Throx: yes, but isnt there a requirement to have it say on the box...This product contains encryption due to certain restrictions...for example no encryption what so ever can be taken to France last I recall (this may have changed the last 2 yrs). So if we just all learn french...we can use the completely unencrypted version.
Yeah, the public/private key thing works as long as you keep the private key...private.
I wonder if there's some telltale signature that could be used to suck the private key out of the client. Then you could decode the session key. Once you have this, the session security is breached.
Heck, I'm sure that they figured this would at least take a few days or weeks before it was figured out and put some balance back into the game for the time being.
The most powerful computer in the world is the multiprocessor known as SourceForge.
I love it.
Blaze,
Yes -- generating the key at the client works, too, as long as it is sent with the server's public key.
Either way, though, the session key is in the memory space of EQGAME.EXE, which, when examined carefully, should provide significant insight into the operation of the scheme.
I should have been more specific... When I say the Achille's heal of Verant is the fact that we have unrestricted access to the client, I was referring to a worst case doom and gloom scenario -> SEQ requires a memory leech on the Client machine.
Does that effectively break SEQ as a passive device? Yes... but the end result is that SEQ can still be used just as it is now, but with caveats.
My point was, they can never truely disabled SEQ, even if the risks of running it increase.
Although, there are ways around even that, but 99.9% of you would not like the solution offered... and I suspect, if that is the final solution for SEQ, there will be a lot of stupid people using the SAME memory leech, leading Verant to scan for it, leading to your account being banned.
But, all is not lost yet ... some very interesting things have cropped up with the new scheme. The real brains behind the operation are slaving away in the back room as we speak... I throw them raw meat every now and then when they fights get out of hand... keep them hungry, but not too hungry, that's my motto.
JackofAllTrades: I think you are falling to understand the nature of PKI Encryption.
Let me explain what EQ does with it's keys as I've been able to gather from the expoerts here.
The eq client does two forms of encryption.
The first form is called Public Key Encryption. This method of encrypt has two keys associated with it. A public one, and a private one. The Public Key is used to encrytp the data, and the Private Key is used to unencrypt the data. With a large enough key it is virtually impossible to derive the Private Key from the Public Key. It appears that Everquest may be useing a key as large as 640 bits. Which means that all the computing power on the planet would not be enough to brute force test all the key combinations in a timely fashion to find the right Private Key. This type of Encrypt is rather slow, and uses a lot of CPU time. It's not a good match for sending all the encrypted data to the client because of this. So it is only used once... every time you zone.
When you zone The client generates a session key, which is now a 64 bit key encryption system. This is not a PKI type system.
There is now Public Key, and Private Key... The same Key is used for both. This type of encryption is very easy for the computer to calculate, and it perfect for all the ecrypted data that is normally sent back and forth. That's what it is used for.
The client encrypts the generated session key using the Public Key in the above method. Then sends the encrypted session key to the server. Where the server uses the Private Key to unencrypt the session key.
Now the server, and the client know the session key, and showeq does not...because seq doesn't have the Private Key and can't decrypt the session key from the packets it see. It can't get the Private key from those packets, becaue it was never sent back and forth over the net.
Having said all that... I think the hard core corders have hinted that they have come up with a way to eliminate a lot of the Public Key/ Private Key cominations. Either that or they have emlinated a lot of the Session Key cominations, maybe making it possible to find the Keys in a timely manor. This type stuff is DEEP crypto-analyse, and works on the idea that the data they are encrypting is realitivly repeatative in nature, and there for sort of creates a finger print in the kay space used.
Ratt:
My personal view on wither to pull keys client side form memory.... (It's just a vote.)
If the hinted at break through is going to take a time period messured in a few weeks, or less, than I think I can handle that.
But if it's going to take a few months.... I'd like that option to get the keys client side.
I have a lot of faith that the dev team can pull this off. I've done a lot stuff in the DSS television world... There is ALWAYS a way.
We could take the Echostar hacking approach... which isn't a bad idea as a fallback for encryption changes anyway, we already effecitvely have the infrastructure for this (gm on the irc channel).
dumb question:
Even if we are running a program that shows up on the task list, what gives them the right to scan our computers? To me that would be somewhat Illegal. Scanning "thier files" and "their directory" I understand. Wouldn't they risk a lawsuit for scanning things they have no business scanning? Or does the EULA state : "by clicking yes you give us permission to scan your computer's hard drive, memory or both for anything that we might find against said EULA and ban your account for etc"
If this is true why do they allow EQW to run it is 100% obvious it is running in the tast list? Why not ban all those accounts that are using EQW?
I haven't posted in quite some time because I haven't had a lot to offer. Perhaps someone may remember me from HackersQuest.
This is getting a bit off-topic, but a valid question. Microsoft tried to scan computers for data and found themselves subject to a huge class-action law suit. They had to completely back off their stance on collecting data.
I thought I heard EQ going through similar problems. I'm sure there are a number of items they would like to collect from client systems. I believe they quickly backed off, as did Microsoft, as the result of a class-action law suit or a threatened class-action law suit.
If they could test for apps in memory, Xylobot would be out of business.
I don't think putting a small piece of code on the client would be a problem, but don't take my word for it.
ThePowerTool
Actually I felt it was quite on topic since Ratt made mention to the fact that they could scan our memeory and task lists etc if the progject went that direction. Which is the reason I ask that question. I have read the EULA and learned the following:
Seems *if* and only *if* you request technical support you give them the right to scan your computer for such support and debugging as stated in the EULA. Therefore any scan done to your computer by SOE without your express written consent would be deemed as a "hack" and or "attack" by a 3rd party on your computer and the proper authorties should be notified. And of course if they were to do this in mass they would be subject to a class action lawsuit.
That is my understanding. I could be wrong, but that is what I believe to be true.
Ok this is obviously off-topic but....
DrHack has a point. It's still encryption ( even if it doesn't appear to threaten government interests ) and SoE would still have to gain NSA aproval before shipping it over seas. Maybe the easiest fix is to put in a call to the NSA?
Well, regarding SOE ability to ban you - they can do that whenever they feel like it. It is only scanning of memory/HDD that is illegal for them, but they never have to admit to that. In other words, they can scan memory, find 'suspected users', log all their in-game talks and ban them. Later they can say they banned them based on info acquired thru their in-game conversations.
So, what we need is memory snooper that is indetectable. My suggestion would be to make program that generate new snooper every time, with different program structure and name, and run it. So you run mySnoopGen.exe, which will generate (either directly, or generating source and using some free compiler) myRandomName_03.exe and start it, and exit from mySnoopGen.exe
This way we will have different program with different structure and different name every time in memory. It is very hard to scan and to be certain that you found such program.
Program that generate can be renamed once, no need to be always renamed - scanning HDD for file name is possible, but scanning HDD for content within files is something noone will do.
BTW, even actuall memory snooper (myRandomName_03.exe) does not need to be renamed/regenerated every time, only once per user. Key problem here is to make generated snooper without any easily identifiable code footprint. Considering that snooper only need to read from memory and send packet out (which most programs do and therefore use similar code), I believe it is possible.
Another option would be to make snooper program such that EQ can not 'scan' its memory. Now, I do not know what exact limitations programs have for reading memory in Win32 that is outside their own ... but if for example normal process can not read memory of kernel process, then we need kernel level snooper ( snooper.sys or snooper.vdx or whatever )
Last edited by lostinspace; 10-25-2002 at 01:51 AM.
Anything that you have running on your PC, you can bet VI has running on their PCs.
Trying to hide a client side leech seems silly. (VI will have disected SHOWEQ and will fully understand how you "Hide" the leech.) If they scan your box *Looking* for a leech they will find it.
As long as a small percentage of players are using SEQ it doesnt seem to have a big impact. I would think that Sony/VI are very tied up with PoP, EQ2 and SWG.
In a week or 2 the encryption will be cracked, POP will not be new anymore and all will be back to normal. Sony gets what they want... no SEQ farming for a few weeks during the release of POP and the SEQ users will have a working "overview" of EQ again.
Only a complete moron (yes I know they are there) would talk in game about anything related to SEQ. So this hardly seems a reliable way to "find people." We simply need a way to monitor our own memory/connections to detect intrusive 3rd parties that shouldnt be doing snooping us. I assume everything I say or do is logged. I am perioniod what can I say?. In other words, they can scan memory, find 'suspected users', log all their in-game talks and ban them. Later they can say they banned them based on info acquired thru their in-game conversations.
Scanning tasks is like looking at your lover's diary and finding out something that hurts your feelings. Not much you can do about it but feel bad.
My position FWLIW is passive is better, but if it's going to be a pain.. screw it.
You've always had the big gun, you just never used it. It's easy enough to hide a leech and having it demonstrated that they cannot possibly win this tussle they may save themselves a lot of developer*hours trying to and SEQ devs some sleep defeating them.
In the long run it may save everyone a lot of work if everyone is painfully aware EQ cannot win this particular battle. They can spend their time more efficiently making a better game. Really, if the game were good enough there would be no need for SEQ.
They spent who knows how much money to defeat SEQ in PoP. (hopefully not much but who knows) Ultimately this is all wasted money. Since they can't help themselves being wasteful, maybe it's up to the SEQ devs to help them realize how wasteful that was.
Also let me take this opportunity to thank all the hard work of the devs. Your Karma overfloweth.
dn
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote