Ah, I see. Without stupid laws like the DMCA, Verant wouldn't have a leg to stand on in court. In fact, reverse engineering for interoperability (like the emulator) is usually explicitly allowed in the relevant laws. That's why we all have cheap PCs (someone reversed engineered a closed BIOS and reimplemented it). Personally, I think if Verant wanted to (i.e., felt they couldn't compete), they'd send threatening letters either way.
Although, if someone can figure out the "encryption" just by packet sniffing, then I guess it's not very good encryption. I'm surprised that they (Verant) didn't include real encryption in EQ. It wouldn't be too hard to include a public key in the EQ executable. Since they sell EQ on CDs, secure key distribution wouldn't be a problem. I could see the protocol going something like this:
1) EQ gets username and password from the user. It calculates E(password), where E(x) denotes the encryption of x with Verant's public key. EQ then sends the username and E(password) to Verant.
2) Verant decrypts the password using their private key and either lets in the user or denies him/her.
In this way, the user's password would never be sent in the clear. This would also mean that no login emulator could be made since the emulator would need access to the private key to decrypt the password. Why commercial companies rely on security through obscurity (especially when good solutions are fairly easy to think of) is simply beyond me.
But this is getting way off topic. If we could figure out the NAT problem (not being able to log into my own server if I use gotfrags), it wouldn't be as much of an issue. It would be nice to run a completely independent server, though (Everquest LAN pary? scary...)
|
Threaded Mode
