To those using NLS.dll:

Maddox · September 25, 2004, 01:14 AM

Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.

Minux · September 25, 2004, 01:23 AM

Quote from: Maddox on September 25, 2004, 01:14 AM
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.

I guess the jerk who stole the NLS stuff from sneakcharm blew our chance of ever seeing hash support for that

. Am I right?

Skywing · September 25, 2004, 01:01 PM

Quote from: Maddox on September 25, 2004, 01:14 AM
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.

Based on how slow their implementation is, I think you'd call it a de-optimized SRP...

In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.

Maddox · September 26, 2004, 01:48 AM

Quote from: Skywing on September 25, 2004, 01:01 PM
Quote from: Maddox on September 25, 2004, 01:14 AM
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
Based on how slow their implementation is, I think you'd call it a de-optimized SRP...

In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.

I wasn't refering to their implementation speed. If you look on the Stanford SRP site you'll see they call Blizzard's message order "optimized" because it cuts down on the number of packets needed.

Skywing · September 26, 2004, 12:57 PM

Quote from: Maddox on September 26, 2004, 01:48 AM
Quote from: Skywing on September 25, 2004, 01:01 PM
Quote from: Maddox on September 25, 2004, 01:14 AM
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
Based on how slow their implementation is, I think you'd call it a de-optimized SRP...

In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.

I wasn't refering to their implementation speed. If you look on the Stanford SRP site you'll see they call Blizzard's message order "optimized" because it cuts down on the number of packets needed.

They don't do this safely, though. For instance, when changing your password you tell the server what your new password is before the server proves that it knows your old password.

iago · September 26, 2004, 01:30 PM

Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server

I'm also thinking of checking the hash of the server's ip properly some time.

Spht · September 26, 2004, 02:19 PM

Quote from: iago on September 26, 2004, 01:30 PM
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server

I'm also thinking of checking the hash of the server's ip properly some time.

Of course. That's what BNLS_CONFIRMLOGON is for -- to confirm that the server really knows the password.

Skywing · September 26, 2004, 05:18 PM

Quote from: iago on September 26, 2004, 01:30 PM
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server

I'm also thinking of checking the hash of the server's ip properly some time.

Yes.

iago · September 26, 2004, 05:56 PM

Quote from: Spht on September 26, 2004, 02:19 PM
Quote from: iago on September 26, 2004, 01:30 PM
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server

I'm also thinking of checking the hash of the server's ip properly some time.

Of course. That's what BNLS_CONFIRMLOGON is for -- to confirm that the server really knows the password.

Well, the thing is that I've never programming anything that uses bnls, or even read the documentation for it, so i didn't know that.

Thanks, though, I was curious about that. It's an easy change to make, but I'm working on other stuff

Minux · September 27, 2004, 03:22 PM

I am done porting the Java code to C++ and once I figure out one last thing it should be ready for me to use, without any objections from any authors. I suggest alot of other people do the same f***ing thing too to avoid this mess again. Because trust me, it's not that hard to port it to C++ since it was ported from C++ to Java to begin with. So far I've only done the CD key decode, but I hope if I get this working 100% I'll try and port the SRP over too. Therefore my work will be objection free from all people who want the message across that using stolen code is wrong.

Edit: Yes iago helped me a bit, because he is the best !!

To those using NLS.dll:

Minux

Minux