Quote:
Originally Posted by Harakiri23
believe what you want, you have live data and real dumps - those do not exist for the old client - furthermore you cant tell me it *isnt* to hard to find structs with 20-30 members when you know NOTHING of them
seriously, what you have is totally different from what eqc has - you have live server packet dumps - you can login to live and check what the client does when the server sents X - eqc cant do that
dont try to belittle this, this is one of the good reason why to keep things closed
|
Ok, I have no idea where all this talk came from, but before you get up in arms, let's review here:
We're comparing keeping a project closed vs. open. We are saying, if the source is written for the server, and being served to a general population that can then be packet sniffed, the difficulty of doing this is not going to be HUGELY VASTLY MORE DIFFICULT than it is if you have access to the source. The server is broadcasting them after all, if you simply have the time to sit down and isolate what packets go where, you can figure it out. Eventually.
Doing this isn't going to be super easy. But it isn't going to be impossible either. If the source is open, you skip the boring task of sniffing packets and figuring out where the structs line up and such, so it is going to be quicker, but in both of the scenarios it isn't going to stop anyone who is determined to figure it out.
Now talking about eqclassic where the opcodes from the server are not sniffable from a pre-established server: This is a whole different story. I don't recall reading about this earlier, but if I did miss it: I'm sorry. I can see that's going to be pain stakingly hard since you don't have a server laying out the opcode structs on a platter, so it's going to take even more time to try to figure out what the client wants from this inexistant server.
However, even if your project is closed, the very moment you release any form of server any hacker with malicious intent can simply sniff the packets and get your hard work of figuring out op codes with relative ease. And this is where I say being closed vs being open is not going to really be a huge security difference.
If the information is available via open source or via a server, it's not going to take a lot of effort to eventually disassemble them. If the information is NOT available via open source or via a server, it's going to take a a whole lot more effort, but once that server is released anyone else wanting to infrige on that security can do so in the relative ease mentioned above.
Case and point: open vs closed for sake of opcodes != nill point.