randomuser23
03-06-2003, 08:11 PM
(Sorry if this posts twice, cookie problem...)
Greetings,
Beginning slightly off-topic; Sony is releasing Star Wars Galaxies sooner or later and I have been pondering the plausibility of a SWG Emu (in theory of course :-) Logic might indicate that as SWG is based on EQ source code (or at least a derivative of) that the encryption of the SWG data stream might bear some resemblance to that of EQ.
A slashdot story (http://features.slashdot.org/features/02/12/01/1558220.shtml?tid=127) contains the following explanation of the EQ data encryption (From reading various posts in this forum I am assuming that this is still correct):
"The protocol is not unlike that used by ssh or SSL. A public key is sent from Sony to the client, and the client uses that key to encrypt a random session key and send it to Sony. Theoretically, this approach is open to only a limited number of attacks, all of which run the risk of being detected by the client." (continues below)
What was the approach that was successful? I assume that it was sniffing the resulting session key from the client memory space, therefore the initial session key exchange between server and client is (basically) ignored/irrelevant?
So, as some posters have mentioned previous, Sony could better protect the data stream by using honeypot session keys to throw keysniffers (the program(s) and the users) off the scent(?)
The article continues:
"On Thursday, October 31 ShowEQ broke once again. The protocol now compresses key data to prevent the analysis that was limiting the keyspace that has to be searched."
I don't really understand the second quote, how was uncompressed key data limiting the keyspace that had to be searched?
Forum posts indicate that the session key is also changed during every "zone"?. Does the entire encryption process occur at this time from scratch OR does the client use it's current session key (using formula or something) to generate a new session key?
Logic may dictate that if Sony used the same programmers to write SWG as they did EQ then the data encryption may use a similar method. I have tried to find a list of programmers who worked on Everquest but have not been able to find one, does anybody know of such a list? Is there a "credits" option in EQ (I don't own it) which lists people who worked on EQ?
TIA
Greetings,
Beginning slightly off-topic; Sony is releasing Star Wars Galaxies sooner or later and I have been pondering the plausibility of a SWG Emu (in theory of course :-) Logic might indicate that as SWG is based on EQ source code (or at least a derivative of) that the encryption of the SWG data stream might bear some resemblance to that of EQ.
A slashdot story (http://features.slashdot.org/features/02/12/01/1558220.shtml?tid=127) contains the following explanation of the EQ data encryption (From reading various posts in this forum I am assuming that this is still correct):
"The protocol is not unlike that used by ssh or SSL. A public key is sent from Sony to the client, and the client uses that key to encrypt a random session key and send it to Sony. Theoretically, this approach is open to only a limited number of attacks, all of which run the risk of being detected by the client." (continues below)
What was the approach that was successful? I assume that it was sniffing the resulting session key from the client memory space, therefore the initial session key exchange between server and client is (basically) ignored/irrelevant?
So, as some posters have mentioned previous, Sony could better protect the data stream by using honeypot session keys to throw keysniffers (the program(s) and the users) off the scent(?)
The article continues:
"On Thursday, October 31 ShowEQ broke once again. The protocol now compresses key data to prevent the analysis that was limiting the keyspace that has to be searched."
I don't really understand the second quote, how was uncompressed key data limiting the keyspace that had to be searched?
Forum posts indicate that the session key is also changed during every "zone"?. Does the entire encryption process occur at this time from scratch OR does the client use it's current session key (using formula or something) to generate a new session key?
Logic may dictate that if Sony used the same programmers to write SWG as they did EQ then the data encryption may use a similar method. I have tried to find a list of programmers who worked on Everquest but have not been able to find one, does anybody know of such a list? Is there a "credits" option in EQ (I don't own it) which lists people who worked on EQ?
TIA