Slashdot Mirror
EverQuest/Sony Fights Code Wars With Latest Expansion
The most recent expansion for EverQuest (Planes of Power) adds a lot of problem-solving quests to the game, so Sony beefed up the (long-since broken) encryption that they used for the client protocol. The expansion has been a major hit, pleasing some of the most critical voices in the EverQuest world, but one week later, the anonymous development team of ShowEQ had broken the new encryption. Read on for details of the ongoing battle over keeping secrets in plain sight.
First, the skinny on the latest EverQuest expansion, Planes of Power (PoP). Because this is an expansion chock-full of content for only the highest level characters in the game, Sony added some features that everyone would want (and thus, pay for): the ability to progress to level 65 (60 was the cap before); a new zone called the Plane of Knowledge which allows characters to moved freely to all of the old game areas and a feature that allows large groups to coordinate more easily. That's the carrot for the lower-end users, but really this is the first expansion to lock out even moderately experienced players in favor of large, strong in-game guilds.
Even so, the response has been almost all positive. Some players complain about the last-minute changes (especially the changes that made monks and druids less powerful in the high-end game), but those who are taking advantage of the new game areas are happy with the reduced time required for encounters and the fact that the game rewards strategy more than ever.
Planning, attention to detail and a fanatical focus on getting past every challenge that Sony presents are important in-game, but Sony is less than pleased by programmers who are just as happy to approach those challenges from outside of the game. Using Linux and Qt, ShowEQ is a packet sniffer that watches the EverQuest client protocol and displays a map of everything that the Windows client is privy to, but may not disclose to the player. Years ago, the ShowEQ developers discovered a weakness in the encryption that the client uses, and they have been able to reliably interpret the data ever since.
With the PoP release, Sony improved the encryption so that it used a larger key which was more securely chosen. At first, the talk on the ShowEQ IRC forum was gloomy and the normally secretive developers cloistered themselves off from the the group, returning only rarely to proclaim the difficulty of breaking this new scheme. The protocol is not unlike that used by ssh or SSL. A public key is sent from Sony to the client, and the client uses that key to encrypt a random session key and send it to Sony. Theoretically, this approach is open to only a limited number of attacks, all of which run the risk of being detected by the client.
A former ShowEQ developer who was hired by Sony was reported to have said it's over, "you'll never break this"... One week later, the new version of ShowEQ was available via CVS and was working again. The new keys were vulnerable, it seems, to an even simpler form of analysis and the result was simply that ShowEQ worked significantly faster. In many ways, this seemed to simply be a "bonus quest" that Sony threw into the PoP expansion, and it had been beaten.
On Thursday, October 31 ShowEQ broke once again. The protocol now compresses key data to prevent the analysis that was limiting the keyspace that has to be searched. As of this writing, ShowEQ no longer works passively, but this escalation is not over. The latest version allows a user to input the key directly, and developers are hard at work, trying to find further weaknesses in the key generation and/or exchange. The developers are even starting to question the long-held, unwritten truce that they maintained with Sony. The idea was that if Sony did not make decryption require a Windows-side component, there would never be a Windows version, limiting the use of ShowEQ to those capable of getting ShowEQ working under Linux. Now, the party line is, "there is absolutely, positively no reason not to have a WinSEQ."
The technical details are interesting, but the social and legal details may take center-stage for a while. The seq team is trying to figure out what they could put on the client-side without being detected and that brings into question the legality of Sony scanning running processes and reporting back. There's also the matter of Sony's rather astoundingly harsh EULA that tries to preclude activities like this in every way that it can (though the legality of click-through EULAs is still a hot topic).
One problem with this escalation is that, like another product (TiVo, which is partially backed by Sony) the very people subverting the product and making it more than the creator wants it to be are the best customers. In terms of EverQuest, they are often the ones maintaining several accounts and/or spending extra money for the "Legends" service. How does a company contend with a market where your best customers are also your most resourceful? With the TiVo, there was an uneasy understanding between the company and its modders. Sony has broken that balance with EverQuest.
Now that Sony has crossed this Rubicon, it is quite likely that ShowEQ will be ported to Windows and hundreds if not thousands of new users will be introduced to it. Was that Sony's goal? Certainly Prof. Felton showed us that such a battle is ultimately futile. Why does Sony want to fight it again on yet another front (remember that they are an RIAA member)? Is there any financial justification, here? Does mapping software really threaten the game more than the many in-game exploits that the high-end encounters suffer from?
PoP is a finely crafted fantasy gaming experience, but Sony has once again chosen to spend extra time and money hurting themselves and their market. Perhaps their competition will not make the same mistakes.
> I checked how long he's on every month, an average about 250 hrs every month
:) mobile everquest!
with everquest now on the pocket pc - he'll be able to clock that record i bet
Also, I'd just like to say that having to click through an EULA every time one uses EverQuest is, ah... extremely fucked-up.
According to the Sony developer that everyone talked to, the changes that Sony makes to the encryption only takes 20 minutes or so. I believe that part of that time included remaking about 5 different binaries with the new code. Sony just has to change the 5 or so #define's on the encryption and everything breaks. Also, according to the same developer, Sony will not spend much time on breaking ShowEQ until management decides otherwise.
How ShowEQ is fighting back is very interesting. Encryption information is stored at a preset offset in the client. About a month ago, SOE changed it so that, on NT/2000/XP boxes (this didn't effect Win 9x), other programs (even on accounts with "Administrator Access") couldn't read that memory space. However, ShowEQ developers eventually got around the limitation by making the key reader run as a service on the NT LocalSystem account. This service can then send the key information to the decoding system.
As for WinShowEQ, I have sources that have told me that WinShowEQ is an easy port to make. If they are serious about making it and releasing it, expect to see it sometime soon.
-Valen
EQEmu (An Everquest Emulator) was also having a problem with the encryption until our master coder (Go Quagmire!) Found out that it uses a default key if sent the right packets to the client. Since then, we are able to run with the latest client.
I have watched EQEmu grow over the last year, and this Wednesday, we should have our best release yet! We are going on 1 year of releases on Dec 4th, so why dont you download EQEMu and see what it is like to run your own server.
Please, no! I'm too young to be modded down. :-(
Lalala
(Anon because I use SEQ)
SOE (or Verant previously) *has* removed lots of data from the client-side. For example, a long time ago, the client used to be aware of every "mob's" (monster's) loot. Today, the loot table for a monster is not transferred to the client until the monster has been killed and somebody is trying to loot it. So, before, you used to be able to pick-and-choose which monsters to kill to get maximal loot, but today, you cannot do this.
Various other bits of data have been moved to the server-side (IMO, due to the much faster CPU's they have today vs. 3+ years ago) such as spawn points, times, etc.
These days, SEQ is primarily a mapping (GPS) system. It allows you to see where you are in a particular zone and if you are willing to run the client key-sniffer, you can also see where the monsters are in the zone (and their names). This allows you to navigate a zone without getting gang-banged by (possibly unfairly) high-level monsters and to also locate certain "named" monsters.
It should be noted that SEQ ***does NOT*** modify the game data in any way. It only allows the user to view the datastream.
Years ago, Ultima Online had a pretty egregious cheating application called UOExtreme. It let you do all kinds of special stuff- run faster than normal, see hidden people, get an automatic readout of damage you did to players, and have general interface improvements that allowed you to play the game more efficiently.
Well, people got banned for UOE use for quite a while, but the thing that killed it was that the UO dev team simply emasculated it and made it no more than a device for the delivery of trojans.
How did they do this? Clever engineering and greater awareness of the needs of their playerbase.
Fastwalk was fixed by making walk packets require a response from the server before moving the player.
See hidden was fixed by just not telling non-GM clients where hidden players were, and disallowing attacks and other operations on hidden characters. Invisibility was handled in a pretty slipshod way beforehand- the server just told the client, "hey don't show this guy."
The automatic damage readout was just integrated into the client, with the addition of Starcraft-style health bars showing the damage level of your current target.
The interface improvement issue was solved by the legalization of a similar program called UOAssist. Many operations in UO rely on an extremely clumsy interface requiring many mouse clicks and movements for actions that should be far simpler. UOAssist changes this, offering somewhat of an "expert interface" for the game. UOAssist's author sends all program changes to UO's developers to be examined before release.
Come to think of it, you probably know all this stuff already...
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
In the begining there were games like Nethack
and they were good. But not everyone was satisfied.
and so the uncontent masses set about hacking Zork (a popular commercial Single hack&slash text game)into a game called 'dungeon' and thus the MUDs were born. So now we have MUDs MUSH MUCK MOO Diku etc... etal... but alas, the masses craved flashy graphics, and oh yeah, very few MUDs can demand users pay for accounts, because few people are that addicted, in part due to the text based nature. So along came Sony with it's plan, to make a Graphical MUD that people could have the Privaledge of paying $30 or more upfront for, plus a monthly subscription fee. And there you have it, EQ is a graphical MUD. Although, to keep people from associating it with the old text-gen games Someone coined the term MMORPG (massively multi-player online RPG.) The fact of the matter is, if you don't like MUDs you're very unlikely to like EQ, just because it has flashy graphics to play with. OTOH, if you've liked MUDs, and always wanted something graphical, and you've got money burning a hole on your pocket, then EQ is probably just right for you. and honestly, even many MUD servers consider it 'cheating' to use mapgen tools(which generally reveal flaws in the layout of the MUD, like rooms that overlap, etc), and moreso scripting and triggering events to make it less monotonous.
These people even have an issue with you trying to sell equipment or accounts over e-bay, even though the sale of such items probably leads to more people playing, since they don't get so frustrated at not being able to find X that they cancel the account.
You don't start over when you die in EQ. The best scenario is you have a cleric raise you and you get 96% of your lost experience back, and you're out maybe 5 minutes. The worst is that you could lose your corpse and everything you owned was on it, but even an admin will help you out if you're honestly trying to get your stuff back and truely can not.
But start over? Not at all. You're still the same level unless you were unfortunate to lose enough experience to go back a level, but you wouldn't expect to go from level 60 to level 1.
I've been playing Everquest for nearly 2 years, my husband for nearly 4 years. It is a remarkably cheat-proof game. Nothing that ShowEQ does for people really impacts us. In fact even though we have never used it and never will, it's helped us because it supplies information to the people who supply it to the sites that we go to for information.
The creators of Everquest have not allowed item duplication cheats, item stealing cheats, run speed cheats, etc. such as those described in the article referenced. In fact everquest "cheats" are things that you can do in game anyway: tracking (get a ranger of any level, or a sufficient level bard or druid), see invisible (a spell that takes hardly any mana, that casters all get at fairly low levels) etc. And things that everyone benefits from, not some unfairly (knowing what spells are available, what each spell does).
Unlike other online games that I've played, Everquest hasn't been ruined by cheating. It's also fun for all levels, and though its true that those starting today may never catch up with the uberest players, that doesn't matter: it's fun at all levels. It's fun from beginning to end. It isn't about winning, it's -- like a tabletop rpg -- about playing and having fun.
I don't think ShowEQ or its like applications (EQWin, that lets people play everquest in a window) cause any harm or help really. They are nice for people who like that kind of thing, but they are not cheats that ruin the game for everyone else.
Maps are nice, but there's maps all over the web and freely available to anyone who cares to look for them; there are maps for sale by Sony in an official EQ Atlas as well.
Basically, it's an excellent game that was well designed from the beginning to make sure the server took care of all important information exchanges. When there are occasional client side cheats allowed by new bugs introduced by a patch, they're always fixed super-fast.
There are things Sony has done not that well with Everquest, but allowing cheaters to ruin the game for the rest of us isn't one of them.
Writing is the only socially acceptable form of schizophrenia. (E. L. Doctorow)
You payed money for the game. You were not told the conditions of the contract before you paid for the game. Failure to agree is like throwing away money. Any eula is extorting you to agree.
Go get a clue before you give away your rights.
Just a Tuna in the Sea of Life
Sigh... A Man in the Middle attack only applies to key exchange where neither of the parties has any way to previously authenticate each other.
The easiest way around this (that Sony probably uses) is using a "shared secret" which was communicated using "out-of-band communication". Your web browser uses this to make sure that websites are secure. Your browser came with some public keys which can verify a web site's own encryption keys. These make sure that https://www.buyme.com really is who you think they are.
The out-of-band part is because these verification keys came with your web browser when you downloaded it and weren't part of the transaction with https://www.buyme.com where you bought something.
Everquest can simply come with a set of keys to verify that traffic which appears to come from the EQ servers really did come from there. Without modifying the Everquest binary, you're probably SOL for being able to fake these on the client side, and I'm pretty sure they check for binary modification at this point.
I, Cringely: Get a Life (Which One?) A Real Battle is Brewing in the World of Everquest
They can and do enforce this. The monthly contract is seperate from the purchase. It is not an "after-sale restriction" since you still have what you purchased, namely a box and a silver coaster, and can even get this price refunded if you are not willing to agree to their terms. You licenced the software and, they can revoke this, in addition, to connect to their servers you have to agree to another contract (which you explicitly do every time you sign on) telling you what you can and cannot do. If you modify something on your client or, view anything they send to you outside the client, you are in violation of this contract, they can and will cancel your account and, are perfectly within their rights to do so. If you send packets to them that are not from the client they additionally have the option of pressing charges against you, as this is unautorized use of a computer system. You may think this sucks but, in order for them to survive they have to take as tough a stance on this as they can. Keep in mind that if Sony wanted to really press the issue, they could probably sue the developers of ShowEQ, on the basis that they violated the contract they agreed to when they opened an account and, there are real damages to award. If they do not have an account (which is unlkely) then whomever allowed them use of their account is in violation (as is clearly specified in the agreement.) It would be wise for ShowEQ to keep off Windows, as it is probably not worth the effort to go after them as long as they do. Otherwise, I hope they have decent lawyers. I checked into all of this (and actually got legal advice) a while ago while I was thinking about writing something similar to ShowEQ. Believe me guys, you really want to think about this one before you do it, Sony is a large corporation with a lot of money, and Everquest is very profitable. If you interfere with this, they will not be happy. Even if you do not think you can be found, remember that if they choose to sue, sourceforge will be required to give any information they have about you, and I seriously doubt they would violate a court order.
I'm a signature virus. Please copy me to your signature so I can replicate.
Netrek figured this out about fifteen years ago. The source is open, so it was assumed from day 1 that clients couldn't be trusted. Attempts at client authentication were added later, but those were add ons (and could be and were subverted), they weren't the prime means of preventing cheating.
The strength of the Netrek model is that the game was designed from its infancy to send exactly and only the information that each client needs to display what it's supposed to be displaying. For example, cloaked units are supposed to be shown as unidentified contacts and on the galactic window only, with erratic position and irregular updates. One of the first things a hacked client developer will do is to display them on the tactical window as well, and there's nothing that the design can do to stop that. Also, it's not perfect; an ID is sent for the cloaked units, so the client can show what they really are. However, the server does only send irregular updates, and it flat out lies about the position, heading and speed of the unit, so the client can only show so much.
One of the most controversial design decisions involved torpedo weapons. The servers sends "start" and "end" packets, but instead of sending speed and heading and letting the client handle movement of the weapon, it sends regular "position" updates, with a jitter built in. This increases the bandwidth requirement significantly, but it means that the client doesn't know the exact speed and heading of the weapon, so can't make an easy calculation about how to dodge it.
The Netrek model is replete with decisions like this. There are a few snafus (like the cloaked ship ID), but in general there is very little that a client can display that it's not supposed to. And believe me, I tried.
The reason for this tight design is simple if you think about it. Netrek, like XPilot and Xfire, was originally an X-display game. The server handled both mechanics and display. When Netrek moved to a TCP(later UDP)/IP based model, that model was preserved and the server took on a lot of responsibility for culling information that each client shouldn't know.
It never fails to amaze me that commercial games developers never seem to learn the lessons that open source projects can teach them. I know (from bitter experience) that there's a huge rush to get results on screen, but hey, guys, do it right, don't do it twice.
If you were blocking sigs, you wouldn't have to read this.
This is the main reason I stopped playing EQ in favor of Camelot. EQ is a packet spewing monster delivering all sorts of crap "I don't need to know". Living on a 26.4kbps connection (thanks to Verizon), I can get 3 sessions of Camelot running smoothly (for myself and 2 offspring). ONE session of EQ chokes in heavily populated areas.
(no, Verizon will not upgrade my circuit to 56k, much less IDSN, IDSL, xDSL, frame-relay, or mutant chipmunks --- they are jerks).
Then, of course, there's Microsoft's AC and AC2 which STILL can't deal with more than one session over a firewall/NAT or ICS (their own freaking product)... multiple ports over one IP is too hard I guess.
(not anon, and i am a seq dev)
>SOE (or Verant previously) *has* removed lots of data from the client-side. For example, a long time ago, the client used to be aware of every "mob's" (monster's) loot.
ShowEQ has never been able to tell you a monsters loot. Ever.
You could deduce what they might drop from things hey have on them (the old favorite was telling which wisps had lightstones, not because we could tell thier loot, but because you could tell what level of light they gave off).
ShowEQ has never known loot.
i dunno if any of you old skool wired readers remember this article about paradise island home of some of the world's most famous satellite and cable hackers. a constant cat and mouse game between the hackers and satellite and cable box developers/content distributors. and the interesting thing is that both sides seem to enjoy the battle of wits.
Large print giveth, and the small print taketh away
It's not forced on anyone. There are two buttons: "agree" and "disagree" (or something like that).
It's called a unilateral contract where one party dictates the entire terms of the agreement.
After sorting through a plethora of comments, I just had to comment. It appears that the majority of people out there don't have a CLUE about what ShowEQ is and what ShowEQ isn't.
Verant, and now SOE, have had a burr in their britches about ShowEQ from the beginning. They continue to view ShowEQ as the "dark side of the force" while completely ignoring the FAR more egregious cheating tools out there.
On the "cheating index," I rate ShowEQ only slightly above EQWindows. In fact, I don't consider EQWindows cheating at all. That, however, is not SOE's opinion. An entire thread could be devoted to SOE's blatent disregard for Microsoft's development guidelines regarding Control-Alt-Delete and task-switching... Rather ironic. But I digress. More on the "cheating index" in a little bit.
MacroQuest, Xylobot, and a few others, active ALTER the client. They are the tools that have done FAR more damage to the game than ShowEQ could EVER do. People have used these other tools to flood the EQ economy with game money (plat) earned by automating the exploitation of various tradeskills. Heck, there are even macros out there that allow people to multi-box drastically easier than would normally be the case. Players can alter their run speed, have the client ignore rain in a zone to improve vision, and a whole lot more. Rumor even has it that people are able to dupe items using some of these tools. These are things ShowEQ simply can't and never will do. For those who are concerned about the integrity of the game, THESE tools are your real enemies -- not ShowEQ, not EQWin.
As a side note, even our beloved Magelo is more invasive than ShowEQ. Magelo sits on the client side and rips the character data out of EQ's process space. Of all the programs mentioned, Magelo is by far the most harmless in terms of game play.
EqWindows (EQWin) is also harmless in my opinion. It allows the user to run EQ in a window (scandal!!). What in the world is so bad about this, Sony? Ah! The argument has always been, "the player could use their computer to look up our secrets on the internet, or launch cheat tools in the background." Guess what? It is already happening and has been happening long before EQWin existed. By extrapolation, web sites like Everlore and CastersRealm are cheating.
So why are EQWin (which would be utterly trivial for SOE to discover without resorting to tasklist or disk scanning) and Magelo allowed to continue? Simple. SOE has concluded that these applications keep people playing (thus PAYING). ShowEQ, Macroquest, and the rest have a relatively high barrier to entry. Of these, ShowEQ has traditionally had the highest barrier simply because it runs solely on Linux. The fact that many people continue to play because of ShowEQ is conveniently ignored because of the relatively small number of people who use it. It doesn't matter if a few disgruntled SEQ users quit. Not enough revenue for Sony to care about.
Is ShowEQ cheating. Sure it is. It gives its user the advantage of knowing where in the zone you are, what critters are in the zone, and some basic information about the critters (notably position, movement direction, level, and class). Can it be used to give a player an advantage? Sure. However, the player using SEQ still has to have sufficient skill to actually leverage that advantage. You still have to be able to play the game with skill. To get "Mad Platz" using ShowEQ is limited to being able to find and kill rare spawns, etc. ShowEQ only helps with the find part. The player still must be able to do all the work. Ohhh look, Lord Nagafen is up -- I'm running ShowEQ, I can solo him. Don't think so. The various posts in this thread, along with the recent Cringley article show that this point is not well understood.
Heck, the in-game exploits that many players do give the player more of an advantage than ShowEQ. These exploits are typically pathing bugs that allow a player to wail away at an opponent without ever being hit. Some players have claimed being able to go from level 3 to 20 in a matter of a few hours using these exploits. In fairness, SOE does a decent job of trying to track down and clean up these exploitable bugs. However, the same pathing problems are perpetually ignored when it is to the advantage of the NPC...
This next point will cause some people to say, "look! A cheater trying to justify himself." Perhaps, but I want this angle of the story to be told.
* ShowEQ has exposed COUNTLESS lies and half-truths from Verant/SOE about the game. Many of the changes for the better that have been made to the game over the years are due to the persistence and vigilance of ShowEQ users (who, ironically, seem to care a great deal about the game.)
* ShowEQ has helped expose the incredible inequity that exists between the rules that NPCs follow and the rules that govern Player Characters. In essence, we've gotten a better window on the way the NPCs "cheat" us.
* ShowEQ and its users have been responsible for identifying and reporting countless bugs.
* ShowEQ users have done countless favors for their fellow players; leading hopelessly lost and frustrated players out of confusing, perpetually foggy and rainy zones, and assisting with the recovery of corpses that otherwise would have been lost.
* Directly or indirectly, ShowEQ has made Everquest more enjoyable in some way to *thousands* of players.
Bottom line is this: ShowEQ is FAR from the "Ultimate Evil" many have portrayed it to be.
I think a lot of ShowEQ users would abandon the use of the tool altogether if EQ included a mapping function, "heads-up radar", and an opponent assessment system that was actually worth something. I've played other Online RPG's that had these basic features, and the thought of writing a ShowEQ equivalent for these games never crossed my mind. It simply wasn't necessary.