Go Back   EQEmulator Home > EQEmulator Forums > Support > Support::MiniLogin

Support::MiniLogin Support forum for problems with the official MiniLogin release.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 10-06-2007, 06:59 PM
Lalolyen
Banned
 
Join Date: Aug 2007
Location: Sneeking up behind a admin IRL
Posts: 169
Default MiniLogin decompiled/cracked

Well I was told tonight that some of the software for the emu community wasn't quite open source. I explored that, and did find that the mini-login server is closed (pre-compiled), and upon decompiling it, there are parts that are "encoded", not encrypted as some thought.

The difference in the two is a true encryption involves 2 private keys, and 2 public keys, that exchange and overlay each other to make a true encryption that is almost unbreakable unless you happen to have one of the missing keys. For instance, when you send someone encrypted info, you are broadcasting your public key, the information is "sealed" with your PRIVATE key and the other user's PUBLIC key. Once this info is sent, the other user can only open it by using is private key and YOUR public key. These keys are NOT the same by far, and without one or the other, the encryption is virtually impossible to break.

Encoding is the act of using a hash, or a code, to scramble data, on the other side, if you have the "key" to this encoding, you can descramble it.

Encoding is usually broken in about 30 mins with a really strong 30 character key.

Well....

I have decoded it =)

Please do not ask me for the source right now. After I did decode it, I found out why they have it encoded.

The software is fairly simple, but the main thing they are hiding is their login servers authentication from server to server. Seriously... If you released that, there would be hackers galore right now eating up every server out there, creating SysOp accounts and booting everyone. YES you can control status from the login server though I did find an option in the source of emu to not honor status requests from the login server; I'm sorry but that needs to be on by default... IF I CAN CRACK IT, that means there are a lot of others that can as well.

This means if I give out the source, and the algorithm falls into the wrong hands, there will be a lot of sysop accounts on our servers, and sysops that have been demoted and banned. Not to mention our servers could be flooded (literally meaning 1000 account creations per minute to take down the server) to no avail.

Also, KLS... Is there an easier way to disable ls server requests for a status change? I saw several spots where the variable lsop then setstatus 250 or so... one that said if shonorLSop which I initialized a FALSE.
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

   

All times are GMT -4. The time now is 11:46 AM.


 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3