|
|
|
|
#7
09-05-2011, 11:57 AM
|
|||
|
If I were to venture a guess at why Rogean is asking for a stream cryptographer...
Recently we've seen that wsock32 and eqgame.dll can be used to hook already existing EQ functions and re-write them. Since Rogean has access to the crypto server-side, and now he also has access to change things on the client side. I'd guess that he wants to work out an entirely new encryption system for p1999 to make ShowEQ no longer work on the server. If on the backend and on the frontend the crypto is changed to be the same then you'd need some clever girls to get ShowEQ working again. I worked on EQEmu back during the big crypto hubbub. A developer named Quagmire was the big man when it came to breaking their crypto. There was once a time when Sony/Verant used very strong encryption, to the point where our only option would be scanning the memory of the client for the key, which was detectable. Sony/Verant gave up because the amount of cpu they used just to keep the crypto strong started to weigh heavily on the back-end, and people would just get the key out of memory anyways, and they really didn't have a way to detect that at the time. Problem is, now getting the key out of memory quietly is even easier. Since most computers have Firewire ports and Firewire has unrestricted direct memory access the same technique could be used even more quietly here to find the key. TL;DR, my guess is Rogean is trying to stop ShowEQ, though I'm not sure how effective it would be.
__________________
 Part of me says I can't keep drinking like this. The other part of me says, "Don't listen to that guy. He's drunk" | ||
|
|
|||
|
#8
09-05-2011, 12:57 PM
|
|||
|
If Loly is right ...
Now that I see what the code is/was doing I think the client detection method should continue to be used and people should put the stuff into their exception lists on the virus scanners (if needed). Then a quicker way to eliminate external tools like showeq (from the average leech) on linux would maybe look into something like openvpn. If Loly is right and you change the encryption it will just pose a challenge that will be met and go without detection. But the combination of what you have already done and a VPN or VPN like technology may stop the Linux showeq. Going to a VPN like thing is probably a bit much though..... But if you self sign and with a little mod you can get the servers/clients running for free. Script the account creations from the EQ user DB, and make the PW's all the same don't really matter this is just for establishing the tunnel so that the comms are encrypted. Could probably setup the entire thing in a day... Nice thing is you can change the self signed key as often as you feel needed... Even if you don't use that code borrowing from it to emulate some of the methods within the eqgame.dll etc... Anyhow just possible food for thought. | ||
|
|
|||
|
#9
09-05-2011, 01:21 PM
|
||||
|
Quote:
| |||
|
|
||||
|
#10
09-05-2011, 03:41 PM
|
||||
|
Quote:
The real only way it would work? Something like those online gaming services where they run the software on their machine and just forward you a display and accept input. Now that would be true client security.
__________________
Part of me says I can't keep drinking like this. The other part of me says, "Don't listen to that guy. He's drunk" | |||
|
|
||||
 |
|
|
Hybrid Mode
