Minilogin - time to reverse engineer?

[330pilot]

Tired of being tugged around left and right with login server. I think its time we reverse engineer the minilogin, or start a new minilogin project.

I just cant imagine that a better encryption mechanism cannot be devised by an open source community that would protect your public login server. Its not like we're not interested in a safe and secure login server either.

[mangoo]

I got an even better idea! How about every user on this forum make a new topic about the MiniLogin!

[RangerDown]

I wouldn't think that reverse engineering the current minilogin would do any good since it no longer reflects the protocol the current live client uses. I doubt it'll be a big problem since from a business perspective, they don't wanna change up the login protocol too often. Everytime they do it, they have a chance to introduce a bug or something that means now a bunch of peeps can't log on.

I think their biggest reasons for making a new login protocol this time were that they were consolidating station accounts and centralizing the login process. From what the articles on SOE boards said, before this last patch, a particular station name could be using one password to logon to EQ and another pw for all the other SOE stuff -- and they wanted to convert that to one pw for everything for that station name. Also the old login protocol seemed vulnerable to replay attack from what I could gather, and if that was the case really needed a change.

The old login protocol had a version of 6/3/2003, so about once a year they might change up the way logins work. A minor inconvenience, but definitely not tugging right and left... now if they will just leave AA network code alone! :P

[330pilot]

Quote:

Originally Posted by RangerDown

I wouldn't think that reverse engineering the current minilogin would do any good since it no longer reflects the protocol the current live client uses. I doubt it'll be a big problem since from a business perspective, they don't wanna change up the login protocol too often. Everytime they do it, they have a chance to introduce a bug or something that means now a bunch of peeps can't log on.

I think their biggest reasons for making a new login protocol this time were that they were consolidating station accounts and centralizing the login process. From what the articles on SOE boards said, before this last patch, a particular station name could be using one password to logon to EQ and another pw for all the other SOE stuff -- and they wanted to convert that to one pw for everything for that station name. Also the old login protocol seemed vulnerable to replay attack from what I could gather, and if that was the case really needed a change.

The old login protocol had a version of 6/3/2003, so about once a year they might change up the way logins work. A minor inconvenience, but definitely not tugging right and left... now if they will just leave AA network code alone! :P

Since the current minilogin is outdated, remove the encryption algs and release the source...

[DeletedUser]

This is just as pathetic as the US gov't publically announcing the secret plan to assassinate Saddam Hussein... I will just use the same forums that say no we will not release the source code to the login server to ask for people to help me reverse engineer it, yes!

[Memener]

even the old minilogin ? the one that works with the old 4.4 verson of eqemu?

[Mongrel]

Quote:

remove the encryption algs

You don't need the damn encryption algorithms to make a minilogin, just packet collect the login process and ignore the name/password part. Minilogin goes by IP, not by login data.

There you go. A new minilogin.

As far as I know (but this is just a guess, so anyone with some insight might want to correct me here) the "official" Minilogin never did any decryption of the login data, it always used IPs.

[Memener]

The one i am looking for is the one that lets you log in with a user name and IP

[RexChaos]

Any chance that the reason login server code isn't released is because of the possibility that it contains code that allows packets to be forced to world.exe so that certain people can hack?

Just curious...

[Edgar1898]

You want to make your own login server go ahead, the client doesnt encrypt at the moment, so you can have all the functionality you want. Its not too hard, but I have already said the one I rewrote isnt going to be open source.

[330pilot]

w00t login source!

Thanks Gheko!

:twisted:

[DeletedUser]

They redid the login server entirely that source is worthless for the most part

[codemonkey]

Quote:

Originally Posted by image

This is just as pathetic as the US gov't publically announcing the secret plan to assassinate Saddam Hussein...

Image is 100% right. The US should not have publically announced the plans to assasinate Saddam.
They should have sent in the A-Team (obligatory bad humor inc).

Quote:

Originally Posted by A-Team

BA Baracus: I pity the stinky brown sucka who don't come out that rat hole and take his medicide !
Murdock: My nose hair is on fire. Look I can fly. Wheeeeeeeeee !
BA Baracus: Quit yo jibber jabber crazy sucka, or ill bust a cap in yo ass too!
Face: Saddam - come out and take your medicine...its over.
Hannibal: I love it when a plan comes together !

(queue A-Team theme - Ba Da Dada Daaaaaaaaaa)

Quote:

Originally Posted by Image

They redid the login server entirely that source is worthless for the most part

Again, Image is 100% correct. I wouldn't wish our Kentucky Fried Login solution upon anyone. It is 100% custom world-wired to our phpBB2 forums. Wish we had that link below 6 months ago. Ahhh well. All I'm guilty of doing is giving 330 a link anyone can find using Google to reach an ex-eqemu dev's website :

Quote:

Originally Posted by everquestgrl

NOTICE: All of these files are freely available to you under the terms of the GNU General Public License - Version 2. You may redistribute them at your own will and/or modify them as long as the source is given out (*and I have credit for my work*).

Login Server (including minilogin build option) project source is freely given out by her at this URL: You Wish

Now quite honestly, some stuff has copyright (c) so and so, and none of it has the GPL disclaimer. We didn't use it - but anyone can it seems (according to everquestgirl) use it as say a template for their own login server or whatever-they-want to use it for - as long as she's credited. Seems dated pre ldon/god. Not that it stops you from compiling a modified (working) minilogin and adding your own cryptography code if you so desire.

Also, i noticed it seems to have been done in VC 6.0 or earlier as it uses iostream.h includes (which were deprecated in VC7 where you'd have to use namespace std). Anywhooo - we don't use any of it. Colonel Saunders would roll in his grave if we messed with our secret KFC recipe and jacked a working Kentucky Fried solution when we didn't have to. A C# open source login server would be nice, but unfortunately i don't have the time nor the inclination to write one atm.

I just pointed 330 there (as will Yahoo and Google but strangely enough, not Altavista). Also, her disclaimer or statement that it is free to use by anyone - and the fact Mirror 1 works ... well ... if eqemu devs disagree with her i'd suggest asking her to take her site down.


Jesus Loves You !

Ghecko the Vanquisher
EQ Live 65 Monk (retired) Rallos Zek
Winner - BoTB EQLive Melee
1/3rd of the LV Dev Team
"Any man can die for Jesus. We kill for him."

[Mango]

This is all well and good....

But the real important question is - Does this Everquest Girl have a nice rack?

I need to know before i decide if i should do her or not. (I handle the important stuff on the LV Dev Team)

[DeletedUser]

EverQuest Girl is Lyenu a former developer of EQEMu who got in a fight with Hogie and left the project raving with the Login Source. After this event the login source was removed from the source server where the developers access it. Oh ya, Lyenu is a he by the way :P