Keyring

[baelang]

Keyring home page:
http://members.fortunecity.com/baelang/
(crappy free hosting site. warning: popups)

EDIT: version 2.2 has now been released. (20021213)

redirect yourself here:
http://seq.sourceforge.net/showthrea...&threadid=2613
for version 2.2 code.

---


This is release 2.1 of Keyring.

keyring.exe is a program to sniff encryption keys from the running everquest
program (eqgame or testeqgame).
Code is by BaeLang and based on posts by mvren, hoihoi, kal, UncleBen, and others
on the showeq sourceforge forums.

it works with showEQ version 4.3.2 (and later) with the appropriate libEQ.a.
see http://seq.sf.com for more information.

Features:
* supports multiple config files, allowing seporate ones for test and live.
* loops searching for the eqgame, no timing issues. also includes
UncleBen's debug privledge code so should be able to start up at any time.
* only sends the key when the key changes.
* sends the key via UDP. works with current version of showeq.
* accepts command line arguments
* easy to compile and install. comes with a makefile.
* works on XP and ME. i haven't tried it on any other OS.

BUGS:
* none known at the moment.

I compiled this with the free gcc compiler for windows that comes with the
cygwin distribution. cygwin is free, easy to install and update, and lets
you select from many, many, unix-type utillities including an x-server if
you so desire.
http://cygwin.com/faq/faq_toc.html

it should also compile as is with mingw, which is another free gcc compiler
for windows.
http://www.mingw.org/

it is also reported to work with lcc:
http://www.cs.virginia.edu/~lcc-win32/

minor modifications may be needed for other compilers. ymmv.

To get it going, here's what you have to do:

* verify that you have a compiler of some sort.
I strongly suggest the free ones listed above.
* download the attached tarball.
* extract the archive: tar -xzvf keyring.tar.gz
* cd keyring
* read the README file
* make
* make install
* cd c:\keyring
* using your favorite editor, edit the keyring.ini file
you will need to change the IP address and the udp port
to which the key will be sent. remember that the default port is
10000 but that is NOT the best choice.
* at the dos prompt run keyring.exe
or use the run prompt: start->run->C:\keyring\keyring.exe
or browse the fulesystem and double-click keyring.exe
* start up EQ and enjoy!
* leave this program running and start up EQ. you should be good to go.
* use ctrl-c to end keyring.exe after you have closed down EQ.

useage:
keyring.exe
-h print output help information (but you knew that, didn't you.)
-f <path/to/config/file> specifies the path to some config file
-v run in verbose mode (copious debug information)
-i <interval> specify the send interval in seconds.
-a <address> send-to ip address
-p <port> send-to udp port
-n <name> name of program to search for (i.e. eqgame or testeqgame)
-o <offset> key location
-e run once and Exit. (no looping)

feel free to send me patches. i maintain a small CVS repository for this code.

SECOND NOTE: Source code in Zip format is avaliable on the web page listed above, in addition to a binary distribution.

[a_necro00]

Compiles perfect with lcc also, a very simple & easy to use C compiler, it will even includes the needed libs automatically.

http://www.cs.virginia.edu/~lcc-win32/

Excellent work baelang, it sends the key every time I zone.

[fryfrog]

if you use the read access instead of full access, does that stop the error 5 when you close and re-open the scanner?

if that is the case, i'll toss an exit(0) into your while loop and just run the program (once) when ever i really need a decode isntead of looping it. i'm at work right now so i can't test to find out.

[baelang]

Originally posted by fryfrog
if you use the read access instead of full access, does that stop the error 5 when you close and re-open the scanner?

if that is the case, i'll toss an exit(0) into your while loop and just run the program (once) when ever i really need a decode isntead of looping it. i'm at work right now so i can't test to find out.

I plan to add a no-looping option. however, i haven't found a way to avoid error 5 (on xp) if you close it down and then restart. even messing with "at" and system services. it's probably just me though, since this is my first attempt at win32 programming.

[fryfrog]

check out the uncle ben's thread, his appears to work in the way described.

[MisterSpock]

The AT command in Windows 2000 launches the application with the SYSTEM account credentials.

This was considered an exploit, as you could run applications with higher security privs than you would normally have. This included the ability to give yourself administrator access.

This has been rectified in WinXP. Applications launched with AT run with the LOCALSERVICE account. LOCALSERVICE does not have the level of access that SYSTEM had, so you will get an error 5 on your program with AT in WinXP.

There are several ways to get around this problem. One is to include code in your sniffer to enable debug privs. There is another method that has been shown on this board at least once (that uses SetSecurityInfo and SetEntriesInAcl) that also works. With either of these code pieces included and called from your sniffer, you can launch it from the AT command.

Another possible method that should work (although I have not tested it) would be to add the LOCALSERVICE account to the Administrators group. In theory, it should also clear the error 5.

[fryfrog]

the error 5 happens when you run the program once, control-c it and try and run it again on the same eqgame.exe. i got around this by just putting a "press any key" pause into the loop so it wouldn't send the key unless i wanted it too... but with this method it is still active and hanging around. i just wanted a program that could run once, get and send key then exit. if i set an "exit(o)" right after the sending of the key... it would only run once on that eqgame.exe, getting an error on any further runs.

[dana523]

This is a stupid question but I need to ask it where do i extract the file to i do the tar but i get the error

tar (child): keyring.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed form previous errors

and i get it with tar -xzvf keyring.tar.gz and keyring[1].tar.gz

[baelang]

Originally posted by dana523
This is a stupid question but I need to ask it where do i extract the file to i do the tar but i get the error

tar (child): keyring.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed form previous errors

and i get it with tar -xzvf keyring.tar.gz and keyring[1].tar.gz

When you extract the archive, you need to either be in the directory where you saved keyring.tar.gz or specify the full path to it.

you could have saved that file anywhere on your computer, so i can't help you further than that.

except i should note that some web browsers may automatically uncompress the file when you save it. so if keyring.tar.gz isn't on your computer, you may have keyring.tar instead. the "z" option to gnu tar is for compression. if your archive isn't compressed, then leave off the z.

[dana523]

Ok great I got that going now i am in keyring but cannot edit the ip from here i type

edit C:\keyring\keyring.ini

i get bash:edit: command not found

also when i go into the cd \keyring.ini\ it goes to a > and a curosr

this dir im in is the keyring dir and the 2 files i have there are keyring.exe and keyring.ini

there is also another question when i go to run this i get

bash: keyring.exe: command not found

[Mr. Suspicious]

Ok great I got that going now i am in keyring but cannot edit the ip from here i type

Just use notepad or your prefered textfile editor.

bash: keyring.exe: command not found

Simply run the executable via start -> run OR browse to it using Windows Explorer and double click it OR go into a DOS command shell and CD to it and run it from there.

[baelang]

Originally posted by Mr. Suspicious


Simply run the executable via start -> run OR browse to it using Windows Explorer and double click it OR go into a DOS command shell and CD to it and run it from there.

or even specify the path in bash: ./keyring.exe or c:/keyring/keyring.exe

or add c:/keyring to your path environment variable.


EDIT: by the way, i am somewhat shocked that over 220 people have downloaded version 1 of keyring. i had no idea there were that many people interested in it.

[dana523]

ok great ty for that now i still have grey spawns any idea there

might have had the worng ip checking now

had the wrong ip got it going now thank you for all your help..

[baelang]

as promised, here is keyring version 2 code in zip format.

EDIT: see the latest version thread. (2.2 or later)

[dpaschal]

This may be a silly question, but can keyring be coded so we can compile it either for win32 or linux? I personally would like to run it on the linux box with showeq, or is that a bad thing?