Regaining Game Key
« previous next »
Pages: 1 [2] 3 4

Author Topic: Regaining Game Key  (Read 4278 times)

Goth77

April 15, 2015, 03:21:10 AM
Quote from: Zeblote on April 15, 2015, 03:10:50 AM
The user that lost his email downloads the program, it extracts the key from his key.dat and shows it to the user. Is it that hard to understand?
Key.dat decryption? That's probably not a good thing.
I really hope this doesn't happen.
This is a very insecure way of retrieving someones key.
If you were playing Blockland on a public or shared network, you could steal anyone's key who has Blockland on their PC and is also on that same network. In theory this could be the Internet itself

Ad Bot

Advertisement

Zeblote

April 15, 2015, 03:34:19 AM
No, you can't...

Pecon

April 15, 2015, 04:42:26 AM
We already know how the key.dat file format works, and there are a couple closed-source programs made by a few users which recovers the key from the key.dat file. Ipqµarx wants to create an open-source one, which can be proven to be non-malicious and secure in it's work. I don't see anything wrong here given what is already out there.

Goth77

April 15, 2015, 06:19:10 PM
Quote from: Zeblote on April 15, 2015, 03:34:19 AM
No, you can't...
Imagine this though: Your playing Blockland at your local library with a few buddies. One could easily access their Blockland folder from the network, and nab the key.dat file without the other person ever knowing. Now they can convert it back to the original activation key.

They have officially stolen someones key just that easy

Trogtor

April 15, 2015, 06:21:45 PM
Quote from: Goth77 on April 15, 2015, 06:19:10 PM
Imagine this though: Your playing Blockland at your local library with a few buddies. One could easily access their Blockland folder from the network, and nab the key.dat file without the other person ever knowing. Now they can convert it back to the original activation key.

They have officially stolen someones key just that easy
you can disable network sharing

Thorfin25

April 15, 2015, 10:14:35 PM
Quote from: Goth77 on April 15, 2015, 06:19:10 PM
Imagine this though: Your playing Blockland at your local library with a few buddies. One could easily access their Blockland folder from the network, and nab the key.dat file without the other person ever knowing. Now they can convert it back to the original activation key.

They have officially stolen someones key just that easy
Quote from: Zeblote on April 15, 2015, 03:34:19 AM
No, you can't...

It's a tad bit more complicated than that kid, I could take your key.day, have it stored on my computer, and never be able to decrypt it at all, because your computer is the one that made it, mine didn't. You can take all the key.dats from everybody you ever wanted, and still not be able to crack them with just that alone. And this program that is being developed wont be able to crack a key.dat created by another computer. So you can't steal someones file, save it onto your computer, then crack it open like magic.

Ipquarx

April 15, 2015, 11:24:08 PM
Quote from: Thorfin25 on April 15, 2015, 10:14:35 PM
It's a tad bit more complicated than that kid, I could take your key.day, have it stored on my computer, and never be able to decrypt it at all, because your computer is the one that made it, mine didn't. You can take all the key.dats from everybody you ever wanted, and still not be able to crack them with just that alone. And this program that is being developed wont be able to crack a key.dat created by another computer. So you can't steal someones file, save it onto your computer, then crack it open like magic.
Well, technically this isn't true. If you have enough key.dats from the same computer you can use the combined information from all the keys and recover them all. However this is not implemented in the program and likely never will be due to the possibility of abuse. Though it's a fairly unreasonable amount to be able to recover the full key (~20-30).

But yes, we've known how to decrypt keydats for quite a while now, and now I'm just putting it into a program you can actually use on your own. I still need to make an introduction on how to use the program, as the less tech-savvy people will probably not know how to use it right away. If you want to see the progress of the program thus far and even try it out (You can compile it for yourself, I don't have any releases out quite yet) you can go to https://github.com/ipquarx/keyutils

There's also a v2 keydat thing which I'm working on. It's basically a more secure way to store your key that uses a password. Most people wouldn't really wanna use it but if you really wanna keep your key safe, it's an option.

phflack

April 16, 2015, 12:25:17 AM
am I the only one here that thinks goth is being a bit silly?

Dannu

April 16, 2015, 12:30:17 AM
Quote from: phflack on April 16, 2015, 12:25:17 AM
am I the only one here that thinks goth is being a bit silly?
naa fam.

Dannu

April 16, 2015, 12:32:45 AM
Can I request it be compiled into an OS X app as well?

Pecon

April 16, 2015, 12:51:03 AM
Quote from: Dannu on April 16, 2015, 12:32:45 AM
Can I request it be compiled into an OS X app as well?
I think Ipqµarx is using Microsoft Visual C#, so that seems kinda unlikely unless there is a magic compiler that'll convert it to OSX. This is why I prefer to use ANSII Standard C++, because it's pretty easy to take it to any platform and compile it*.

*Usually with some minor modifications needed for each individual platform.

Zeblote

April 16, 2015, 03:27:24 AM
Quote from: Pecon on April 16, 2015, 12:51:03 AM
I think Ipqµarx is using Microsoft Visual C#, so that seems kinda unlikely unless there is a magic compiler that'll convert it to OSX.[/size]

http://www.mono-project.com/

Ipquarx

April 16, 2015, 11:21:56 AM
Quote from: Zeblote on April 16, 2015, 03:27:24 AM
http://www.mono-project.com/
Which would unfortunately require a complete overhaul of the UI system since they aren't anywhere near the same. I could do it, buut...

Nobody's actually done any research to see how keydat decryption works on OSX. It could very well be the same, but that's the thing, I'm not sure about it. I also don't know how processor name detection works on macs, and I'm not sure what the list of possible processor names is. I used a string extractor to extract the strings from the blockland.exe to get the ones for the windows version, and I don't know how you would go about doing that on OSX.

Ipquarx

April 16, 2015, 11:23:46 AM
Noedit: If someone could do a bit of looking into that, that would be wonderful since I don't have any access to a mac.

Goth77

April 17, 2015, 06:51:59 PM
Quote from: Trogtor on April 15, 2015, 06:21:45 PM
you can disable network sharing
Disable network sharing on a public network, okay. Not to mention most library computers have deep freeze, so everytime you come back to play you would have to disable network sharing.
How very inconvenient.

Quote from: Thorfin25 on April 15, 2015, 10:14:35 PM
It's a tad bit more complicated than that kid, I could take your key.day, have it stored on my computer, and never be able to decrypt it at all, because your computer is the one that made it, mine didn't. You can take all the key.dats from everybody you ever wanted, and still not be able to crack them with just that alone

Quote from: Ipquarx on April 15, 2015, 11:24:08 PM
If you have enough key.dats from the same computer you can use the combined information from all the keys and recover them all. However this is not implemented in the program and likely never will be due to the possibility of abuse.
My point exactly. Not only this but you still risk giving out your key.dat if on a public network

Quote from: phflack on April 16, 2015, 12:25:17 AM
am I the only one here that thinks goth is being a bit silly?
I'm silly for being concerned about the security of users' auth key?
------------------------------------
------------------------------------
If key.dat files can be decrypted, then I fear for the security of Blocklanders who use this program. I'm not calling you abusive or anything Ipquarx, but you never know what something like this could do in the wrong hands, being an open source project and all.

If you could clarify for me how this can be used without the possibility of stealing someones auth key I would be more than happy to support development
Pages: 1 [2] 3 4
« previous next »