https://davnit.net/bnet/vL/phpbbs/index.php?topic=8787.msg81693#msg81693

Out of boredom, I dug this old topic up to see if anyone was interested.

I've thought a little about the connection process recently.  To prevent the usage of proxies, the end user would send a request to the server, and the server would open a connection connecting to the ip that sent the request on a different port.  Therefore, the end user would need an open port to allow the server to connect through. 

Edited the above link so it pointed to the post about the actual project :)

Sounds neat, but I don't know how many people would use it, guess we'll find out here

LoRd proposed this a while ago, then Ersan said he was working on it [a while ago, but less long ago than LoRd :P] guess it didn't get anywhere though.

Actually, Lord's idea was to make a key sharing database, where users would share cdkeys with eachother.  If users donated keys, they would recieve new keys in return.

My system simply allows users to establish a binary connection to battle.net without a CDkey.  The users are never aware of the key they are using.

But that brings up another problem, I would need key donations in order for this to work.  I'm not sure how generous the battle.net community is...

I like the sound of it, but there will be major abuse. I wouldn't mind using a bnls style login system..

And you would have to keep checking the list of keys to make sure they still work.

[quote author=Lenny link=topic=10875.msg103121#msg103121 date=1110420989]
https://davnit.net/bnet/vL/phpbbs/index.php?topic=8787.msg81693#msg81693

Out of boredom, I dug this old topic up to see if anyone was interested.

I've thought a little about the connection process recently.  To prevent the usage of proxies, the end user would send a request to the server, and the server would open a connection connecting to the ip that sent the request on a different port.  Therefore, the end user would need an open port to allow the server to connect through. 

Edited the above link so it pointed to the post about the actual project :)
[/quote]
A few thoughts...

You would need to have proxies or multiple IPs, since your service is going to be the thing opening connections to Battle.net.

Sharing keys is an interesting idea.

Preventing connections through proxies would cause legitimate clients to potentially fail, if someone is using a firewall.

Otherwise an interesting idea.

What do you do to a user that gets a CDKey banned/muted?

[quote]
You would need to have proxies or multiple IPs, since your service is going to be the thing opening connections to Battle.net.
[/quote]
The only connection to battle.net would be the bot cycling through the key lists to test each one (1 connection for each gateway).  Even with a high reconnect delay, I should be able to cycle through the entire list within a day or two.   

[quote]
Preventing connections through proxies would cause legitimate clients to potentially fail, if someone is using a firewall.
[/quote]
Yes, this is one of the reasons why I'm still trying to find a better way to prevent proxies.

[quote]
What do you do to a user that gets a CDKey banned/muted?
[/quote]
Well since each key has an associated ip address, I could easily ipban the user once the bot finds the banned key while cycling.  Or I could force him to sit with the banned key.

Well, I'll just point out that this is a splendid recipie for eliciting a DMCA takedown.

Assuming that it were offered for public use, such a system would be patently illegal. It would even be illegal here, and we have reasonable legislation!

We've discussed this before, Lenny, but you never really had an answer other than donations.  Eventually, the list of working keys will decrease to the point where you won't have enough to assign to your users, and people aren't just going to hand you lists of 1000 keys apon request, so how do you plan on getting new keys?  This is why my original idea was based on the idea of key sharing, the key list would never become depleted.

That depends on how you look at it Lord, your key sharing idea might accelerate key depletion.  Users that only give keys to recieve more keys in return probably aren't using their keys for anything legitimate (with respect to these forums :) ).

My hope is to have a set of 'safe keys' which are hardly ever banned and aren't in the wrong hands.  The keys of users who continue to want more keys probably wouldn't go under the category of 'safe keys'.

[quote author=Arta[vL] link=topic=10875.msg103157#msg103157 date=1110433300]
Well, I'll just point out that this is a splendid recipie for eliciting a DMCA takedown.

Assuming that it were offered for public use, such a system would be patently illegal. It would even be illegal here, and we have reasonable legislation!
[/quote]
Why would the DMCA take it down?

I guess I'm somewhat confused -- is this a BNCS emulator, or a gateway to allow people to illegally connect to Battle.net?

[quote author=MyndFyre link=topic=10875.msg103161#msg103161 date=1110439583]I guess I'm somewhat confused -- is this a BNCS emulator, or a gateway to allow people to illegally connect to Battle.net?[/quote]

Even if it served as nothing more than a key repository, it'd be a collection of valid CDkeys which could be used to install illegal copies of the game(s) for which keys are hosted.

[quote]
What do you do to a user that gets a CDKey banned/muted?

Well since each key has an associated ip address, I could easily ipban the user once the bot finds the banned key while cycling.  Or I could force him to sit with the banned key.
[/quote]

Or you could make it so, if they get a banned / muted cdkey, they can then email the cdkey and the problem with it and you will send a working one back.

And this couldnt be a scam for cdkeys, because the person would test the cdkey they gave them to see if it is actually banned or muted.


Sounds a nice idea Lenny :P

The idea is nice, kinda like communsim on paper. But it is most likely not possible in real life. For one thing, you are giving out illegally obtained keys. For another, abuse is never totally prevented by something like that. I just think there is no possible way to do that.

If people donate them, would it still be illegally obtained?

Maybe he could get cash donations & go buy the games over & over

[quote author=Kp link=topic=10875.msg103187#msg103187 date=1110468953]
[quote author=MyndFyre link=topic=10875.msg103161#msg103161 date=1110439583]I guess I'm somewhat confused -- is this a BNCS emulator, or a gateway to allow people to illegally connect to Battle.net?[/quote]

Even if it served as nothing more than a key repository, it'd be a collection of valid CDkeys which could be used to install illegal copies of the game(s) for which keys are hosted.
[/quote]

Someone would have to manually implement it into the client somehow.  My system uses the strengths of hashing to prevent key theft.  The user sends the proper seed values for the hashing and the server sends back the hash of a key, not the key itself.  The hash cannot be reversed. 

Which would involve the only possible hashing algorithm available that can do that: SHA-1. That would ALSO involve 2^69 operations, so...its a bit complicated.

[quote author=Arta[vL] link=topic=10875.msg103157#msg103157 date=1110433300]
Well, I'll just point out that this is a splendid recipie for eliciting a DMCA takedown.

Assuming that it were offered for public use, such a system would be patently illegal. It would even be illegal here, and we have reasonable legislation!
[/quote]

Well, I haven't fully considered the ethics of my system.  But it doesn't enable clients to connect to battle.net, it allows chat emulators to.  I'm not enabling users to use pirated software. 

Just a comment, it's actually easy to reverse the SHA1 on cdkeys.  The reason is, cdkeys have a very limited value (numerical integers).  You wouldn't be so much reversing the hash as brute forcing it.  Either way, it's easy to obtain keys from hashes.

[quote author=iago link=topic=10875.msg103223#msg103223 date=1110486572]
Just a comment, it's actually easy to reverse the SHA1 on cdkeys.  The reason is, cdkeys have a very limited value (numerical integers).  You wouldn't be so much reversing the hash as brute forcing it.  Either way, it's easy to obtain keys from hashes.
[/quote]
I believe K showed some proof-of-concept on this a long time ago.

[quote author=Lenny link=topic=10875.msg103221#msg103221 date=1110485781]Well, I haven't fully considered the ethics of my system.  But it doesn't enable clients to connect to battle.net, it allows chat emulators to.  I'm not enabling users to use pirated software.[/quote]

You aren't providing it to unmodified clients, but it'd be relatively easy to put an emulator on battle.net via your system, watch it log in, and capture the key that it used.  Then install the game with that key.  Voila, (potentially) pirated install with a working cdkey.

[quote author=iago link=topic=10875.msg103223#msg103223 date=1110486572]Just a comment, it's actually easy to reverse the SHA1 on cdkeys.  The reason is, cdkeys have a very limited value (numerical integers).  You wouldn't be so much reversing the hash as brute forcing it.  Either way, it's easy to obtain keys from hashes.[/quote]

To expand on this: Starcraft keys are composed of three parts: the number 1 (a product ID), the key's magic number (which is sent in the clear), and the key's secret number (which is obfuscated by the hash).  There is a relation between the magic and secret numbers, which afaik no one has ever published (if it's even known outside of Blizzard).  The server validates the key by computing what the secret should be based on your magic, then checks to see if it gets the same hash as you did.  If it did, you and it agreed on the secret.

Why is this a problem for a scheme like Lenny's?  All secret numbers are in the range [0, 1000], so it only takes ~1000 trials to learn the secret that was used to generate a given hash.  The time required for that on a modern processor is trivial, so as iago said, you can easily brute force the secret.

[quote author=Soul Taker link=topic=10875.msg103227#msg103227 date=1110486904]
[quote author=iago link=topic=10875.msg103223#msg103223 date=1110486572]
Just a comment, it's actually easy to reverse the SHA1 on cdkeys. The reason is, cdkeys have a very limited value (numerical integers). You wouldn't be so much reversing the hash as brute forcing it. Either way, it's easy to obtain keys from hashes.
[/quote]
I believe K showed some proof-of-concept on this a long time ago.
[/quote]

Maybe not the same thing.  What I showed was that given the client token, server token, hash and public key value it takes very little time to brute force the private value.  Once you have those values it's really just a matter of encoding a cd key from them, which I never bothered to do.

Was an interesting idea though...:)

That's all I can say  ::)

Maybe you could setup a website where each user who wants to use the system has to register. Then went they use this system to login to battlenet they have to provide BnetUsername/Password WebsiteUsername/Password.

That way if the key that they login with becomes muted/banned by them you can suspend there account until they provide you with a working cd-key in-replace of the one they muted/banned.

Also you could limit each Registered user to login a maximum of 1 account online at a time, but you would have to make it difficult for people to register and make it check there IP Authenticity and maybe make them provide a key?

Just giving some ideas to help with this :)

[quote author=QwertyMonster link=topic=10875.msg103188#msg103188 date=1110469006]

Or you could make it so, if they get a banned / muted cdkey, they can then email the cdkey and the problem with it and you will send a working one back.

And this couldnt be a scam for cdkeys, because the person would test the cdkey they gave them to see if it is actually banned or muted.
[/quote]

I still think my idea is better. But Fr0z3n's is just at the same standard. Binding our 2 ideas together and other peoples for adding touches, would make it actually pretty good tbh. But hey, this is my idea.  ;)

[quote author=FrOzeN link=topic=10875.msg103424#msg103424 date=1110613864]
Maybe you could setup a website where each user who wants to use the system has to register. Then went they use this system to login to battlenet they have to provide BnetUsername/Password WebsiteUsername/Password.

That way if the key that they login with becomes muted/banned by them you can suspend there account until they provide you with a working cd-key in-replace of the one they muted/banned.

Also you could limit each Registered user to login a maximum of 1 account online at a time, but you would have to make it difficult for people to register and make it check there IP Authenticity and maybe make them provide a key?[/quote]

This really wouldn't scale well at all.  You'd need to check that the key they provided was not banned at the time it was provided, or else they'd have free service in the interim.  You can suspend their account with this service, but how do you avoid that they change their BNCS password regularly and randomly?  If they did, you'd have no way of suspending that, so they'd be out the sign-up key and no more.

Well, actually if they are "donating" a key, why not just make the user use the key he donated?.

Hm, this might sound stupid to ya'll, but you could let each person have 1 account, and on their one account, they could put however CDKeys they wanted, and they would be the only ones that would use them, that way they wouldn't have to put in a CDKey to connect to Battle.net. That way if a CDKey is banned, it would be their bust not yours. You could also have a remove/add cdkey function so that the account could add/remove cdkeys. You would also have to have it as any client, so you would add the cdkey something like: CDKey/Product (ie: BMK6MPDBVZC2RCCERVV4JRBTKJ/3RAW)
This is what I would do If I wanted to create something like this.

[quote author=Archangel link=topic=10875.msg103504#msg103504 date=1110655260]
Well, actually if they are "donating" a key, why not just make the user use the key he donated?.
[/quote]
Well the keys have to come from somewhere.. and the key donating could be optional.

If each user used the key they provided the people who don't have a key to provide wouldn't be able to logon at all.

This system would just be a way of sharing keys around and being able to login from whatever computer your at by downloading a bot that works with it and not having to remember your cd-key.

Also it has its advantages if you don't have proxies this would kinda be allowing you to login on a proxie as you wouldn't be using your own IP.

PS: I'm not Fr0z3n

[EDIT] I'm guessing if this worked with the website the cd-keys would be stored in a SQL database or something. And maybe someone who had high access in this program could have a program running through the SQL Database testing the keys over and over.. ?