Vulnerability Development mailing list archives
Re: Software authentication (was RE: Gibson (was Crack Office XP))
From: bill_weiss () att net
Date: Fri, 15 Jun 2001 02:19:29 -0600
Mark Collins(me () thisisnurgle org uk)@Wed, Jun 13, 2001 at 05:57:32PM +0100:
And... why not pirate servers that perform whatever game administration is required? Can't be that tough to set up a server that listens to broadcasts and requests; I don't think WON has the market cornered there. And legitimate users could also set up proxies that re-serve the game listings coming off the WON. My guess is that folks join the game through direct connection anyway, so it really would be fairly trivial.If the authentication server is hardcoded and obfuscated, it would be be nearly impossible to change it. Some serious hacking of the TCP stack would be in order (if it addresses the auth server by IP only), and I'd expect most people who are capable of such would either a) be white-hat or b) be too 'leet to release it.
I hate to be simplistic, but what about redirection? I have a linux box as a router, and a windows box behind it. Could easily redirect requests to the auth IP to somewhere else, even localhost (where I could serve false auths).
Without actually looking at current implementations of this method in various games, my guess is that it's probably done badly.There was a recent discussion about this on the Linux Game Developer list. Having 2 copies of the auth key, one which is MD5 encoded and well hidden would make changing the addresses pretty tough.
If the cracker is watching, he'll see the references to both keys. Then, watch the transformation from key to MD5 key... I'd agree that it's possible to make it too much of a pain in the ass, though :)
Current thread:
- Gibson (was Crack Office XP) Fenris (Jun 11)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- Re: Gibson (was Crack Office XP) ian (Jun 13)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- <Possible follow-ups>
- RE: Gibson (was Crack Office XP) Kayne Ian (Softlab) (Jun 11)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) Mark Collins (Jun 14)
- Re[2]: Software authentication (was RE: Gibson (was Crack Office XP)) dullien (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) J Edgar Hoover (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) bill_weiss (Jun 15)
- RE: Software authentication (was RE: Gibson (was Crack Office XP)) Dom De Vitto (Jun 17)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)