I was wondering -- could a future version of EQgame.exe sniff port 10000 (outgoing) and see the UDP packet being sent? This would be a huge tipoff -- especially if they could "sniff" the contents of the packet and see that the data exactly matches their 64 bit key.

Sauron

Be a litte creative and xor the key against and other 64 Bit key and redo that on linux - and they have the same problem we have :p

and do you really use port 10000 ...

I agree with your suggestions and appreciate them -- but -- I really still would appreciate an answer. Is it possible for EQgame.exe to watch for UDP packets from a process (and where they are going)? One possible scenario would be to flag the process that scaned their memory space, and then watch that process to see if they are sending UDP packets (regardless of what info is in the packets). I doubt any anti-virus programs scan a process' memory and pops out a small data packet to a local IP address.

Just wondering if it's possible to watch a process and see if it's sending UDP and possible intercept the data. I used the default settings and no encryption / hiding as the simplest example.

I doubt they could pull it off, but hey, we need to be over paranoid =)

Don't use port 10000, thats only a default. You have approximatly 65535, minus ports in use on your network, to choose from, be a little creative and pick a random 3, 4, or 5 digit number for yourself.

I guess if you are a little bent you could always /random 65535 in game....

BTW if any one catches eqgame.exe sniffing packets be sure to share so we can all get in on that $1mil check camp.

fee

Originally posted by sauron
I agree with your suggestions and appreciate them -- but -- I really still would appreciate an answer. Is it possible for EQgame.exe to watch for UDP packets from a process (and where they are going)? One possible scenario would be to flag the process that scaned their memory space, and then watch that process to see if they are sending UDP packets (regardless of what info is in the packets). I doubt any anti-virus programs scan a process' memory and pops out a small data packet to a local IP address.

Just wondering if it's possible to watch a process and see if it's sending UDP and possible intercept the data. I used the default settings and no encryption / hiding as the simplest example.

I doubt they could pull it off, but hey, we need to be over paranoid =)

In a way we're in the same boat as SOE. They can't stop us from pulling the key out of memory because we have access to the client. Likewise we can't stop SOE from detecting our software, because their software runs on the same PC as ours.