Slashdot Mirror
EverQuest/Sony Fights Code Wars With Latest Expansion
The most recent expansion for EverQuest (Planes of Power) adds a lot of problem-solving quests to the game, so Sony beefed up the (long-since broken) encryption that they used for the client protocol. The expansion has been a major hit, pleasing some of the most critical voices in the EverQuest world, but one week later, the anonymous development team of ShowEQ had broken the new encryption. Read on for details of the ongoing battle over keeping secrets in plain sight.
First, the skinny on the latest EverQuest expansion, Planes of Power (PoP). Because this is an expansion chock-full of content for only the highest level characters in the game, Sony added some features that everyone would want (and thus, pay for): the ability to progress to level 65 (60 was the cap before); a new zone called the Plane of Knowledge which allows characters to moved freely to all of the old game areas and a feature that allows large groups to coordinate more easily. That's the carrot for the lower-end users, but really this is the first expansion to lock out even moderately experienced players in favor of large, strong in-game guilds.
Even so, the response has been almost all positive. Some players complain about the last-minute changes (especially the changes that made monks and druids less powerful in the high-end game), but those who are taking advantage of the new game areas are happy with the reduced time required for encounters and the fact that the game rewards strategy more than ever.
Planning, attention to detail and a fanatical focus on getting past every challenge that Sony presents are important in-game, but Sony is less than pleased by programmers who are just as happy to approach those challenges from outside of the game. Using Linux and Qt, ShowEQ is a packet sniffer that watches the EverQuest client protocol and displays a map of everything that the Windows client is privy to, but may not disclose to the player. Years ago, the ShowEQ developers discovered a weakness in the encryption that the client uses, and they have been able to reliably interpret the data ever since.
With the PoP release, Sony improved the encryption so that it used a larger key which was more securely chosen. At first, the talk on the ShowEQ IRC forum was gloomy and the normally secretive developers cloistered themselves off from the the group, returning only rarely to proclaim the difficulty of breaking this new scheme. The protocol is not unlike that used by ssh or SSL. A public key is sent from Sony to the client, and the client uses that key to encrypt a random session key and send it to Sony. Theoretically, this approach is open to only a limited number of attacks, all of which run the risk of being detected by the client.
A former ShowEQ developer who was hired by Sony was reported to have said it's over, "you'll never break this"... One week later, the new version of ShowEQ was available via CVS and was working again. The new keys were vulnerable, it seems, to an even simpler form of analysis and the result was simply that ShowEQ worked significantly faster. In many ways, this seemed to simply be a "bonus quest" that Sony threw into the PoP expansion, and it had been beaten.
On Thursday, October 31 ShowEQ broke once again. The protocol now compresses key data to prevent the analysis that was limiting the keyspace that has to be searched. As of this writing, ShowEQ no longer works passively, but this escalation is not over. The latest version allows a user to input the key directly, and developers are hard at work, trying to find further weaknesses in the key generation and/or exchange. The developers are even starting to question the long-held, unwritten truce that they maintained with Sony. The idea was that if Sony did not make decryption require a Windows-side component, there would never be a Windows version, limiting the use of ShowEQ to those capable of getting ShowEQ working under Linux. Now, the party line is, "there is absolutely, positively no reason not to have a WinSEQ."
The technical details are interesting, but the social and legal details may take center-stage for a while. The seq team is trying to figure out what they could put on the client-side without being detected and that brings into question the legality of Sony scanning running processes and reporting back. There's also the matter of Sony's rather astoundingly harsh EULA that tries to preclude activities like this in every way that it can (though the legality of click-through EULAs is still a hot topic).
One problem with this escalation is that, like another product (TiVo, which is partially backed by Sony) the very people subverting the product and making it more than the creator wants it to be are the best customers. In terms of EverQuest, they are often the ones maintaining several accounts and/or spending extra money for the "Legends" service. How does a company contend with a market where your best customers are also your most resourceful? With the TiVo, there was an uneasy understanding between the company and its modders. Sony has broken that balance with EverQuest.
Now that Sony has crossed this Rubicon, it is quite likely that ShowEQ will be ported to Windows and hundreds if not thousands of new users will be introduced to it. Was that Sony's goal? Certainly Prof. Felton showed us that such a battle is ultimately futile. Why does Sony want to fight it again on yet another front (remember that they are an RIAA member)? Is there any financial justification, here? Does mapping software really threaten the game more than the many in-game exploits that the high-end encounters suffer from?
PoP is a finely crafted fantasy gaming experience, but Sony has once again chosen to spend extra time and money hurting themselves and their market. Perhaps their competition will not make the same mistakes.
A very well written and informative article. I'm intrigued by the story of ShowEQ -- and the fact that Sony seems to want to protect their system by deciding what users can and can't run on their computers. It reminds me of the video player that uninstalled Ad-aware automatically, claiming that running it wasn't allowed under its license. I don't believe that such things are really legal -- are they not an invasion of privacy and an illegal search? (Alas, the Constitution's protections against this in the US are only applicable to the government itself, but such practices, I feel, are going too far) Sooner or later, I think, Sony will be dragged into court over this and sued. What if, for example, they use their little spy applet to suck data off someone's computer that gives them an advantage (a competitor's computer that had confidential information, for example?).
I am, though, a little surprised to see that the ShowEQ people haven't been sued under the DMCA. And I'm glad they haven't, because what they are doing is reverse engineering and they are not actually hacking into the client or the server, so it is legal. They are not trying to pirate the game. They are merely trying to see what exactly their computer is saying to the server and what it is receiving from it. A perfectly fair thing to do, I think, because it IS their own property and the owner of it has the right to know what exactly is happening, so they can choose whether or not to run a given application instead of having to trust the programmers. Checks and balances.
Note: I don't play Everquest. I call it EverCrack, actually. I don't play games that I have to pay a monthly fee for. I prefer to play single-player games, or sometimes multiplayer, offnetwork, with people I already know.
i am a soviet space shuttle
In EverQuest, the license agreement must be accepted each time you start up the game.
/played time, you've seen that license hundreds of times. Whether or not you've read it is illrelevant, but you've willingly clicked yes to it hundreds, if not thousands of times.
No auto-yes option. No "I understand and agree, don't tell me again" option. You [b]must[/b] click "I Accept" every time the game EXE is called.
If you've accumulated any significant level or
I'd say that makes it pretty binding.
The client has to know certain things to run. To alter what it knows would to make a thin client game even thinner, and would alter the balance of the client/server load. If the servers are picking up slack for the clients (or the sole purpose of players not sniffing that info), then the servers have to be redesigned and beefed up. Not likely, I say.
Although I have played EQ off and on for the last 3 years or so, and have heard of ShowEQ, i never really knew what it was used for. I dont have a Linux box, so it didnt make much difference for me. What does concern me about this is that with a windows version, the program can and will become far more widespread. I would compare it to the recent developments in the diablo II community.
There has always been trade hacks, and this hack, and that hack, but to execute them, you usually need packet sniffers, have to understand how the program works, and basically know what you are doing. Every once in awhile, one would come along that was easy to use with some fancy UI and mass chaos would ensue.
Anymore, most players use Pindlebots or Mephisto bots, to just endlessly kill those bosses over and over for hours on end, hoping for some uber item to drop, and in the meantime racking up exp. They are extremely easy to use, just run the executable, configure the config for your character, and it does everything else for you with zero interaction. Now, you can't create a game without having to wait in line on the USEast Realm, and you can get just about any item you want in the trading channels.
I ran pindlebot for two weeks, and in that time, i got alot of the best equipment in the game. It seemed nice, to have this great character, but ultimately it ruins the game, because you have the best equipment, theres no challenge, theres no point in playing the game anymore.
If ShowEQ does get ported to Windows, I can only imagine similiar situations like this arising. The masses start using the program, and ultimately the legitimate players become too frustrated and leave, and the players with the cheat / hack / dupe / whatever ultimately become bored with the game, and a game that was once a great way for people to pass time becomes the playground for the people have ruined the game.
The Man in the Middle attack is one of the oldest and still most effective attack on public key encryption.
I don't know all the details, unfortunately. They may very well have tried this already.
Asheron's Call has been like this for years. There's a program called Decal that intercepts and can forge packets between the client and the server. It exposes them through COM to a plugin architecture, allowing people to easily create plugins that interact with the game.
On the one hand it could considered cheating, but at this point, most people seem to run it and it's made some fantastic things possible. For one thing there's a plugin called ACArm which allows figures out how to switch between armor profiles at the touch of a key, much more easily than figuring out the right order and dragging and dropping manually. There's another called Robochef that automatically does crafting. And one of the oldest and best known, Sixth Sense which can scan for items/monsters/players etc. is almost required for some challenges in the game. (Find random spawn monster somewhere out in the wilderness.) It takes much of the tedium out of a game that's supposed to be fun.
The down side, though, is that people have come up with money making trade skill macros where you just load up your character with enough starting cash and some of the ingredients, and it crafts a bunch of items, sells them at a profit, buys more ingredients and continues. That inflates the economy a bit, though not much it seems. Worse, some people have made combat macros that automatically camp a spot and kill all the monsters. It's very annoying to be running around in a dungeon and finding a mage perched in a corner stealing your kills. (Combat macros are now a bannable offense under the CoC, however. Also, the Decal devs are very anti-combat macros.)
Anyway, I know that's AC and not EQ, but I just thought I'd mention that as an existing example of where this can lead. It's got its down sides, but it's mostly been a good thing for the game.
There are many things that the client MUST know, for performance and usability reasons.
:-)
Every request the client makes for information means another round trip access to the server. Another complex decision by the server whether the client should be allowed that information. When you have 100K users online, making requests like that dozens of times a second, it can get JUST A TINY BIT LAGGY.
To alleviate these issues, the server sends some information to every client. The game map. The nearby creatures that the client may need to render at any moment. The current statistics of all the players equipment. All this information the client NEEDS to know.
Here is an example of one thing people often think the client does NOT need to know... creatures that are behind a hill, or not in the players cone of view. However, what if the player whips around to look behind them? How disorienting and unplayable would it be if every time you turned it took half a second before you saw ANYTHING other than terrain? As for obstructed creatures, would you want to go around a corner in a dungeon and not see anything for half a second until the server caught up? Not to mention the exhaustively difficult math required to accurately determine whether you have line of sight to something or not.
Thin clients DON'T WORK. At least, not in MMORPG's. Works for MUDs though. If you don't mind, I'll be going back to my DikuMUD now.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.