 |
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 12:36
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 4 posts ] |
|
| Author |
Message |
|
detectorrr
|
Post subject: PB Guid to etkey  Posted: 17 Mar 2009 18:52 |
|
Joined: 17 Mar 2009 18:43
Posts: 2
|
|
| Top |
|
 |
|
|
|
|
|
|
|
|
aluigi
|
Post subject: Re: PB Guid to etkey Posted: 18 Mar 2009 17:30 |
|
Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
|
|
uhmmm first some theory.
the ET pb guid is calculated on the 18 bytes of data which start at offset 10 of the etkey file where are performed 2 md5 hashes first with the seed 0x00b684a3 and then with 0x00051a56.
so, for example, if etkey starts with 0000001002123456789012345678 the resulted guid is c5b16ff05ea6838c8ffa997a302ffc1a.
I have not lost time figuring the generation of the etkey file due to the complete lack of interest in this whole thing anyway the 18 bytes of the key are composed by the year, the month, the day and a number of 10 digits (time dependent).
those are the parameters referred to the creation of the etkey file.
if you know the EXACT year, month and day in which the etkey file of the guid you want to brute force has been created then you can do the job even in 11 seconds.
BUT obviously the creation date changes between each user so I could have created the file (reinstalled ET or deleted etkey) 2 minutes ago while another user could still have the file from the 2004 and there is no way to know it.
then, in any case, I doubt that even after having changed the 18 bytes of the key the PB server will still accept the player because if I'm not in error there are other checks but I have never tested this (in reality I have never played with ET online in my life) so don't consider this affirmation.
I have attached a quick code to test what I mean
|
|
| Top |
|
|
|
chaplja
|
Post subject: Re: PB Guid to etkey Posted: 06 Apr 2009 23:47 |
|
Joined: 06 Apr 2009 23:35
Posts: 2
|
|
Hi.
As Luigi said, cracking is quick, but in reality a lot quicker than numbers he mentioned. The best optimization I managed to do was making it crack guids at speed of 3.5 seconds per day (that means, guid calculation optimizations (not using slow std apis ...) and limited range of the numbers that make the last part of the guid - there are specific ranges that EB gives out).
There is a serverside cvar that will make the server verify that the etkey is the real one that their system sent (by the 'junk' behind the readable part of the guid). However, even that is bypassable, a kind person sent me a PoC that works, but I don't plan making it public - for now (I'm against helping Even Balance in any way).
|
|
| Top |
|
|
|
AndreBierlein
|
Post subject: Re: PB Guid to etkey Posted: 29 Aug 2009 17:08 |
|
Joined: 29 Aug 2009 16:44
Posts: 4
|
|
Hi,
i found this about a week ago. To me, the speed of your programm is pretty scary, mine is by far not that fast.
However, i'd like to know, if you released it somewhere, as our servers have experienced this,
which is rather bad for our clan. We rely on mods, which use GUIDs for command access, so i'd
like to know if there is any possible way to protect from this. You wrote something about a server-side
cvar, could you maybe give some more information about that?
Thanks in advance.
-- Andre
|
|
| Top |
|
|
|
|
Page 1 of 1
|
[ 4 posts ] |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
