FFXI Apocarypse Nigh?

[Shinypantsu]

For those of you who didn't know, the Encryption code for all FFXI packets was broken today.

since I know its going to be known soon, I have decided to let everyone know that the ingame packets have been decrypted. I wont nor will anyone else release the decryption code out to the open. Dont expect to see a sniffer out for everyone to use either as I will hand pick only the people I know would not leak it. This is very good news for this project and everyone else will be happy at this and I know this topic will soon be flooded.

That was a quote by Rz950, one of the people who have been trying to crack it for almost 2 years.

Basically they can trick the servers into thinking anything they want it to. Several people have witnessed them trick the sever into them having claim on NMs before they even pop. (i.e. it's unclaimed, but everyone will get the "already claimed" message) See that measley 1gil in your delivery box? Hmm, let's tell the server it's 999,999,999g.

I think if they do leak it and it gets widespread, either A) massive emergency maintanence, or B) ...more emergency maintanence?

Discuss.

[BRP]

Sage Sundi says:


I don't know

[LAGUNA]

Sage Sundi says:


I don't know

[JoOeetheplatypuS]

Errr wow... Thats amazing...

[Axil]

oh god, please be real

[FFXIFlux]

Ummm... a) why would they encrypt the packets and b) since you're running the program doing the encrypting (FFXI Client), how could it take you two years to break it and c) this shouldn't allow you to do what you're saying it will unless FFXI servers were written by 2-year olds (and I have it on good authority they were at least 3 when they wrote it.)

[aurik]

Except they can only trick the server as much as the server is programmed to blindly trust the client.

[Shinypantsu]

I'm just the messenger, no expert.

on a side-note your sig kicks mucho ass

[Demosthenes11]

Are the packets put together with staples?

[Shinypantsu]

Except they can only trick the server as much as the server is programmed to blindly trust the client.

Good point, I was wondering though, would this make Repower a reality?

[Dezzimal]

Heres what I don't get...how does breaking the encryption turn in to you recieving 999,999,999G in your delivery box? Any decent client/server setup can at least prevent that from happening. Allow me to englishify the packets that should be going back and forth

Client: Whats in my delivery box?
Server: 5 gil
Client: Its 999,999,999 gil omg!
Server: No its not.

Variables like that are stored on the server, theres no changing them. You can't just tell the server you have more gil than you already do. You can't just 'trick' the server, you'd literally have to find a way to get the authority to edit the gilcount even with the encryption, or find a dupe glitch.

Edit: Aurik made the exact same post as me a few minutes before me ><

[aurik]

What this does enable is the creation of standalone apps that communicate with the FFXI servers in some way.

[Axil]

Heres what I don't get...how does breaking the encryption turn in to you recieving 999,999,999G in your delivery box? Any decent client/server setup can at least prevent that from happening. Allow me to englishify the packets that should be going back and forth

Client: Whats in my delivery box?
Server: 5 gil
Client: Its 999,999,999 gil omg!
Server: No its not.

Variables like that are stored on the server, theres no changing them. You can't just tell the server you have more gil than you already do. You can't just 'trick' the server, you'd literally have to find a way to get the authority to edit the gilcount even with the encryption, or find a dupe glitch.

Edit: Aurik made the exact same post as me a few minutes before me ><

Hey smartypants, find out if its real This is the most excited ive been about FFXI in years.

[BRP]

I believe the code was broken about 4 months ago by Cliff no? Isn't this ofn?

[aurik]

You could always just cut the decryption code wholesale from the FFXI executable as well, if you could find it.

That's how the first people reversed the battle.net authentication process for diablo2/warcraft3. In fact, I stepped through the code and reversed engineered the password encryption function myself. Took me about 2-3 days.

[MisterBob]

He's not the first to do it, and the game auto-bans you for sending abnormal packets, have fun with that.

[Axil]

You could always just cut the decryption code wholesale from the FFXI executable as well, if you could find it.

That's how the first people reversed the battle.net authentication process for diablo2/warcraft3. In fact, I stepped through the code and reversed engineered the password encryption function myself. Took me about 2-3 days.

What exactly does that do?

[aurik]

You could always just cut the decryption code wholesale from the FFXI executable as well, if you could find it.

That's how the first people reversed the battle.net authentication process for diablo2/warcraft3. In fact, I stepped through the code and reversed engineered the password encryption function myself. Took me about 2-3 days.

What exactly does that do?

You're going to have to rephrase your question, the one you asked made no sense.

[Axil]

You could always just cut the decryption code wholesale from the FFXI executable as well, if you could find it.

That's how the first people reversed the battle.net authentication process for diablo2/warcraft3. In fact, I stepped through the code and reversed engineered the password encryption function myself. Took me about 2-3 days.

What exactly does that do?

You're going to have to rephrase your question, the one you asked made no sense.

What does reverse engineering the authentication process accomplish?

[Shinypantsu]

He's not the first to do it, and the game auto-bans you for sending abnormal packets, have fun with that.

He's still not banned, and neither are the gilsellers that are using it.