MiniLogin decompiled/cracked
Well I was told tonight that some of the software for the emu community wasn't quite open source. I explored that, and did find that the mini-login server is closed (pre-compiled), and upon decompiling it, there are parts that are "encoded", not encrypted as some thought.
The difference in the two is a true encryption involves 2 private keys, and 2 public keys, that exchange and overlay each other to make a true encryption that is almost unbreakable unless you happen to have one of the missing keys. For instance, when you send someone encrypted info, you are broadcasting your public key, the information is "sealed" with your PRIVATE key and the other user's PUBLIC key. Once this info is sent, the other user can only open it by using is private key and YOUR public key. These keys are NOT the same by far, and without one or the other, the encryption is virtually impossible to break. Encoding is the act of using a hash, or a code, to scramble data, on the other side, if you have the "key" to this encoding, you can descramble it. Encoding is usually broken in about 30 mins with a really strong 30 character key. Well.... I have decoded it =) Please do not ask me for the source right now. After I did decode it, I found out why they have it encoded. The software is fairly simple, but the main thing they are hiding is their login servers authentication from server to server. Seriously... If you released that, there would be hackers galore right now eating up every server out there, creating SysOp accounts and booting everyone. YES you can control status from the login server though I did find an option in the source of emu to not honor status requests from the login server; I'm sorry but that needs to be on by default... IF I CAN CRACK IT, that means there are a lot of others that can as well. This means if I give out the source, and the algorithm falls into the wrong hands, there will be a lot of sysop accounts on our servers, and sysops that have been demoted and banned. Not to mention our servers could be flooded (literally meaning 1000 account creations per minute to take down the server) to no avail. Also, KLS... Is there an easier way to disable ls server requests for a status change? I saw several spots where the variable lsop then setstatus 250 or so... one that said if shonorLSop which I initialized a FALSE. |
I must say..... And no offense to the dev team... But this is why you do NOT close source things...
When there is a hole or a problem or someone decompiles it... Well lets say I was someone you pissed off a few years back... that wouldn't be a good thing at this point.. To clarify, that was an example lol, I'm not making any threats or insinuating anything... That lskey is safe as long as I'm the only one that has cracked it. Secondly, and again, if it was open-source, the community, I, KLS, or the few hundred others here that are very active and intelligent could have provided you guys with a method of authenticating sessions, not just outright trusting an account creation based on a key received from the ls server (keep in minds I can "push" a packet anywhere i want and make it appear to be sent from George W's pc itself, that info is just modified packet headers and pushed packets... thats it.) Being I'm probably just leaving a message on an answering machine here that won't get heard until another 4 or 5 months down the road... This situation is kinda of urgent, not to mention the other community members here that are strangled at the fact they cannot contribute or submit code because of "dev team" inactivity. *not complaining, just repeating* Suggestion... Change the usrmeth() , re-release eqemu, keep that to yourself, open up the login server, let the community do what communities do best... Build, create, and improve. |
I really think you just gave a new objective to the hackers: "So it can be cracked in 30min... let's go for it!"
I think it's a good idea to report possible exploits, and I really think this is a good step (someone would do this anyday..), but this sort of stuff should be speaked directly with developers in order to avoid future problems...shouldn't it? |
14 days in IRC... not one dev will respond...
We are talking serious 100% idling waiting for a response or something. |
OMG, saw IRC chat, the msg to FNW was blinking...
A ONE LINER! he he.. Quote:
** was a joke from another topic he he. |
From reading some of the assertions you've made, I feel you've got an entirely wrong idea of why the loginserver was closed source.
You say that it's to hide how the loginserver talks to the worldservers, and assert that it's so nobody would be aware that the LS had a way of asking a worldserver to let them in on GM-Mgmt level. But let's keep this in mind: The login server is closed source for two major reasons. First, the original authors of it asked for it to be. Doesn't matter their reasons... if they say they don't want it distributed then, as lessees of their copyrighted LS software, we have to abide by their distribution terms. Second, if the crypto became public, SOE would play a big cat-and-mouse game where they're constantly changing login crypto just to make work for us. Quote:
|
Yes I was refering to the mini-login.
Are you saying that the two servers are near identical in construct? Quote:
Routers are very simple pieces of electronics, pure router, meaning no DS1, DS3 etc termination, just routing only. They do not do what you said, and do IPSec, IP Filtering, etc.. They simply tell the "world" that a destination IP belongs in its netork(s), and tells the network(s) that their destinations belong outside the router (next hop). I'll reprase, unless you are running a true firewall or Linux, you can make a packet appear to come from the IP address of GW. |
This is a tangential question, so I apologise for the slight derail... but does this mean there could be any possibility of a linux version of the minilogin server at some point in the future? I don't like to use windows for serving anything, ever :)
Paul. |
Quote:
He did NOT say anything not already easily known by anyone with a brain and the right tools anyway. This is absolutely the right way to go about this. I support him because he is RIGHT. Open this stuff up so that once and for all the community can fix this stuff and harden it up. ..and if the problem is that part of the code is SoE code (heaven forbid) then fine... let's find a workaround or a clean room emulation of it. |
Quote:
2) If the crypto became public it would make no difference because we're not patching our client versions. There's no way to change the crypto without changing the client. Sorry not trying to be rude but you do not know what you're talking about. |
Quote:
But you can use minilogin with wine under Linux fine - This is what I always have used with no problems. In fact, it works better for me under Linux, as clients don't hang like they used to under windows. You should probably make it something to do for your friends and people you know, as you can see people are already bragging about how they can hack into it, and shouldn't be long before this starts. |
Quote:
1) It is the crypto that was closed source, both for minilogin and for the regular login server. The crypto in the wrong hands would be a very bad thing, for us and for live servers. Keeping it closed source protects everyone who uses EQEmu and keeps SOE off our backs. 2) plain and simple, the people who coded them dont want the source handed out, they have the right to request that and the Dev team is respecting it. Its been said in the past that anyone is free to code a new one and have it open source, however there is no point arguing over what is there currently, it will not change. |
Matt, just for clairification, crypto is the use really of two keys or a cypher (meaning the use of varable keys). to encrypt/encode something, what the program is using really is a simple encoding process.
About SoE, don't worry about them, or leave them to me. You shouldn't have any issues with SoE while I'm around not unless the LS program has ummm... commideered code from SoE which it didn't appear to have. Matt I understand the person whom coded it didn't want the source handed out, I know why, dispite what a prior dev had to say, that or either the person was really selfish for some reason, but I tend to believe the other side of it. Also, if you open source everything we have here, stick the GNU licensing on it (upgrade to version 3 as soon as it comes out btw!!!) you WILL NOT, I repeat WILL NOT have any issues with SoE. If they did try and cause problem, you can count on the attournies of the Free Software Foundation (GNU) to help out, as they hate proprietary corporations whom horde code and try and extinguish those whome compete and create simular code (not to mention their new license addresses code patenents thanks to Microshit). |
Quote:
Pardon me while I try not to laugh.... *cough HA *cough What makes you so special.... just curious? If it involves the, "They cant do anything cause were breaking no laws" your right. But heres the thing about SOE. There a big company, and big companies can put a whole world of unnessecary hurt on small communities like us. They can drive us to lose lots of things just to put up a defense against them. Most would not be willing to bankrupt themselves and lose thier house just to at least get a lawyer that would work with them in court. And without proper defense and a deep knowledge of the law, whether your in the right or the wrong, your still going to lose cause you have no idea what your doing. Its just flat out not worth it, tempting fate that is. |
Heh, I really doubt that you were able to decompile my program. I have yet to find a decompiler that can decompile an exe and produce anything but useless garbage from it. Even a program as small and simple as minilogin. If you really have somehow decompiled it, send me a portion of the source code. I have the source code so dont worry about sharing it with me.
|
Quote:
Quote:
|
I took the liberty of also including the MD5 hash and opticodes.
I wouldn't let that message linger in your inbox, because if someone gets a hold of that hash, you're screwed (I'm sure the db for these forums are in plain text =) ) |
I find it pretty ridiculous to post a new thread that you cracked minilogin, just to say "don't ask because I am keeping it a secret now", sprinkled with passive-aggressive threats that someone better start talking to you on IRC - or else.
I just wish the EQ client was as easy to work with as WoW, so when a patch comes out it doesn't break everything. Might eliminate the 201 excuses why EQEmu is stuck 5 years in the past. Has nothing to do with minilogin, that's for sure. |
I'll try to not turn this into a flame, but I would like to point out that the list of opcodes (not opticodes) that you sent me is located in opcodes.conf and even a third grader without l33t hacking skills could get that list by simply opening the file that is included in the minilogin zip.
Next is that doomsday md5 hash that will destroy the world if it fell into the wrong hands. I'm not really sure where you got that, but such a devasting flaw in the fabric of space time does not exist. Minilogin doesnt do anything magical and as pointed out earlier, you can already see what login sends to world and vice versa by viewing the world source code. Now about the decompiled source code that you sent me. If you are an expert in assembly and can create something useful from that mess go right ahead. That "source" code, looks nothing like the real source code and the likelihood of someone being able to turn it into something more useful while at the same time not be able to create their own login server is extremely remote. |
I have no idea what Lalolyen is referring to since the minilogin has never had encryption, but this post is getting interesting.. *pulls out some popcorn*
|
Whatever you have, or think you have, is nothing.
The mini-login isnt compiled with the crypto in it, doesnt use crypto, never has. So not sure what you think you have. There have been much better coders/crackers than you (Daeken comes to mind) that have tried and failed. Hell I even supplied him with the compiled crypto! I'm not sure what your trying to accomplish except looking at code that has been freely available before, because, as has been said the crypto isnt compiled with mini-login you aren't seeing any of its functions and so are missing the very thing you need to make it work. There has been several "leaks" of the loginserver with the crypto. Hogie, Lyenu, even myself have released either code, or compiled bits. Would figure if it could have been done by the general populous, it would have already. |
I'm not sure what you thing you found, but it's no what you think.
1) Minilogin has never had encryption in it. Never. 2) World -> LS is not encrypted, encoded or scrambled. The protocol is easily deciphered as the source to that is (obviously) in world and distributed as source. That said, the crypto in the current public loginserver (i.e. not minilogin) was cracked a long time back by me. I'm sure others have cracked it, since there are many people in the world that are smarter than me. There is the older loginserver floating around (Hmm, wonder how that got loose? :-) ), it is is the older protocol and the crypto is not different. I'll not say anymore about the crypto. If you'd like to share with me what you think you've found, we can discuss it. Who knows, maybe you'll find something useful somwhere. |
Just a follow up.
What I am about to say is not a flame, jest or a cut. So, please take it as a compliment, as I have intended. I do commend you. Decompiling and decoding code like that does take a great amount of skill to do. Even though I don't think you found what you think you did, it does show you have skills and determination. Keep on hacking, but instead you'd serve the community better on pointing those skills and determination at eqgame.exe and not MiniLogin.exe Take care. |
Oh well, if I've found nothing you'll have no problems or quams with me posting it in publich then eh?
|
http://cp.divinereapers.org/~dleqemu...3045c69f71d647
There it is everyone =) I have also taken the liberty of stripping the encoded parts and have assymbled most of it. Some of you will need some knowledge of cpp to actually document it and the sources. When you decompile something there is a lot of varables that are "inserted" and thus there may be some trash, but that source is actually a very complete source and unkile Edgar said, you can make something out of it, very easy when you start defining your own varables. Now as to address this rubbish: Quote:
Lets further address that. As you just said that I just noticed that thread was deleted and with the posts of the community flaming Doodman, and the other devs for not comming to the forums and talking or not responding in IRC. In the USA this is called Supression of Free Speach. See where I'm going with this hawse? |
Now, being you have said, it, review all of my posts, ALL OF THEM, and you post the FIRST threat here.
You'll be hard pressed to do so, because this thread was designed to be constructed, despite your slanderous claims. @Doodman: I just took the liberty of posting the sources =) |
was is it that first it is "part was encoded because the maker wanted it closed source" then later in the thread it is "it is fully open, none was encoded or scrambled". It seems like contradiction of information. Add in a dev actually posted to discredit the person inside a thread, and of course add in most people doing the discredit of information is former devs that seem to all get together to try this maneuver. It seems like he is onto something, they don't like it, so they are making his reputation become horrible. Also note his thread about a download engine was deleted for no reason that has been mentioned. Seems like the devs do not like it when they are called on their actual actions instead of the ones they wish were true. You cannot say "I am a developer of a community" if you do not help the community. all I ever see on these forums now seem to be like watching the X-files. You have to find the truth, because the truth that is being said by the dev team is usually said to cover their butt. The truth is out there, and we have proof.
|
FYI
Code:
if ($thisvar =! $thatvar) Code:
if ($varafterdecompile =! $varafterdecompile2) |
Quote:
I'm curious; what did you do there and why did you leave? :wink: |
Network security officer.
Leaving: Pay Pay Pay Pay. 2 years ago, you probabley read, SoE fired about 200 employee's from their LA office. Thankfully I didn't get the boot, but their attitude after that, "Want a promotion or a raise? Go find somewhere else". So I did just that. Asside from that I was home sick too which played a big role in it =P. I'm from NC, We were *planning* on settling down with my wife's family in CA... But there are just way too many fruits and nuts out there man. |
Code:
/* This file was automatically created by |
Quote:
Quote:
/end sarcasm |
First of all, I was trying to be a gentleman about it and tried to compliment you on the skills that you have. But, I see you those compliments are beneath you as you refuse to accept them.
Comments on the source you provided: 1) What I see in that code is basically a assembly dump (in C form) of the code. The only place there is any thing useful, is where you find the raw strings being pushed onto the stack before function calls: (save)"============================"; (save)4492544; L0040381F(L004031EC()); 2) What you posted hardly qualifies as "decoded" in my eyes, it is not much more useful (if at all) than the raw assembly from a disassembler. 3) Nor does it come close to compiling (at least on Linux). It produces 2235 lines of errors/warnings during compile. Good luck in your endeavors. But, honestly, if you wanted to recreate MiniLogin source, starting from a decompilation of the .exe is not where I'd start. The protocol is not exactly hard to figure out. Plus, if you'd look at a tcpdump of the interaction, you'd easily see that it is not "encoded" whatsoever. |
Quote:
No... That just made sense of the unpacking =) Quote:
Quote:
The only thing that needs to be done to make it work, is to do the ass-numbingly boring part of creating a bunch of files according file mapper, (you know the .h files) and splitting that .cpp file down into separate files putting the correct calls in the right file names (like 0023DFRsomerediculious.name) |
Quote:
Reverse Engineering Decompiler Also, that doesn't compile. It just doesn't. It produces a C-like code, so you know what's going on when reverse engineering. If you really wanna get the source code, watch packets with Wireshark, dump the packets, create a program which can interpret the packets, because as doodman said, they arn't encrypted. Simple as that, you need to code from ground up. If you wanna do that? Good for you, just respect other's wishes. I hate when people think they are badass over the internet, especially admins/sysops, because chances are they arn't trustworthy. |
I don't see how this explains deleting an entire thread that would have benefited the community greatly.
|
Quote:
The communications I agree is very open going to the login server. However just sniffing the signals and interpretors will not give you enough info to reconstruct the mini-login server as *caugh* the server gives different responses to some of the same things indicating some kind of custom hand-shake. |
Quote:
You're threatening a community with a google search, pretty much. |
Quote:
Like you reiterated I said, it does make sense of the code after the disassemble. Again find the threat, or are you one of those gullible and mentally challenged ones that easily falls to one word of slander? |
Quote:
Well, for some odd reason, I just forsee you as no real threat to SOE. I really dont think you could cause them lots of suffering with your knowledge of thier networks. You said officer right, not administrator.... Furthermore, if your so knowledgable about thier networks, why in the world would you be decomiling the mini-login of all things, and then talking about how its going to cripple servers if someone else with bad intentions did the same thing. Do you understand that there is a different type of crypto on the LS, as well (you should know) on SOE servers. Now sure, the super cool hacker could come in and cause havok on my little 1 person minilogin. Im really worried about some major security breach like that happening. |
All times are GMT -4. The time now is 04:27 PM. |
Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.