Hi!
I have seen some GUID/etkey code checking ; please is that right ?
Checking chars :
if (value > 48 && value < 58) || (value > 64 && value < 71)
{
return guid_is_valid;
}
Please can you provide some more “correct or complete” GUID/etkey information ?
Thank you 
Guid is just MD5 of etkey: http://en.wikipedia.org/wiki/MD5
Omnibots use a bit different guid though, always something like ‘OMNIBOT0000…1’, ‘OMNIBOT0000…2’, etc.
That should tell you if above statement is correct 
[QUOTE=BigBear;489326]Hi!
I have seen some GUID/etkey code checking ; please is that right ?
Checking chars :
if (value > 48 && value < 58) || (value > 64 && value < 71)
{
return guid_is_valid;
}
Please can you provide some more “correct or complete” GUID/etkey information ?
Thank you :)[/QUOTE]
If you loop that through the entire guid it checks that guid only has numbers 0-9 and letter A-F. If a guid has other characters it’s incorrect but it can also be spoofed without using illegal characters.
Hi!
Thank you for your answers 
It is interesting to speak about all of that
For BOTs it is not a real MD5 it is something that look custom
Yeah I have already done a code “like that” to check Omnibot ; example here :
function checkbot(playerguid)
result = string.lower(string.sub(playerguid,1,7))
if result == "omnibot" then
isbot = true
else
isbot = false
end
return isbot
end
in local /cl_guid
With lua by the Server :
getplayerguid = string.upper(et.Info_ValueForKey( et.trap_GetUserinfo( CLIENTSLOTNUMBER ), "cl_guid" ))
What I show (+need to add 32 chars length checking) is based on N!trox source code :
qboolean nitrox_GUIDCheckValid( char *guid ){
int i;
for (i = 0 ; i < 32 ; i++){
if ((guid[i] < 48 || ( guid[i] > 57 && guid[i] < 65) || (guid[i] > 70) {
return qfalse;
}
}
return qtrue;
}
That checking surprise me because some generated GUID (http://etkey.org) look like
3308A8BB58070ECA70BD9937D010D542
and 08 appear to be < 48
[B]
What do you think about the N!itrox code ? is it “enough / correct” to check player GUID with no MD5 API ?
is it possible to use in W:ET a LUA API ; to check if the 32 bytes MD5 Hash Code is correct ?
[/B]
0 to F is Hexadecimal basis (0-15) …[ “it permit all”, but as you said it : is not good to authorize all ]
But I search to check only the real authorized GUID ranges… as best as possible
Thank you
Actually, bots can be checked here in Lua field => r.svFlags
You just need to check for this bit:
#define SVF_BOT 0x00000008
Gonna rewrite my own guid check function then 
@2) yes, just get cl_guid and do checks on it in Lua. Shouldn’t be a problem.
In case you meant of client has correct ETkey or something, no, i don’t think it is worth it. Just check string chars of md5 hash.
What N!trox’s code does, is that it goes through the string like this:
char *guid = ... // some 33 numbers
for( int i = 0; i < 32; i++ ) // Now we are gonna loop the string, so we can check each letter
{
if( char[i] <... // if i is at 1, then we will check the 2nd letter of the guid, because counting starts at 0.
}
Comparing is simply looking if the character is not illegal for normal guid.
You have to look at ASCII table under DEC number to see what characters are not allowed - http://www.asciitable.com/index/asciifull.gif
So basically, what the function does is that it checks if guid characters are merely numbers and not some symbols (? ; , > <) or lowercase letters.
I don’t see the point of checking MD5 either…it is insecure and old message-digest algorithm anyways.
[QUOTE=BigBear;489331]Hi!
That checking surprise me because some generated GUID (http://etkey.org) look like
3308A8BB58070ECA70BD9937D010D542
and 08 appear to be < 48
[/QUOTE]
It’s not about these numbrs equability but about characters.
As Indloon said this pattern is looking for ASCII character numbers, if you don’t know individual character numbers then you can also cast character instead of number.
[QUOTE=solchanel;489371]It’s not about these numbrs equability but about characters.
As Indloon said this pattern is looking for ASCII character numbers, if you don’t know individual character numbers then you can also cast character instead of number.[/QUOTE]
SO I could create my own guid like:
3308A8BB58070ECA70BD99379THUNDER??
Thank you for all your answers & support
Somewhere my question is “three-way”
To get useful information before they risk to be “lost”…
concerning etkey - guid
Here I found what I am looking for to complete the possibility to create some Standard etkey :
http://forums.warchest.com/showthread.php/31977-How-work-an-etkey-%28CODE%29
1 - A 12-byte header common to all etkeys: 000000100220 in ASCII (0-9 ASCII = 48-57 decimal = $30-$39 hex).
2 - 6 bytes with the date of the file creation in ASCII in the format: YYMMDD (ex.: 111007 for 07 Oct 2011).
3 - 2 bytes with 0’s.
4 - 8 bytes with values between 0 and 9. I’m guessing this might be the time of the file creation but I couldn’t figure out how it was encoded (didn’t give it much thought anyways). If anybody knows about this block’s meaning, please PM’me.
5 - 39 bytes with totally random values.
Total = 67 bytes
The local PB server on the game server host generates the PB GUID based on a sequence of 39 random bytes in the etkey file. A byte (= 8 bits) can assume 256 different values, so with 39 bytes you have 256 ^ 39 (256 to the power of 39) possible unique combinations. Try to compute that number if you can. The PB GUID itself is formed by a sequence of 32 hex characters (0 to 9 plus A to F = 16 possible values), which allows for 16 ^ 32 unique combinations, another astronomic number. The probability of 2 equal GUID’s being generated is infinitesimal. As to GUID spoofing, the possibility of doing it with these custom generated GUID’s is the same as with the old GUID’s.
For example Schnoog’s cool http://etkey.org/
is using
1 - 12
2 - 6
3 - 2
4 - 8
= 28 Bytes (or chars if you prefer)
28 Bytes etkey version work ; and now 67 Bytes etkey version “seem no more used” ?
But I suppose we can generate a 67 like version to respect a bit more the “standard”…
Thank you to all
