This might help wiith Cataclysm

[Mister D]

I am quite certain the USA would be one of the very few countries to ban this. DLL injection however is a pretty ugly solution in my opinion, because it needs to be run on the client's machine. It is infinitly nicer than a regular modded client though. I don't know if DLL injection is also considered as modding the client in some juristictions (a lot of judges would probably not distinguish between modding in memory or the traditional modding). I also think the client is probably protected against it, and if not, it will be as soon as we manage to use it, so it would probably only work on older client versions when they protect it in a new patch.

Cracking the key however is also probably only going to work on one client version, because they'd be pretty silly if they didn't change the keys with every patch. You'd have to crack the new key all over again with every new patch. It seems to me like the modulus size is rather big (I believe such a large key has not been cracked yet) so this would require a lot of processing power to do.

A third option I've mentioned before is using PseuWoW. I think the required models and maps can already be extracted out of the Cataclysm client. So if you could make PseuWoW and MaNGOS use this data instead of of the 3.3.5a data, you could avoid all the Cataclysm client troubles. I'm probably making it sound easier than it is, since I have no idea what this would actually take. I wish I had some C++ experience so I actually knew what I was talking about, but sadly I do not.

[Patman128]

Modifying the client is completely unnecessary. You can either figure out how to generate a valid key or trick the client by using DLL injection to hook the process in memory and insert your own values.

I'm pretty sure hooking the client and changing it while it's running would fall under modifying the client, in a mangos sense. Maybe vladimir or TheLuda or MCP can clarify.

[cyanidel337]

that rsa key breaking thing well

http://www1.distributed.net/RC5

that is a private project similiar to what your talking about.

but they are only upto 72bit

[Unkle Nuke]

Only 72-bit cipher? Why is that? 128-bit RSA was cracked over 10 years ago, using a distributed model.

[Lynx3d]

RC5 != RSA...asymmetric ciphers (especially RSA) need *signifficantly* more key bits for the same security as symmetric ciphers.

2048bit RSA is assumed to be about as hard to break as 112bit symmetric ciphers (such as RC5), so with 64bit RC5 being the largest key ever broken by distributed computing, have fun

[void513]

ok this is interesting another wow server that uses a launcher instead of modding the client.

at top page it says some about using a catus patcher to patcher to patch client. but on down the page he posted a launcher say dont need to pach any more.developer check out see if might be a way to help with mangos

[void513]

ok here the git site for catus emu https://github.com/CactusEMU/CactusEMU

looks like it base off the mangos trinity

[xnxx10]

There was talking about cactus and etc. Mangos never go support cata in this way. Look at cafe part of this forum u will read about this

[void513]

ok i might be blowing alot hot of air but the client has to have the key . so use something like Wdasm or some other program to run the client and connect with Wdasm you watch process of a maybe fig where the key is stored on the client side.im no programer. ifig maybe someone knows what they are doing can get the rsa key that way

[void513]

BOINC might not be a bad idea from what i been googling it take a lot cpu power to crack 2048 bit rsa encryption so splitting it up among many pc with good cpu power might helpspeed up breaking the encryption

[Patman128]

No, you can't just read the key from the client, it uses public key encryption, so you'll only get half the key.

I'm not sure how long it would take to break the key, but even if you eventually managed to, they could just as easily make a new key, putting the whole thing back at step 1. So you're fighting a losing battle.

[Cartman87]

and wat about to use no code in the Core that the core don'T ask about a Code from client and at next patch they can change code and it doesn'T matter.And the Client must be modified

[void513]

i could be wrong but even if you get atleast a half of of a key if you could use it to help brute force the full rsa key

[Patman128]

Yeah, you now have one 72-bit key. Now find the other.

As Lynx3D already stated, it is RC5, not RSA. The largest RC5 key broken was 64 bits, this one is 72 bits. Distributed.net has been working on breaking a 72-bit RSA key for 8 years, and it may be up to 90 more years before they complete it, even with their hundreds of TFLOPS of power. If you think you can get more processing power than them and can wait a few decades, go ahead and try.

[lillecarl]

Yeah, you now have one 72-bit key. Now find the other.

As Lynx3D already stated, it is RC5, not RSA. The largest RC5 key broken was 64 bits, this one is 72 bits. Distributed.net has been working on breaking a 72-bit RSA key for 8 years, and it may be up to 90 more years before they complete it, even with their hundreds of TFLOPS of power. If you think you can get more processing power than them and can wait a few decades, go ahead and try.

Well, you can be lucky and break it in a day or 2

[Patman128]

Well, you can be lucky and break it in a day or 2

If you genuinely think this is possible, you must stand outside and wait for food to start falling from the sky whenever you get hungry, because it's far more likely than breaking this code in a day or 2.

Like I said, you can't break the code, mangos won't accept client modifications (for now), until something changes Cataclysm will never come to mangos. /Thread

[Lynx3d]

lillecarl, you really should read up the basics of asymmetric/public key cryptography.

The security of RSA is based on the fact that the private key can NOT be computed from the public key in any way. It is not "half the key", there are simply two distinct keys, a public and a private one, and one doesn't tell you anything about the other one.

If you do find a way, you should make sure the Nobel prize committee gets to know about it...

[faramir118]

Your only real hope to see it broken before you die: http://en.wikipedia.org/wiki/Shor's_algorithm

[Cartman87]

now patcher for 4.X clients postet on github/mangos?

A Core Repo will be there too?

[lillecarl]

Okay all of you, I'm sorry, its not really like I'm a real cryptographer so sorry for that.

[VladimirMangos]

now patcher for 4.X clients postet on github/mangos?

A Core Repo will be there too?

This only meaning that we seelct way how will around client connection problem.

[vanclaive]

Honestly, it shouldn't be the concern of MaNGOS about what the client key is. The only concern should be creating server software that supports properly supplying a key to a client that expects a key.

The content of a key is not the concern of developers, and should be outside the domain of MaNGOS server development, in much the same way databases are handled.

MaNGOS determines structure and implementation.

Ultimately, content is the responsibility and at the discretion of the user.

[Patman128]

There's a difference between content and client modification. Mangos can't endorse any client modification, requiring client modification to use mangos would be endorsing it.

[Turmixx]

http://fatphil.org/maths/AKS/

ooommm... might it help in RSA.

Sorry for my english.

[Mukwiesel]

I found a funny headline where scientists of the university michigan cracked a 1024bit RSA key in 100 hours. It's over a year old. (you've probably already heard about it)

They have a pdf with the approach. here

Don't know if it could help someone.