We need the loginserver!
 

First, I got poor english for explain my mind.wish u guy understand.

Someone all of us are looking for the loginserver,even it wasnt Opensrc. I did work is sucessful having planted all servers that EQ require for play... and I also make up a way easily for Multi-Languages server. Like france,chinese,etc...

But I cannot servicing with MiniLogin.exe because it was poor and little func with us(account for the one making puzzle to me) some guy could be tell me why wouldnt use official loginserver? Okay.A big reason for me: The official loginserver will not accessed by my people. I dont know why,and me same as them.

Others,without the big reason I think the guys still want private login system.I just put suggestion here ,any DEVers if you recoginze that plz release it.(or new minilogin system for multi-account)


btw: Great jobs.keep it up!!! and thanks for provide the world to us,free as the wind.

how about...


NO

sigh
 

thats just to funny.....

wtf was he thinking...
thats like asking guildwars for there databse hahahaha.....
ok im going to bed now......

Minilogin can work fine with multiple accounts, and plenty of people use it. I really cannot understand you well...

hmmmm
 

minilogin is for private use ie: lan etc i think he means a public one that anyone can log into I dunno why tho I like the idea of a meeting point centeralized thu eqemu. thats one of the things that drew me to this project.
yes it' broke but the downtime was minimal ...login2 was up in a matter of hours.. i think you guys should be happy they care so much about there users....ah well that would be bad if everyone had a loginserver and rather pointless...just my 2 cents....

kathgar,

I have had problems using multiple accounts with minilogin and 5.3DR2. My miniloginaccounts.ini is setup correctly with a space after every line but the last and the usernames are <= 8 characters. However I don't think it is worth wasting time trying to figure this out since people can use the real login server. Also, people can do what I did below.


siberiaic,

Here's a kludge which will allow you to use multiple accounts with minilogin. Add the following after line 219 in world/client.cpp:

Replace the 192.168.0.x addresses with the addresses of your clients. Replace the "youruser" and "yourpass" with the appropriate username and password for that ip address. If you really feel like getting fancy you can write a method which parses the information from miniloginaccounts.ini and change the code above to use the parsed information. However I am too lazy to do that right now. :)

Re: sigh
 

Don't be a moron.

/me puts on his asbestos underwear.

It is a reasonable request. When I get back on broadband, I will write an opensource login server (if I still have any interest in eq/eqemu). I don't see any reason for withholding the source to it, and I think that all of the reasons I've seen so far are just retarded.

I remember reading in Mirth's RE post that he could already generate packets when trying to figure out the format... that probably means that the login server was derived by reverse engineering the dll that ships (shipped?) with ethernalquest. That is probably where I'd start, at least (or did SEQ hack the login sequence, too?). Whatever the case, duplicating minilogin-level functionality would probably not be too hard.

As to why the loginserver code is so jealously guarded... Maybe the eqclient does some things it isn't supposed to, like report system information or modify files or expose some command interface that it shouldn't... It won't run w/o sysadmin privs, so it is entirely possible. Since sony tech support will basically tell you to disable your firewall if you want to play, security and privacy are obviously not their top concerns. At the very least, I'd imagine that cd keys are transmitted as part of the login process. It would make sense that you would want to be able to ban users in some way - cd keys seem like the most reasonable way to do so. Where jealously guarding code that would enable login password snooping seems silly to me, trying to protect cd keys makes a little more sense. The only other possibility I can think of is that it is held secret in hopes of preventing SOE's legal wrath. As it is, SOE has only to kill the loginserver for all of eqemu to die (unless some renegade dev like me writes an opensource version).

I haven't actually sniffed any packets, so all of my speculation should be taken w/ a grin of salt. I'm still probably going to write an open-source client at some point, though (if I finally go bband again). I would also probably evaluate the difficulty of modifying world.exe to work w/ the hq loginserver. I can't imagine running a public server where _my_ users would still have to register w/ EQEmu. Why should they? What if I have a falling out w/ the EQEmu project or branch the code? Do I want to have to still be subject to using their login server? I don't think so. Since the world/zone servers are gpl, a branch is a very real possibility. As far as splintering the user-base... I don't see any reason that loginservers couldn't pass information from one to another. Nor am I aware of anything that would prevent modifying world servers to register with multiple login servers. So, while the official stance is that minilogin is not and never will be open source, I think that you can still rest assured that there will eventually be an open source login server.

Re: sigh
 

how is that moronic? he happens to know me well enough to know that there is no way in hell that i would release my database. Only 3 people have the real db. his comment stands. and you just mad an ass of yerself. grats.

and who are you to sit and judge? you did some nice work with perl scripting, i'll give you that. but to sit and call the rules retarded because it doesnt benifit you or the others is moronic. you dont like it? make yer own please.

Please dont post things you have nfi what you are speaking of. The above text is incorrect 100%.

Okay loginserver is closed source, is now always will be. We dont owe anyone an explanation as to why its guarded it just is. dont like it feel free not to use eqemu.

im not even going to respond to this last blurb. elgin, as i said above grats on adding perl to eqemu thank you whatever. But dont make statements when you have less than no fucking clue why we do what we do.

I already have a functional opensource loginserver, and it's posts like these (the original) that make me not want to fix the final bug and release it to just anyone (though if you catch me on irc and show that you have an iq greater than your shoe size, i'll give it to you). I am not worried about this being used for cracking accounts, it's people who demand the loginserver that have no idea about the work that has gone into them. Solar created the original LS that is in use today, and it is _closed source_ and will remain that way, as it is not up to the eqemu developers to release it.

Re: sigh
 

It is moronic because he was ridiculing the original poster for what was a reasonable request, formulated in a reasonable fashion.

That is exactly the kind of attitude that made me feel like posting in the first place. My contributions to the project have nothing to do with my ability to gauge poor policy decisions on the behalf of the dev team. I mistakenly hoped that they would, however, lend my opinions a fair hearing. You think the decision to withhold source is the right one? Fine! _I_ have read all the posts on the matter, and _I_ have never heard a reason that I consider to be worthy. _That_ is what makes me worthy to "sit and judge." Do I have to be a member of the KKK to judge the clan's behavior? Duh! And as far as the crap about "make yer own" that is always bantered around every time this issue is brought up, I just might. I certainly _can_.

How so? Mirth _does_ state that he could generate packets. It is clear from the context that it is just my suspicion that he used hq or something to re the code. What's the problem here?

What makes you think that I want or need a single thing from you? Where in my post did I ever suggest that I expected anyone to open up the source to their login servers? Quite the contrary, I stated that I was considering writing my own. And as far as your suggestion to "feel free not to use eqemu," I think it would make a lot more sense for me to just do it my way with the gpl portions of the code. See... that's the beauty of the GPL. If you don't like something and can't compromise with the devs, you can always give them the finger and fork development. I'm not saying that I want to necessarily give anyone the finger, but I _do_ want to point out that repeatedly spewing that "don't like it, don't use it" attitude doesn't hold much water for gpl code when you're talking to someone with the skill to affect change and the time and desire to do so.

Stop for a second and think about what you just wrote. "I'm not going to respond, but you are clueless." Umm... whatever, dude. I wish you would respond to it - I'm fully prepared to defend my argument.

You're pretty quick to point out that the eqemu dev team doesn't owe anyone anything. That's fine and dandy. I haven't asked for anything. Likewise, I don't owe you (/dev/noob) jack squat, either. _Don't_ talk to me as if I do. If your rant is because my questions and comments aren't preceded with the deferential babble you're accustomed to - tough tit.

Eglin:

I agree the original post was resonable, coming from an individual who was ignorant of previous posts regarding the subject. I think devn00b was a bit short with him, but sometimes when you answer the same question often enough, the answers get shorter.

Let me give you an outsider's (not-a-dev) view. This consists of facts presented in other posts and my own speculation.

The big issue is the encryption used by the client/login server to protect the name and password used by the client. I would guess this is done by a dll for which they do not have the source code. (There have been posts that the source code for the encrypt/decrypt routines is not in the hands of the dev team) The fact that it is a dll and not a lib file is my guess based upon the way I would have done it.

So, where did it come from. Not the dev team, since they don't have the source. Perhaps someone who works for sony slipped them the same dll used at eqlive. I doubt it. So that leaves the possibility that it was reverse engineered from the client. Someone, possibly a former dev team member or a code tinkerer from the project passed, produced it and gave it to the project.

I would guess here that the gift had a string attached. That it would not leave the hands of the dev team and that they would agree not to reverse engineer it. Being honorable people, I feel they have kept their word. And without this piece, the entire login server is useless.

Even without the promise above, there are still reasons to not release the encrypt/decrypt dll. The USA has some strange laws against exporting encryption/decrytion technology to certain countries. Once on the internet, there is no control where the files will go, making the dev team and project criminally liable and possibly placing some or all of the dev team in federal prison.

Speaking of laws, there is also the digital millenium copyright act. A law passed which is, in my opinion, not only unconstitutional but breaks international copyright agreements. The DMCA has some strong language regarding breaking decryption for any reason including personal/fair use. Even if they win the case aganst them, the legal costs would break the project and bankrupt the individuals involved.

Finally, about releasing the executables. It might sound like a good idea... until you realize there are people like me (a quintessential hacker of the *original* definition) who could easily figure it out. I wouldn't release it, but then I'm not stupid :-) Someone else could. Would the dev team be liable for aiding this person by making it available? Even if not, there are the court costs again.

With the encrytion/decryption routines, it would be possible to intercept packets going to eqlive, decrypt them and get the name/password for active live accounts. Liablilty? Criminal charges for making it possible? Think court costs. Or, just think of the moral resposibility they would feel.

I, like you, could make my own login server. I don't see a need to and have plenty of other things to keep me busy. Should the day arrive when I feel I must, I will do it. Don't expect me to announce the fact or post the source.

Just my opinions; value: $0, but it does come with a double your money back guarantee.

Go ahead and fork it if you want, but the thing you have to remember is that this project requires a huge amount of dedication, without it and you will be where Hackersquest is today. They are still stuck on the 6-6-2003 patch of eqlive and they STILL dont have as many features working as we had 4 months ago when we released 5.0. And another good thing about GPL is you cant call it your own, you have to keep the original license in effect, you cannot just change the license to state that you wrote it all by yourself. As for the login source issue, its not up to me, and even if it was I wouldnt release it. Why you ask? Numerous reasons:

1. The original devs dont want it released.
2. The dev who wrote the decryption dll doesnt want it released (we dont even have the source, so we couldnt even if we wanted to).
3. Login is useless without decryption of username/password.
4. If everyone had a public login server players would have a hard time finding a server to play on, being centralized means they can easily find one.


You can make a login server without decryption easily enough, but the decryption is what sets it apart.

Daeken's login server (as was told to me) uses php and uses an ip based verification system (in other words a minilogin alterative not a real login server).

Re: sigh
 

[/quote]Don't be a moron.
/me puts on his asbestos underwear.
It is a reasonable request. When I get back on broadband, I will write an opensource login server (if I still have any interest in eq/eqemu).[/quote]

I know you are but what am I...

When some company lets lose there team of laywers on you don't say you were not warned....
Giving out an opensource login server is a lawsuit waiting to happen...I don't think it's even worth discussing the giant can of worms you are opening on that issue.
you can act all high and mighty and call people morons all you want.
but at least we are not the ones who will be sued.
and don't think for one minuite that there not watching you all like hawks because they have a huge playerbase to protect and you would taste good with ketchup my little gnome friend......

Since I'm not even necessarily prepared to commit to writing a login server, I definitely have no intention of organizing a derivative project. I mentioned the fork just to point out that there is no reason that a person with views other than /dev/noob's would necessarily have to take what he gives them or shut up. There are other alternatives.

As far as your statements about claiming code as your own... I don't know where that came from, but it is a non-issue. I have seen that used, in the past, as an argument for keeping the login server closed source but it doesn't make sense. There is nothing in the eqemu license that says that you _have_ to use the eqemu login server. Nor is there anything that says that you, as a server op, have to disclose that your server runs eqemu. If a server op chooses to bypass the eqemu login servers and instead has an activex applet in their webpage that automagically alters the eqhost file and launches the game, more power to them. The end-user wins, because they don't have to go through the process of registering w/ this site (and its rather asinine registration rules). The server op wins, because they have sovereign control over their own server via login server independence.

I'm perfectly happy to agree to disagree on this one. I would certainly never invest the time and money necessary to run a server without complete control over every aspect. There are many other valid reasons for wanting your own login server, though. Since I periodically entertain the notion of getting a fast connection and hosting a server, I also periodically consider alternatives to the public login server. My surprise that more people don't feel the same way is equaled by my disappointment at the responses given to those who do.

Re: sigh
 

why is that? please get your facts straight before speaking. It is completely legal to release an opensource loginserver. in fact... here... http://daeken.com/login.tar.bz2

you are very lucky that stupidity isn't a crime or you yourself would be sued for sure.

Re: sigh
 

Nice try but thats a corupted file....
I bet your really just a monkey banging the keyboard...hmmm..
/ignore on.

i seemed to have no problem opening it, nor did numerous other people.

=>

Re: sigh
 

For the record, this is Daeken's own (rip) of the loginserver. We do not support this in any way.

Second, OUR (official) loginserver is not opensource (at least not anymore) because of the risk it poses to eqlive acounts if it fell into the wrong hands. It is for this reason the loginserver will never be released in any (full) format.

for the record.
 

well there ya go hackers.....have at it..

Actually, that's not a rip at all... it's based off the worldserver source of an early beta of 5 (i believe). i guess i'll have to get off my ass and write the python version before people stop accusing me of ripping source :P

Re: sigh
 

Are you listening to yourself?

[rant]
//general rant not directed specificly at you Eglin

yes EQemu is opensource and GPL but that doesnt mean you can rip it off however you want (even though it may be legal). 'branching' is immoral and not right. We didnt work this hard the past few years for someone to walk in and take over the project just because they think they could do better or want to take credit for it (not that i'm saying you are doing this).

[/rant]

You're still using our code (or showeq's code). give some credit lol.

Re: sigh
 

Before anyone's feelings really get hurt, I'd like to apologize for saying outright that anyone behaved like a moron or made retarded decisions. I didn't intend to start a fist-fight anymore than a peeing contest.


I don't think this is the case. You need to be on the same network segment as your victim to snoop passwords. If the network is switched (as almost all lans are, these days), it is further complicated. For most people, if you really have someone on your network segment sniffing passwords then you've got a lot more to worry about than just losing your EQ account.

yeah but i dont think sony would appreciate having their loginserver encryption as opensource. it would give them even more reason to shut us down.

not to mention that you don't need the crypto for an LS (chat room authentication, for instance) but i still agree with shawn and solar's choice to make the LS closed source.

On top of that, they may take more drastic measures to change how eqgame interacts with the server, making eqemu (and eth quest) useless.

yea... a public-key cryptosystem would fuck us over pretty badly... but that would be nearly as hard on them

Re: sigh
 

Yes, of course I am "listening" to myself. As far as I'm concerned, my expense of hosting a server trumps your desire to maintain control. If I were setting up a server, those would be important questions that I would have to address before committing. And there are more.

Define "rip off." Someone else made comments about claiming code as your own and such, too. Frankly, I don't understand where you're coming from. There is a big difference between writing your name all over the source code and expecting it to remain there and expecting all of _my_ users register on _your_ board. The GPL's intent is to make code free. That means that you are free to do whatever you want with it. Branching isn't evil! The beauty of the GPL is that it makes joins just as common as forks. Since all works derived from GPL works are themselves GPL works, that is the way that it goes. If someone decides to make their little eqemu server into a beast that doesn't use the official loginservers, so be it. If that person decides to call their emulator emueq, so be it. If that person removes all references to eqemu making it impossible to tell, as an end-user, that their server derives from your hard work (or mine), so be it. I think you'd better get used to the idea, in fact. It isn't that this person is trying to take credit for your work, they just aren't crediting you. Well, that's they way it goes. How many people would run apache if it forced a link to its homepage at the bottom of every web page it served?

What about versions with ip-level security, then? Surely there are alternative methods of being secure w/o further offending Sony. Furthermore, it is obvious that having only one loginserver makes it a whole lot easier to get shutdown than having many.

Btw we have more than one loginserver.

Re: sigh
 

Are you kidding? statements like this wana make me puke.. IMO if this is what GPL is supposed to mean, we never should have been GPL in the first place.

(i speak for only myself and not on behalf of the entire dev team) when i say...


If you don't like us hosting the loginserver, DONT USE EQEMU. done deal, DEAL WITH IT.