Thread: MiniLogin decompiled/cracked
View Single Post
  #6  
Old 10-07-2007, 08:08 AM
RangerDown
Demi-God
  
Join Date: Mar 2004
Posts: 1,066
Default
From reading some of the assertions you've made, I feel you've got an entirely wrong idea of why the loginserver was closed source.

You say that it's to hide how the loginserver talks to the worldservers, and assert that it's so nobody would be aware that the LS had a way of asking a worldserver to let them in on GM-Mgmt level. But let's keep this in mind:
  • You CAN figure out how the LS talks to the worldservers.... and you can do that simply by examining the Worldserver's code, which IS public source. The existence of any isop() functions can be clearly seen in the worldserver's source if they are there (I haven't seen the code in recent months so I'm going to just assume what you say about the world code is correct).
  • The version of LS you're discussing is minilogin. The minilogin server was intended for small-group LAN play, the kind where you don't have trust and account security issues (or if you do, you're playing alongside some serious psycopaths... watch your back both in game and IRL)
  • On the public loginserver, even in the absence of an LSOP function (or even if it's disabled on your server), you still have to put some trust in the LSops, because when you think about it, I'm sure they could make the LS "say" that the account logging in is <insert the account name/LSID of the world server's owner here> if they really want to.
  • IMO this function could serve quite a useful "support" purpose in that the devs could, upon request, jump into a server without having to say "alright, give me status 200 so I can check out that problem of yours... yeah, you use the #flag command.... no, you have to give arguments to it.... no, not my character name, my account name! Umm, you use /who all to figure out somebody's account name... you've never used the /who all command?!... /camp"
The login server is closed source for two major reasons. First, the original authors of it asked for it to be. Doesn't matter their reasons... if they say they don't want it distributed then, as lessees of their copyrighted LS software, we have to abide by their distribution terms. Second, if the crypto became public, SOE would play a big cat-and-mouse game where they're constantly changing login crypto just to make work for us.

Quote:
make it appear to be sent from George W's pc itself,
And every router in the world should instantly know to reject that packet as a fraud, because it couldn't come from George W's PC, because for his PC to send packets, he would have to know how to turn it on
__________________
<idleRPG> Rogean ate a plate of discounted, day-old sushi. This terrible calamity has slowed them 0 days, 15:13:51 from level 48.