Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
Spectate-Only-Client
Goto page Previous  1, 2, 3, ... 16, 17, 18  Next
 
Post new topic   Reply to topic Printable version
 View previous topic  Mapper needed Post :: Post Continuum 39pr3  View next topic  
Author Message
ExplodyThingy
Server Help Squatter


Age:37
Gender:Gender:Male
Joined: Dec 15 2002
Posts: 528
Location: Washington DC
Offline

PostPosted: Tue Jan 27, 2004 10:12 am   Post maybe stupid    Post subject: Reply to topic Reply with quote

So go crack it. None of us have it. There is only two server platforms out there, and updating is not hard. Its done very easily and efficiently, updates do occur, after all. We're all aware of the details of the algs, we all know essentially how it functions, but none of us have cracked it, for want of motivation. SO get to it and impress us all.
_________________
There are no stupid question, but there are many inquisitive idiots.
Loot

Dr Brain> I hate clean air and clean water. I'm a member of Evil Conservitive Industries
Back to top
View users profile Send private message Add User to Ignore List Visit posters website
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 10:32 am   Post maybe stupid    Post subject: Reply to topic Reply with quote

Quote:
we all know essentially how it functions

So if you know how if works the only thing you need is the key which it uses to crypt.
_
For making it simple I will explain a simple algorithm here. The thing we know is that the server sends "10101010" as unencrypted data and the data and the key is combined using XOR operation and the result of the encryption is "01101001". Now I demonstrate how to get the key:

data(unencrypted) xor data(encryption)

10101010
01101001
-----------
11000011

Now we know the key is "11000011" and if we get the next encrypted packet and we know the data in it is "00111001" then we know that it's something like "xxxxxxxx" unencrypted: icon_confused.gif

00111001
11000011
-----------
11111010

And we know that the next data packet is "11111010" unencrypted. And a 16-bit-key shouldn't be too hard to crack. icon_cool.gif

And then we can calculate all the encrypted values of the data packets so we don't need to decrypt them one by one because we already use the decrypted values in our decoding-table. biggrin.gif

And I know that the unencrypted value of the "encryption-key"-packet from client to server is 0x0001 and then it gets the Type-Of-The-Key and then the Key-Itself and then the Client-Version. The last one should be set to 038 so that the server knows: "Ah - it's a Continuum 38 client!"

And for the CHECKSUMS we need we only have to add every single byte of the application file "subspace.exe" together. Finished! sa_tongue.gif jb_google.gif


Last edited by Qndre on Tue Jan 27, 2004 11:05 am, edited 1 time in total
Back to top
View users profile Send private message Add User to Ignore List
ExplodyThingy
Server Help Squatter


Age:37
Gender:Gender:Male
Joined: Dec 15 2002
Posts: 528
Location: Washington DC
Offline

PostPosted: Tue Jan 27, 2004 10:39 am   Post maybe stupid    Post subject: Reply to topic Reply with quote

Dont yell at me you miserable fuck. Looks like youre smarter than me, and know more about what youre doing. So I guess Ill just stop posting here. Maybe you should go and figure it out. When youve got a client connecting and making the server think youre continuum, come back, Ill give you a cookie.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 10:41 am   Post maybe stupid    Post subject: Reply to topic Reply with quote

You will get the complete algorithm if I've put the information together.
Back to top
View users profile Send private message Add User to Ignore List
Guest



Offline

PostPosted: Tue Jan 27, 2004 11:03 am   Post maybe stupid    Post subject: Reply to topic Reply with quote

Now I know how the algorithm works:
Quote:
The client sends the request of the key to the server. The server gives the client the key (the server uses a random but unique key) and every data which is send from the client to the server or from the server to the client is en-/decrypted using XOR operation and the key.
[/quote]
Back to top
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 11:08 am   Post maybe stupid    Post subject: Reply to topic Reply with quote

Quote:
You miserable fuck. Looks like youre smarter than me, and know more about what youre doing.

I don't know if I am smarter than you because I don't really know you and I've never said anything like that or wouldn't even say anything like that even if it was true. I only wanted to get some extra information about Continuum. After the first replies (with the link to Explody-Thingy's server site) I've known enough to build a full client like Continuum38 is today. I'll shut up now if you don't want to hear how it works... and I don't think you really want because if you talk to me in this way you can't be really interested in my work. See you later. I won't tell you.


Last edited by Qndre on Tue Jan 27, 2004 12:06 pm, edited 1 time in total
Back to top
View users profile Send private message Add User to Ignore List
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Tue Jan 27, 2004 11:20 am   Post maybe stupid    Post subject: Reply to topic Reply with quote

Shanky-Server/Continuum server what are they? shanky.com/server is just a place to download the latest server.zip. The current server is subgame2, it has been edited to work with fix.dll which contains all the anti-cheat stuff and new features since 134.

What you have written looks suspiciously like one of catid's docs, but re-phrased. And anyone writing encryption wouldn't do a simple XOR, they would throw some other tweaks in there as well.

As for no one knowing the workings of ctm encryption, no comment, if too much attention is drawn, it is not hard to change it. Don't cry wolf. Don't spoil a good game people have put lots of their free time into.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 12:00 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Hi Smong. The "shanky-server" is a software package. It includes the "subbill.exe" (Subspace Billing Server) the "subgame2.exe" and all its components (Subgame 2), an LVZ-toolkit ("buildlev.exe") and the latest version of the MERVbot ("mervbot.exe").
Back to top
View users profile Send private message Add User to Ignore List
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 12:02 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Smong wrote:
And anyone writing encryption wouldn't do a simple XOR, they would throw some other tweaks in there as well.

Every good encryption works with XOR statements. Even the almost-uncrackable MD5 (128-bit hashing - used for password encryption) works with XOR. It takes the data and rotates the next byte just one bit more to left and then XORs them all and finally XORs with a constant.
Back to top
View users profile Send private message Add User to Ignore List
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Tue Jan 27, 2004 12:14 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Is English your first language? You seem to be having difficulty understanding what is written before you. I said "simple XOR". I hardly think encdata[i] = data[i] ^ table[(i++)%sizeof(table)]; for "almost-uncrackable MD5".

I just went to shanky.com/server and could not locate this elusive "shanky-server" package. I did however download server.zip, only to find the only new thing in there since I last checked is tracert.exe. I even dug around SSDL, nothing like "shanky-server" there.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 12:19 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

server.zip IS a part of the Shanky-Server. Just download the MERVbot and the LVZ-Toolkit, too and you have the package, which is called "shanky-server" (at example if they talk about it in the Zone DSB). It is no special file. Just download all the components and you have a "shanky-server". If you talk to one then if you say "I've got a shanky-server" it's much quicker than if you said: "I've got the subbill.exe and the subgame2 server and the MERVbot and the LVZ-Toolkit running on my server." Because this is a very common server-configuration it's called "shanky-server" so that you don't have to tell the components every time. That's all. biggrin.gif
_
About my English: I am from Germany, sorry.


Last edited by Qndre on Tue Jan 27, 2004 12:24 pm, edited 1 time in total
Back to top
View users profile Send private message Add User to Ignore List
50% Packetloss
Server Help Squatter


Age:39
Gender:Gender:Male
Joined: Sep 09 2003
Posts: 561
Location: Santa Clarita, California
Offline

PostPosted: Tue Jan 27, 2004 12:23 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

<3
Back to top
View users profile Send private message Add User to Ignore List Send email AIM Address
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 12:27 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

I should reply to an empty reply? icon_eek.gif
*joke-around* biggrin.gif
_
PS: Creating a full Continuum38-like client won't be simple. That's sure. But it's possible. And even if no one else had cracked the encryption yet someone has to be the first.
Back to top
View users profile Send private message Add User to Ignore List
nintendo64
Seasoned Helper


Age:38
Gender:Gender:Male
Joined: Dec 01 2002
Posts: 104
Location: Dominican Republic
Offline

PostPosted: Tue Jan 27, 2004 12:37 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

I will say this much, Continuum encryption has been cracked in the past (versions 0.35, 0.36 and 0.37), but i doubt you will crack, maybe if you showed some more code and talked a little less, you should take the advice i posted up.

When Coconut Emulator cracked the SS encryption he didn't say it on a board and he didn't even said he would, why? because he wasn't sure he could do it, now SS encryption is not that hard (it was a scheme with a 4 byte key, that's why there were some extra security like the Position Checksum and the Securiry Checksums), but CTM is another case.

Here is a sample of the CTM Login Sequence.

Note the 00 01 Core Packet.
After this everything becomes blurry, even Packet headers are encypted.
0000 00 01 4F DA 77 97 11 00 ..O.w...


0000 00 10 00 00 DA 7F A9 6F BA EA 01 00 .......o....
0000 00 11 00 00 DA 7F 01 00 ........
0000 5C 14 BC 78 85 F6 74 EA \..x..t.
0000 7F 63 30 .c0

You catch what i mean?

-nintendo64
Back to top
View users profile Send private message Add User to Ignore List
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 12:42 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Yes, I will shut up and tell you if I've done it.
nintendo64 wrote:
INote the 00 01 Core Packet.
0000 00 01 4F DA 77 97 11 00 ..O.w...

If I knew a bit more about network protocols...
Back to top
View users profile Send private message Add User to Ignore List
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Tue Jan 27, 2004 12:59 pm   Post maybe stupid    Post subject: Re: Spectate-Only-Client Reply to topic Reply with quote

Qndre wrote:
I can understand if the server sends 010111010100010011101010000101101010101000010101110101111010001011010 this means "the bomb level 2 is fired with 200 pixels/second speed and proximity bombs into direction with 45°

Taken out of context a bit ... heh
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
Guest



Offline

PostPosted: Tue Jan 27, 2004 1:01 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

*laugh*
It was just an example.
Back to top
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 1:16 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Quote:
even packet headers are encrypted

How can you see that the headers of the packets are encrypted? I only see a hash of hex-numbers at my screen. I tried to track the login sequence of C38 client but I don't know much about networking protocols. And if I can't decrypt the Continuum packets, how can I generate a VIE-checksum to write a VIE-client?
Quote:
open sourced everywhere
(searched Google after "VIE Checksum" or "VIE Source Code" or "Subspace Source Code" or "VIE Subspace Source Code" - not the wanted results) And if I was able to fake VIE-Checksums... Will this client still be able to use features of Continuum (like LVZ at example) or will the server act like "this is no continuum client so it doesn't need the LVZ"?[/quote]
Back to top
View users profile Send private message Add User to Ignore List
ExplodyThingy
Server Help Squatter


Age:37
Gender:Gender:Male
Joined: Dec 15 2002
Posts: 528
Location: Washington DC
Offline

PostPosted: Tue Jan 27, 2004 2:00 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

The VIE Client itself is not open source. But there are many bots that use the VIE scheme, as I posted earlier. I dont think you quite understand that VIE used a diferent system than what is now in use in Continuum. When n64 said that the packet headers are encrypted, he meant the first bytes, the ones that signify what type of packet it is. This would be the hex value at the very start, and you can see these in the doc I provided you.
In all of the bots there is a fully functioning VIE checksum ripoff, this does the checksums against a VIE client. However, continuum is not subspace.exe. Also in all of these bots is the entire encryption method, so start from there.
All clients that login fully will recieve the object control data, and other "recently" added data. Older clients simply discard them or throw some kind of error. You can see this because bots can recieve object data even though they are on a older encryption.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website
ExplodyThingy
Server Help Squatter


Age:37
Gender:Gender:Male
Joined: Dec 15 2002
Posts: 528
Location: Washington DC
Offline

PostPosted: Tue Jan 27, 2004 2:25 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Maybe this will help you:
http://catid.ssihosting.com/files/addendum.txt
Back to top
View users profile Send private message Add User to Ignore List Visit posters website
Guest



Offline

PostPosted: Tue Jan 27, 2004 2:49 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

ExplodyThingy wrote:
All clients that login fully will recieve the object control data, and other "recently" added data. Older clients simply discard them or throw some kind of error. You can see this because bots can recieve object data even though they are on a older encryption.

So I can log in to a Continuum-Zone with the VIE-client. But how does the VIE-encryption work? And WHY do they ENCRYPT game data??
Back to top
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 2:50 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Thanks ExplodyThingy - the most important parts:
Quote:
There are some ways to disable encryption:

Send a KK field of 0. 00 01 00 00 00 00 01 00
The server must respond with a NULL key (no encryption).
Custom SubSpace stacks may ignore this.

Encryption may be disabled server-side if the key you send
is the same as the key you get back.

Quote:


This method of encryption is very weak...
If you know PLAINTEXT
then PLAINTEXT ^ CIPHERTEXT = SECRETKEY. (^ = xor) In short, do not trust any
personal data on a logged connection to SubSpace.

Quote:
Continuum key exchange:
00 10 - Server keys
00 10 <Key1(4)> <Key2(4)>
00 11 - Client acknowledgement
00 11 <Key1(4)>

Quote:

-=Security checksums=-
These have been hacked for SubSpace. You may find pretty C++ classes that do the nitty-gritty in
MERVBot's encrypt.cpp and checksum.cpp files.

Thanks to ExplodyThingy
Back to top
View users profile Send private message Add User to Ignore List
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Tue Jan 27, 2004 3:18 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

You yourself said encryption was a simple XOR, isn't that how VIE-enc works?

Stuff is encrypted so that people cannot play through a proxy that conveniently inserts packets on certain keystrokes, for example requesting all the flags.

I think there are 3 server options regarding VIE-enc, either allow it to connect and play, allow to connect but spec only, or dissallow the client from entering the zone completely.

If you happend to be on the VIP then I think you can use any encryption, but you must return correct checksums still. I read somewhere the the recent server releases no longer support 'no encryption', unlike the subgame.exe found on the SS CD (available at SSDL). When I was making my bot I used the old server as I didn't want to mess with encryption. Another thing is the reliable packet stack, cluster packets and chunked packets, those can be just as hard to clone as encryption.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
Qndre
Server Help Squatter


Gender:Gender:Male
Joined: Jan 25 2004
Posts: 295
Offline

PostPosted: Tue Jan 27, 2004 3:27 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

No one in this forum has to argue about if I've got enough skills to do it or not. I also don't know it. I want to try so I'll try. At the moment I am very busy so I'll begin this project on the weekend. I'll start simple. Create a VIE-session on my own shanky-server and destroy it. Then I can try to download the LVL and convert it to an image,... I'll try it step by step. Then I'll see if there are any problems. (I expect there are because there always are problems if you're writing a program) Thank you all very much.
Quote:
You must return correct checksums still. Another thing is the reliable packet stack, cluster packets and chunked packets, those can be just as hard to clone as encryption.

How can I generate these checksums? Out of the file "subspace.exe"? What's a "reliable packet stack"? I know what "clustered packets" are, but what are "chunked packets"? Isn't is the same?


Last edited by Qndre on Wed Jan 28, 2004 6:57 am, edited 1 time in total
Back to top
View users profile Send private message Add User to Ignore List
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Tue Jan 27, 2004 3:42 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

There is only one emoticon in which can express what I feel when I'm reading this thread:





rollbarf.gif - 80.15 KB
File downloaded or viewed 28 time(s)
Back to top
View users profile Send private message Add User to Ignore List Send email
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> Trash Talk All times are GMT - 5 Hours
Goto page Previous  1, 2, 3, ... 16, 17, 18  Next
Page 2 of 18

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 654 page(s) served in previous 5 minutes.

phpBB Created this page in 0.738314 seconds : 52 queries executed (68.9%): GZIP compression disabled