C++ Network Stream Cryptography

[Matalus]

i'|| send you my paypa| info if you are offering

[Vohl]

Quote:

Originally Posted by Rogean [You must be logged in to view images. Log in or Register.]

Maybe if you knew anything about the differences between coding and content, you could answer your own question.

I'd like to think I do. I'm sure there's a large amount of mob M goes at X, Y in zone Z that goes into new content. I imagine there's also some gray area like scripted events, boats, etc.

I'm guessing VP and The Hole don't require much coder attention, but the many dynamic epic quests are something that likely give rise to technical issues that would require someone who could grind out code.

Individual skills and responsibilities are also not known to me. While I can see game developers listed, you work with a small crew with limited time. I've known small production environments where people wear a lot of hats. It's natural for me to assume your team works in a similar fashion.

[Autotune]

Quote:

Originally Posted by Vohl [You must be logged in to view images. Log in or Register.]

I'd like to think I do. I'm sure there's a large amount of mob M goes at X, Y in zone Z that goes into new content. I imagine there's also some gray area like scripted events, boats, etc.

I'm guessing VP and The Hole don't require much coder attention, but the many dynamic epic quests are something that likely give rise to technical issues that would require someone who could grind out code.

Individual skills and responsibilities are also not known to me. While I can see game developers listed, you work with a small crew with limited time. I've known small production environments where people wear a lot of hats. It's natural for me to assume your team works in a similar fashion.

that was a lot of assumptions, guessing, thinking and imagining.

[Vohl]

I'm sure any bad assumptions, guesses, thoughts and imaginings I have regarding the differences in coding and content will be made clear in short order. [You must be logged in to view images. Log in or Register.]

[Dr.Spike]

Quote:

Originally Posted by Vohl [You must be logged in to view images. Log in or Register.]

I'd like to think I do. I'm sure there's a large amount of mob M goes at X, Y in zone Z that goes into new content. I imagine there's also some gray area like scripted events, boats, etc.

I'm guessing VP and The Hole don't require much coder attention, but the many dynamic epic quests are something that likely give rise to technical issues that would require someone who could grind out code.

Individual skills and responsibilities are also not known to me. While I can see game developers listed, you work with a small crew with limited time. I've known small production environments where people wear a lot of hats. It's natural for me to assume your team works in a similar fashion.

no, thats just incorrect

[Vohl]

Quote:

Originally Posted by Dr.Spike [You must be logged in to view images. Log in or Register.]

no, thats just incorrect

Pfft. Hahaha.

[Loly Taa]

If I were to venture a guess at why Rogean is asking for a stream cryptographer...

Recently we've seen that wsock32 and eqgame.dll can be used to hook already existing EQ functions and re-write them. Since Rogean has access to the crypto server-side, and now he also has access to change things on the client side. I'd guess that he wants to work out an entirely new encryption system for p1999 to make ShowEQ no longer work on the server. If on the backend and on the frontend the crypto is changed to be the same then you'd need some clever girls to get ShowEQ working again.

I worked on EQEmu back during the big crypto hubbub. A developer named Quagmire was the big man when it came to breaking their crypto. There was once a time when Sony/Verant used very strong encryption, to the point where our only option would be scanning the memory of the client for the key, which was detectable.

Sony/Verant gave up because the amount of cpu they used just to keep the crypto strong started to weigh heavily on the back-end, and people would just get the key out of memory anyways, and they really didn't have a way to detect that at the time.

Problem is, now getting the key out of memory quietly is even easier. Since most computers have Firewire ports and Firewire has unrestricted direct memory access the same technique could be used even more quietly here to find the key.

TL;DR, my guess is Rogean is trying to stop ShowEQ, though I'm not sure how effective it would be.

[Jeron]

If Loly is right ...

Now that I see what the code is/was doing I think the client detection method should continue to be used and people should put the stuff into their exception lists on the virus scanners (if needed).

Then a quicker way to eliminate external tools like showeq (from the average leech) on linux would maybe look into something like openvpn.

If Loly is right and you change the encryption it will just pose a challenge that will be met and go without detection. But the combination of what you have already done and a VPN or VPN like technology may stop the Linux showeq. Going to a VPN like thing is probably a bit much though..... But if you self sign and with a little mod you can get the servers/clients running for free. Script the account creations from the EQ user DB, and make the PW's all the same don't really matter this is just for establishing the tunnel so that the comms are encrypted.

Could probably setup the entire thing in a day... Nice thing is you can change the self signed key as often as you feel needed... Even if you don't use that code borrowing from it to emulate some of the methods within the eqgame.dll etc... Anyhow just possible food for thought.

[Littlegyno]

Quote:

Originally Posted by Loly Taa [You must be logged in to view images. Log in or Register.]

If I were to venture a guess at why Rogean is asking for a stream cryptographer...

Recently we've seen that wsock32 and eqgame.dll can be used to hook already existing EQ functions and re-write them. Since Rogean has access to the crypto server-side, and now he also has access to change things on the client side. I'd guess that he wants to work out an entirely new encryption system for p1999 to make ShowEQ no longer work on the server. If on the backend and on the frontend the crypto is changed to be the same then you'd need some clever girls to get ShowEQ working again.

I worked on EQEmu back during the big crypto hubbub. A developer named Quagmire was the big man when it came to breaking their crypto. There was once a time when Sony/Verant used very strong encryption, to the point where our only option would be scanning the memory of the client for the key, which was detectable.

Sony/Verant gave up because the amount of cpu they used just to keep the crypto strong started to weigh heavily on the back-end, and people would just get the key out of memory anyways, and they really didn't have a way to detect that at the time.

Problem is, now getting the key out of memory quietly is even easier. Since most computers have Firewire ports and Firewire has unrestricted direct memory access the same technique could be used even more quietly here to find the key.

TL;DR, my guess is Rogean is trying to stop ShowEQ, though I'm not sure how effective it would be.

Confirmed hacker.

[Loly Taa]

Quote:

Originally Posted by Loly Taa [You must be logged in to view images. Log in or Register.]

If I were to venture a guess at why Rogean is asking for a stream cryptographer...

Recently we've seen that wsock32 and eqgame.dll can be used to hook already existing EQ functions and re-write them. Since Rogean has access to the crypto server-side, and now he also has access to change things on the client side. I'd guess that he wants to work out an entirely new encryption system for p1999 to make ShowEQ no longer work on the server. If on the backend and on the frontend the crypto is changed to be the same then you'd need some clever girls to get ShowEQ working again.

I worked on EQEmu back during the big crypto hubbub. A developer named Quagmire was the big man when it came to breaking their crypto. There was once a time when Sony/Verant used very strong encryption, to the point where our only option would be scanning the memory of the client for the key, which was detectable.

Sony/Verant gave up because the amount of cpu they used just to keep the crypto strong started to weigh heavily on the back-end, and people would just get the key out of memory anyways, and they really didn't have a way to detect that at the time.

Problem is, now getting the key out of memory quietly is even easier. Since most computers have Firewire ports and Firewire has unrestricted direct memory access the same technique could be used even more quietly here to find the key.

TL;DR, my guess is Rogean is trying to stop ShowEQ, though I'm not sure how effective it would be.

A VPN could work, but again, the client has to have the key to decrypt the incoming transmission, so again it's stored locally in memory somewhere.

The real only way it would work? Something like those online gaming services where they run the software on their machine and just forward you a display and accept input. Now that would be true client security.