EverQuest/Sony Fights Code Wars With Latest Expansion

Perlmonkey has written a summary on the latest Everquest Expansion, and Sony's efforts to thwart those who might wish to to tap into the packets and do things that maybe aren't exactly fair to other players. Or they just want a map that should have been in the first place. In anycase, hit the link below to read his piece on the subject.

The most recent expansion for EverQuest (Planes of Power) adds a lot of problem-solving quests to the game, so Sony beefed up the (long-since broken) encryption that they used for the client protocol. The expansion has been a major hit, pleasing some of the most critical voices in the EverQuest world, but one week later, the anonymous development team of ShowEQ had broken the new encryption. Read on for details of the ongoing battle over keeping secrets in plain sight.

First, the skinny on the latest EverQuest expansion, Planes of Power (PoP). Because this is an expansion chock-full of content for only the highest level characters in the game, Sony added some features that everyone would want (and thus, pay for): the ability to progress to level 65 (60 was the cap before); a new zone called the Plane of Knowledge which allows characters to moved freely to all of the old game areas and a feature that allows large groups to coordinate more easily. That's the carrot for the lower-end users, but really this is the first expansion to lock out even moderately experienced players in favor of large, strong in-game guilds.

Even so, the response has been almost all positive. Some players complain about the last-minute changes (especially the changes that made monks and druids less powerful in the high-end game), but those who are taking advantage of the new game areas are happy with the reduced time required for encounters and the fact that the game rewards strategy more than ever.

Planning, attention to detail and a fanatical focus on getting past every challenge that Sony presents are important in-game, but Sony is less than pleased by programmers who are just as happy to approach those challenges from outside of the game. Using Linux and Qt, ShowEQ is a packet sniffer that watches the EverQuest client protocol and displays a map of everything that the Windows client is privy to, but may not disclose to the player. Years ago, the ShowEQ developers discovered a weakness in the encryption that the client uses, and they have been able to reliably interpret the data ever since.

With the PoP release, Sony improved the encryption so that it used a larger key which was more securely chosen. At first, the talk on the ShowEQ IRC forum was gloomy and the normally secretive developers cloistered themselves off from the the group, returning only rarely to proclaim the difficulty of breaking this new scheme. The protocol is not unlike that used by ssh or SSL. A public key is sent from Sony to the client, and the client uses that key to encrypt a random session key and send it to Sony. Theoretically, this approach is open to only a limited number of attacks, all of which run the risk of being detected by the client.

A former ShowEQ developer who was hired by Sony was reported to have said it's over, "you'll never break this"... One week later, the new version of ShowEQ was available via CVS and was working again. The new keys were vulnerable, it seems, to an even simpler form of analysis and the result was simply that ShowEQ worked significantly faster. In many ways, this seemed to simply be a "bonus quest" that Sony threw into the PoP expansion, and it had been beaten.

On Thursday, October 31 ShowEQ broke once again. The protocol now compresses key data to prevent the analysis that was limiting the keyspace that has to be searched. As of this writing, ShowEQ no longer works passively, but this escalation is not over. The latest version allows a user to input the key directly, and developers are hard at work, trying to find further weaknesses in the key generation and/or exchange. The developers are even starting to question the long-held, unwritten truce that they maintained with Sony. The idea was that if Sony did not make decryption require a Windows-side component, there would never be a Windows version, limiting the use of ShowEQ to those capable of getting ShowEQ working under Linux. Now, the party line is, "there is absolutely, positively no reason not to have a WinSEQ."

The technical details are interesting, but the social and legal details may take center-stage for a while. The seq team is trying to figure out what they could put on the client-side without being detected and that brings into question the legality of Sony scanning running processes and reporting back. There's also the matter of Sony's rather astoundingly harsh EULA that tries to preclude activities like this in every way that it can (though the legality of click-through EULAs is still a hot topic).

One problem with this escalation is that, like another product (TiVo, which is partially backed by Sony) the very people subverting the product and making it more than the creator wants it to be are the best customers. In terms of EverQuest, they are often the ones maintaining several accounts and/or spending extra money for the "Legends" service. How does a company contend with a market where your best customers are also your most resourceful? With the TiVo, there was an uneasy understanding between the company and its modders. Sony has broken that balance with EverQuest.

Now that Sony has crossed this Rubicon, it is quite likely that ShowEQ will be ported to Windows and hundreds if not thousands of new users will be introduced to it. Was that Sony's goal? Certainly Prof. Felton showed us that such a battle is ultimately futile. Why does Sony want to fight it again on yet another front (remember that they are an RIAA member)? Is there any financial justification, here? Does mapping software really threaten the game more than the many in-game exploits that the high-end encounters suffer from?

PoP is a finely crafted fantasy gaming experience, but Sony has once again chosen to spend extra time and money hurting themselves and their market. Perhaps their competition will not make the same mistakes.

1ST POST

YO

I know I was under a rock.

What's EverQuest?

What up What up?

150 days of /played time on EQ (hours of sitting at the comp) Woot WOot!

WHERE ARE THE AIDS LINKS?

So let's say you surprise yourself by falling in love with your closest friend. And let's say his name is Steve, and you're HIV-negative but he's HIV-positive. You're not sure why you've fallen in love with him after all this time. But this tale takes place just before the era of miraculous drug cocktails, and his T-cells are not so great, so you know it's partly because you need to cram the long lovely future of the sweetest friendship you've ever had into the two or three years he probably has left. Plus, he's a wonderful guy, and he loves you, too.

He's terrified that he'll infect you, much more afraid than you are. You want to do as much as possible within the bounds of what you consider safe. But he doesn't want you to suck him even a little; he doesn't want to penetrate you even with a condom. In the last year he won't even let you kiss him, really kiss him, although his doctor has told him that the KS lesion on the roof of his mouth poses absolutely no risk to you.

When his health finally collapses, you clean his diarrhea off the sheets and floor and swaddle him in diapers against his will. When he falls into a coma, you lie next to him every night and jerk off amid the scent of looming death. Your orgasms are great. You hold his hand as his last breath slips away and then his mouth drops open and foam bubbles out. They take him away but you can't let him go yet, so you don't change the sheets for two days, and you masturbate some more.

OT newbie question

[LinuxInDallas]

I was reading the FAQ about the port they are doing for Mac OSX. They are going to have the Mac users using a different server than the PC users because they don't believe that having all the new players in the game with verteran PC users is fair. I have never played EQ but I was thinking of giving it a try. Is it going to be insanely difficult to start a new character with all the long-time players on the server? Or is there still opportunity for new players to get started. Doesn't sound like it based on the reasoning behind putting OSX user on a different server.

YOU DID IT!

[YOU+DID+IT!]

Congratulations! You got first post!

YOU DID IT!

This is fascinating

" I've been playing Everquest for nearly 2 years, my husband for nearly 4 years."

I'm curious. When you two are, y'know, doing it, do you talk about the game and bargain sexual favors based on trading items in the game?

I mean:

Husband: Put your mouth on it, and don't actually blow, its more like suck.

Wife: You like that, eh? Well then how about giving me the shield of the phonix order.

Husband: Are you crazy? Okay, but you have to swallow for that.

Wife: All right, but you also have to give me a rim job.

Husband: You know I hate that. But if you were to give me the armor of mulderdon and give me anal afterwards we could make a deal.

Wife: Okay, but you have to wash your "thing" if you want to put it back in my front hole.

I mean, the possibilities are endless if you have any imagination.