Go Back   EQEmulator Home > EQEmulator Forums > Support > Support::MiniLogin

Support::MiniLogin Support forum for problems with the official MiniLogin release.

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 04-29-2008, 12:47 AM
sdtuasrt, MD
Fire Beetle
 
Join Date: Dec 2007
Posts: 26
Default Minilogin Woes

I apologise if this has been rehashed somewhere before. I haven't been able to find it. I also have had no help with the Wiki.

This is the problem I am having.

I am attempting to play EverQuest using a correctly functioning server. Everything works. I repeat, everything works. I can login to the server, run around, kill things. The problem is when I attempt to run more than one character.

I am using minilogin. Minilogin does not give a damn about what account name I enter, it seems. It only cares about IP. If I create two different accounts, say, mini1 and mini2, both see each other's characters. This creates a large problem.

When logging in, I appear to be considered to be one account -- account and IP are correlated. Therefore, when zoning, there is an insanely high amount of disconnection. I can normally run four separate copies of the EverQuest client on my computer, and used to do so regularly on certain of the public servers I played. As long as I had enough separate accounts, there were no issues.

As I understand it from what I have read on boxing, there are issues with the emulator with having multiple logins from the same account. This is the crux of the problem.

It is impossible to box from one computer, be it for testing or playing purposes, with minilogin. I find it quite ridiculous that I need 4 separate computers if I want to play four separate accounts with minilogin. Half the attraction of minilogin to me is that I thought I could use it to test modifications to the PEQ database without having to go through the hassle of getting the server connected to the public login server, and having it display for everyone, something I should not like to do, as it is possible that the idea I have for a server may not work.

Is there any solution to my problem using minilogin? I'm fairly sure there is none. If I am mistaken, I beg apology. However, everything I have read and been told, and from personal experience in boxing, tells me explicitly that this is due to the fact that I am attempting to play several different characters from one account, something I cannot seem to avoid doing with minilogin.

Thank you for your time.
  #2  
Old 04-29-2008, 01:50 AM
cole89103
Banned
 
Join Date: Apr 2006
Location: America
Posts: 173
Default

minilogin is ip based the only way to run more then one client from the same ip is to change the ip of the non active accounts before you zone the active character this must be done each and every time before you zone a character the correlating accounts ip has to be set to the correct ip and the non active (non zoning) Accounts must be changed to 0.0.0.0 for instance.

I am working on a system to make this process easier based on an example i saw on the forums not too long ago ill post the binaries when ive gotten it working untill then all i can suggest is using the minilogin php login script from the following post

http://eqemulator.net/forums/showthread.php?t=22846
  #3  
Old 04-29-2008, 02:19 AM
sdtuasrt, MD
Fire Beetle
 
Join Date: Dec 2007
Posts: 26
Default

So, just to clarify:

I have three characters, a warrior, a cleric, and a druid. When zoning the account the warrior is on, the warrior's ip is the correct, real IP, and the ips of the accounts the Cleric and Druid are on are set to anything but the 127.* block?
  #4  
Old 04-29-2008, 05:25 AM
Aramid
Discordant
 
Join Date: May 2006
Posts: 356
Default

Quote:
Originally Posted by sdtuasrt, MD View Post
So, just to clarify:

I have three characters, a warrior, a cleric, and a druid. When zoning the account the warrior is on, the warrior's ip is the correct, real IP, and the ips of the accounts the Cleric and Druid are on are set to anything but the 127.* block?

Basically, yes ... UNTIL you zone those characters. You would then have to change there IP's to the correct one, one at a time, while changing the one that has already zoned to the incorrect one.
The reason is because minilogin only uses the IP address of the computer for identification. There is NO source code available to change this, never will be.
__________________
Random Segments of Code....
  #5  
Old 04-29-2008, 12:32 PM
sdtuasrt, MD
Fire Beetle
 
Join Date: Dec 2007
Posts: 26
Default

Quote:
Originally Posted by Aramid View Post
Basically, yes ... UNTIL you zone those characters. You would then have to change there IP's to the correct one, one at a time, while changing the one that has already zoned to the incorrect one.
The reason is because minilogin only uses the IP address of the computer for identification. There is NO source code available to change this, never will be.
And I take it that decompilation of it would be a no-no.

Let me ask another question.

From what I can gather, minilogin does 'nothing' more than receive incoming client connections, displays a list of servers, and then redirects the client to the server.

Is this the only point at which minilogin is used? Or does it come into play during zoning, etc? If it is the only place during which it is used, it would be relatively simple for one to construct a small program which just automatically sent the correct packets when one says in the client, "Let me automatically reconnect to the last server I was on," and ignores other input?

Hm.

Hold on, need a packet sniffer.
  #6  
Old 04-29-2008, 01:43 PM
cole89103
Banned
 
Join Date: Apr 2006
Location: America
Posts: 173
Default

its been tried you wont get anything usefull out of decompiling minilogin many have tried to make minilogin public and all have failed there have been several work arounds but to make a public loginserver to work how you want it you need the crypto that eq uses to talk to the server and without that you will never get a public loginserver working

better just either use the php updater i mentioned or change the ips manually or use the public loginserver eqemulator.net provides
  #7  
Old 04-29-2008, 02:41 PM
nosfentora
Discordant
 
Join Date: Oct 2004
Location: In a house
Posts: 377
Default

One solution could be to use VMWare or MS VirtualPC. You could install the os once in 1 virtual machine, then make X copies of it, and start each virtual machine. Should give you separate ip's for each machine.
  #8  
Old 04-29-2008, 10:24 PM
sdtuasrt, MD
Fire Beetle
 
Join Date: Dec 2007
Posts: 26
Default

Quote:
Originally Posted by cole89103 View Post
its been tried you wont get anything usefull out of decompiling minilogin many have tried to make minilogin public and all have failed there have been several work arounds but to make a public loginserver to work how you want it you need the crypto that eq uses to talk to the server and without that you will never get a public loginserver working

better just either use the php updater i mentioned or change the ips manually or use the public loginserver eqemulator.net provides
Unless they're using something really, really, really, really, really super complicated, it's crackable. It's always crackable. Someone had to be able to do it in the first place to get the public Login Server to work.

The Login Server, be it the public or the minilogin, has to transmit certain information. It absolutely has to. The Server Name being one of those pieces of information. Unless it is transmitted unencrypted, in plain text, then you have a huge cryptographical advantage -- you know what some of the content of the message already is. On top of that, one should easily be able to discern what the preambles and/or postables of the messages are using the opcodes listed, and indeed, minilogin itself.

There are only three reasons I can think of for the lack of release of source code for either minilogin or the public loginserver. The first is that it contains leaked sourcecode from SOE. The second is that source is no longer available. The third is that people only want software to be 'free' and 'opensource' when it benefits them to do so.

As to the second option, I find it possible, since development has been locked at Titanium. I'm afraid it comes down to a choice between number one and number three.

I readily admit that something such as the loginserver is a non-trivial task. I am also entirely unaware as to the authorship of the public login server -- which is why I believe a possible reason it cannot be made available is due to copyright violation. However, I do know that the emulator itself is open source, and as a programmer, I get extremely frustrated with having to reinvent the wheel. And the axle. And the cart. And the donkey. And all the laws of physics that enable those things to exist.

Oh well. Where's that packet sniffer?
  #9  
Old 04-29-2008, 11:01 PM
cole89103
Banned
 
Join Date: Apr 2006
Location: America
Posts: 173
Default

oh without a doubt its crackable but i dont reccomend discussing it on the forums here cause well most people that have have been banned for one reason or another so watch out lol
  #10  
Old 04-30-2008, 03:05 AM
AndMetal
Developer
 
Join Date: Mar 2007
Location: Ohio
Posts: 648
Default

Quote:
Originally Posted by sdtuasrt, MD View Post
The Login Server, be it the public or the minilogin, has to transmit certain information. It absolutely has to. The Server Name being one of those pieces of information. Unless it is transmitted unencrypted, in plain text, then you have a huge cryptographical advantage -- you know what some of the content of the message already is. On top of that, one should easily be able to discern what the preambles and/or postables of the messages are using the opcodes listed, and indeed, minilogin itself.
This may seem a little off topic, but it should help to explain why minilogin has to use an IP address and doesn't have anything to do with the account name (at least in the Titanium client).

I personally was curious about the cryptography, so for the heck of it, I started sniffing some packets. From what I was able to gather, the login packet that is sent from the client to the server is 56 bytes total, 48 of which are the actual data. From that, there is a 24 byte hash of the username + password. If you're using Ethereal (looking at the entire packet), it starts at 0x4A and ends at 0x55. The last 16 bytes of the packet are apparently a checksum for the data.

Since we know where to look, we can put in what we know to be the username & password, and see what it puts out. Using a lot of math, I'm sure it wouldn't be impossible to reverse engineer the algorithm used, but I'm sure my brain would explode if I tried to figure it out by hand (and cryptography is definitely not my forte).

Because the username is encrypted as part of the hash, minilogin isn't able to decipher it, unless it included the cryptography algorithm (which it doesn't look like it does, because of its limitations). As a result, minilogin doesn't even know what your username is, it just forwards you onto the server itself (including your IP address, which it can detect very easily). So, in essence, your IP address becomes your "username", which is then references back to the actual username in the accounts table.
__________________
GM-Impossible of 'A work in progress'
A non-legit PEQ DB server
How to create your own non-legit server

My Contributions to the Wiki
  #11  
Old 04-30-2008, 07:47 AM
cole89103
Banned
 
Join Date: Apr 2006
Location: America
Posts: 173
Default

little hint word on the grapevine is it uses rc4 encryption but it also uses compression ontop of the encryption just so you know
  #12  
Old 04-30-2008, 08:13 AM
Theeper
Discordant
 
Join Date: May 2004
Posts: 290
Default

I don't think Minilogin uses any type of encryption in communication with World. But why bother trying to decompile it though ? You can see how it works from the server source.

This subject has been beaten to death though. For some reason it has to be brought up again every few months. Someone should sticky the last few "I want to decompile Minilogin" threads.
  #13  
Old 04-30-2008, 08:19 AM
cole89103
Banned
 
Join Date: Apr 2006
Location: America
Posts: 173
Default

minilogin doesnt use encryption you are correct but the client DOES and minilogin is actually just another build of the public loginserver for one minus the crypto obviously. add to that that the client uses crypto to talk to the worldserver and thats what hes going to be siffing or trying to figure out
  #14  
Old 04-30-2008, 08:33 AM
Theeper
Discordant
 
Join Date: May 2004
Posts: 290
Default

You don't need to sniff packets. It's all right there in the server source.
  #15  
Old 04-30-2008, 08:35 AM
cole89103
Banned
 
Join Date: Apr 2006
Location: America
Posts: 173
Default

no its not ive seen the old loginserver source trust me its not in the source if it was eqemu would have been shut down by soe ages ago its also why the loginserver source is guarded so closely the crypto needs to be sniffed with packet and key sniffers it CAN be done if he sniffs the stuff when he connects to the public loginserver but no its not in the worldserver source code
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

   

All times are GMT -4. The time now is 09:23 AM.


 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3