 |
|
Sep 12, 2011, 11:12 AM // 11:12
|
#21 | |
|
Forge Runner
Join Date: Apr 2007
Guild: DMFC
|
Quote:
How does your private server validate with no means of validating the account details - also the other worrying points are if someone is say not 100% trustworthy and run their own private server - whats to stop them using the details for their own means in gw ? Whats more worrying is there is nothing currently being said by anet - eg has anyone within last few days contacted anet on their views of this , just incase theres a hidden clause and the makers find themselves in a bad situation. |
|
|
|
|
Sep 12, 2011, 12:53 PM // 12:53
|
#22 | |
|
Pre-Searing Cadet
Join Date: Sep 2011
Guild: GWLP:R
Profession: Me/
|
Quote:
Just so you know: We don't want to encourage piracy, cause we love playing the game. We wouldn't want to do any financial harm to the developers. However, we currently cannot support any authorization of original accounts, because we haven't come up with a secure solution. That solution might only be achievable with ArenaNet's support, but i guess that wont happen. In a nutshell, if you've got doubts whether this harms the eula or not, simply don't use it, don't support it and don't spread the word. (And i highly doubt that it doesn't...) |
|
|
|
|
|
Sep 12, 2011, 01:31 PM // 13:31
|
#23 | |
|
Lion's Arch Merchant
Join Date: Aug 2009
Location: Europe
Guild: Tom Son [TS]
Profession: E/
|
Quote:
But I am 100% sure the bot developers all jump immediately and enthusiastically to use it as their development platform. Burning throwaway accounts may be somewhat easy for account thieves or people with a big wallet (I don't know), but simply using a non-monitored server is so much easier. It even gives more information: you can always look what can be monitored on the server side and how to avoid being monitored. Don't shoot the messenger: I only tell the bad news. |
|
|
|
|
|
Sep 12, 2011, 01:56 PM // 13:56
|
#24 | |
|
Pre-Searing Cadet
Join Date: Sep 2011
Guild: GWLP:R
Profession: Me/
|
That is partly right, but lets face it:
We dont know how Anet's servers work, all we can do is guess. (Which means we are missing a lot of packets, development is slow and we cannot provide the exact same functionality) Also, i never intended any measurements against bot usage on GWLP:R, thats why you could create a bot on it without any problems, switch to the real servers and get banned instantly and permanently. Imo using it to develop bots doesn't make any sense that way, even if it is possible of course. Apart from that, Quote:
|
|
|
|
|
|
Sep 12, 2011, 02:10 PM // 14:10
|
#25 |
|
Krytan Explorer
Join Date: May 2009
|
I don't think GWLP could be used to develop bots at all, because server architectures seem to differ so much from each other. Not that I know any of the details, but my best guess is that the devs of GWLP build their own server farm or something that resembles that of GW (separate login and game servers and whatnot).
Actually, I can't say if this project will be successful, because you (the devs) have to invest a lot of time and devotion into this project and even more when you start balancing skills. That alone could get very tedious and I don't think if your motivation will be that great when other games are launched. I do appreciate what you are doing and hope for the best. |
|
|
|
|
Sep 12, 2011, 02:45 PM // 14:45
|
#26 |
|
Ascalonian Squire
Join Date: Aug 2007
Guild: The Sanctum Of Inner Darkness
Profession: N/
|
Can't you just validate the same way the client does normally? Let the login server do it's thing through a proxy, and after you get the confirmation of account validity server side, cut communication with the login server.
Since it is server side, clients can't mess with the login process. |
|
|
|
|
Sep 12, 2011, 03:37 PM // 15:37
|
#27 |
|
Pre-Searing Cadet
Join Date: Sep 2011
Guild: GWLP:R
Profession: Me/
|
You can't because we would 'see' the login data. And we don't wanna see that.
But good idea at least ;D |
|
|
|
|
Sep 12, 2011, 04:03 PM // 16:03
|
#28 | |
|
Forge Runner
Join Date: Apr 2007
Guild: DMFC
|
Quote:
And i assume if your using a proxy server then that users ip will be totally different - and when they do login on their own ip they find their accounts banned due to security issues. |
|
|
|
|
|
Sep 12, 2011, 04:49 PM // 16:49
|
#29 |
|
Pre-Searing Cadet
Join Date: Sep 2011
Guild: GWLP:R
Profession: Me/
|
As i understood it, we would have to emulate login, then use the client's data to send a login request at Anet servers at the same time, to check if it's valid.
As our server IP doesnt change that is OK. But as i said, we'll have to handle the login data from the client, and also, we would possibly overload Anet servers with logins from different Clients with the same IP address. (Idk if that triggers any security measurement) |
|
|
|
|
Sep 12, 2011, 05:32 PM // 17:32
|
#30 |
|
Ascalonian Squire
Join Date: Aug 2007
Guild: The Sanctum Of Inner Darkness
Profession: N/
|
In all honesty, the only way you are going to take care of the login without the users being able to subvert the check entirely is to do everything server side. Yes there is the chance for a malicious user to take the patched client and steal the password, but there is no real way to avoid this. If you want to release the end result publicly with a lower chance of a lawsuit, your going to have to do it this way.
EDIT: Your going to have to test, instead of throwing out excuses. That's part of the process of coding. You can't just say "I don't think this will work, so I'm not going to bother trying". Seriously. Last edited by KairuByte; Sep 12, 2011 at 05:35 PM // 17:35.. |
|
|
|
|
Sep 12, 2011, 05:52 PM // 17:52
|
#31 |
|
Desert Nomad
Join Date: Jan 2010
Guild: [Pink]
Profession: P/
|
Err, could someone explain exactly what this project is to those of us who don't know all of these technical terms like emulate or coding? As I currently understand it, this would allow people to play on private servers where skill balance can be undertaken by those who run the server, not by anet. Is this correct? Would this be for both PvP and PvE?
|
|
|
|
|
Sep 12, 2011, 06:11 PM // 18:11
|
#32 | |
|
Pre-Searing Cadet
Join Date: Sep 2011
Guild: GWLP:R
Profession: Me/
|
@ Lanier: yes, check GR if you've got more questions. (Link can be found of the project site)
Quote:
"Hey guys, give us your valid login data, so we might check if you're allowed to play here. And dont mind us being a crew consisting of some random people from the internet." And of course we won't, but thats a fact. And having to admit that it would be possible for us to save the client's verification data wont give us much of popularity, would it? I mean, i'm not saying we are not trustworthy, but i wont expect anyone to give us their data. Seriously. |
|
|
|
|
|
Sep 12, 2011, 06:14 PM // 18:14
|
#33 | |
|
Ascalonian Squire
Join Date: Aug 2007
Guild: The Sanctum Of Inner Darkness
Profession: N/
|
Quote:
Now, I do have to ask an obvious question. Is the login data encrypted before it is sent to the server? Because in all honesty if it is MD5'd before it is sent there would be no issue. And seriously, in this day and age.... Is the Guild Wars client susceptible to a packet repeat attack? I would think they would utilize an nonce type system to remove that type of vulnerability. |
|
|
|
|
|
Sep 12, 2011, 07:29 PM // 19:29
|
#34 |
|
Ascalonian Squire
Join Date: Apr 2011
Location: holland
Guild: easy
Profession: N/A
|
_rusty if us normal fowks can help with the project please tell.
would love to test this stuff |
|
|
|
|
Sep 12, 2011, 07:31 PM // 19:31
|
#35 |
|
Pre-Searing Cadet
Join Date: Sep 2011
Guild: GWLP:R
Profession: Me/
|
Ok your right with that point.
Actually that will work under the following conditions: The client sends the login data as usual, with a double encryption. (The packets them selfs are encrypted as well as the user password) The server establishes an encrypted connection with the original auth server and just repeats the data from the client, waiting for verification packets. Those are sent to the client asap and it will be able to login to the gwlpr servers. We wont be able to actually use the login data. |
|
|
|
|
Sep 19, 2011, 11:52 AM // 11:52
|
#36 |
|
Academy Page
Join Date: Jan 2007
|
...C#, seriously?
Hey, whatever. Maybe when you're done I'll see if I can convert it to something I like, or make some sort of Frankenstein codebase for my changes. Good luck with it. I'll bug some people I know about it and see if they'll release any useful tools or information to make your lives easier, but don't get your hopes up. |
|
|
|
|
Sep 20, 2011, 12:10 PM // 12:10
|
#37 | |
|
Grotto Attendant
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
|
Quote:
I envision this: 1) Player logs into anet system are recieves "key". 2) When players logs into GWLP, he enters this key into character name textfield (or provides it to you while registering account). 3) As part of login, you simply ping anet system with "Is this key linked to valid account valid?" - "Yes, it is linked to [email protected]" It would be impossible to use this key to log into guildwars/support/anything, but it would be easy to validate that such-and-such account exists. |
|
|
|
|
|
Sep 20, 2011, 12:52 PM // 12:52
|
#38 | |
|
Ascalonian Squire
Join Date: Aug 2007
Guild: The Sanctum Of Inner Darkness
Profession: N/
|
Quote:
It's not exactly that simple, but it would mean that you could login to the private server with valid login data without worry of that host being able to see your password. I'm curious why the GWLPR team didn't think of this to begin with, as it is a rather normal thing for a login server to do, otherwise people would be having accounts hacked left right and center. |
|
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 01:34 PM // 13:34.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("