Has anybody looked at the possibility of doing a man in the middle attack on the key exchange? I'm not a programmer or i would give it a try myself. dsniff can do mitm attacks on ssl and ssh connections, just wondered if something similar could be done with eq.
A mitm attack was discussed but the problem is not all the data fields are known. A small change in the datastream would instantly alert the EQ servers that someone was using SEQ - not a desirable feature in an attack.
From what I've gathered so far I think the general rule here has been to stay as passive as possible.
I think making any changes to the network datastream would be much easier to detect than simply reading what is there without changing a thing.
Any time you're changing something sent from the EQ client back to the server, you are basically giving one of ShowEQs big advantages (the code and data is all in our hands) to Sony--the altered data would be in there hands, all they would then need to do is implement something server-side to detect the change.
Also keep in mind that since this is all open source, have no doubt that anyone at Sony trying to detect ShowEQ has the same access you or I do to the methods used here. All they would need to do is find a flaw in the MITM attack (or a way to create one) and they would be able to detect the attack.
By making no changes and only reading what is already there, it makes detection much more challenging, particularly since the detection would have to occur client-side, and if ShowEQ developers can reverse engineer the client, they can see (and most likely find a way to counter) any detection methods Sony implements.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
