MiniLogin decompiled/cracked

[Lalolyen]

Quote:

What makes you so special

My past employment with SoE maybe...

Quote:

If you really have somehow decompiled it, send me a portion of the source code.

Done... Check your pms.

[Lalolyen]

I took the liberty of also including the MD5 hash and opticodes.

I wouldn't let that message linger in your inbox, because if someone gets a hold of that hash, you're screwed (I'm sure the db for these forums are in plain text =) )

[John Adams]

I find it pretty ridiculous to post a new thread that you cracked minilogin, just to say "don't ask because I am keeping it a secret now", sprinkled with passive-aggressive threats that someone better start talking to you on IRC - or else.

I just wish the EQ client was as easy to work with as WoW, so when a patch comes out it doesn't break everything. Might eliminate the 201 excuses why EQEmu is stuck 5 years in the past. Has nothing to do with minilogin, that's for sure.

[Edgar1898]

I'll try to not turn this into a flame, but I would like to point out that the list of opcodes (not opticodes) that you sent me is located in opcodes.conf and even a third grader without l33t hacking skills could get that list by simply opening the file that is included in the minilogin zip.

Next is that doomsday md5 hash that will destroy the world if it fell into the wrong hands. I'm not really sure where you got that, but such a devasting flaw in the fabric of space time does not exist. Minilogin doesnt do anything magical and as pointed out earlier, you can already see what login sends to world and vice versa by viewing the world source code.

Now about the decompiled source code that you sent me. If you are an expert in assembly and can create something useful from that mess go right ahead. That "source" code, looks nothing like the real source code and the likelihood of someone being able to turn it into something more useful while at the same time not be able to create their own login server is extremely remote.

[image]

I have no idea what Lalolyen is referring to since the minilogin has never had encryption, but this post is getting interesting.. *pulls out some popcorn*

[devn00b]

Whatever you have, or think you have, is nothing.

The mini-login isnt compiled with the crypto in it, doesnt use crypto, never has. So not sure what you think you have.

There have been much better coders/crackers than you (Daeken comes to mind) that have tried and failed. Hell I even supplied him with the compiled crypto!

I'm not sure what your trying to accomplish except looking at code that has been freely available before, because, as has been said the crypto isnt compiled with mini-login you aren't seeing any of its functions and so are missing the very thing you need to make it work.

There has been several "leaks" of the loginserver with the crypto. Hogie, Lyenu, even myself have released either code, or compiled bits. Would figure if it could have been done by the general populous, it would have already.

[Doodman]

I'm not sure what you thing you found, but it's no what you think.
1) Minilogin has never had encryption in it. Never.
2) World -> LS is not encrypted, encoded or scrambled. The protocol is easily deciphered as the source to that is (obviously) in world and distributed as source.

That said, the crypto in the current public loginserver (i.e. not minilogin) was cracked a long time back by me. I'm sure others have cracked it, since there are many people in the world that are smarter than me.

There is the older loginserver floating around (Hmm, wonder how that got loose? ), it is is the older protocol and the crypto is not different.

I'll not say anymore about the crypto.

If you'd like to share with me what you think you've found, we can discuss it. Who knows, maybe you'll find something useful somwhere.

[Angelox]

Quote:

Originally Posted by Lalolyen

My past employment with SoE maybe...

SOE!
I'm curious; what did you do there and why did you leave?

[Lalolyen]

Network security officer.

Leaving: Pay Pay Pay Pay.

2 years ago, you probabley read, SoE fired about 200 employee's from their LA office. Thankfully I didn't get the boot, but their attitude after that, "Want a promotion or a raise? Go find somewhere else". So I did just that. Asside from that I was home sick too which played a big role in it =P.

I'm from NC, We were *planning* on settling down with my wife's family in CA... But there are just way too many fruits and nuts out there man.

[Secrets]

Code:

/*	This file was automatically created by
 *	Reverse Engineering Compiler
 *	
 */

Oh come on, at least use IDA Pro when you use a program to extract ASM.

[Lalolyen]

Quote:

Originally Posted by Secrets

Code:

/*	This file was automatically created by
 *	Reverse Engineering Compiler
 *	
 */

Oh come on, at least use IDA Pro when you use a program to extract ASM.

No... That just made sense of the unpacking =)

Quote:

You are like the coolest person ever. SOE better watch thier backs now....

If I had access to your most sensitive information, you infrastructure, your venerabilities, if it were all worth more than about 5 million dollars, I bet I could say the same about you too =)

Quote:

3) Nor does it come close to compiling (at least on Linux). It produces 2235 lines of errors/warnings during compile.

Thats a little higher up than just a disassemble to be honest...

The only thing that needs to be done to make it work, is to do the ass-numbingly boring part of creating a bunch of files according file mapper, (you know the .h files) and splitting that .cpp file down into separate files putting the correct calls in the right file names (like 0023DFRsomerediculious.name)

[Secrets]

Quote:

Originally Posted by Lalolyen

No... That just made sense of the unpacking =)

I kind of doubt it when a quick google search can produce the same code you posted.

Reverse Engineering Decompiler

Also, that doesn't compile. It just doesn't. It produces a C-like code, so you know what's going on when reverse engineering. If you really wanna get the source code, watch packets with Wireshark, dump the packets, create a program which can interpret the packets, because as doodman said, they arn't encrypted.

Simple as that, you need to code from ground up. If you wanna do that? Good for you, just respect other's wishes. I hate when people think they are badass over the internet, especially admins/sysops, because chances are they arn't trustworthy.

[Lalolyen]

Quote:

Originally Posted by Secrets

I kind of doubt it when a quick google search can produce the same code you posted.

Reverse Engineering Decompiler

Also, that doesn't compile. It just doesn't. It produces a C-like code, so you know what's going on when reverse engineering. If you really wanna get the source code, watch packets with Wireshark, dump the packets, create a program which can interpret the packets, because as doodman said, they arn't encrypted.

You do know there is no "one" decompiler for cpp right? =S

The communications I agree is very open going to the login server. However just sniffing the signals and interpretors will not give you enough info to reconstruct the mini-login server as *caugh* the server gives different responses to some of the same things indicating some kind of custom hand-shake.

[Furrygamer]

I don't see how this explains deleting an entire thread that would have benefited the community greatly.

[techguy84]

Quote:

Originally Posted by Lalolyen

If I had access to your most sensitive information, you infrastructure, your venerabilities, if it were all worth more than about 5 million dollars, I bet I could say the same about you too =)

Well, for some odd reason, I just forsee you as no real threat to SOE. I really dont think you could cause them lots of suffering with your knowledge of thier networks. You said officer right, not administrator....

Furthermore, if your so knowledgable about thier networks, why in the world would you be decomiling the mini-login of all things, and then talking about how its going to cripple servers if someone else with bad intentions did the same thing. Do you understand that there is a different type of crypto on the LS, as well (you should know) on SOE servers. Now sure, the super cool hacker could come in and cause havok on my little 1 person minilogin. Im really worried about some major security breach like that happening.