Vault - Interesting

Vault › General › DDO-Specific Discussion › Interesting

(Moderator: Strakeln)

‹ Previous Topic | Next Topic ›

Page Index Toggle

Pages: 1 [2]

Hot Topic (More than 35 Replies)

Interesting (Read 18422 times)

DropBear Dropbear Awareness Society Offline Don't forget to look up.... Posts: 4377 Location: Landdownunder Joined: Oct 11^th, 2013	Re: Interesting Reply #25 - Apr 30^th, 2015 at 5:24am	Print Post
	5 Foot Step wrote on Apr 30^th, 2015 at 5:13am: Proves that it can be altered client side.... I found where those settings are stored, but thought it couldn't possibly work that way and ignored it. Must be worth a try.

	http://www.australianmuseum.net.au/drop-bear
	IP Logged

Flav Vault Frog Offline One Frog to Rule them All! Posts: 9984 Location: Land of the Frogs Joined: Aug 29^th, 2010 Gender:	Re: Interesting Reply #26 - Apr 30^th, 2015 at 6:31am	Print Post
	5 Foot Step wrote on Apr 30^th, 2015 at 3:24am: Ahem...there was recently a bug where some accounts that played on Lammania were reflagged as F2P when they came back to live.... A bit weird, as the AAA ( GLS ) server is not the same, and that it's said server that tells the client what kind of account you haz.

	Yes my avatar is an Hermine eating a Greenland Lemming for brunch.
	IP Logged

kum-gulp VoD Slasher Offline I Love Tired Vault Memes! Posts: 1810 Joined: Jul 16^th, 2010	Re: Interesting Reply #27 - Apr 30^th, 2015 at 2:04pm	Print Post
	Shirley even Turbine aren't that stupid...?


	IP Logged

qweeve DQ Assaulter Offline Posts: 463 Location: Pa Joined: Nov 18^th, 2013 Gender:	Re: Interesting Reply #28 - Apr 30^th, 2015 at 2:59pm	Print Post
	kum-gulp wrote on Apr 30^th, 2015 at 2:04pm: Shirley even Turbine aren't that stupid...? Don't call them Shirley.


	IP Logged

Puppies Waterworks Kobold Offline "Sua Sponte" "De Oppresso Liber" Posts: 185 Location: Fort Campbell Joined: Nov 29^th, 2014 Gender:	Re: Interesting Reply #29 - May 2^nd, 2015 at 12:41pm	Print Post
	5 Foot Step wrote on Apr 30^th, 2015 at 5:13am: Proves that it can be altered client side.... That...makes me curious. Fucking Post-MOTU Need a packet sniffer, time meow

	"The Quieter you Become - the More you are able to Hear"
	IP Logged

Teh_Troll Ex Member	Re: Interesting Reply #30 - May 2^nd, 2015 at 1:28pm	Print Post
	The only interesting thing for me is cow humpers mother. Man i tell ya that bitch is fucking ugly but worth jizzing over .


	IP Logged

Flav Vault Frog Offline One Frog to Rule them All! Posts: 9984 Location: Land of the Frogs Joined: Aug 29^th, 2010 Gender:	Re: Interesting Reply #31 - May 2^nd, 2015 at 2:48pm	Print Post
	Puppies wrote on May 2^nd, 2015 at 12:41pm: That...makes me curious. Fucking Post-MOTU Need a packet sniffer, time meow wireshark is your friend... there's also that nice thingie from sysinternals that trace system calls ( and other calls ).

	Yes my avatar is an Hermine eating a Greenland Lemming for brunch.
	IP Logged

Puppies Waterworks Kobold Offline "Sua Sponte" "De Oppresso Liber" Posts: 185 Location: Fort Campbell Joined: Nov 29^th, 2014 Gender:	Re: Interesting Reply #32 - May 2^nd, 2015 at 3:15pm	Print Post
	Danke mein franz�sisch freund Either that or we're gonna LOIC them.

	"The Quieter you Become - the More you are able to Hear"
	IP Logged

Dark_Helmet Wielder of the Schwartz Offline I hate you! Posts: 1176 Joined: Feb 14^th, 2010	Re: Interesting Reply #33 - May 4^th, 2015 at 4:00am	Print Post
	I think you are way off the mark: The server side is where the certs are located and tokens get generated. You would need to do MitM to get an admin cert to copy from and compare to a token. Not like you need 256 AES as 128 will sufffice if you just generate one for each session (which would still take billions of years to decipher). I would think they have a commercial product that does the encryption so that it isn't open to side channels. IMNSHO, the reason people see things like this is that Turbine has had -most probably - memory issues. There were several times where people where getting grouped together without being in the same party. On three occasions, I have found myself at someone else's login screen with their characters. There is code to double check this when you try things such as purchase stuff. Forcing a memory overflow via their client is highly improbable. As for the flag for F2P, what it does is suppress the request for the license from the client in the first place. The flags are there to make requests from the servers - not actual settings. ...unless they have severely mucked up the code of course. ...I return you to rest of the speculation...


	IP Logged

OldCoaly Puppy Farmer Offline Why did you think this time would be different? Posts: 1564 Location: WAAHH!!!Testing stuff is HARD! Joined: Jul 1^st, 2011	Re: Interesting Reply #34 - May 4^th, 2015 at 8:14am	Print Post
	Dark_Helmet wrote on May 4^th, 2015 at 4:00am: I think you are way off the mark: The server side is where the certs are located and tokens get generated. You would need to do MitM to get an admin cert to copy from and compare to a token. Not like you need 256 AES as 128 will sufffice if you just generate one for each session (which would still take billions of years to decipher). I would think they have a commercial product that does the encryption so that it isn't open to side channels. Why would you think this? It may have been best practice for the past 10 years, but in 1999 when Asheron's Call went live, MitM attacks weren't on most people's radar, and it looks like that is the era that defines most of the game's back-end.

	Groo The Wanderer wrote on Sep 8^th, 2013 at 10:43pm: they will probably congratulate themselves on how long they "kept it going" never able to see that it could have easily managed to keep itself going for far longer if they had just meddled far less drastically and with some semblance of an actual gameplan. Darth Anonymous wrote on Feb 1^st, 2014 at 1:11pm: Hearing something has "merit" but we don't have "time" kind of says everything about how Turbine works on things. eighnuss wrote on May 27^th, 2014 at 12:52pm: everyone but turbine knows that we are sad they are destroying our game majmalphunktion wrote on Aug 30^th, 2013 at 12:12am: I don't make the game, I just get tested what they build. Sorry you are not happy. Skoodge wrote on Nov 27^th, 2014 at 6:54am: DDO is easy to summarize - the greatest game to suck the most ass. GooFY wrote on Mar 2^nd, 2015 at 5:36pm: Turbine - So incompetent that we are skeptical when they report their own incompetence. � Meursault wrote on May 11^th, 2015 at 8:10pm: Other companies will settle for shitting out garbage, Turdbin actually prefers to. Especially if they can get us to buy it, that just cracks them up. Meursault wrote on Nov 12^th, 2015 at 2:50pm: Breaking something and putting it back together isn't as good as not breaking it to begin with, it's not even close. palmer01 wrote on Nov 20^th, 2015 at 9:05am: Devs do not care what players want - they already have an agenda and give out token gestures so the paladins can feel worthy. PersonaNonGrata wrote on Oct 4^th, 2016 at 1:24am: The DDO devs aren't motivated by a positive user experience.
	IP Logged

Puppies Waterworks Kobold Offline "Sua Sponte" "De Oppresso Liber" Posts: 185 Location: Fort Campbell Joined: Nov 29^th, 2014 Gender:	Re: Interesting Reply #35 - May 4^th, 2015 at 11:48am	Print Post
	Dark_Helmet wrote on May 4^th, 2015 at 4:00am: I think you are way off the mark: The server side is where the certs are located and tokens get generated. You would need to do MitM to get an admin cert to copy from and compare to a token. Not like you need 256 AES as 128 will sufffice if you just generate one for each session (which would still take billions of years to decipher). I would think they have a commercial product that does the encryption so that it isn't open to side channels. IMNSHO, the reason people see things like this is that Turbine has had -most probably - memory issues. There were several times where people where getting grouped together without being in the same party. On three occasions, I have found myself at someone else's login screen with their characters. There is code to double check this when you try things such as purchase stuff. Forcing a memory overflow via their client is highly improbable. As for the flag for F2P, what it does is suppress the request for the license from the client in the first place. The flags are there to make requests from the servers - not actual settings. ...unless they have severely mucked up the code of course. ...I return you to rest of the speculation... As far as encryption, you're right AES 256 or 128 would take forever to decrypt, but they might not even encrypt it...or at least not in that traditional sense. If they're using KGV-175D TACLANEs (Tactical LAN Encryption Device...google it, it's OPSEC shit) then we're fucked. I've seen FFK vectors get written...fuck that. This just leaves more questions...less answers. Back to the Lab.

	"The Quieter you Become - the More you are able to Hear"
	IP Logged

Ah Pook Puppy Farmer Offline Posts: 314159265 Posts: 1439 Joined: Mar 10^th, 2014	Re: Interesting Reply #36 - May 4^th, 2015 at 7:47pm	Print Post
	This thread is hilarious. You guys just pull random shit out of tech dictionaries or something? Yeesh.

	Daggertooth wrote on Apr 14^th, 2017 at 6:52pm: I'm pretty fucking sure I am a special snowflake. Frank wrote on Apr 2^nd, 2017 at 8:32am: Laugh it up, funny man.
	IP Logged

DropBear Dropbear Awareness Society Offline Don't forget to look up.... Posts: 4377 Location: Landdownunder Joined: Oct 11^th, 2013	Re: Interesting Reply #37 - May 4^th, 2015 at 7:57pm	Print Post
	I've had to put Google translate on hotkey for this thread...

	http://www.australianmuseum.net.au/drop-bear
	IP Logged

Flav Vault Frog Offline One Frog to Rule them All! Posts: 9984 Location: Land of the Frogs Joined: Aug 29^th, 2010 Gender:	Re: Interesting Reply #38 - May 5^th, 2015 at 3:26am	Print Post
	Puppies wrote on May 4^th, 2015 at 11:48am: As far as encryption, you're right AES 256 or 128 would take forever to decrypt, but they might not even encrypt it...or at least not in that traditional sense. If they're using KGV-175D TACLANEs (Tactical LAN Encryption Device...google it, it's OPSEC shit) then we're fucked. I've seen FFK vectors get written...fuck that. This just leaves more questions...less answers. Back to the Lab. Consider that The Kobold That Jumped Ship Before Getting Fired was told that the dat files are encrypted... Until we proved him that what he was told was a lie. Consider that things the Combat Log just capture the chat logs because they come in clear... Do you really expect Turbine to have put in place any kind of decent encryption ? If there's one at worst it's a SHA something at best they'll have used ROT13. Now I haven't looked so I could be wrong, but as a WAG I'd say that they use the standard TLS that comes with browsers...

	Yes my avatar is an Hermine eating a Greenland Lemming for brunch.
	IP Logged

Dark_Helmet Wielder of the Schwartz Offline I hate you! Posts: 1176 Joined: Feb 14^th, 2010	Re: Interesting Reply #39 - May 5^th, 2015 at 4:17am	Print Post
	Puppies wrote on May 4^th, 2015 at 11:48am: As far as encryption, you're right AES 256 or 128 would take forever to decrypt, but they might not even encrypt it...or at least not in that traditional sense. If they're using KGV-175D TACLANEs (Tactical LAN Encryption Device...google it, it's OPSEC shit) then we're fucked. I've seen FFK vectors get written...fuck that. This just leaves more questions...less answers. Back to the Lab. You are jumping the shark so go back to google some more terms. No, they wouldn't be using KGs - just simple VPN tunnels would suffice between data centers. I did have rooms full of HAIPEs, so I do know what I am talking about.


	IP Logged

Cow humper Ex Member	Re: Interesting Reply #40 - May 5^th, 2015 at 4:41am	Print Post
	Quote: The only interesting thing for me is cow humpers mother. Man i tell ya that bitch is fucking ugly but worth jizzing over� . Nice random shit in a thread I've never posted in. I kinda knew you have feelings for me...but man this is getting serious. Sorry to tell ya but I am not into gay and retarded.


	IP Logged

Arkat Chonus Christ Offline Hola Bienvenido Posts: 12345 Location: Wyoming Joined: Jul 13^th, 2009 Gender:	Re: Interesting Reply #41 - May 5^th, 2015 at 11:19am	Print Post
	Dark_Helmet wrote on May 5^th, 2015 at 4:17am: No, they wouldn't be using KGs - just simple VPN tunnels would suffice between data centers. I would NEVER use highly encrypted VPN tunnels between locations where accessing (reading and writing to) databases was going on. The performance would just totally suck. Better off with private point to point OC-3 or faster connections between such sites.
	« Last Edit: May 5^th, 2015 at 1:28pm by Arkat »
	Stand on hills of long-forgotten yesterdays... Looking for a sign that the Universal Mind has written you into the Passion Play.
	IP Logged

Puppies Waterworks Kobold Offline "Sua Sponte" "De Oppresso Liber" Posts: 185 Location: Fort Campbell Joined: Nov 29^th, 2014 Gender:	Re: Interesting Reply #42 - May 5^th, 2015 at 12:07pm	Print Post
	Dark_Helmet wrote on May 5^th, 2015 at 4:17am: You are jumping the shark so go back to google some more terms. No, they wouldn't be using KGs - just simple VPN tunnels would suffice between data centers. I did have rooms full of HAIPEs, so I do know what I am talking about. As do I. The mil side of the houses uses them as well. I am thinking worse case; I doubt they'd be tunneling though. Redundant question - has anyone tried SSH'ing into their GLS Server edited?
	« Last Edit: May 5^th, 2015 at 2:11pm by Puppies »
	"The Quieter you Become - the More you are able to Hear"
	IP Logged

Ah Pook Puppy Farmer Offline Posts: 314159265 Posts: 1439 Joined: Mar 10^th, 2014	Re: Interesting Reply #43 - May 5^th, 2015 at 1:59pm	Print Post
	Puppies wrote on May 5^th, 2015 at 12:07pm: Redundant question - has anyone tried SSH'ing into their main router? Just... wow.� Stop.

	Daggertooth wrote on Apr 14^th, 2017 at 6:52pm: I'm pretty fucking sure I am a special snowflake. Frank wrote on Apr 2^nd, 2017 at 8:32am: Laugh it up, funny man.
	IP Logged

Puppies Waterworks Kobold Offline "Sua Sponte" "De Oppresso Liber" Posts: 185 Location: Fort Campbell Joined: Nov 29^th, 2014 Gender:	Re: Interesting Reply #44 - May 5^th, 2015 at 2:11pm	Print Post
	Ah Pook wrote on May 5^th, 2015 at 1:59pm: Just... wow.� Stop. 1. Edited 2. I take that as a no?

	"The Quieter you Become - the More you are able to Hear"
	IP Logged

Flav Vault Frog Offline One Frog to Rule them All! Posts: 9984 Location: Land of the Frogs Joined: Aug 29^th, 2010 Gender:	Re: Interesting Reply #45 - May 5^th, 2015 at 2:45pm	Print Post
	Arkat wrote on May 5^th, 2015 at 11:19am: I would NEVER use highly encrypted VPN tunnels between locations where accessing (reading and writing to) databases was going on. The performance would just totally suck. Better off with private point to point OC-3 or faster connections between such sites. Le Sigh L2VPN... or L3VPN is you really want to bother with it ( but for a point to point, L2VPN is way better )... No point into encrypting. MPLS will to the flow segregation for you. Your OC-3/STM-1 is so has been when you have Terabit connectivity ( and Turbine... well PNAP... has Terabit connectivity ). Come on in a few months I'll have almost the equivalent of an OC-12 at home. ( 500Mb down, 200Mb up... that is If I don't want to switch operator for my broadband ) L2VPN, from the user point ( aka the company with two sites separated by lots of distance ), is a seamless LAN... L3VPN, is two separate LANS tied with two routers... But in between you can have 10 or more routers carrying the packets along with packets from other companies...

	Yes my avatar is an Hermine eating a Greenland Lemming for brunch.
	IP Logged

Arkat Chonus Christ Offline Hola Bienvenido Posts: 12345 Location: Wyoming Joined: Jul 13^th, 2009 Gender:	Re: Interesting Reply #46 - May 5^th, 2015 at 3:17pm	Print Post
	Christ flav, I said "OC-3 or faster" OC-3 would be the MINIMUM connection I would use to read/write to databases between sites. OBVIOUSLY, something faster like OC-24, 48, or 192 would be better.�
	« Last Edit: May 5^th, 2015 at 3:19pm by Arkat »
	Stand on hills of long-forgotten yesterdays... Looking for a sign that the Universal Mind has written you into the Passion Play.
	IP Logged

Flav Vault Frog Offline One Frog to Rule them All! Posts: 9984 Location: Land of the Frogs Joined: Aug 29^th, 2010 Gender:	Re: Interesting Reply #47 - May 6^th, 2015 at 5:45am	Print Post
	yeah it was a parsing error, I noticed it after posting and I was too lazy to fix it.

	Yes my avatar is an Hermine eating a Greenland Lemming for brunch.
	IP Logged

Revaulting Completionist (i.t.p.) Offline Posts: 10143 Location: Not in my pants Joined: Apr 3^rd, 2014 Gender:	Re: Interesting Reply #48 - May 6^th, 2015 at 3:37pm	Print Post
	Flav wrote on May 6^th, 2015 at 5:45am: I noticed it after posting and I was too lazy to fix it. Proof you're a dev.

	Silence is golden, but I only get silver rolls.
	IP Logged

Page Index Toggle

Pages: 1 [2]

‹ Previous Topic | Next Topic ›

« Board Index ‹ Board Top

Top

Vault » Powered by YaBB 2.6.11!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid XHTML

Valid CSS

Powered by Perl

Source Forge