The Mana World Forums

Feel the mana power growing inside you!
https://forums.themanaworld.org/

Unban cheat?

https://forums.themanaworld.org/viewtopic.php?t=11667

Page 1 of 1

Unban cheat?

Posted: 29 Oct 2010, 01:27
by 4thebev
If anyone knows of a website that teaches on how to get around a ban, let me know. I am interested!

Re: Unban cheat?

Posted: 29 Oct 2010, 02:04
by AnonDuck
eAthena does not use a constant-time string/memory compare function.

All you have to do is get a machine within about 30ms of the TMW server, and implement a successful remote timing attack against the login-server's authentication mechanism for inter-server communications, then mimic being the char-server and send the login-server a request to unban your account ID.

http://rdist.root.org/2010/07/19/exploi ... g-attacks/

I hope that you're good with math, as the algorithms to correctly decipher an authentication token through internet-level latencies are fairly complex. However there is no reason it can't be done, assuming you know basic calculus, at least one network aware programming language, and can understand the math and how the eAthena server works internally.

Have fun.

Re: Unban cheat?

Posted: 29 Oct 2010, 02:19
by Kage
MadCamel wrote:eAthena does not use a constant-time string/memory compare function.

All you have to do is get a machine within about 30ms of the TMW server, and implement a successful remote timing attack against the login-server's authentication mechanism for inter-server communications, then mimic being the char-server and send the login-server a request to unban your account ID.

http://rdist.root.org/2010/07/19/exploi ... g-attacks/

I hope that you're good with math, as the algorithms to correctly decipher an authentication token through internet-level latencies are fairly complex. However there is no reason it can't be done, assuming you know basic calculus, at least one network aware programming language, and can understand the math and how the eAthena server works internally.

Have fun.
Char servers require a username/password word no?

Re: Unban cheat?

Posted: 29 Oct 2010, 02:21
by Kage
"The attack is very simple. You repeatedly send guesses about a secret value to the server, which rejects them as incorrect. However, if your first byte of the guess is correct, it takes a very slightly longer time to return the error. With many measurements and some filtering, you can distinguish this difference."

errr... Ok I see how that works now... yeah Im not TOO worry about that.

How would be a good way to stop this type of attack? add a constance delay? So matter of how long the compare it always delays to within 30 seconds or something?

Re: Unban cheat?

Posted: 29 Oct 2010, 06:55
by Crush
4thebev wrote:If anyone knows of a website that teaches on how to get around a ban, let me know. I am interested!
Create a new account ;)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited