Letter to Editor: Response to Florian Mueller's Release re: "Anti-IP"

Letter to Editor: Response to Florian Mueller's Release re: "Anti-IP"

'So far as I understand it BnetD could be trivially altered to validate against a Blizzard provided authentication system in any of several ways. This would mean people intent on illegal copying would have to create "underground" servers, a situation that exists today and will exist regardless of any court case.'

I don't know if doing a proxy connection to Blizzard to validate the authenticity of the client would have worked but I doubt it for both technical and legal reasons.

1) The server sends several unpredictable numbers to the client and an equation to use for doing a checksum (presumable for detecting cheats or other things which modify the game binary). The bnetd server wouldn't be able to do anything asychronously... it would have to literally wait for a response from either the client or server on every packet. Additionally, it would have to keep the connection to Battle.net open during the entire time the client is connected, otherwise the whole excercise would be pointless. Keeping a connection open requires a number of things to happen to avoid timeouts, bot detection, etc.

2) It seems likely Blizzard would not appreciate these "bots" connecting and might consider the additional traffic from bnetd servers as abusive. They could block the IPs or take legal action. Additionally, this could be abused by people who do brute force key attacks... they could hide behind bnetd servers to avoid liability just like spammers use open mail relays.

3) The bnetd server would be vulnerable to attacks. If someone wanted to take out a bnetd server they would just submit a bunch of identical authentication requests and the server would be banned from Battle.net.

4) There would be no independent accounts on the bnetd servers. Because each account is only allowed to login once at a time on Battle.net and because the connection for each game would have to be held open, the only workable solution would be to require the user to use their Battle.net username and password on the bnetd system. This defeats some of the benefits of having a local server.

5) Blizzard could implement (and I think they may have) some public key or other non-symmetric crypto fun to avoid these man in the middle "attacks". The solution might take months to implement only to be defeated in the next patch. There would be no way to work around such a change unless major crypto breakthroughs were made... and then remember the DMCA exists... and it is what the proxying was trying to avoid in the first place.

6) It would be a lot simpler for Blizzard to just have the client make a separate authentication connection and ignore the registry setting for the desired game server. This doesn't seem hard, but it didn't happen so I assume Blizzard would rather not have bnetd even if "enabling piracy" were not a factor.