[Multicomp]

This was amazing to read. Reading stories of reverse engineering and cracking long-dead programs are interesting enough, but then being able to buy the domain and re-implement the authentication servers from just what the client expects?!

I'm staggered at the skills needed to do that.

[matheusmoreira]

It's amazing what people can accomplish... Gives me hope that old video games will one day receive the same treatment. Way too many of them lost online multiplayer after the game company moved on.

[marcan_42]

Unfortunately, this is only possible because the obfuscation used is just weak obfuscation.

Once you throw real public-key encryption into the game, which is what any competent company trying to avoid cloned servers should be doing, there is no way to create alternate servers just from game data. You need to at the very least patch the game and change the key.

[quietbritishjim]

I'm not sure the parent comment is necessarily going for a patchless solution, and as you say, by the time you have got far enough with reverse engineering for the particular type of encryption to matter, you can always just patch the executable to bypass it altogether. (In fact by halfway down the article the author had done exactly that.)

Besides, I'm not even convinced that "any competent company" would bother with public/private key cryptography given that it makes little difference to them how exactly their copy protection is broken.

The bigger problem for the parent commenter is if actual game logic is executing on the server, which is probably the case for online multiplayer games.

[matheusmoreira]

> The bigger problem for the parent commenter is if actual game logic is executing on the server, which is probably the case for online multiplayer games.

Yes. I used to play on unofficial MMORPG servers back in the day. People reverse-engineered the network protocol and created an open source game server. It didn't have all the features of the official game but it ran fine and could be freely modded. I used to host one of these on my own home computer... Traditionally the official game client is used but some games even have custom clients!

Examples:

https://github.com/opentibia/server

https://github.com/otland/forgottenserver

https://www.wireshark.org/docs/dfref/t/tibia.html

[jonathanlydall]

Blizzard (I suspect) did exactly this with the original Warcraft III.

To play on an emulated Battle.net server you had to apply a patch to the client .exe or it would refuse to connect.

I remember chatting with one of the emulator developers on IRC and they said it was practically impossible to reverse engineer the key, so that sounded to me like public/private key encryption.

I suspect Blizzard reasoned that it made the emulated servers less legitimate and that people uncomfortable downloading "cracks" would be put off. It didn't have to be fool proof, just raise the bar high enough to encourage more sales.