MiniLogin decompiled/cracked

RangerDown · #1 10-07-2007, 08:08 AM

From reading some of the assertions you've made, I feel you've got an entirely wrong idea of why the loginserver was closed source.

You say that it's to hide how the loginserver talks to the worldservers, and assert that it's so nobody would be aware that the LS had a way of asking a worldserver to let them in on GM-Mgmt level. But let's keep this in mind:

You CAN figure out how the LS talks to the worldservers.... and you can do that simply by examining the Worldserver's code, which IS public source. The existence of any isop() functions can be clearly seen in the worldserver's source if they are there (I haven't seen the code in recent months so I'm going to just assume what you say about the world code is correct).

The version of LS you're discussing is minilogin. The minilogin server was intended for small-group LAN play, the kind where you don't have trust and account security issues (or if you do, you're playing alongside some serious psycopaths... watch your back both in game and IRL)

On the public loginserver, even in the absence of an LSOP function (or even if it's disabled on your server), you still have to put some trust in the LSops, because when you think about it, I'm sure they could make the LS "say" that the account logging in is <insert the account name/LSID of the world server's owner here> if they really want to.

IMO this function could serve quite a useful "support" purpose in that the devs could, upon request, jump into a server without having to say "alright, give me status 200 so I can check out that problem of yours... yeah, you use the #flag command.... no, you have to give arguments to it.... no, not my character name, my account name! Umm, you use /who all to figure out somebody's account name... you've never used the /who all command?!... /camp"

The login server is closed source for two major reasons. First, the original authors of it asked for it to be. Doesn't matter their reasons... if they say they don't want it distributed then, as lessees of their copyrighted LS software, we have to abide by their distribution terms. Second, if the crypto became public, SOE would play a big cat-and-mouse game where they're constantly changing login crypto just to make work for us.

Quote:

make it appear to be sent from George W's pc itself,

And every router in the world should instantly know to reject that packet as a fraud, because it couldn't come from George W's PC, because for his PC to send packets, he would have to know how to turn it on

Lalolyen · #2 10-07-2007, 11:09 AM

Yes I was refering to the mini-login.

Are you saying that the two servers are near identical in construct?

Quote:

And every router in the world should instantly know to reject that packet as a fraud

Thats not true, I think you've misintrepreted a firewall and a router. Home router that does 10 billion diffrent things and can only handle about 50 nodes regardless that the factory says 253, they are about as secure as Madona in a thong on a 30 day cruise on a Navy sub.

Routers are very simple pieces of electronics, pure router, meaning no DS1, DS3 etc termination, just routing only. They do not do what you said, and do IPSec, IP Filtering, etc.. They simply tell the "world" that a destination IP belongs in its netork(s), and tells the network(s) that their destinations belong outside the router (next hop).

I'll reprase, unless you are running a true firewall or Linux, you can make a packet appear to come from the IP address of GW.

number6 · #3 10-07-2007, 08:46 PM

This is a tangential question, so I apologise for the slight derail... but does this mean there could be any possibility of a linux version of the minilogin server at some point in the future? I don't like to use windows for serving anything, ever

Paul.

Angelox · #4 10-07-2007, 10:08 PM

Quote:

Originally Posted by number6

This is a tangential question, so I apologise for the slight derail... but does this mean there could be any possibility of a linux version of the minilogin server at some point in the future? I don't like to use windows for serving anything, ever

Paul.

Probably no, at least for now.
But you can use minilogin with wine under Linux fine - This is what I always have used with no problems. In fact, it works better for me under Linux, as clients don't hang like they used to under windows.
You should probably make it something to do for your friends and people you know, as you can see people are already bragging about how they can hack into it, and shouldn't be long before this starts.

RangerDown · #5 10-09-2007, 02:47 PM

Quote:

Originally Posted by Lalolyen

Yes I was refering to the mini-login.

Are you saying that the two servers are near identical in construct?

Not really. See image's post.

Quote:

Thats not true, I think you've misintrepreted a firewall and a router. Home router that does 10 billion diffrent things and can only handle about 50 nodes regardless that the factory says 253, they are about as secure as Madona in a thong on a 30 day cruise on a Navy sub.

Routers are very simple pieces of electronics, <blah blah blah blah>

1) Most routers (that cost more than the $5 ones from wal mart) are capable of doing at least basic packet filtering. So, I stand by my previous statement that any router should reject the packet.

2) It was humor. Lighten the **** up.

3) If the things I've heard about Navy sailors on subs are true... Madonna should feel perfectly secure on their sub (yes, even in a thong)

4) Any Navy sailors IRL that just got offended by #3... see #2

Lalolyen · #6 10-09-2007, 02:54 PM

LOL @ RangerDown no, they don't forcefeed saltpeter any more =P That was made illegal by the UCMJ about 10 years ago.

Quote:

If you want to impress us, don't try and reverse engineer minilogin, play by the rules and just help out on the project, and use that skill to progress the emulator. Surely there's some functions still to be found in eqgame, right?

The objective was not to impress, it was an attempt to "open source" the entire project with little effort.

I do not have the time or patience any more to construct a cpp program from ground up. I can look at the code and figure out a mistake or bug fix, ask KLS, but I'm simply not patient enough any more to sit and code from ground up... IF someone wants to sniff those packets and figure out what's going on, and assimilate that, go for it... However I must say I'm a big non-supporter of emulating and emulator of a program.

Lalolyen · #7 10-09-2007, 02:57 PM

Now, here is the point...
1) The source has been cracked.
2) I was told it could not be done by several people
3) The code IS VERY intelleagable after being told it was impossible.
4) I was told I found "Nothing", so the "nothing" of a source of what was cracked was posted for any with intermediate cpp backgrounds to have a hay-day with being its "nothing" and being I don't have the patients to do it =).

Furrygamer · #8 10-09-2007, 03:23 PM

Still waiting to see the talk about the deleted thread.

On a side note, I do find it pretty funny that when someone needs a dev they are not around, till someone challenges their power. When this happens an ambush of current and previous dev team members come and join in the fight. You say you have nothing to hide, your actions are saying we just stumbled on eqemu's area 51 and we have our photo proof of the aliens. If I could do anything to you now, I would give you a dishonorable discharge.

devn00b · #9 10-09-2007, 03:34 PM

Errr im not sure about this deleted thread, i didnt see it, didnt read it. But i do lurk here every now and again. Anyone that knows me knows im anti the current dev teams way of doing it. So please leave me out of yer area 51 paranoid bullshit

Angelox · #10 10-09-2007, 03:53 PM

Quote:

Originally Posted by Furrygamer

Still waiting to see the talk about the deleted thread.
.

If you are refering to Kayot's Sourceforge Address post that was de-railed, then that was me. Anyone who reads/knows forum rules will know and understand why I did it.
But since you keep bringing it up, I'll tell you why I deleted the posts;
1 - Mr Lalolyen was Microsoft Bashing and we don't bash MS or Linux or anyone here.
2 - This MS bashing was de-railing the thread.

So now , you can turn your flame towards me and test my patience, see how much I can take.

BTW, this thread is starting to rot even more, you're starting to flame - so go back and read the forum rules before you continue

gernblan · #11 10-07-2007, 10:07 PM

Quote:

Originally Posted by RangerDown

The login server is closed source for two major reasons. First, the original authors of it asked for it to be. Doesn't matter their reasons... if they say they don't want it distributed then, as lessees of their copyrighted LS software, we have to abide by their distribution terms. Second, if the crypto became public, SOE would play a big cat-and-mouse game where they're constantly changing login crypto just to make work for us.

1) NO, it was originally released as GPL, they can't just change their minds once they do that. Sure, they can release future version closed source, Mozilla license, hell use the Microsoft EULA for all I care but the code up to the POINT it was closed again should be available.

2) If the crypto became public it would make no difference because we're not patching our client versions. There's no way to change the crypto without changing the client. Sorry not trying to be rude but you do not know what you're talking about.

#12 10-07-2007, 10:34 PM

Quote:

Originally Posted by gernblan

1) NO, it was originally released as GPL, they can't just change their minds once they do that. Sure, they can release future version closed source, Mozilla license, hell use the Microsoft EULA for all I care but the code up to the POINT it was closed again should be available.

2) If the crypto became public it would make no difference because we're not patching our client versions. There's no way to change the crypto without changing the client. Sorry not trying to be rude but you do not know what you're talking about.

1) It is the crypto that was closed source, both for minilogin and for the regular login server. The crypto in the wrong hands would be a very bad thing, for us and for live servers. Keeping it closed source protects everyone who uses EQEmu and keeps SOE off our backs.

2) plain and simple, the people who coded them dont want the source handed out, they have the right to request that and the Dev team is respecting it. Its been said in the past that anyone is free to code a new one and have it open source, however there is no point arguing over what is there currently, it will not change.

Lalolyen · #13 10-08-2007, 12:10 PM

Matt, just for clairification, crypto is the use really of two keys or a cypher (meaning the use of varable keys). to encrypt/encode something, what the program is using really is a simple encoding process.

About SoE, don't worry about them, or leave them to me. You shouldn't have any issues with SoE while I'm around not unless the LS program has ummm... commideered code from SoE which it didn't appear to have.

Matt I understand the person whom coded it didn't want the source handed out, I know why, dispite what a prior dev had to say, that or either the person was really selfish for some reason, but I tend to believe the other side of it.

Also, if you open source everything we have here, stick the GNU licensing on it (upgrade to version 3 as soon as it comes out btw!!!) you WILL NOT, I repeat WILL NOT have any issues with SoE. If they did try and cause problem, you can count on the attournies of the Free Software Foundation (GNU) to help out, as they hate proprietary corporations whom horde code and try and extinguish those whome compete and create simular code (not to mention their new license addresses code patenents thanks to Microshit).

techguy84 · #14 10-08-2007, 01:47 PM

Quote:

Originally Posted by Lalolyen

About SoE, don't worry about them, or leave them to me. You shouldn't have any issues with SoE while I'm around not unless the LS program has ummm... commideered code from SoE which it didn't appear to have.

Pardon me while I try not to laugh.... *cough HA *cough

What makes you so special.... just curious?

If it involves the, "They cant do anything cause were breaking no laws" your right. But heres the thing about SOE. There a big company, and big companies can put a whole world of unnessecary hurt on small communities like us. They can drive us to lose lots of things just to put up a defense against them. Most would not be willing to bankrupt themselves and lose thier house just to at least get a lawyer that would work with them in court. And without proper defense and a deep knowledge of the law, whether your in the right or the wrong, your still going to lose cause you have no idea what your doing.

Its just flat out not worth it, tempting fate that is.

Edgar1898 · #15 10-08-2007, 02:07 PM

Heh, I really doubt that you were able to decompile my program. I have yet to find a decompiler that can decompile an exe and produce anything but useless garbage from it. Even a program as small and simple as minilogin. If you really have somehow decompiled it, send me a portion of the source code. I have the source code so dont worry about sharing it with me.