Vulnerability Development mailing list archives
Re: Software authentication (was RE: Gibson (was Crack Office XP))
From: J Edgar Hoover <zorch () totally righteous net>
Date: Fri, 15 Jun 2001 00:53:03 -0700 (PDT)
On Wed, 13 Jun 2001, Mark Collins wrote:
I think it's due to the current underground culture. As the traditional crackers went pro (many of the people who cracked games now work in the games industry), the new breed didn't understand how to do the more complex cracking (reverse engineering the copy protection). Instead, they focused on generating serial numbers. Call it a degradation of skills over time, if you will.
Hi there, this is Earth calling. What planet are you from?
If the authentication server is hardcoded and obfuscated, it would be be nearly impossible to change it.
"hardcoded" means you can't change it? Or does "obfuscation" make it "nearly impossible"?
Some serious hacking of the TCP stack would be in order (if it addresses the auth server by IP only), and I'd expect most people who are capable of such would either a) be white-hat or b) be too 'leet to release it.
On earth, we have discovered the magic of ifconfig and the hosts file.
There was a recent discussion about this on the Linux Game Developer list. Having 2 copies of the auth key, one which is MD5 encoded and well hidden would make changing the addresses pretty tough.
Hide it on the hard drive, nobody will ever look there.
Mark 'Nurgle' Collins === Lead Author - Linux Game Programming
Scary. It is trivial to spoof WON auth for a HalfLife server (or client). There are also several ways to execute instructions on either a server or client remotely. The security of most network games is poor. The combination of closed source and clueless network code is truely dangerous. Please, if you are producing network games, have them audited by a security professional. zorch
Current thread:
- Gibson (was Crack Office XP) Fenris (Jun 11)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- Re: Gibson (was Crack Office XP) ian (Jun 13)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- <Possible follow-ups>
- RE: Gibson (was Crack Office XP) Kayne Ian (Softlab) (Jun 11)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) Mark Collins (Jun 14)
- Re[2]: Software authentication (was RE: Gibson (was Crack Office XP)) dullien (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) J Edgar Hoover (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) bill_weiss (Jun 15)
- RE: Software authentication (was RE: Gibson (was Crack Office XP)) Dom De Vitto (Jun 17)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)