Author Topic: Cca has made a script to bypass authentication. (Read 9606 times)

Val · September 06, 2016, 05:33:00 AM

If you know the right functions to modify then it is easy to "bypass" or re-route server-side authentication for clients, in fact it doesn't take much to completely separate the game and have your own auth + master server, but this isn't anything to worry about for unmodified/legitimate servers.

Some people are wondering if this was something that could be abused on every server. And just looking at what goes on authentication-wise when you join a server, no, the game requires you to be authenticated in order to obtain your BLID in the first place before it even updates the player list. Unless the auth server itself has a bug, it will just fail you and you disconnect before anyone sees.

So its just a scummy little script that benefits a small handful of users who don't have a key.. kind of boring when your server selection is so limited. I remember when dotdotcircle wanted to do something similar back in 2013 to just have a completely independent version of the game and reverse it from there (this is where the dso disassembler came in to play) but it obviously never worked out.. kind of neat finding out how authentication worked though!

And I wouldn't get mad at Port or anyone for figuring or re-figuring these things out unless they abuse it, its a touchy subject like trying to justify hacking games, but figuring out the lower mechanisms of game authentication and the algorithms that go behind it is just so damn interesting. Like its comparable to researching nuclear reactions and then nuclear explosions are weaponized, its not necessarily the researchers fault in that instance for creating deadly weapons, just the guys who took it and wreaked havoc with it. Example: key research gave us KeyUtils to help recover lost keys, but at the same time let us figure out how to authenticate offline easily. So don't get mad at Ipquarx for figuring that stuff out, its the guys who abuse the offline keys who are the problem.

Ad Bot · Advertisement

DestroyerOfBlocks · September 06, 2016, 05:37:10 AM

didnt you forgetin make blhack or some stuff

}]Crazy[{ · September 06, 2016, 07:20:01 AM

cca why are you so persistent

Akio- · September 06, 2016, 08:10:38 AM

Quote from: DestroyerOfBlocks on September 06, 2016, 05:37:10 AM

didnt you forgetin make blhack or some stuff

yeah he did. no idea why he's still here

mod-man · September 06, 2016, 09:06:33 AM

Quote from: Val on September 06, 2016, 05:33:00 AM

but figuring out the lower mechanisms of game authentication and the algorithms that go behind it is just so damn interesting.

i can relate to this. sometimes hacking can be beneficial

granted, the authenticity of that's a little skewed since im sure blhack was beneficial too but it was still abused..... (that is if every one else is serious)

why tell this to someone whose just gonna post it in drama and make you look like the bad guy? it's a cool experiment, you should probably stop telling people about them

Mr.Noßody · September 06, 2016, 09:15:55 AM

Quote from: Akio- on September 06, 2016, 08:10:38 AM

yeah he did. no idea why he's still here

Because people feed him keys.

Crøwn · September 06, 2016, 12:44:10 PM

Auios: Crown Drake: ? Auios: Would you be willing to help me with a project? Auios: If not that's understandable Auios: related to BL Drake: Aren't you revoke on sight Auios: I am Drake: then... Auios: ? Drake: How are you going to work on a project for a game you are banned on Auios: Ah, that is the project Drake: What is it Auios: I want you to just host a server for me Auios: and I will try to join it Auios: thats it Drake: I already have a server open. Auios: Your jailbreak? Drake: Yeah...? Auios: Id rather not interfere with your gamemode though Drake: What are you going to do..? Auios: Because i want you to overwrite a function Auios: OnConnected Drake: No thanks. Auios: ah Drake: Not going to help you bypass the revoke system or whatever you're trying to do. Auios: Understandable

Modification · September 06, 2016, 01:06:34 PM

oh boy it sure is fun to troll a small community on a lego based game

maplelink64 · September 06, 2016, 01:43:54 PM

why do people do so much to forget with blockland lol
it isnt even worth the trouble goddamn

Akio- · September 06, 2016, 01:47:21 PM

you can tell by the way he talks that his social skills are very lacking along with his obsession with Blockland-- two red flags that make me think he has autism

Akio- · September 06, 2016, 02:11:55 PM

also because of guilt by association everyone that helps him is probably autistic too.

mattsos · September 06, 2016, 03:27:13 PM

Holy forget how far will he go
Clearly he has a mental disorder. Something is wrong with him and he needs help.

cooolguy32 · September 06, 2016, 03:41:17 PM

Quote from: maplelink64 on September 06, 2016, 01:43:54 PM

why do people do so much to forget with blockland lol
it isnt even worth the trouble goddamn

exactly. All they're is wasting there money just to spam, hack, ect for a few hours.

cooolguy32 · September 06, 2016, 03:41:41 PM

Quote from: cooolguy32 on September 06, 2016, 03:41:17 PM

exactly. All they're is wasting their money just to spam, hack, ect for a few hours.

edit

Ipquarx · September 06, 2016, 04:20:01 PM

just so you guys know, none of this is new stuff. We had servers up that didn't require authentication during a couple outages that prevented people from playing on regular servers, and he still can't play on regular servers unless someone gives him an actual key.