Author Topic: Cca has made a script to bypass authentication.  (Read 9873 times)

If you know the right functions to modify then it is easy to "bypass" or re-route server-side authentication for clients, in fact it doesn't take much to completely separate the game and have your own auth + master server, but this isn't anything to worry about for unmodified/legitimate servers.

Some people are wondering if this was something that could be abused on every server. And just looking at what goes on authentication-wise when you join a server, no, the game requires you to be authenticated in order to obtain your BLID in the first place before it even updates the player list. Unless the auth server itself has a bug, it will just fail you and you disconnect before anyone sees.

So its just a scummy little script that benefits a small handful of users who don't have a key.. kind of boring when your server selection is so limited. I remember when dotdotcircle wanted to do something similar back in 2013 to just have a completely independent version of the game and reverse it from there (this is where the dso disassembler came in to play) but it obviously never worked out.. kind of neat finding out how authentication worked though!

And I wouldn't get mad at Port or anyone for figuring or re-figuring these things out unless they abuse it, its a touchy subject like trying to justify hacking games, but figuring out the lower mechanisms of game authentication and the algorithms that go behind it is just so damn interesting. Like its comparable to researching nuclear reactions and then nuclear explosions are weaponized, its not necessarily the researchers fault in that instance for creating deadly weapons, just the guys who took it and wreaked havoc with it. Example: key research gave us KeyUtils to help recover lost keys, but at the same time let us figure out how to authenticate offline easily. So don't get mad at Ipquarx for figuring that stuff out, its the guys who abuse the offline keys who are the problem.

didnt you forgetin make blhack or some stuff

cca why are you so persistent

didnt you forgetin make blhack or some stuff
yeah he did. no idea why he's still here

but figuring out the lower mechanisms of game authentication and the algorithms that go behind it is just so damn interesting.
i can relate to this. sometimes hacking can be beneficial

granted, the authenticity of that's a little skewed since im sure blhack was beneficial too but it was still abused..... (that is if every one else is serious)

why tell this to someone whose just gonna post it in drama and make you look like the bad guy? it's a cool experiment, you should probably stop telling people about them

yeah he did. no idea why he's still here

Because people feed him keys.

Auios: Crown
Drake: ?
Auios: Would you be willing to help me with a project?
Auios: If not that's understandable
Auios: related to BL
Drake: Aren't you revoke on sight
Auios: I am
Drake: then...
Auios: ?
Drake: How are you going to work on a project for a game you are banned on
Auios: Ah, that is the project
Drake: What is it
Auios: I want you to just host a server for me
Auios: and I will try to join it
Auios: thats it
Drake: I already have a server open.
Auios: Your jailbreak?
Drake: Yeah...?
Auios: Id rather not interfere with your gamemode though
Drake: What are you going to do..?
Auios: Because i want you to overwrite a function
Auios: OnConnected
Drake: No thanks.
Auios: ah
Drake: Not going to help you bypass the revoke system or whatever you're trying to do.
Auios: Understandable


oh boy it sure is fun to troll a small community on a lego based game

why do people do so much to forget with blockland lol
it isnt even worth the trouble goddamn

you can tell by the way he talks that his social skills are very lacking along with his obsession with Blockland-- two red flags that make me think he has autism

also because of guilt by association everyone that helps him is probably autistic too.

Holy forget how far will he go
Clearly he has a mental disorder. Something is wrong with him and he needs help.

why do people do so much to forget with blockland lol
it isnt even worth the trouble goddamn
exactly. All they're is wasting there money just to spam, hack, ect for a few hours.

exactly. All they're is wasting their money just to spam, hack, ect for a few hours.
edit

just so you guys know, none of this is new stuff. We had servers up that didn't require authentication during a couple outages that prevented people from playing on regular servers, and he still can't play on regular servers unless someone gives him an actual key.