 99, disabled

To enable MD5 hash checks, set 'client_hash_check' to 'on' and add one
'client_hash' entry for each client you want to use.
The group_id can be any of the groups in conf/groups.conf, and it is
useful in case if you want to allow GMs to use a different client
than normal players; for example, a GM client could be hexed
differently, perhaps with dual-clienting enabled and chat flood
disabled.
You will need to replace the example MD5 hashes with the actual hash of
your client.
You can use any MD5 hash tools to generate it, e.g.:
- md5sum (command line) on linux
- WinMD5 on Windows
- md5 (command line) on Mac OS X
- If you hexed your client with NEMO (version 2.0 and above), you
  can find the MD5 hash of the generated client automatically saved to
  client_filename.exe.secure.txt