Minilogin Woes

sdtuasrt, MD · #1 04-29-2008, 10:24 PM

Quote:

Originally Posted by cole89103

its been tried you wont get anything usefull out of decompiling minilogin many have tried to make minilogin public and all have failed there have been several work arounds but to make a public loginserver to work how you want it you need the crypto that eq uses to talk to the server and without that you will never get a public loginserver working

better just either use the php updater i mentioned or change the ips manually or use the public loginserver eqemulator.net provides

Unless they're using something really, really, really, really, really super complicated, it's crackable. It's always crackable. Someone had to be able to do it in the first place to get the public Login Server to work.

The Login Server, be it the public or the minilogin, has to transmit certain information. It absolutely has to. The Server Name being one of those pieces of information. Unless it is transmitted unencrypted, in plain text, then you have a huge cryptographical advantage -- you know what some of the content of the message already is. On top of that, one should easily be able to discern what the preambles and/or postables of the messages are using the opcodes listed, and indeed, minilogin itself.

There are only three reasons I can think of for the lack of release of source code for either minilogin or the public loginserver. The first is that it contains leaked sourcecode from SOE. The second is that source is no longer available. The third is that people only want software to be 'free' and 'opensource' when it benefits them to do so.

As to the second option, I find it possible, since development has been locked at Titanium. I'm afraid it comes down to a choice between number one and number three.

I readily admit that something such as the loginserver is a non-trivial task. I am also entirely unaware as to the authorship of the public login server -- which is why I believe a possible reason it cannot be made available is due to copyright violation. However, I do know that the emulator itself is open source, and as a programmer, I get extremely frustrated with having to reinvent the wheel. And the axle. And the cart. And the donkey. And all the laws of physics that enable those things to exist.

Oh well. Where's that packet sniffer?

cole89103 · #2 04-29-2008, 11:01 PM

oh without a doubt its crackable but i dont reccomend discussing it on the forums here cause well most people that have have been banned for one reason or another so watch out lol

**AndMetal** · #3 04-30-2008, 03:05 AM

Quote:

Originally Posted by sdtuasrt, MD

The Login Server, be it the public or the minilogin, has to transmit certain information. It absolutely has to. The Server Name being one of those pieces of information. Unless it is transmitted unencrypted, in plain text, then you have a huge cryptographical advantage -- you know what some of the content of the message already is. On top of that, one should easily be able to discern what the preambles and/or postables of the messages are using the opcodes listed, and indeed, minilogin itself.

This may seem a little off topic, but it should help to explain why minilogin has to use an IP address and doesn't have anything to do with the account name (at least in the Titanium client).

I personally was curious about the cryptography, so for the heck of it, I started sniffing some packets. From what I was able to gather, the login packet that is sent from the client to the server is 56 bytes total, 48 of which are the actual data. From that, there is a 24 byte hash of the username + password. If you're using Ethereal (looking at the entire packet), it starts at 0x4A and ends at 0x55. The last 16 bytes of the packet are apparently a checksum for the data.

Since we know where to look, we can put in what we know to be the username & password, and see what it puts out. Using a lot of math, I'm sure it wouldn't be impossible to reverse engineer the algorithm used, but I'm sure my brain would explode if I tried to figure it out by hand (and cryptography is definitely not my forte).

Because the username is encrypted as part of the hash, minilogin isn't able to decipher it, unless it included the cryptography algorithm (which it doesn't look like it does, because of its limitations). As a result, minilogin doesn't even know what your username is, it just forwards you onto the server itself (including your IP address, which it can detect very easily). So, in essence, your IP address becomes your "username", which is then references back to the actual username in the accounts table.

cole89103 · #4 04-30-2008, 07:47 AM

little hint word on the grapevine is it uses rc4 encryption but it also uses compression ontop of the encryption just so you know

Theeper · #5 04-30-2008, 08:13 AM

I don't think Minilogin uses any type of encryption in communication with World. But why bother trying to decompile it though ? You can see how it works from the server source.

This subject has been beaten to death though. For some reason it has to be brought up again every few months. Someone should sticky the last few "I want to decompile Minilogin" threads.

cole89103 · #6 04-30-2008, 08:19 AM

minilogin doesnt use encryption you are correct but the client DOES and minilogin is actually just another build of the public loginserver for one minus the crypto obviously. add to that that the client uses crypto to talk to the worldserver and thats what hes going to be siffing or trying to figure out

Theeper · #7 04-30-2008, 08:33 AM

You don't need to sniff packets. It's all right there in the server source.

cole89103 · #8 04-30-2008, 08:35 AM

no its not ive seen the old loginserver source trust me its not in the source if it was eqemu would have been shut down by soe ages ago its also why the loginserver source is guarded so closely the crypto needs to be sniffed with packet and key sniffers it CAN be done if he sniffs the stuff when he connects to the public loginserver but no its not in the worldserver source code