Going out on a limb here....

_OZZY_ · #1 03-30-2002, 05:49 AM

Is it possible to release the minilogin source code for 0.2.6? I've tried the 0.2.3 source code, but can't get past all the damn errors. I don't know about anyone else, but I want to be able to debug my database without having a bunch of people on my server. I know it annoys them each time I have to restart it. Hopefully, someone has the source or has figured out how to compile the 0.2.3 code for 0.2.6. Thanks in advance.

theCoder · #2 03-30-2002, 03:38 PM

This has been asked for before, but degenerated into flames because the person who asked apparently had some sort of negative history with some other people here. Why the source for login hasn't been released recently wasn't adequately addressed.

It's a shame because they're creating a single point of failure for Verant to attack if they wish.

It's also a problem for those of us with NATs, since we can't connect to our own servers if we use gotfrags.

The only solution I know of right now (it's what I use) is to run the minilogin binary on your Everquest machine, and point your world binary at that machine (in the loginserver.ini file). Then in your eqhosts.txt file, use localhost:5999 as the servers. It works; it's not optimal, but it works.

It would be nice to know why the source isn't being released though...

DeletedUser · #3 03-30-2002, 04:34 PM

Actually, Verant would probably rather attack us if we publicly released the login code. Why? Because a coder had to figure out the encryption for people to login. (Ever heard of packet sniffing?) So if someone spent the time to figure out how to decrypt it like one of our coders did and was able to sniff someones packets, he could get their username and password.

_OZZY_ · #4 03-30-2002, 05:13 PM

The source code doesn't really matter to me, but the only released binary is for Windows. I'm running a RedHat server. If I can't get a *nix binary, I guess I'll set up an old 486 to run the windows version (yuk!). The whole idea was to keep the server seperate from the client, but it's not really that important. I just needed to set up a local deal so I can create my custom database and debug it before I go live with it. Thanks tho.

theCoder · #5 03-30-2002, 05:13 PM

Ah, I see. Without stupid laws like the DMCA, Verant wouldn't have a leg to stand on in court. In fact, reverse engineering for interoperability (like the emulator) is usually explicitly allowed in the relevant laws. That's why we all have cheap PCs (someone reversed engineered a closed BIOS and reimplemented it). Personally, I think if Verant wanted to (i.e., felt they couldn't compete), they'd send threatening letters either way.

Although, if someone can figure out the "encryption" just by packet sniffing, then I guess it's not very good encryption. I'm surprised that they (Verant) didn't include real encryption in EQ. It wouldn't be too hard to include a public key in the EQ executable. Since they sell EQ on CDs, secure key distribution wouldn't be a problem. I could see the protocol going something like this:

1) EQ gets username and password from the user. It calculates E(password), where E(x) denotes the encryption of x with Verant's public key. EQ then sends the username and E(password) to Verant.

2) Verant decrypts the password using their private key and either lets in the user or denies him/her.

In this way, the user's password would never be sent in the clear. This would also mean that no login emulator could be made since the emulator would need access to the private key to decrypt the password. Why commercial companies rely on security through obscurity (especially when good solutions are fairly easy to think of) is simply beyond me.

But this is getting way off topic. If we could figure out the NAT problem (not being able to log into my own server if I use gotfrags), it wouldn't be as much of an issue. It would be nice to run a completely independent server, though (Everquest LAN pary? scary...)