30 replies to this topic

[Blake]

I have recently started using Zelda Classic again from a long break from it, 2 or so years. I feel like working on one of my old quests again, but I can't remember my password for it for anything. Is there anyway to get bypass the password and gain access to it again?

[Bowser Blanchette]

No. Sorry.

Edited by Bowser Blanchette, 12 July 2007 - 09:51 PM.

[XMSB]

You know, if there's a .key file with a name that matches the name of the .qst file, you'll be able to gain access to it without having to type in a password.

Edited by Pokegamer1989, 12 July 2007 - 09:53 PM.

[Majora]

Ask a Developer, there is a small chance they can do something.

[Link1]

I have recently started using Zelda Classic again from a long break from it, 2 or so years. I feel like working on one of my old quests again, but I can't remember my password for it for anything. Is there anyway to get bypass the password and gain access to it again?

Which version is that quest for? They changed the quest password system (to MD5) and passwording method (due to Glenn's ZCheat "hack" at AGN last January) between 2.10 and the 2.11 alphas/betas - as Majora's Wrath suggested, the Devs might be able to help you.

Edited by Link1, 13 July 2007 - 07:36 AM.

[Blake]

I think it was ZC 1.92 Beta 183, not 100% though.

Also, how would I go about getting in touch with a developer? I haven't been on these forums in a long time, so I really don't know who any of them are.

Edited by Blake, 13 July 2007 - 09:25 AM.

[CastChaos]

I recall reading in a documentation that PhantomMenace has access to all quests. It was years ago. Now surely DarkNation has this power. Send him your .qst file, he will surely be able to open it and remove the password.

[Mitchfork]

Also, I'd recommend sending it to him on the AGN forums. The ZC devs frequent those forums FAR more often than PureZC.

[Koopa]

Also, how would I go about getting in touch with a developer? I haven't been on these forums in a long time, so I really don't know who any of them are.

PM me.

(As a matter of fact I'm a lot more active at Pure than anywhere else.)

[Sprotret]

So ZC does use MD5! MD5 is crackable, but it takes forever to crack one password. *It took 3 days to crack my friends password*

[Koopa]

It's not straight MD5. There are some tweaks. Plus the hash itself isn't just lying around *evilgrin*.

[Lemmy Koopa]

hexworkshop ahoy

[Sprotret]

It's not straight MD5. There are some tweaks. Plus the hash itself isn't just lying around *evilgrin*.

Really? Because when I try to open my quest it saids to put my password but above the password space there's an MD5 hash.

[Taco Chopper]

They changed the quest password system (to MD5) and passwording method (due to Glenn's ZCheat "hack" at AGN last January)

Really? What happened? (sorry if it's off topic..)

[Koopa]

Before 2.11, the passwords were encoded in an insecure way. Someone - I won't point the finger at Glenn without evidence - succeeded in cracking it and managed to, by downloading people's quests from the quest DB and looking for ones who had used their forum password as quest password, gain access to accounts at AGN. This was part of at least one "hacking".

So rule 1 of quest passwords, even today, is NEVER USE YOUR FORUM PASSWORD AS QUEST PASSWORD.

Recently, the passwords have been passed through an encoding process that contains, but is not solely, MD5. This means that it's almost infeasible to extract your password from a quest unless it's something easy to guess.

Nothing stops anyone from just trying out common words or names in Zquest. Cracking passwords is, essentially, just doing that at a much higher speed. (The original hack was not of this type, rather a true "attack" on the system)

What you see in Zquest is a hash, but not of your password. The idea is that you can send this hash to a developer and they can use it to create a second hash that works as an alternative password to your quest file. All this requires some well-kept secrets but doesn't have anything to do with your original password.

Incidentally, I'm posting this here because anyone with half-decent knowledge in the area of "hacking" could have guessed it themselves, so I'm not revealing any secrets. If you're up to cracking zquest you shouldn't need this post.