Author | Message | Time |
---|---|---|
PaiD | ok My old clan (Clan BNU) did it and I wanted to know how they did it.They had it connect to a database and check to see if your registration key(a key code) was in The Database. If it wants then the bot wouldnt connect and just say. Verifcation Failed. How would I do that too? I have a database server on my site. I just need to know what to do. I am useing an Access database with Visual Studio EnterPrise Edition. | February 22, 2003, 3:27 PM |
Yoni | Just a note: If all the server does is verify your registration key, then it's pointless. The client can easily (usually) be cracked. If the server does something else, but requires a valid registration key to do this, then it's pointful, and a client-sided crack is not possible. | February 22, 2003, 3:36 PM |
PaiD | yea what it does is it checks the key (even if they cracked it) and sees if it is real.LIke If i gave it to them. If they didnt get it from me then it will not be in the database as an active key. Then the bot wouldnt work. I would like help on that problem. Also the key cant be cracked easyly b/c it is like the RaiBot Private editions and like Reaper Bot. | February 22, 2003, 4:03 PM |
Camel | what i did: when you run the bot, you enter a username and a password. it sends that to the site, which matches the username and password against its ip. if all 3 match up, it sends back a string. client parses that string, determining if it should allow the user to use the bot, quit, or ask the user to update to a more recent version of the bot. | February 22, 2003, 5:21 PM |
Etheran | eww, I wouldn't use that bot because my username / password are being sent to your site. BNLS is the same way, but I trust skywing and vL. | February 22, 2003, 5:39 PM |
PaiD | no1 has answered me :( | February 22, 2003, 6:41 PM |
Camel | [quote]eww, I wouldn't use that bot because my username / password are being sent to your site. BNLS is the same way, but I trust skywing and vL.[/quote] nononono, it doesnt send the username and password you use for bnet, its a seperate login... | February 22, 2003, 7:43 PM |
Grok | [quote]eww, I wouldn't use that bot because my username / password are being sent to your site. BNLS is the same way, but I trust skywing and vL.[/quote] Trust, etc. Skywing is someone you can trust or not trust, depending on your feelings. I've known him 3 years, and know him to be of the highest integrity. I'm sure you already know this, but 'vL' is not a group which puts any bindings on its members. The only thing you can trust about vL is that everyone will do whatever they want. BNLS -- is on its own drive on vl.com, only server administrators (Grok, Skywing, Adron have virtual access to it. The server admin has physical and virtual access to it. If I were new to this situation, wondering about BNLS, I'd ask "how many reports of security breaches are there from BNLS users?" To my knowledge, no information trusted to BNLS has ever been given out. | February 22, 2003, 9:21 PM |
Kp | [quote]yea what it does is it checks the key (even if they cracked it) and sees if it is real.LIke If i gave it to them. If they didnt get it from me then it will not be in the database as an active key. Then the bot wouldnt work. I would like help on that problem. Also the key cant be cracked easyly b/c it is like the RaiBot Private editions and like Reaper Bot.[/quote] As Yoni tried to explain to you, if the server does nothing more than a boolean as to whether the client may run, it's pointless. The client could be modified either to: a) treat all responses as "Yes, you are legitimate", b) contact a server which will always answer "Yes, you're fine", or c) not contact anything at all and skip the authorization entirely. Now, if you plan on having the server supply some information which is both crucial to operation and not easily forceable, it might have some point. Of course, the first paragraph relies on you having a program good enough that at least one decent software engineer will take a crack at breaking it. :p | February 23, 2003, 5:43 AM |
Camel | sort of, kp the main reason that it was created was to keep the bot up to date for example, an outdated version of the bot might request something like [url]http://www.clanbnu.net/bnubotcheck.php?ver1=1&ver2=0&ver3=0[/url]. it would be told by that first byte that it's out of date. following that is the url of the update. then then is (should be?) another byte telling it if it is so far out of date that it must update, or if it can run without updating. the changelog follows that. | February 23, 2003, 12:13 PM |
St0rm.iD | No see... You need to add an authorization key and checksumming type of thing into your bot, which is obfuscated (sp?) and hopefully dynamically encrypted. Then you contact the authorization server, send your version and hashed authorization key. With that sent, the server knows exactly what executable you're using and has its checksum. All the communication for the rest of the transaction should be encrypted with that checksum. The rest of the transaction should be something similar to sending the game CD key to the server and having it return the hash that will be sent to Battle.net. My 2cents. | February 23, 2003, 12:40 PM |
Camel | thats too difficult when all they need to do is open their hosts file and map www.clanbnu.net to somewhere else | February 23, 2003, 1:42 PM |
Kp | [quote]sort of, kp the main reason that it was created was to keep the bot up to date for example, an outdated version of the bot might request something like [url]http://www.clanbnu.net/bnubotcheck.php?ver1=1&ver2=0&ver3=0[/url]. it would be told by that first byte that it's out of date. following that is the url of the update. then then is (should be?) another byte telling it if it is so far out of date that it must update, or if it can run without updating. the changelog follows that.[/quote] I was under the impression that the primary intent was to prevent unauthorized copies from functioning at all. If you only want to be able to notify people of upgrades and suggest that they take it, that's another matter. Which is the case, Paid? | February 23, 2003, 3:55 PM |
PaiD | Well, All I wanted to do was give the ppl a 46 long key code(not easly cracked)and have it connect to a database I have made. It would get the key code they used and then it would have a list of key codes(that I have gave out).If there key code isn't in the database then it would send the bot a false for the verification.When it gets the False for verification then it would say like "You're not approved for the key code. Please contact PaiD for more info". Something like that. I want to make it unable to connect(To Battle.Net)without the verification from the database. | February 23, 2003, 4:18 PM |
Grok | So it's something like this? [code]int ret = completely_uncrackable_authentication(..params..); switch(ret) { case E_DENIED: YouCantRunThis(); break; case E_UPDATE: YouMustUpdateFirst(); break; case E_OK: RunBot(); break; default: WTF_YOU_HACKER(); break; };[/code] Like Kp said -- then there's no point. People will just jump to the RunBot() address directly. | February 23, 2003, 4:51 PM |
PaiD | Ok, I have changed my bot plans now.It will be only for my Clan Members. So now i want to have a database so that I could look at it and see who is useing it(It would tell me the bots Master),there Registeration key code, The Gatway they are on, and Time of Connection. Also I would like a way where I could disconnect there bot. Any1 know how to do this? | February 23, 2003, 7:24 PM |
Yoni | You could use the BotNet to keep track of them. Ask Skywing for more details. | February 23, 2003, 8:08 PM |
PaiD | I dont wish to use botnet. Also I want to have it connect to the database without the user knowing it | February 23, 2003, 8:22 PM |
Spht | [quote]I dont wish to use botnet. Also I want to have it connect to the database without the user knowing it[/quote] Any specific reason why you don't want to use BotNet? I find it very reliable for what I use it for (news and broadcasting system for EternalChat clients). | February 23, 2003, 8:26 PM |
PaiD | b/c I dont know what goes on on the botnet thing. Also I dont know what you would have access to on my bot. | February 23, 2003, 8:37 PM |
Crypticflare | I'm really interested in the botnet feature, are there any documents on it? I think it would be neat to try and use that. | February 23, 2003, 9:23 PM |
Skywing | [quote]b/c I dont know what goes on on the botnet thing. Also I dont know what you would have access to on my bot.[/quote] If you're worried about that, you could always require commands to your bots over BotNet to be signed with a key only you have. BnetDocs has some information on the BotNet protocol. | February 23, 2003, 9:50 PM |
PaiD | Well I want to use my Database idea(about the botnet thing, I was talking about who ever runs botnet, I didnt want to to have access to my bot or its key of my users) b/c I will only have the information that I want and I can control what I get and stuff. I dont wish to use Botnet or BNLS b/c I dont like the idea that others have access to the bot loaders information. I know that you say it is not recorded after it is sent to bnet, but I want to be on the safe side. | February 23, 2003, 10:32 PM |
Skywing | [quote]Well I want to use my Database idea(about the botnet thing, I was talking about who ever runs botnet, I didnt want to to have access to my bot or its key of my users) b/c I will only have the information that I want and I can control what I get and stuff. I dont wish to use Botnet or BNLS b/c I dont like the idea that others have access to the bot loaders information. I know that you say it is not recorded after it is sent to bnet, but I want to be on the safe side. [/quote] Those are reasonable concerns; however, cryptographically signing messages is a technique which can make it nearly impossible (e.g. would take hundreds of years with today's supercomputers) to fake a message without having the private key. BotNet has nothing to do with providing logon information for Battle.net; it's merely an organizational tool for bots. | February 23, 2003, 11:36 PM |
PaiD | hrm Can I get any information that I wanted on botnet about the bots??? | February 24, 2003, 3:38 PM |
Yoni | Yes | February 24, 2003, 4:06 PM |
PaiD | who runs bot net? And also how would I get to bot net and have power over my bots? | February 24, 2003, 4:39 PM |
Camel | [quote]Well I want to use my Database idea(about the botnet thing, I was talking about who ever runs botnet, I didnt want to to have access to my bot or its key of my users) b/c I will only have the information that I want and I can control what I get and stuff. I dont wish to use Botnet or BNLS b/c I dont like the idea that others have access to the bot loaders information. I know that you say it is not recorded after it is sent to bnet, but I want to be on the safe side. [/quote] key of the users? the only reason that would be availible on botnet would be if you were trying to steal their key through botnet... | February 24, 2003, 6:05 PM |
Spht | [quote]who runs bot net? And also how would I get to bot net and have power over my bots?[/quote] The BotNet service is hosted on the Valhalla Legends server. If you are interested in supporting it, consult the documentation at http://www.valhallalegends.com/files/BotNetProtocol.txt | February 24, 2003, 7:52 PM |
Camel | [quote]So it's something like this? [code]int ret = completely_uncrackable_authentication(..params..); switch(ret) { case E_DENIED: YouCantRunThis(); break; case E_UPDATE: YouMustUpdateFirst(); break; case E_OK: RunBot(); break; default: WTF_YOU_HACKER(); break; };[/code] Like Kp said -- then there's no point. People will just jump to the RunBot() address directly. [/quote] yeah, but he's using vb...so the asm would be total spaghetti, difficult to read. :) [edit]and even so, just because something is crackable doesnt mean its not worth using | February 24, 2003, 8:42 PM |
tA-Kane | [quote]just because something is crackable doesnt mean its not worth using[/quote] That is, if your bot (is private, gets leaked, then) gets cracked, and you don't care. But, virtually everything is crackable in one form or another. It all depends on the lengths you're willing to go to make the cracker not want (or not be able) to go to the lengths required to crack it, and then the cost involved in you going to those lengths. Basically, if all you're doing is writing simple client/server software, then all you need is simple protection schemes. It's going to get cracked anyways, so do your best to keep it away from the most newbie of crackers (which are the most common, such as comparing the number of elite vL programmers to the number of "Visual Bot Studio" users on this forum). | February 24, 2003, 10:47 PM |
Skywing | [quote] yeah, but he's using vb...so the asm would be total spaghetti, difficult to read. :) [edit]and even so, just because something is crackable doesnt mean its not worth using[/quote] Don't count on it. VB calls the runtime DLL to do most any operation, making it fairly obvious as to what's going on. | February 25, 2003, 12:09 AM |
Camel | sheesh, lighten up skywing | February 25, 2003, 1:03 AM |
Skywing | [quote]sheesh, lighten up skywing[/quote] Huh? I'm just stating my observations after having looked at several VB programs (battle.net bots, too!) with supposedly secure protection schemes. | February 25, 2003, 1:54 PM |
Camel | i was being facetious | February 25, 2003, 6:01 PM |
Grok | [quote]i was being facetious[/quote] I hate Nazi's. | February 25, 2003, 7:56 PM |
Camel | lol | February 25, 2003, 8:14 PM |
St0rm.iD | [quote] I hate Nazi's. [/quote] I hate people who use apostrophes when they aren't supposed to ;) | February 25, 2003, 11:17 PM |
Camel | i believe 'yuppie' would be a suitble term, storm | February 25, 2003, 11:38 PM |
haZe | someone yell at camel for just posting 'lol' like they did to me =p Anyways, how would you connect to a MySQL server to check if the user was in the DB? code please | February 26, 2003, 7:13 AM |
Arta | For god's sake, ask for code if you're using something that's undocumented (if you must), but for a totally documented and public system? www.mysql.com! | February 26, 2003, 10:00 AM |
haZe | sorry geeze | February 26, 2003, 3:45 PM |
St0rm.iD | Do you know SQL? | February 26, 2003, 5:07 PM |
haZe | Nope. | February 26, 2003, 5:39 PM |
Camel | sql is insanely simple i avoided it for years, and then i needed it one day. i picked it up in about 5 seconds. edit: secods? | February 26, 2003, 7:09 PM |
St0rm.iD | You can't expect to connect to a database without knowing how to use it first! ;) | February 26, 2003, 10:12 PM |