Hello, all!
After the end of Ghetto Penguin, the owners have decided to make a new CPPS, mystCP. It is even better than GP! The main owner, 2way, has worked very hard on this, just for you guys. It features custom rooms, and soon custom items. It has sha256 encryption. It also uses both iCPv2 and iCPv3 commands, something you guys will surely love. Yes, this does mean you can change your size, become invisible, and glow. But enough talk, here are some pictures:
Don’t hesitate to join now!
-Chai
I can’t register.
?????
What? What does it say? The register is brung by the link in the page not by /register
It’s great, now.
The New Ghetto Penguin.
I’ll never play it because the so called “Main Owner” of Penguin Lobby deleted the database for no reason,Chai will do that to you too.PL was one of my fav CPPS.
Chai would never do that. Even though she has access to the database if she asks for the password, she would never do that.
Also, we dont have a main main owner. Roky, Chai, and I all work this and would never delete the database.
Well Cha did, Skatehalo,Coolx2,Peng02cool etc all know he deleted it.
I think they don’t have SHA256 even MD5.
Why I think so ? Because I can prove it.
You said “It also uses both iCPv2 and iCPv3 commands” so I think you use clear ICPv3 source, in clear ICPv3 source there isn’t MD5 encryption. Problem is in Flash Files because Club Penguin use their own password encryption (this encryption is just changed MD5). They use randK (variable) to hash sending passwords which is then check with password in database. So ICPv3 source have in database password in plain text
function handleLogin($data, $str, $clientid){$nick = $data['body']['login']['nick'];
$pass = $data['body']['login']['pword'];
elseif($this->islogin){$h = $pass where $pass is for example <![CDATA[0ab6fdbf0212a9e3cdabe492fbbf7064]] . Consequently ICPv3 source is hashing plain text password in database to check it with hashed password by Flash File. It’s possible to make it back MD5 password hash to Club Penguin hash but you need to know how work substr. The last proof is that you can’t make SHA256 without editing Flash File where password to send is hashing. So I check Ghetto Penguin Flash File and i see only this$realpass = getData("SELECT password FROM accs WHERE name='" . dbEscape($username) . "'");
$realpass = $realpass[0]['password'];
$h = $this->generate_key($realpass, $rndk, true);
if($h == $pass)
return true;
// Action script...// [Initial MovieClip Action of sprite 5]
#initclip 5
class com.clubpenguin.crypto.MD5
{
function MD5()
{
} // End of the function
static function hash(str)
{
return (com.clubpenguin.crypto.MD5.hex_md5(str));
} // End of the function.
Finally are you still thinking your password is safe ?
Actually moron we use openCP, which i will switch but i just wanted to put it up. It is possible to add encryption to iCPv3 actually. And YES WE DO USE SHA256 ENCRYPTION!!!!!
You Want Proof? Here is it:
Pic of database (just wanted to show 2 people and luckily for the sake of security, the hash, sha256, is to long to show the whole thing) http://a.yfrog.com/img842/5692/picofdatabasewithsha.png
I wont give other proof as i dont want my hard work to be stolen…..
Oh i forgot to mention: We didnt edit in the v2 flash files because when i want to add a more secure thing, like changing the salt and stuff, it would be to hard to find all that stuff. So OUR LOADER EDITS THE FUNCTIONS.
HAHA and you still prove your fake. Loader doesn’t correspond to encrypt passwords
.
This isn’t proof you can manually change passwords in database …
Show all accounts with passwords (you don’t know sha526 is one way crypt ?) So even you show that i can’t decrypt that
Actually Smarty, SHA is a message digest, also known as a hash. Hashes are 1 one encryption that is unbreakable. You can’t actually decrypt that but there are rainbow tables which you can use.
Why won’t you believe me. Ask Chai, DJ_MuTeD, I think Seether saw the edit to the flash file too, it encrypts passwords in sha256!
I wont show it cause i don’t have to. One less non-beliver is not going to stop me. But, try looking in WPE Pro at the packet sent for login: it is different because we honestly use sha256.
HAHA and you still prove your fake. Loader doesn’t correspond to encrypt passwords
.
Yay!! You can copy Seether’s source. Congrats MystCP…
^^^Baha you idiots stop copying Seether’s source.
Can somebody tell me why we get a DoS like every day when the owners are not on AND every afternoon even when they are on??? This really is annoying.
Soo why does Seether hate us so much?? If we are using his source we should move then this is more annoying then how cool the source is! No offense but I really wanna be able to play correctly and enjoy it without interruptions.
Besides during the day Seether DoSes and no owners are on to turn us on!
On the other hand it is AWESOME!!!
great great great