Unban cheat?
Unban cheat?
If anyone knows of a website that teaches on how to get around a ban, let me know. I am interested!
Re: Unban cheat?
eAthena does not use a constant-time string/memory compare function.
All you have to do is get a machine within about 30ms of the TMW server, and implement a successful remote timing attack against the login-server's authentication mechanism for inter-server communications, then mimic being the char-server and send the login-server a request to unban your account ID.
http://rdist.root.org/2010/07/19/exploi ... g-attacks/
I hope that you're good with math, as the algorithms to correctly decipher an authentication token through internet-level latencies are fairly complex. However there is no reason it can't be done, assuming you know basic calculus, at least one network aware programming language, and can understand the math and how the eAthena server works internally.
Have fun.
All you have to do is get a machine within about 30ms of the TMW server, and implement a successful remote timing attack against the login-server's authentication mechanism for inter-server communications, then mimic being the char-server and send the login-server a request to unban your account ID.
http://rdist.root.org/2010/07/19/exploi ... g-attacks/
I hope that you're good with math, as the algorithms to correctly decipher an authentication token through internet-level latencies are fairly complex. However there is no reason it can't be done, assuming you know basic calculus, at least one network aware programming language, and can understand the math and how the eAthena server works internally.
Have fun.
Head of the TMW Illuminati
Re: Unban cheat?
Char servers require a username/password word no?MadCamel wrote:eAthena does not use a constant-time string/memory compare function.
All you have to do is get a machine within about 30ms of the TMW server, and implement a successful remote timing attack against the login-server's authentication mechanism for inter-server communications, then mimic being the char-server and send the login-server a request to unban your account ID.
http://rdist.root.org/2010/07/19/exploi ... g-attacks/
I hope that you're good with math, as the algorithms to correctly decipher an authentication token through internet-level latencies are fairly complex. However there is no reason it can't be done, assuming you know basic calculus, at least one network aware programming language, and can understand the math and how the eAthena server works internally.
Have fun.
<Kage_Jittai> ... are you saying I am elite 
<thorbjorn> Yes.
<thorbjorn> Yes.
Re: Unban cheat?
"The attack is very simple. You repeatedly send guesses about a secret value to the server, which rejects them as incorrect. However, if your first byte of the guess is correct, it takes a very slightly longer time to return the error. With many measurements and some filtering, you can distinguish this difference."
errr... Ok I see how that works now... yeah Im not TOO worry about that.
How would be a good way to stop this type of attack? add a constance delay? So matter of how long the compare it always delays to within 30 seconds or something?
errr... Ok I see how that works now... yeah Im not TOO worry about that.
How would be a good way to stop this type of attack? add a constance delay? So matter of how long the compare it always delays to within 30 seconds or something?
<Kage_Jittai> ... are you saying I am elite
<thorbjorn> Yes.
<thorbjorn> Yes.
Re: Unban cheat?
Create a new account4thebev wrote:If anyone knows of a website that teaches on how to get around a ban, let me know. I am interested!
- former Manasource Programmer
- former TMW Pixel artist
- NOT a game master
Please do not send me any inquiries regarding player accounts on TMW.
You might have heard a certain rumor about me. This rumor is completely false. You might also have heard the other rumor about me. This rumor is 100% accurate.