A little keyreader example code

[Gleep]

I've been examining the different sources posted, and one thing stands out in my mind as a red flag:

You CANNOT leave the sniffer active during the entire session.

/tell <gm> I'm sniffing the encryption key. Wanna watch?

Think about it. How short is the code to take the snapshot? You've got MANY examples to choose from... 50 lines (including comments and processing.) That's not very much. How hard do you think it would be for them to send that snapshot back to SOE and allow them to compare notes?

<ENTER SOE NAZI control room>

test.exe here... here... here... here... here... here.... here.... and here.... etc.

sniff.exe here... here... here... here... here... here... here... here... here... here... here... etc.

key.exe here... here... here... here... here... here... and here... etc.

All roughly the same size... All starting at about this date...

Conclusion: They're up to something suspicious. Ban them all, just because we can.

<EXIT control room>

Remember that poll they had a while ago?? I don't remember the exact wording, but I'll paraphrase it for you:

... Would you mind if we scanned your system for running applications that might violate the EULA? ....

I'll admit it, at the time, I said "Sure, have at it. I have nothing to hide." Granted I didn't have SEQ running then,
but even if I did, it's a PASSIVE thing, they can't tell it's there unless they're ACTIVELY monitoring my every move, or I flat out tell them I do.

Yeah, Sure, they *SAY* they're not scanning systems, but it's a corporation. They LIE. We should expect it. It's the American Way!


How difficult do you think it would be for them to send this snapshot code TO YOU while you're playing, execute it every so often, and discard it when you exit? Nothing says they have to put ALL of the code that gets run in the files on your machine. It is after all a NETWORK application that you've given permission to execute on your system. What's to keep it from pulling in some additional code and executing it without you ever knowing about it?


Anyway, enough of that. If this is going to work properly, (and safely,) then the sniffer must do it's business in one pass and terminate completely. It wouldn't be difficult to establish a means by which to tuck the sniffer away in a dark little corner of your computer, and call it every time you zoned to get the new key.

Personally, I've already established *MY* method to get the key whenever I need it, I just need to get the sniffing code worked out so that I can get the key whenever I need it without having to leave a HUGE red flag flying. I enjoy playing EQ, but not enough to have to start completely over again.


We've got the decryption routines, we've got the data stream, we just need to obtain the keys to the locks without drawing any attention to ourselves. Think like a Rouge. "How can we do this without getting caught?" ... If you can't play without SEQ, then you shouldn't be playing at all.


Just something to think about...

[mvern]

Running it the entire time, or running it just once, matters not, if they care to scan for it, and in the process invade every user's privacy, they can do so. Currently, they do not scan for anything. If they decide to next patch, then so be it. Personally, I'll be hiding my scanner as well as possible by then. I dont think they really really want to spend the time just to ban paying customers tho.

[Phat_Lewtz]

Hey guys

What is this key thing ?

Do I need it ?

If so Can someone do a step by step on what I have to do to get it ?

I have found only yew leafs show up now in WL but I need to know where the haze panthers are Im trying to skill up on velious armour : )

I suspect its about this key thing I keep hearing about.

Thanks in advance

The PHAT MAN

[Arrendek]

Oh Phat_MAN, the thread explains it all, it even tells you step by step what to do... so how about next time you use all those skills your momma taught you like reading and that little thing called intelligence, and read before you post...
But then, maybe i'm giving you too much credit.

[Arrendek]

Thanks for the help MethHed, even once you told me there was a new one, i couldn't find it but i downloaded the one from smurfette.trifocus.net and its compileing now. Hope that one works

[homer]

Ok, I know a little about programming, enough to get me in trouble, but after talking with a friend, he says the only way SOE would know is if the program itself was running under an obvious name or if they did include some subroutine to notify it that the memory was scanned. But the only the OS would be able to tell if that was happening. And with all the programs out there today, memory managers, virus checkers, etc that scan memory all the time, its not likely to be seen.

Just as the sniffer scans the process list for eqgame.exe, eq would have to do the same just to see if you are running a program to do it.

Am I off base here?

him: only the operating system can/could tell EQ when its memory is being scanned.
Me: Maybe even if its a subroutine in the eqgame.exe itself?
Him: only if the operating system is capable of it. which I dont know of any way.
Me: What do you mean? Isn't XP or any windows going to know when a process is called for? All EQ has to do is tell the OS to let it know when a certain process is run. Right?
Him: only if the ReadProcessMemory somehow sets a flag that tells the processes that its memory was scanned. that would mean a list of task names. eq would have to maintain a list of bad names.. just as this program scanns the process list, eq could do the same.

[Arrendek]

Ok, got the new libEQ.a... and its still not working... every time i run the key scanner, the key it returns is 0xI64x does that seem right? cause it doens't to me... I'm using the last bit of code from this forum... gonna try some of the others till you all get back to me

[fryfrog]

if you are using MinGW to compile it, follow um... MrEvil's instructions pretty well... but its easy...

Download and install <a href="http://www.mingw.org/">MinGW</a>

copy the source to the program into a file, and save it (easiest is to save it in C:\MinGW\bin where the compiler is). I actually named mine "netscape.c" so it was easier to... hide? from there, its very easy :)

Code:

gcc -c keysniffer.c
gcc -o keysniffer.exe keysniffer.o -lth32 -lwinmm

i tried running it from the free telnetd server listed somewhere above, and it worked... only i couldn't close or cancel it. also, while it did grab a key when i pasted it into seq it did not decode. it complained of unknown compression something or other. perhaps i forgot to re-compile or something. i only really want to run this when i REALLY need a decode. i'd rather not have it running all the time.

anyone know how to "ctrl-c" a program that is running from the free telnet deamon "Fictional Deamon"?

[sequser5516]

I got the following message when It ran....

Fatal: ssh_init: Network error: Connection reset by peer

I saw other people had connection refused.....

What's wrong?

[Gnomish One]

fryfrog,

For MinGw on Windows XP you need to use the:

printf ("new key:\t0x%016I64x\n, key);

line. Suspecting that was the case, I took out the #if/#else and executed both printf statements. The second format worked for me.

Gnomish One

[homer]

I got the following message when It ran....

Fatal: ssh_init: Network error: Connection reset by peer

I saw other people had connection refused.....

What's wrong?

In my Redhat 8.0, I had to open up and allow ssh traffic in the built in firewall, it worked after that. That was the same error I was getting.

[Gnomish One]

mvern, et al....

Is it beneficial to reset the debug privs back to the way they were? I notice that the various code snippets seem to save the old state, but never make use of it to put things back the way they were after the program snags the key.

Gnomish One

[sequser5516]

Thanks homer, that got me past that error...now I get this error...


the servers host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.

The server's key fingerprint is:
(A lot of numbers, and letters)

What is this error?

[monster69]

sequser,

take out the -batch command in your upit.bat or keymove.bat file.

this will let you answer yes to a prompt. Once you have done that once, but the -batch command back in and you'll be set.

Monster

[sequser5516]

haha...Ok..got past that part, next error message...

fatal: ssh_init: Network error: Connection timed out

I have SSH running on Linux box, and Firewall allowing SSH traffic...