Author Topic: How does the Blockland auth servers work? (Read 978 times)

Waru · March 21, 2017, 10:57:24 AM

Blockland seems to be one of the games that you just can't crack to be able to play online. Is there some voodoo magic going on? Why can't people make bogus keys and then use them? Does it only generate a key when you buy a game? Why couldn't the keys be reverse engineered if you had a bunch of them and compared them?

Possibly the keys are only sent to the server and they are used for another algorithm server side to get a has that verifies correctly. I also may be handicapped.

Ad Bot · Advertisement

Keanu73 · March 21, 2017, 10:59:40 AM

There's a master server. It contains a database with all the keys and BLIDs and stuff. When you auth with a key, it sends a query to the master server, and if the key matches with what you've got, you're in. It then grabs your name, and other stuff. If you want to make bogus keys, you would have to hack into the database and create a new entry. Go ahead if you want. But I doubt you'd be able to. And yes, it only generates a key when you buy the game.

Keanu73 · March 21, 2017, 11:03:04 AM

If you were to buy Blockland on Steam though, that's a different story. I have no idea how it works, because it doesn't give you a key. It authenticates using the Steam API for some reason. Blockland for Steam was a bit rushed though, that's why its' system is complicated.

Waru · March 21, 2017, 11:06:17 AM

Even if you have the steam version it gives you a key, it just doesn't show you.

Conan · March 21, 2017, 02:01:35 PM

keys have a set format though, meaning you can generate bogus keys for offline play, iirc. just when attempting to authenticate if you go online, it will revoke your game's full version status.

ipquarx knows more about this so he could clarify some things

Zeblote · March 21, 2017, 07:50:01 PM

1a) Log in with steam:
- Use steam API to verify ownership.
- There is no key in this case.
1b) Log in with key:
- Connect to auth.blockland.us, receive 32 passphrases (long strings)
- Pick correct pass phrase based on 6th character of the key
- Calculate hash of pass phrase and the last 12 characters of your key
- Send hash to auth server together with your blid
- Auth server loads key for your blid, does the same, logs you in if it matches
- Repeat every 10 minutes or so to stay logged in
2) Joining a server:
- Send connect request to server, containing your name
- Server sends name + ip to auth server for verification
- Receives your blid on success

Now, the keys are randomly generated when you buy them, so it's not possible to create a keygen.
If you want to play on official servers, you need to buy one.

You could make an unofficial master+auth server... but that'd be a bunch of work for no reason.
There aren't many people that would care about it and you'd constantly have trolls on your pirate servers.