This might help wiith Cataclysm

[Auntie Mangos]

Let me be perfectly clear on this one:

MaNGOS and Cataclysm is not a matter of technicalities, or getting the source changes to support it. This is all about the need to modify the game client, and as you probably know, we at MaNGOS have already tried to do our work without legal issues.

Client modification is an issue not to be taken lightly.

For anything else, see this thread.

[void513]

This might help with Cataclysm but not sure if i should post it.

but i found a server that run the Cataclysm 4.0.0 it base of mangos source code.

iif safe to post up ill post it location. use it a staring point for Cataclysm

[Patman128]

TLDR:

If it requires a client mod, it's out. If it doesn't, then you're welcome to post the SOURCE CODE (NOT a link to some closed source server that is useless).

[void513]

first let me first say this not my source but some one else that using mangos sorce i the main site is german and i dont read german .but i fig u guys might want take a look at it. and as for that client modding i aggree. mangos has lasted thislong and I dont want see it shutdown over legal issues. heres the site http://www.mmowned.com/forums/world-of-warcraft/emulator-servers/general-releases/295137-novos-easy-wow-cataclysm-server-wow-cataclysm-4-0-0-11927-english.html

you see if it helps or not .

[Patman128]

The server source is here: https://github.com/StrawberryEMU/StrawberryEMU

Whether or not it's useful, I have no idea. I'm not familiar with the logon system and the differences in Cataclysm.

[Mister D]

I do read German, and I've read their forum. They do use a modded client, so their approach is out of the question. They do claim they have about half the opcodes for 4.0.6 (their most recent version). I don't know if these opcodes will be of any use, maybe they are already known here or their method of retrieving them might lead to legal issues, but one thing is for sure, they did not find the holy grail to cataclism support.

[Cartman87]

I have read that times before and they modified the client.

Only about 50% Opcodes now in Core and without the modification client not work.

I'm looking for a mangos based code every day, too but without change client.

[void513]

just curiose reason what kind of modding to client would be needed and for what exact reason ?

[Neo2003]

Simple, replace the RSA public certificate in client by a one for which we have the private part.

Raison: The redirect packet (sent by realm containing the world server address) is RSA signed and the client does not accept the packet if the signing is not done with Offy private certificate.

Last words: RSA is not breakable at this point of time.

[Patman128]

Last words: RSA is not breakable at this point of time.

In other words, unless you can break RSA, mangos for Cataclysm is never going to happen on here.

[Schmoozerd]

well, I guess there is no need to break RSA, but it would be enough to break at least one given RSA key

[Mister D]

The only option other than breaking a RSA key is using pseuwow as a client, but without RSA key the standard client will never work.

[void513]

this may be a little far fetch but could you create a launcher or 3rd party prog to get client connect to server. then since client use addons create a addon to help the client to communicate to server.it prob stupid idea but it keep from modding the client.

[Mister D]

The client still needs to recieve a valid key, one we can't generate. Manipulating the client in memory when it's running to make it think it recieved a valid key is probablty possible in theory if given plenty of efford, but would probably be illegal in some countries, just as a modded client is. And of course it's a very ugly and hacky solution.

[Patman128]

this may be a little far fetch but could you create a launcher or 3rd party prog to get client connect to server

Yeah, client modding is not allowed. In order to get the client to connect, it would need to modify it somehow.

[Vapula]

Do you have some info about the RSA key used (modulus size, public key) and how it is used ?

If the key size is small enough, it could be brute-forced (see distributed.net efforts... and now, we habe more powerful computers + CUDA)

Also, even strong crypto can be defeated if used in a wrong way...

If we have a packet with only a few bytes crypted (and useful), we could aswell bruteforce a crypted value which, when decrypted leads to the desired value for these bytes... which could ask much less work than reversing the key.

[TOM_RUS]

Do you have some info about the RSA key used (modulus size, public key) and how it is used ?

If the key size is small enough, it could be brute-forced (see distributed.net efforts... and now, we habe more powerful computers + CUDA)

Also, even strong crypto can be defeated if used in a wrong way...

If we have a packet with only a few bytes crypted (and useful), we could aswell bruteforce a crypted value which, when decrypted leads to the desired value for these bytes... which could ask much less work than reversing the key.

Modulus size is 256 bytes (2048 bit), exponent size is 4 bytes.

[ankso]

And in the strange and unlikely case that we succeed in breaking the RSA key, that's not illegal?

[Schmoozerd]

how could it be?

this is just basic math (multiplication of some numbers)

as long as the private key is not obtained by illegal measures (like breaking into someone else's system) there is no problem in calculating some rsa keys..

[Patman128]

You can't copyright a number.

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 (never forget)

[Delaregar]

Hmm, someone needs to write a distributed client to calculate keys...

[void513]

you could get mangos communtiy to help capture packet by posting tools needed to cature and have them send to you that way you focus decrypting them and have plenty packet to work with also might want attach client version with packets.im sure there ppl here play cataclysm on official servers.

[DasBlub]

Hmm, someone needs to write a distributed client to calculate keys...

you can use BOINC for distributed computing. you "just" need to write a software based on their API (never done it, don't know what else is required). BOINC also supports CUDA & OpenCL and detects CPUs, GPUs, etc., so you can make use of them in your distributed software (which should be cross-platform, as BOINC runs on most OSes)

[Unkle Nuke]

Modifying the client is completely unnecessary. You can either figure out how to generate a valid key or trick the client by using DLL injection to hook the process in memory and insert your own values.

For those who want to "crack" even a single key, be aware that it is illegal to break encryption under U.S. law. The only reason American hackers got away with it for DVD and Blu-Ray is because certain software media players exposed these keys in unencrypted form, meaning that breaking the encryption was not even required.

I really believe this discussion is skating on thin ice. At the very least, the legality of what is proposed would be questionable. DLL injection could be your only recourse if there is no legitimate method of obtaining valid key pairs.

[cyanidel337]

i cant find anything that says decryption is illegal in the uk so i guess us brits are safe