PDA

View Full Version : Packet structure? Anything odd going on?



Kurack
03-21-2002, 09:30 AM
Per this thread over at FoH site, it would appear that someone is claiming that EQ has some type of keystoke monitoring system in place.

http://www.fohguild.org/forums/showthread.php?s=&postid=3641#post3641


Now who better to ask about this than the fine people over here...

I'm just wondering if showeq monitors both sides of the traffic or just the server side?
Have you guys noticed anything coming from the client and thought it was garbage?


Just curious really...

high_jeeves
03-21-2002, 09:39 AM
Take a moment and fantasize about the amount of traffic that would be generated if they had a keystroke logger... Now imagine how that would dwarf the amount of traffic normally used by the games. Now, imagine how much money it would cost Verant to upgrade their machines/networks/databases to receive, process, and store those keystrokes... Now, think again about your question.

On the other hand.. 90% of the keys that people hit get send to the server in one form or another (executing a command leads directly back to a keystroke, any chat or / command gets relayed to the server in one form or another).

It appears that FoH is worried about GM's seeing guild chat.. of course they can.. guild chat has to go to the server, but that is not the same as a keylogger.

Its fun to read threads about how pissed people are that they got caught cheating... I love how GM's are evil morons when they catch people cheating... This is exactly the kind of crap I would expect from FoH :)

--Jeeves

shadowcat
03-21-2002, 10:13 AM
Jeeves--

Read the posted linked from that user. I actually can believe they could turn on a monitoring program that monitors the keystrokes in the client. They have full control of the client.

Now I'm saying that they could monitor things typed into the client but not on the system. And the person stating this also mentioned that when the monitoring was being done, his lag increased noticably.

As far as I know, it wouldn't be illegal for them to do that but it would be if they ran some kind of keystroke logging program on your system.

high_jeeves
03-21-2002, 10:34 AM
Actually, it wouldnt be illegal.. immoral perhaps, but not illegal... Unfortunately, the laws have not kept up with the technology...

I'm confused by this:


Now I'm saying that they could monitor things typed into the client but not on the system.

Can you give me an example of something you type into the client but not into the system? The only thing I can think of is something that you delete before you press enter, or something that you do in a /note. Neither of which seem like something that they would want a keylog on.

I dont think they keylog, because nobody has given me a reason (here or in the FoH thread) WHY they would keylog, and what they would gain from it.... perhaps I'm missing something.

--Jeeves

shadowcat
03-21-2002, 11:48 AM
Actually, after I posted, I realized that the client monitors all keystrokes ... CTRL, ALT, etc. I guess the question is whether that information is passed on to a "GM". If what that person on the thread is speaking the truth, then it seems like they can have the client report keystrokes with noticable traffic on the client's side (at least with a 56k modem).

Of course we are getting off the subject that the original poster was talking about.

showEQ monitors information from the servers to the client. It interprets the packets into what you see on your showEQ screen(s). I don't think it monitors the information from the client back out to the server.

high_jeeves
03-21-2002, 12:40 PM
It monitors traffic both ways. Some information (where the current player is, for example) is taken from client -> server traffic. Other information (zoneing for example) is different depending on which way it is going. Check packet.cpp and you will see references to packet direction.

--Jeeves

fryfrog
03-21-2002, 09:34 PM
could the new "traffic" be due to the being able to chat while zoning? they would have to store this client side and then wait till zoning is done... then send it when its done zoning...

S_B_R
03-21-2002, 11:48 PM
Originally posted by fryfrog
could the new "traffic" be due to the being able to chat while zoning? they would have to store this client side and then wait till zoning is done... then send it when its done zoning...

Good point fryfrog. Also the server Queues tells sent to you while you are zoning so that would be extra traffic too once you finish zoning. Not to mention the Global chat channels would be more traffic too...

fryfrog
03-22-2002, 12:16 AM
humm, i read that foh thread and aparantly this "ability" has been around for a while. imho, it seems to be just plain bs. but, then again... i spose if you think about it... it really isn't THAT move more traffic i would think.

since pretty much anything you type is going to goto the server in some form (pressing alt 1, typing /tell X) it might not be horrible. though, while this is running i would expect a double or tripple (at least) in the amount of traffic generated.

i know the normal eq stream runs at between 1-3k/sec. 2 eq sessions and 2 daoc sessions only use about 5k/sec total. if EVERY single char was sent one at a time (every single ascii code) then it would generate HUGE amounts of traffic.

also, w/o your consent this is not legal as far as i know. i spose it might be quasi legal if it were in the EULA... but i doubt it would stand up in court.

they got their BALLS busted when it was discovered they were looking at your task list... imagine if they were logging all keystrokes... what would stop them from say... logging for a few min after you log in... or what would stop them from sniffing your network for traffic?

high_jeeves
03-22-2002, 12:41 AM
I'm still missing a why here... what would they gain by logging keystrokes? What could you possibly be doing that isnt tranmitted to the server anyways?

I seriously doubt they are doing it.. mostly because there doesnt appear to be any reason to.

I think legally, they are perfectly sound ground... they could simply use the excuse that they need to check each keystroke on the server to make sure you werent cheating, or such... they are already transmitting 90% of your keystrokes, why would it be illegal for them to transmit that last 10%?

As for the task list sniffing thing.. they got their balls busted by their customers, they were on OK legal ground there... there is no law disallowing that behavior, therefore making it legal... It was just good business sense that made them stop (too bad that business sense didnt kick in before they started :) )

--Jeeves

Cyra
03-22-2002, 11:19 AM
Well, finally I can contribute a bit...

"/snoop Furor" is a command available to Senior Guides and above. It brings up a text window that exactly mirrors the chat box of the person you are snooping.

Anything that is /snoop'd can also be logged, as in a normal log file. Certain people (probably Furor) are /snoop'd practically 24/7 just because they are notorious and probably entertaining to boot. Once in a while, GMs parse those logs when they get a bug up their asses.

That is all I know with 100 percent certainty.

I also recall at one time someone wrote a little program that did real time parsing for "hot words." It was supposed to run off a client unattended, similar to EQWatcher. Not sure it was every really used much, or if like EQWatcher it was more of a novelty.

Cyra
formerly Eq_girl on the Hackerquest forum

Pigeon
03-23-2002, 07:40 AM
I don't see the POINT of having a keystroke logger.

All I can see it catching is people using weird shortcuts for people using macro programs in the background... but who gives a crap about that? Verant can already listen in on all the in-game chat channels- having a keystroke logger is pointless. If someone explain to me how Verant would benefit from being able to see my guildchat and /says BEFORE I send them, as opposed to AFTER I send them, which I know they can do, maybe I'll start believing this. As it is- they can log the X, Y, Z coordinates of my character, they can log everything I say in chat... keylogging is just some tool for some power-happy GM.

My personal guess is that Furor guy is a dumbass and some "friend" of his installed BackOrifice on his comp and pretended to be a GM. Either that or he thought he saw something he didn't. (and is a dumbass- you can see where I'm going with this =P)

Legality... don't see any problem with it. EQ already listens for every keyboard command we type, otherwise our "forward" button wouldn't do anything.

S_B_R
03-23-2002, 02:03 PM
I'm inclined to agree with Pigeon on this matter... Unless people spend alot of time typing messages and then erasing them before they hit enter, this keystroke logger would be pointless. Since the only person you could communicate with in this fashion would be a GM that is already watching you...

high_jeeves
03-23-2002, 02:17 PM
/agree Pigeon, S_B_R

--Jeeves

fryfrog
03-23-2002, 02:56 PM
i see it having two uses:

1.) catching people using macro programs (xylobot uses [ key)
2.) catching people who are duping.

since this guy said it happened to him a long time ago, maybe it was when duping was fairly rampant. since duping typically involved a LOT of mouse clicking (and no real typing) having where the mouse was going and doing stuff might have helped learn/expose dupers.

asside from that, i don't see ANY reason for a key logger either. i don't think they would waste THAT much bandwidth (cause, i really feel it would be a lot) just to see what keys someone is pressing. i can maybe see it being an on/off feature in the client for gms to use... but again, i think if this were the case SOMEONE would have noticed it besides this ONE guy.

PawnOrc
03-27-2002, 05:40 PM
I know only a few things about this topic and I will try to keep all speculation out of this post (until indicated).

1. There is a "cheat log" program at VI. It --appears-- to monitor the "database" of information VI saves on every aspect of EQ. The output from this program is evaluated on a periodic basis for two reasons I know of: to find the odd cheat and to find anything outside the "box." They actually look at data to see if players are achieving things in a way outside the "vision."

I have not seen the program or its direct output. I have seen discussion within VI based on the output of the program.

2. GMs do not use the same client as players. In fact, at one point the deep dark secret at VI was the existence of a windowed client. Don't know what happened to it. I do know at least one employee who was afraid of being fired for having said something about it at the first VI sponsored EQ party.

3. The most serious cheating issues in EQ have been by VI employees. The upper part of the CS staff is spending more time watching the GMs than they are the players. The VI people use A LOT of security proceedures to keep their under payed and typically young GMs in line. They in fact do monitor virtually every key typed by a new GM for the first X weeks (X changes over time).

4. The serious dupe bugs in EQ where the top of the staff's priority list when EQ first went public. Remember the oven bug? That was truely silly. Those were the things they were worried about. I know for a fact that certain bug hunts involved keystroke level evaluations. What I don't know is whether they did this outside the VI office or not.

Speculation: VI management tends toward the paranoid edge. I can not believe they would knowingly let a non-employee find out about ANY security or debugging resources. They don't even tell the GMs what is going on. I do not believe that any non-employee was privy to the stuff posted on the subject page.

On the other hand, I do know a whole bunch of total nut-balls who once worked at VI. They have had some real odd people in-house as GMs.

Be careful what you believe.