Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Duh... maybe I'm missing something, but isn't bnetd open source? What is to prevent Evil Pirate(TM) from just commenting out your checks?
On the defense of piracy enablers
Posted Aug 26, 2005 13:32 UTC (Fri) by jzbiciak (✭ supporter ✭, #5246)
Like I said, this would allow any 3rd party server to work, as long as it passes through authentication requests between Blizzard's servers and clients. The bnetd server would not be able to break this due to the fact everything going each direction is cryptographically signed and thus tamper proof.
Posted Aug 26, 2005 18:12 UTC (Fri) by jzbiciak (✭ supporter ✭, #5246)
I'm saying it's possible to achieve Blizzard's aims IF they modify their protocol and the behavior of the client.
The client needs to insist on receiving a time-stamped "token"--the time stamp's there to prevent replay attacks--that it can determine easily came from an official Blizzard server. Digitial signatures such as RSA can achieve this.
The Blizzard servers enforce the "one copy of a given CD-Key online at a time" policy by being the only source of these tokens.
A 3rd party server (such as bnetd) can still exist, passing through auth requests to Blizzard's servers and passing back replies to the clients. The 3rd party server can't fake the auth token because it doesn't have Blizzard's private key.
Such a system works because the client insists on getting a time-stamped token signed by an official Blizzard server. Now if someone hacks the client, then you're back to being a pirate. But the bnetd authors certainly cannot be blamed for others hacking their clients.
Now, you may wonder what value bnetd would have if you still needed to contact the Blizzard servers. Easy: The Blizzard servers are only handling authentication. Once the client is satisfied that Blizzard blesses its existance, the local bnetd can run the whole game. That could offer latency benefits etc.
I don't know how I could make this approach more clear. Like I said, for it to work, it requires the client to insist on reaching a Blizzard server, and for the Blizzard server to produce auth tokens that no one else can fake.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds