| |||||||||||||
On the defense of piracy enablersOn the defense of piracy enablersPosted Aug 26, 2005 18:12 UTC (Fri) by jzbiciak (✭ supporter ✭, #5246)In reply to: On the defense of piracy enablers by jzbiciak Parent article: On the defense of piracy enablers
Let me be a little more clear:
I'm saying it's possible to achieve Blizzard's aims IF they modify their protocol and the behavior of the client.
The client needs to insist on receiving a time-stamped "token"--the time stamp's there to prevent replay attacks--that it can determine easily came from an official Blizzard server. Digitial signatures such as RSA can achieve this.
The Blizzard servers enforce the "one copy of a given CD-Key online at a time" policy by being the only source of these tokens.
A 3rd party server (such as bnetd) can still exist, passing through auth requests to Blizzard's servers and passing back replies to the clients. The 3rd party server can't fake the auth token because it doesn't have Blizzard's private key.
Such a system works because the client insists on getting a time-stamped token signed by an official Blizzard server. Now if someone hacks the client, then you're back to being a pirate. But the bnetd authors certainly cannot be blamed for others hacking their clients.
Now, you may wonder what value bnetd would have if you still needed to contact the Blizzard servers. Easy: The Blizzard servers are only handling authentication. Once the client is satisfied that Blizzard blesses its existance, the local bnetd can run the whole game. That could offer latency benefits etc.
I don't know how I could make this approach more clear. Like I said, for it to work, it requires the client to insist on reaching a Blizzard server, and for the Blizzard server to produce auth tokens that no one else can fake.
(Log in to post comments)
|
|||||||||||||