Salt / Hash for leaderboard bridge

7 posts (showing 1-7)
OceanBreezeGames

Market Level 7Community Level 2
119 posts

Has anyone got sha1 hash to match with the hash sent back from FGLs servers?

I have tried the code from here: https://www.flashgamedistribution.com/resources/bridge_test.txt

I have tried many of my own variations including and not including extra params passed in $_POST to no avail. The docs say this:

hash: a checksum for the message, calculated from:
SHA1(salt + userID + sessionID + message + <extra params by alpha order>)

Just not sure what actually works, I have done this sort of sha1 hash checking before on my own sites and with Facebook apps and got it working. Same idea about alphabetical sorting, but this I just can't get working.

posted 2014-05-16T13:34:49-07:00
FGL_Devault

FGL AdminCommunity Level 3
246 posts

Maybe my test bridge code will help:

[php]
<?php
require_once('..\inc\common.php');

$salt = "kosher"; //our test salt

$request = new stdClass();

//standard bridge parameters
$request->userID = @$_POST['userID'];
$request->sessionID = @$_POST['sessionID'];
$request->message = @$_POST['message'];
$request->hash = @$_POST['hash'];
$request->params = @$_POST['params'];

if($request->params) {
    $request->params = explode(', ', $request->params);
} else {
    $request->params = array(); 
}

$hashphrase = $salt.$request->userID.$request->sessionID.$request->message;

foreach($request->params as $name) {
    $request->$name = @$_POST[$name];
    $hashphrase .= $request->$name;
}

//check hash
$response->myhash = sha1($hashphrase);
$response->request = $request;

if($response->myhash == $request->hash) {
    $response->message = "Hash matched.";
} else {
    $response->message = "Hash mismatch: ".$request->hash." vs ".$response->myhash." from ".$hashphrase;
}

echo json_encode($response);

?>[/php]

 

posted 2014-05-16T14:10:58-07:00
OceanBreezeGames

Market Level 7Community Level 2
119 posts

Hmmm, doesn't seem to work either. I used your code and my code. Both of our code generated the same hash on matching post data but the hash sent back from the server does not match so it fails.

Any way we can see how the server generates the hash?

posted 2014-05-16T16:34:18-07:00
OceanBreezeGames

Market Level 7Community Level 2
119 posts

Here is the code I used of yours, I had to alter it a bit because I don't have that inc/common.php file, perhaps I converted something wrong:

[php]
$salt = "kosher"; //our test salt
 
    //standard bridge parameters
    $userID = @$_POST['userID'];
    $sessionID = @$_POST['sessionID'];
    $message = @$_POST['message'];
    $hash = @$_POST['hash'];
    $params = @$_POST['params']; 
    if($params) {
        $params = explode(', ', $params);
    } else {
        $params = array(); 
    }
 
    $hashphrase = $salt.$userID.$sessionID.$message;
    
    foreach($params as $name) 
    {                
        $hashphrase .= $_POST[$name];        
    }
 
    //check hash
    $myhash = sha1($hashphrase);
    //$response->request = $request;
 
    if($myhash == $hash) 
    {
        echo("result=SUCCESS");
        exit;
    } 
    else 
    {
        echo("result=Hash mismatch: ".$hash." vs ".$myhash." from ".$hashphrase);
        exit;
    }[/php]

 

posted 2014-05-16T16:36:17-07:00
OceanBreezeGames

Market Level 7Community Level 2
119 posts

Bump

posted 2014-05-20T13:11:26-07:00
FGL_Devault

FGL AdminCommunity Level 3
246 posts

Hmm, I know it's worked for me several times. I'm a bit stumped. What are you setting in the setupGamerSafeBridge function?

The server's not sending the messages, they come right from the GS SWF.

Here's the hash generator:

[as3]
        private function generateHash(msg:Object):void {
            //base hash string
            var str:String = _config.salt + hostUserID + hostSessionID + msg.message;

            //find the message-dependent parameters 
            var params:Array = [];
            for (var part:String in msg)
            {
                if(part == 'userID' || part == 'sessionID' || part == 'message' )
                    continue;
                params.push(part);    
            }
            
            //add the gamersafe account name, if they're logged in
            if(_config.username != "")
            {
                params.push("username");
                msg.username = username;
            }

            //add them to the hash string
            params.sort();
            for each(var param:String in params)
            {
                str += msg[param];
            }
            
            //add them to the message
            msg.params = params.join(", ");
            msg.hash = SHA1.encrypt(str);
        }[/as3]

 Code highlighter is messing up the parameter list - it should just be msg:Object

posted 2014-05-25T04:37:18-07:00 | edited 2014-05-25T04:41:42-07:00
OceanBreezeGames

Market Level 7Community Level 2
119 posts

Well, I don't know. Now it's working fine and I didn't touch anything. the Sha1s match with my code and your code now....

posted 2014-05-26T21:06:34-07:00