I apologise if this has been rehashed somewhere before. I haven't been able to find it. I also have had no help with the Wiki.

This is the problem I am having.

I am attempting to play EverQuest using a correctly functioning server. Everything works. I repeat, everything works. I can login to the server, run around, kill things. The problem is when I attempt to run more than one character.

I am using minilogin. Minilogin does not give a damn about what account name I enter, it seems. It only cares about IP. If I create two different accounts, say, mini1 and mini2, both see each other's characters. This creates a large problem.

When logging in, I appear to be considered to be one account -- account and IP are correlated. Therefore, when zoning, there is an insanely high amount of disconnection. I can normally run four separate copies of the EverQuest client on my computer, and used to do so regularly on certain of the public servers I played. As long as I had enough separate accounts, there were no issues.

As I understand it from what I have read on boxing, there are issues with the emulator with having multiple logins from the same account. This is the crux of the problem.

It is impossible to box from one computer, be it for testing or playing purposes, with minilogin. I find it quite ridiculous that I need 4 separate computers if I want to play four separate accounts with minilogin. Half the attraction of minilogin to me is that I thought I could use it to test modifications to the PEQ database without having to go through the hassle of getting the server connected to the public login server, and having it display for everyone, something I should not like to do, as it is possible that the idea I have for a server may not work.

Is there any solution to my problem using minilogin? I'm fairly sure there is none. If I am mistaken, I beg apology. However, everything I have read and been told, and from personal experience in boxing, tells me explicitly that this is due to the fact that I am attempting to play several different characters from one account, something I cannot seem to avoid doing with minilogin.

Thank you for your time.

minilogin is ip based the only way to run more then one client from the same ip is to change the ip of the non active accounts before you zone the active character this must be done each and every time before you zone a character the correlating accounts ip has to be set to the correct ip and the non active (non zoning) Accounts must be changed to 0.0.0.0 for instance.

I am working on a system to make this process easier based on an example i saw on the forums not too long ago ill post the binaries when ive gotten it working untill then all i can suggest is using the minilogin php login script from the following post

http://eqemulator.net/forums/showthread.php?t=22846

So, just to clarify:

I have three characters, a warrior, a cleric, and a druid. When zoning the account the warrior is on, the warrior's ip is the correct, real IP, and the ips of the accounts the Cleric and Druid are on are set to anything but the 127.* block?

So, just to clarify:

I have three characters, a warrior, a cleric, and a druid. When zoning the account the warrior is on, the warrior's ip is the correct, real IP, and the ips of the accounts the Cleric and Druid are on are set to anything but the 127.* block?


Basically, yes ... UNTIL you zone those characters. You would then have to change there IP's to the correct one, one at a time, while changing the one that has already zoned to the incorrect one.
The reason is because minilogin only uses the IP address of the computer for identification. There is NO source code available to change this, never will be.

Basically, yes ... UNTIL you zone those characters. You would then have to change there IP's to the correct one, one at a time, while changing the one that has already zoned to the incorrect one.
The reason is because minilogin only uses the IP address of the computer for identification. There is NO source code available to change this, never will be.

And I take it that decompilation of it would be a no-no.

Let me ask another question.

From what I can gather, minilogin does 'nothing' more than receive incoming client connections, displays a list of servers, and then redirects the client to the server.

Is this the only point at which minilogin is used? Or does it come into play during zoning, etc? If it is the only place during which it is used, it would be relatively simple for one to construct a small program which just automatically sent the correct packets when one says in the client, "Let me automatically reconnect to the last server I was on," and ignores other input?

Hm.

Hold on, need a packet sniffer.

its been tried you wont get anything usefull out of decompiling minilogin many have tried to make minilogin public and all have failed there have been several work arounds but to make a public loginserver to work how you want it you need the crypto that eq uses to talk to the server and without that you will never get a public loginserver working

better just either use the php updater i mentioned or change the ips manually or use the public loginserver eqemulator.net provides

One solution could be to use VMWare or MS VirtualPC. You could install the os once in 1 virtual machine, then make X copies of it, and start each virtual machine. Should give you separate ip's for each machine.

its been tried you wont get anything usefull out of decompiling minilogin many have tried to make minilogin public and all have failed there have been several work arounds but to make a public loginserver to work how you want it you need the crypto that eq uses to talk to the server and without that you will never get a public loginserver working

better just either use the php updater i mentioned or change the ips manually or use the public loginserver eqemulator.net provides

Unless they're using something really, really, really, really, really super complicated, it's crackable. It's always crackable. Someone had to be able to do it in the first place to get the public Login Server to work.

The Login Server, be it the public or the minilogin, has to transmit certain information. It absolutely has to. The Server Name being one of those pieces of information. Unless it is transmitted unencrypted, in plain text, then you have a huge cryptographical advantage -- you know what some of the content of the message already is. On top of that, one should easily be able to discern what the preambles and/or postables of the messages are using the opcodes listed, and indeed, minilogin itself.

There are only three reasons I can think of for the lack of release of source code for either minilogin or the public loginserver. The first is that it contains leaked sourcecode from SOE. The second is that source is no longer available. The third is that people only want software to be 'free' and 'opensource' when it benefits them to do so.

As to the second option, I find it possible, since development has been locked at Titanium. I'm afraid it comes down to a choice between number one and number three.

I readily admit that something such as the loginserver is a non-trivial task. I am also entirely unaware as to the authorship of the public login server -- which is why I believe a possible reason it cannot be made available is due to copyright violation. However, I do know that the emulator itself is open source, and as a programmer, I get extremely frustrated with having to reinvent the wheel. And the axle. And the cart. And the donkey. And all the laws of physics that enable those things to exist.

Oh well. Where's that packet sniffer?

oh without a doubt its crackable but i dont reccomend discussing it on the forums here cause well most people that have have been banned for one reason or another so watch out lol

The Login Server, be it the public or the minilogin, has to transmit certain information. It absolutely has to. The Server Name being one of those pieces of information. Unless it is transmitted unencrypted, in plain text, then you have a huge cryptographical advantage -- you know what some of the content of the message already is. On top of that, one should easily be able to discern what the preambles and/or postables of the messages are using the opcodes listed, and indeed, minilogin itself.

This may seem a little off topic, but it should help to explain why minilogin has to use an IP address and doesn't have anything to do with the account name (at least in the Titanium client).

I personally was curious about the cryptography, so for the heck of it, I started sniffing some packets. From what I was able to gather, the login packet that is sent from the client to the server is 56 bytes total, 48 of which are the actual data. From that, there is a 24 byte hash of the username + password. If you're using Ethereal (looking at the entire packet), it starts at 0x4A and ends at 0x55. The last 16 bytes of the packet are apparently a checksum for the data.

Since we know where to look, we can put in what we know to be the username & password, and see what it puts out. Using a lot of math, I'm sure it wouldn't be impossible to reverse engineer the algorithm used, but I'm sure my brain would explode if I tried to figure it out by hand (and cryptography is definitely not my forte).

Because the username is encrypted as part of the hash, minilogin isn't able to decipher it, unless it included the cryptography algorithm (which it doesn't look like it does, because of its limitations). As a result, minilogin doesn't even know what your username is, it just forwards you onto the server itself (including your IP address, which it can detect very easily). So, in essence, your IP address becomes your "username", which is then references back to the actual username in the accounts table.

little hint word on the grapevine is it uses rc4 encryption but it also uses compression ontop of the encryption just so you know

I don't think Minilogin uses any type of encryption in communication with World. But why bother trying to decompile it though ? You can see how it works from the server source.

This subject has been beaten to death though. For some reason it has to be brought up again every few months. Someone should sticky the last few "I want to decompile Minilogin" threads.

minilogin doesnt use encryption you are correct but the client DOES and minilogin is actually just another build of the public loginserver for one minus the crypto obviously. add to that that the client uses crypto to talk to the worldserver and thats what hes going to be siffing or trying to figure out

You don't need to sniff packets. It's all right there in the server source.

no its not ive seen the old loginserver source trust me its not in the source if it was eqemu would have been shut down by soe ages ago its also why the loginserver source is guarded so closely the crypto needs to be sniffed with packet and key sniffers it CAN be done if he sniffs the stuff when he connects to the public loginserver but no its not in the worldserver source code

I didn't say the LS source was there.

World knows the login packet structure. It knows what to do with the packets and what to send to the client. You can see the server code that deals with login, not the actual LS source.

Sniffing packets to reverse engineer Minilogin and ignoring how the server handles it is retarded. Lemme know how that works out for ya. Meanwhile, search up some threads on the subject and you'll see it's a dead horse.

its a dead horse because noones actually done it yet aside from the people who made the loginserver to begin with so dont say it CANT be done

just because YOU Cant do it doesnt mean it cant be done, the people who dev'ed the loginserver to begin with didnt have anything to go on but the crypto to begin with and look what they accomplished

I never said it can't be done and I have no desire to try and turn Minilogin into a public LS. I use it like it was intended.

It's a dead horse because it's been beat to death in too many threads over the years.

personally im with him on making a public loginserver of his own and i hope he does it.

but he will probably endup getting banned for trying like everyone else who has tried but like i said i hope he does it itll be good for the community

I wouldn't mind seeing a public LS either.

But, I don't know of anyone ever getting banned from here for trying. If you're referring to Layolen (or whatever his name was), that's not why he got banned.

no not him i was talking bout other people its happened lol

Noone has been banned from this site for trying to make a LS. C'mon man, that's absurd.

well shall we put that to the test i actually have a working public loginserver for classic versions of the emu i could post the source for it as well and see what happens?

I have a couple working public logins for classic versions also but do you have a classic client that works with it? They are useless without a client to connect to them. I have been trying for a couple years to get these to work with newer clients but no luck yet. Have also tried every flavor and version of classic clients to work with them too and no luck there.

0.5.3 server with SoD client works

I have a couple working public logins for classic versions also but do you have a classic client that works with it? They are useless without a client to connect to them. I have been trying for a couple years to get these to work with newer clients but no luck yet. Have also tried every flavor and version of classic clients to work with them too and no luck there.

So you're saying you got a couple of working public Login Servers for older emu versions but you never got a client to talk to the LS? So how are they working? Do you mean they talk to world but won't work with inbound client packets?

And you say you have tried EVERY client?

stop bumping these old posts pls thanks. and forget about this loginserver crapo.