PDA

View Full Version : Poll: Is there any interest in a Windows version of ShowEQ?



fee
10-31-2002, 03:28 AM
With the new super creative encryption about to be released live, ShowEQ will once again be crippled. Here is a little poll, I'd like to get a feel for what options you guys would be interested in.

fee

e@tme
10-31-2002, 05:18 AM
I take it that all the work the the uber devs have put into getting new libEQ.a and such is about to be wasted?

Is this a death knoll for the seq we have come to know and love?

Mr. Suspicious
10-31-2002, 05:28 AM
Is this a death knoll for the seq we have come to know and love?

Since there's option:


A small program to pass encryption keys from EQ memory to a linux computer running ShowEQ

I'd say no. But it also means (imo) that having ShowEQ on Windows is a bigger possibility (as that program has to read the key from active memory anyway) and that ShowEQ on Linux won't be as "safe" for switching encryptions as it was before (again, because it has to read the key from memory on the windows PC that runs Everquest)

e@tme
10-31-2002, 05:48 AM
Thanks for that Mr.Suspicious.

I have been thinking tho... Is it a case of they are changing the encryption from the (new) 64bit to some other (new) encryption method?

The reason I ask is that I have been looking at the forums for the last few weeks and not seen anythin about re-designing the encryption method, except the thread where everyone was talking in supposition mode on ecnryption changes.

I hope this makes sense cos im confusticated still

grimjack
10-31-2002, 06:32 AM
Encryption changed with the release of POP. This is why you had to get a new libeq.a.

Correct me if I am wrong but this is what I have gathered.

Now on test they have changed it again (Most likely to go live with todays patch). From what I understand they now compress all spawn pawn packets (I would guess before encrypting them). It sounds like by doing this the current libeq method of decryption is now out of the question.

Thanks
GrimJack

e@tme
10-31-2002, 07:17 AM
yeah I know they changed the encryption already, but havent yet seen any info about the supposed change for today...

That is what I was getting at. I was trying to determine what fee meant by the


With the new super creative encryption about to be released live

comment. for example, does anyone know what this new super creative way is? Now that you have answered with



compress all spawn pawn packets (I would guess before encrypting them).

I am a little clearer.

It will be a shame to backtrack years of seq development to port to winblows, and I for one wouldnt like to see that happen. If the only use i get out of SEQ if a super gps applet, then so be it.

LordCrush
10-31-2002, 07:33 AM
Plz correct me if i am wrong - the way to brute force this would than be the following:

1.) guess key
2.) decrypt with that key
3.) decompress
4.) check if strctures match
5.) Structure ok ?
6.) if yes -> Key found, if no goto 1

Now the libeq.a does not point 3 ...

This is much simplified :) but i hope it is mainly correct ...

e@tme
10-31-2002, 09:17 AM
Some questions that I have are:

Is the key being rotated because the (Uber) developers have managed to crack the encryption so quickly?

Are the changes that have been made today being made because Sony want people to spend a little more time doing things for themselves?

I understand that these boards come under some pressure to get changes in as soon as possible, but is this actually detrimental in anyway?

Or alternatively, are the changes being made a) because they can, and b) they have new toys to play with :p

Vertigo1
10-31-2002, 09:21 AM
The problem with running ANY program on the Everquest PC, is that it is detectable, and that is why we like ShowEQ. Otherwise SoE/Verant would be scanning taskmanager for certian exe's or scanning memory for signatures from said programs...

Mr Guy
10-31-2002, 09:25 AM
Well there is a small difference.

Scanning your task list or any folder outside the folder EQ is installed in is something they can go to jail for. Sometimes annoying legislation like the Patriot Act has it's uses.

It would not be difficult to turn scanning task lists into a major class action lawsuit with possible cyber terrorism implications. It was the threat of such a law suite that made them change EULA wording when they last threatened to check for programs.

Manaweaver
10-31-2002, 09:33 AM
Well all i think i have to say is, "Damn the man." at this point. The amount of people using showeq is so insignificant they really are spending money where they don't have to...I mean 100,000+ people play EQ and only a fraction of them actually use SEQ, and spread across all of the servers I highly doubt the impact is any where near hurting the game. I think the most viable option would be to use the program used to send the key to the SEQ box....would also make SEQ still difficult to use for most people. Assuming the devs want to take the time and energy to do it. GPS is nice, and i can see all of the unkown spawns....which isn't a whole lot of help, but its better than nothing. SOE(no longer Verant) is very much so on my bad side at this moment.

Edited for stupid errors.

S_B_R
10-31-2002, 10:21 AM
I know it's going to sound elitist but I really don't want a windows version available. There are poeple in game that have no respect for others, give them SEQ and they will be 10 times worse.

I vote for passing the key from Windows to the SEQ box.

Vertigo1
10-31-2002, 10:43 AM
but, because they state that using 3rd Part Utilities with Everquest is against then EULA, they can simply BAN you with no explanation. THerefore checking to see if something is running on your computer, would not necessarily be illegal.

futuro
10-31-2002, 11:04 AM
I voted for the Windoze program passing
the key to SEQ on linux, but I have one
concern... Couldn't SOE detect the packet(s)
containing the key? Or would this be illegal,
too?

Seq in "gps" mode is still quite useful,
but I'm spoiled by all the pretty colored
dots on the map screen ;)

nvmy383z28
10-31-2002, 11:04 AM
I am against having a windows version of SEQ. Once you do that - verant will surely find a way to find who is using it, and start MASS BANNING people......

Stick to linux

LordCrush
10-31-2002, 11:14 AM
IMHO the best is to let it as it is - only if that is impossible we should think of a "sniffer" program for windows that sends the key ...

whome
10-31-2002, 11:18 AM
I'm old so forgive me if I'm wrong :) ....but didn't VI do this same thing when Luclin was released? The devs got showeq working and VI immediately changed it to keep it broken. Maybe this is all part of them keeping POP showeq free for the first month or so.... More wishful thinking that anything on my part.

As far as which method I'd want: it scares me to have something running on the windows box for either method. Sending info back to linux seems like the best solution given the options, but I'm concerned about them sniffing the network and seeing the data and banning us all.

Would it be possible to have the windows client transmit the info to linux via a serial connection? That way there would be no question that they scanned the computer to find it.

zfod
10-31-2002, 11:25 AM
Heh,

Well, I guess the passive days for decoding the data are pretty much over. Even if they aren't, it's a pretty weak model to bet the farm on and I'm sort of happy and sad at the same time to see it go.

The solution is to pluck everything out of the EQ Client's memory and pass that data along to SEQ as it exists today, only add a listener, and maybe some shared-key auth between the client box and the seq box, to the SEQ code. In all honesty, would the application even have to stay running as a process after the inital work was done and the data sent to the SEQ 'server'? My guess is, probably not.

Also, I think many of you forget about the days when Verant tried scanning your process memory and hard drives for certain 'things'. They were promptly beat the shit out of by privacy advocates as well as the 'Law' and apologized profusely and vowed never to do such things ever again. This is serious business, as if they did scan your process memory as well as your storage devices they could be sued en masse for essentially 'hacking' ( in the legal sense, not coding ).

I'm definitely not for seeing ShowEQ become a Winblows sort of thing, but I think that if libEQ is done away with and replaced by a Windows binary that gleans what it needs directly from the EQ client memory, that will open up the ShowEQ portion of the application ( basically the bulk of the app ) to run under a variety of Unices. That is if I understand it correctly and the 8086 assembler stuff is no longer valid that exists in libEQ. For other architectures, doing the network byte reordering wouldn't be a difficult issue, and it would be nice to be able to run ShowEQ on big endian systems.

BUT, perhaps there is still a passive solution.. we'll just have to wait and see what the dev team decides to unveil.

zfod

S_B_R
10-31-2002, 11:33 AM
Using a serial connection would work, or have your windows box mount an SMB share on your linux box and right the key to a log file there. Or Vice Versa, have you linux box smbmount a windows file share and read the key out of a log file there.

or have the key-sniffer echo the key to your chat window ingame (macroquest has a /echo command), then have a window in the SEQ gui where you enter the key manually. You'd have to do it everytime you zoned, but SOE couldn't really detect that sort of thing.

Or same idea as above but using EQW just manually read the key from a log file and manually enter the key into SEQ.

kleenburn
10-31-2002, 11:39 AM
fee, mind elaborating on 'super creative encryption'?

devnul
10-31-2002, 11:42 AM
I don't think a windows SEQ is the appropriate escalation at this point.

It seems to me a same box Windows SEQ ultimately could not be defeated, and part of me says 'F'EM!' and I suspect from the fact that Ratt put this as an option he feels the same way, a little annoyed and feeling like it's time to stop being Mr Nice Guy and take off the Kid gloves.

So Ratt, we know you have the big gun, we know you're tempted to use it. But take the high road and play it the right way. Only escalate one step. If they FORCE you to beat them to a bloody pulp then do it, but you have other options at the moment.

I guess that this major effort is because some dummy put their reputation on the line saying they could stop SEQ. I think once you demonstrate, once again, it won't work and they realize, once again, they wasted money trying, all will be well. Hopefully the dummy will not lose his job over it or get demoted, but if he does well thats the price you pay for being stupid.

The beauty of it is they have to pay for their futile attempts to encrypt, but the opposition is smarter than them and works FREE.

Anyone with any sense would have run up the white flag and tried to compromise a long time ago.

dn

showeqsupporter
10-31-2002, 11:43 AM
I do not personaly like the idea of a windows based version of showeq. Mainly because the only reason I started useing Linux was to run showeq. I then became hooked. I have only been running Linux for about 10 weeks now. I was able to to get showeq compiled and running on about the 3rd try. Personaly I do not think it was that hard to get going. So if there are people out there demanding a windows based version because they are intimidated by a unix based operating system they lose out on the privledge of running showeq by default. I do not think the developers of showeq should cater to lazy people that are not willing to test themselves and make it work. A exe file is just to simple. Beside think of the wonderful education these people will get as they learn and exsperience Linux. It has changed my life completely, I am about to enrole myself in a compsci program to learn how to program in a unix based os due to my new found interest. I was a mcse track and Linux and you boys make it look like childs play. I thank you for your efforts to keep this project going and Linux is just way cooler then windows. So keep it on this platform.

Manaweaver
10-31-2002, 11:49 AM
Hmm, don't some parts of SEQ depend on having the key immidiately upon zoning?

zfod
10-31-2002, 11:50 AM
Originally posted by S_B_R
Using a serial connection would work, or have your windows box mount an SMB share on your linux box and right the key to a log file there. Or Vice Versa, have you linux box smbmount a windows file share and read the key out of a log file there.

or have the key-sniffer echo the key to your chat window ingame (macroquest has a /echo command), then have a window in the SEQ gui where you enter the key manually. You'd have to do it everytime you zoned, but SOE couldn't really detect that sort of thing.

Or same idea as above but using EQW just manually read the key from a log file and manually enter the key into SEQ.

LMAO.

Not to be a complete asshole, but you've got to be kidding me. Please tell me what you buy by doing it this confounded way precisely that is subverting anything at all?

Let me get this straight, first you suggest using a serial cable instead of essentially passing the key to a listener over the network. Hmm, not seeing much of a difference in subversion here, being that Verant's code has access to whatever it wants since it is running on your machine ( network, serial, drives ( including SMB mounts potentially ).

Then you say you can save the information that SEQ needs for decoding to a file, which lives on an SMB mount that the SEQ-box is sharing to the box that is running your EQ client. The only thing I see here is more configuration on the Linux side of things for exporting something via SMB as well as turning the potential 'listener' into just some file I/O routines in the SEQ code. I don't know, I guess I just don't see the real benefit here either really, from a subversion standpoint especially.

All bets are essentially off when you're talking about 'subverting' things from being seen on the EQ client box itself. So where no real benefit is gained, you might as well take convenience where you can get it. It's all relative to the user I suppose, but I'd find it more convenient to just send the data SEQ needs directly from the client box over the network than to really gain nothing by trying to mask this process.


zfod

S_B_R
10-31-2002, 11:50 AM
Originally posted by Manaweaver
Hmm, don't some parts of SEQ depend on having the key immidiately upon zoning?
Nope

Manaweaver
10-31-2002, 11:59 AM
"Let me get this straight, first you suggest using a serial cable instead of essentially passing the key to a listener over the network. Hmm, not seeing much of a difference in subversion here, being that Verant's code has access to whatever it wants since it is running on your machine ( network, serial, drives ( including SMB mounts potentially ). "


Well, while SOE(not verant) has access to your system, them scanning your serial ports is really suspicious. Them scanning your network traffic could be passed off in some legal BS that I'm sure they could pull off. Scanning your serial ports however is a good idea. Its just another layer of prevention in case SOE decides to violate the law in scanning our systems.

S_B_R
10-31-2002, 12:04 PM
Originally posted by zfod


LMAO.

Not to be a complete asshole, but you've got to be kidding me. Please tell me what you buy by doing it this confounded way precisely that is subverting anything at all?

Let me get this straight, first you suggest using a serial cable instead of essentially passing the key to a listener over the network. Hmm, not seeing much of a difference in subversion here, being that Verant's code has access to whatever it wants since it is running on your machine ( network, serial, drives ( including SMB mounts potentially ).

Then you say you can save the information that SEQ needs for decoding to a file, which lives on an SMB mount that the SEQ-box is sharing to the box that is running your EQ client. The only thing I see here is more configuration on the Linux side of things for exporting something via SMB as well as turning the potential 'listener' into just some file I/O routines in the SEQ code. I don't know, I guess I just don't see the real benefit here either really, from a subversion standpoint especially.

All bets are essentially off when you're talking about 'subverting' things from being seen on the EQ client box itself. So where no real benefit is gained, you might as well take convenience where you can get it. It's all relative to the user I suppose, but I'd find it more convenient to just send the data SEQ needs directly from the client box over the network than to really gain nothing by trying to mask this process.


zfod

The serial method was suggested by someone else, I was just saying you could do that.

As for the SMB method, people were concerned about them seeing the transmition of the data to SEQ. with an SMB mount there would be no way for them to tell what is being transfered without actually reading the data, which is no different then reading data off your harddrive.

The manual methods were more of just a worst case type thing.

I totally agree that just transfering the key directly to the SEQ box over the network would be best, I was more just describing other possiblities, sorta like a thought exeriment. :D

zfod
10-31-2002, 12:12 PM
Originally posted by Manaweaver
"Let me get this straight, first you suggest using a serial cable instead of essentially passing the key to a listener over the network. Hmm, not seeing much of a difference in subversion here, being that Verant's code has access to whatever it wants since it is running on your machine ( network, serial, drives ( including SMB mounts potentially ). "


Well, while SOE(not verant) has access to your system, them scanning your serial ports is really suspicious. Them scanning your network traffic could be passed off in some legal BS that I'm sure they could pull off. Scanning your serial ports however is a good idea. Its just another layer of prevention in case SOE decides to violate the law in scanning our systems.


Hmm. I bet you live in Hawaii and were wearing full kevlar to the gas station for the last month, weren't you?

This seems to all be pointing back towards 'assumptions'. The 'assumption' that SEQ was hard to get running in the first place. Christ take a look at the 'it changed my life' poster who only ran Linux to get SEQ working in the first place, it's really a tribute to the fact that anyone can run SEQ. This argument was played out many times on the forum, and it always came back to 'assumptions' and security through obscurity. The 'assumption' that somehow, with complete access to your system, that scanning serial devices is any harder than reading data being passed over the network.

I think the fact that SEQ has been broken a few times in the last few patches in different ways than the 'norm' indicates that people have wasted time on these 'assumptions', and they aren't really valid.

Now the question is, how do you proceed?

On another note, I do think it's rather funny that someone is 'threatening' to release a Windows version of SEQ, and the fact that they may charge for it makes for even more laughter. What maybe even more funny is how many of you would actually pay for it, like many people who paid for things like Xylobot, etc.


Hmm.


zfod

bonkersbobcat
10-31-2002, 12:17 PM
I don't think the critical issue is Linux vs Windows. I think the critical issue is that SEQ has the ability to run on a different box then EQ is running.

Because: 1) It will be harder to detect, and 2) Much easier to use if the SEQ info is on a different tube. -- Won't force me to deal with EQW or multiple monitors on one PC.

It is sounding like there will need to be a memory leach program installed on the EQ box. This program has to have the absolute minimum amount of code and functionality to avoid detection. It should probably have no UI or anything absolutly not necessary. Maybe a driver? Each user of the leach will probably have to customize it so that it has it's own memory signature. Perhaps the leach needs to be distributed uncustomized, and unworking until customized to prevent a common signature that SOE could use to find.

Catt
10-31-2002, 12:19 PM
A small program running on the windows PC will have similar problems to all the "hack" type prgrams out there, they need OFFSETS everytime the exe is changed, to be able to find the memory info desired.

SEQ as it has been, doesn't need offsets, it relies on network communication, it only breaks when they add/change the network comm. not everytime they try to fix some stupid bug (and add 6 more) or purposefully to break SEQ.

I think we should stay with the current configuration.

Mongo222
10-31-2002, 12:21 PM
I want this first......."Wish the encryption were not changed so option 1 never sees the light of day "

but if i can't have that I want.......

"A small program to pass encryption keys from EQ memory to a linux computer running ShowEQ 52 53.61% "

Fatal
10-31-2002, 12:24 PM
Was that a threat? Surely wasn't a threat by me as i don't have a working version of WinSEQ. Of course, we don;t have a working version of SEQ for linux either, but that's not the point.

If that was a threat then I guess this whole poll was really just a threat to SOE to say, "HEY! Stop fucking with encryption or we're going to release a windows version!".

I don't think they care what version of OS it is running on and they said exactly that last night. So the argument of "if we keep it on linux they won't care" is no longer a valid argument.

The statement that the only thing keeping SEQ off of windows is a valid decryption method is no longer valid when the key is being grabbed from memory.

The source for the rest of SEQ is available and able to be ported.

None of these are threats. They are facts. And if you think it isn't a fact that a version of SEQ for windows doesn't already exist, you are mistaken.

whome
10-31-2002, 12:26 PM
Originally posted by zfod

Let me get this straight, first you suggest using a serial cable instead of essentially passing the key to a listener over the network. Hmm, not seeing much of a difference in subversion here, being that Verant's code has access to whatever it wants since it is running on your machine ( network, serial, drives ( including SMB mounts potentially ).
zfod

I brought up the serial communication so I will respond to your flame. Of course we all know that they CAN scan anything on your computer so it wouldn't matter how the info was passed back to Linux. The difference is a legal issue. Scanning the network is a gray area that they could pass it off as debugging communications between their client and their servers (judges aren't technical). Scanning serial communications on your computer is a COMPLETELY different can of worms. They don't use the serial port and have no reason to scan it.

It was just an idea that I liked a lot better than sending the info to an open port on the Linux server.

zfod
10-31-2002, 12:27 PM
Originally posted by bonkersbobcat
I don't think the critical issue is Linux vs Windows. I think the critical issue is that SEQ has the ability to run on a different box then EQ is running.

Because: 1) It will be harder to detect, and 2) Much easier to use if the SEQ info is on a different tube. -- Won't force me to deal with EQW or multiple monitors on one PC.

It is sounding like there will need to be a memory leach program installed on the EQ box. This program has to have the absolute minimum amount of code and functionality to avoid detection. It should probably have no UI or anything absolutly not necessary. Maybe a driver? Each user of the leach will probably have to customize it so that it has it's own memory signature. Perhaps the leach needs to be distributed uncustomized, and unworking until customized to prevent a common signature that SOE could use to find.

Finally, someone who is making some sense here. Bravo, I couldn't agree more really.

If there is a way to live with libEQ, then great. If not, I would be a proponent of something that extracts the necessary data as minimalistically as possible from the EQ Client box and gets that data to SEQ.

This keeps the current SEQ code useful, the interface is the same and it keeps it on another 'tube', as you say.. which is extremely important since nobody wants to ALT-TAB for navigation ( MQ gets away with this because it is all implemented through / commands that you can use without ALT-TAB'ing obviously... but SEQ wouldn't be functional in most capacities in that regard ).

Regarding the memory signature, I guess that depends on 'when' and 'how' Verant would be potentially looking for such footprints. It is potentially possible that the memory extraction/relay tool could be started after the 'assumed' detection phase and exit immediately after sending the data.


zfod

zfod
10-31-2002, 12:32 PM
Originally posted by whome


I brought up the serial communication so I will respond to your flame. Of course we all know that they CAN scan anything on your computer so it wouldn't matter how the info was passed back to Linux. The difference is a legal issue. Scanning the network is a gray area that they could pass it off as debugging communications between their client and their servers (judges aren't technical). Scanning serial communications on your computer is a COMPLETELY different can of worms. They don't use the serial port and have no reason to scan it.

It was just an idea that I liked a lot better than sending the info to an open port on the Linux server.

Ok, so you're assuming that whatever data they could grab off the network, from potentially sending the necessary client data to the SEQ 'server', would be recognizable and would be able to be acted upon.

I think I brought up before that you could use shared-key auth between your EQ client box and the SEQ 'server' that would potentially thwart Verant from gleaning necessary data to take action upon if they were to take advantage of a legal 'grey area'. Of course, the shared key would be stored on disk.. so they could just scan for that file, etc and get the key.... SO ON AND SO FORTH INTO AN OBLIVION.

I think a minimalistic extraction program that sends the data to the SEQ 'server' that is authenticated with shared keys that are stored on disk, which Verant would have to scan for which is not 'gray'.. it's ILLEGAL is about as far as I'd go to protect this process from intelligable detection.

Serial communication is unfun in many ways, and I just don't see it being advantageous in any way, really.


zfod

bonkersbobcat
10-31-2002, 12:35 PM
[...] It is potentially possible that the memory extraction/relay tool could be started after the 'assumed' detection phase and exit immediately after sending the data.I think the keys are generated upon each zone, so the extraction tool would need to be run after each zone (probably meaning that it runs all the time.)

Graffix
10-31-2002, 12:42 PM
Yes, agree it sucks that after all the work put in by so many it gets fubar'd again. I am totally against porting to win32! EQ has enough annoying people without letting the masses run seq on their desktop. It seems we have formed a small community that use seq, but we neve abuse it. We spend time learning about the code, and although we come no where close to the time spent by our group of great developers we do still invest personal time.

If we port to windoze everyone and their 3rd cousin will be on there camping the AC, or farming somthing or another. EQ will in general loose its fun.

I am not saying this to protect our "camping" zones, but because most people I know with seq dont even use it for that reason.

Please let me know if there is anything I can do to help with any linux solution that comes up.

And thanks again to all those people and developers who came up with a solution in a mere 10 days! You guys rock.

Just my $.02
-graffix

Fatal
10-31-2002, 12:47 PM
Actually,
You can use commonly used log montior programs to look for "You have entered %zonename" and fireoff the tool each time you zone and report the key.

You can set it to grab the key at certain time after each zone. Random, 5 seconds to a minute, whatever. This, to me, would be more obvious to me though if I was watching for a program scanning memory.

-
Player ID#1914 has entered zone.

Player ID#1914 connection log shows that app "bitemeVI" just scanned active memory.
-

After seeing that enough times, it would bec ome obvious, at least to me.

Mongo222
10-31-2002, 12:49 PM
Anyone know of a realitivy inexpensive pci hardware debugger card?

If we could just pull the key out of memory, without useing a client snooper, then the ssafety issue goes way.

If we can come up with a simple enough solution, we can biuld the cards at home.

krisp
10-31-2002, 12:54 PM
Looks like verant is going to nerf seq regardless if there is a windows version or not. However, I still think that having it limited to the linux audience is the best thing for ShowEQ.

Something that passes the key from windows to linux seems to make showeq less passive then was originally intended. However, if it is the only way to decrypt the data, it may be worth it.

A windows version of showeq would keep verant on us like they used to be when it was lin/win. If we limit the audience they may decide it isnt worth the effort to foil our attempts at decoding the spawn information.

my 2cp

zfod
10-31-2002, 01:01 PM
Originally posted by Mongo222
Anyone know of a realitivy inexpensive pci hardware debugger card?

If we could just pull the key out of memory, without useing a client snooper, then the ssafety issue goes way.

If we can come up with a simple enough solution, we can biuld the cards at home.

::: Puts on the kevlar suit :::

Will this piece of hardware also decode all my satellite pr0n channels too?

LMAO.. you ever see the pop-up menu in EQ that says 'Your Video Card/Primary Display Device'? That would be hardware they are detecting there. Ok, they are probably doing this via DirectX libs.. but so? What is so stealthy and sexy about your proposed card? Wait, don't even answer that question.

Crazy.


zfod

lostinspace
10-31-2002, 01:29 PM
Small sniffer program should be better option at this moment:
- it is easier to make, then porting whole SEQ
- it is far easier to make hard to detect
- it leave another level of 'escalation' possible for later ( if you believe that SOE care if SEQ will end up on Win )

Some suggestion how to make sniffer program hard to detect:
- dont make fixed program, make sniffer source code generator
- generator can randomly insert meaningless code inside sniffer source, and rearrange functional code too
- also generator can randomly generate symetric key to be used to encrypt data in packet sent to Linux SEQ, and include it in sniffer source, as well as display it to be used as parameter in SEQ. That will ensure that SOE can not decrypt packets even if it read them
- such generated source can be compiled by user (some free or popular comercial compiler) and given random name
- additionally result of compilation does not have to be EXE, can be some system driver if such is harder to detect

All this will ensure that such sniffer program would be very hard to detect. While nothing is impossible (as we witness with SEQ so far :) it will be next to impossible for SOE to detect - remember that SOE wont have one product to try to detect, since every sniffer will be different.

S_B_R
10-31-2002, 01:39 PM
It may not be neccesary to hide the sniffer at all. As people have said before, SOE tried scanning processes and data once before and they didn't like the Legal repercussions that resulted.

BlueAdept
10-31-2002, 01:43 PM
Originally posted by zfod



Hmm. I bet you live in Hawaii and were wearing full kevlar to the gas station for the last month, weren't you?

This seems to all be pointing back towards 'assumptions'. The 'assumption' that SEQ was hard to get running in the first place. Christ take a look at the 'it changed my life' poster who only ran Linux to get SEQ working in the first place, it's really a tribute to the fact that anyone can run SEQ. This argument was played out many times on the forum, and it always came back to 'assumptions' and security through obscurity. The 'assumption' that somehow, with complete access to your system, that scanning serial devices is any harder than reading data being passed over the network.

I think the fact that SEQ has been broken a few times in the last few patches in different ways than the 'norm' indicates that people have wasted time on these 'assumptions', and they aren't really valid.

Now the question is, how do you proceed?

On another note, I do think it's rather funny that someone is 'threatening' to release a Windows version of SEQ, and the fact that they may charge for it makes for even more laughter. What maybe even more funny is how many of you would actually pay for it, like many people who paid for things like Xylobot, etc.


Hmm.


zfod

I dont think so. The number of SEQ users has grown quite a bit as it has gotten easier and easier. Hell...RH8 can be done right out of the box. There have been people who have posted that they have NO experience with linux and gotten SEQ installed with no problems and they dont even know how to edit a file in linux.

Someone at Sony may have changed their mind...who knows. I am pretty sure that the reason why in the past it has been left alone was that the number of SEQ users wasnt that many and that it was difficult to install/setup. They just may have felt that it had gotten to the point where it was too prevalent. It is pretty bad when almost weekly there is an SEQ machine on playerauctions.

Back on HQ message boards, I forget if it was Brad or someone else from VI, had posted that a WinSEQ version would not be tolerated because of the number of people it would attract.

No one here ever said that VI/Sony would never break SEQ. Based on VI's stance, people just didnt want to attract undue attention to the program by making it too easy.

dum1
10-31-2002, 01:48 PM
I voted for "wish the encrytion would not change"

but I like the idea of a generated sniffer program.

and was thinking about all the people who would not generate their own and maybe get caught because of it :)

this could kinda be like the bar to using SEQ that using linux is now maybe, don't know, depending on how hard it is to generate.

but I have a thought, what if a whole lot of people did start using SEQ because it was windows based, what is SOE going to do? ban everybody? I mean they can only ban so many people right?

I say do whatever you have to do to keep it working. I have used and watched SEQ development from the beginning, I enjoy the drama
;)

and appreciate all the hard work

dum1

Mongo222
10-31-2002, 01:59 PM
[
LMAO.. you ever see the pop-up menu in EQ that says 'Your Video Card/Primary Display Device'? That would be hardware they are detecting there. Ok, they are probably doing this via DirectX libs.. but so? What is so stealthy and sexy about your proposed card? Wait, don't even answer that question.

Crazy.


zfod [/B][/QUOTE]

You've obivously never used a hardware debugger. It's not possible for software to detect the existance of such a device. This is not your mothers video card here boy. Get a clue.

Spot
10-31-2002, 02:07 PM
I think you guys are missing the big picture here. They only thing stopping a windows version from being used right now is the key encryption. If a windows binary is created to pull the key out of memory and send it to a computer, it can be either a windows computer or a linux computer. Somebody will port a version of SEQ to windows regardless. Don’t get me wrong, I would rather choose option 3, but as far as I can tell we are screwed either way. We might as well have a Windows version created by the current SEQ staff. I’m sad it has come to this, but this is why Fee put the poll up.



-Edit to change ratt to fee as S_B_R
pointed out, Sorry forgot who started it after reading all the comments.

S_B_R
10-31-2002, 02:12 PM
Point of fact, not a flame in anyway, but Fee started the poll. ;)

zfod
10-31-2002, 02:28 PM
You've obivously never used a hardware debugger. It's not possible for software to detect the existance of such a device. This is not your mothers video card here boy. Get a clue. [/B]


You're right, obviously I have never used a hardware debugger. It is so obvious that the solution is to break out the soldering iron and get to crack-a-lackin on an indestructable, undetectable passive hardware device that we can all 'build in our homes'. The choice is so obvious, why didn't I think of it? God damn, you sunk my battleship!

Since I'm trying to get a clue here, how were you sending the data extracted by your 'ultra-convenient passive hardware debugger' to the SEQ side of things exactly? Mental telepathy? An equally 'convenient' out-of-band medium?

We aren't building blackbox drivers for pieces of hardware here.

This is the most ridiculous suggestion I've seen all day. Congrats.


zfod

Hobo
10-31-2002, 02:31 PM
Two things. First, whatever form SEQ takes on it should be on a second box. Period. Much easier than having to alt-tab back and forth and mess with EQW in order to make it work.

Second, it sounds like a Winseq is what will be easiest for the developers to do. So why fight it? Let's not kid ourselves, BlueAdept is right on the money when he says SEQ is being used by more and more people now. Hell SEQ is damn near mainstream in the EQ community these days.

When I joined a new guild a few months back there was only me and one close friend that used seq (that I knew of). Then one day someone posted a question about it in the forums and come to find out there are at least 10 seq users in our guild. And we only have about 50 members! So if that is a good sample then roughly 20% of all EQ players are using SEQ. That's a significant number as it means that in the typical group at least one person has SEQ up and running.


Hobo

RavenCT
10-31-2002, 02:38 PM
I'm not a developer, so don't shoot me, but couldn't some persone use the debugging tools in the Developer studio to monitor memory (as well as other resources)? In this case, could there possibly be a ligitimate reason (if your a developer) for having something like this running on your machine?

Take it one step further, could this debug-monitoring tool pass data to a Linux/Windoze client? Maybe say have SEQ run on a seperate Windoze box?

Again, like I said, I'm not a developer, but this would just be another one of those brain storm/trickle ideas...

This way there still wouldn't be a "ShowEQ" running on the client and the piece that's pulling the info out of RAM is just another "normal" development tool (or one masquerading as one?)?

zfod
10-31-2002, 02:39 PM
Originally posted by Hobo
Two things. First, whatever form SEQ takes on it should be on a second box. Period. Much easier than having to alt-tab back and forth and mess with EQW in order to make it work.

Second, it sounds like a Winseq is what will be easiest for the developers to do. So why fight it? Let's not kid ourselves, BlueAdept is right on the money when he says SEQ is being used by more and more people now. Hell SEQ is damn near mainstream in the EQ community these days.

When I joined a new guild a few months back there was only me and one close friend that used seq (that I knew of). Then one day someone posted a question about it in the forums and come to find out there are at least 10 seq users in our guild. And we only have about 50 members! So if that is a good sample then roughly 20% of all EQ players are using SEQ. That's a significant number as it means that in the typical group at least one person has SEQ up and running.


Hobo


To be perfectly honest, none of the changes they made with the patch dictates that libEQ is completely obsolete now. They have made changes in regards to compression and, someone please correct me if I'm wrong, to another extent there isn't any hard data that everything is changing in such a way that negates passive decoding via libEQ as a viable solution.

All this talk about data extraction from the client and yadda yadda should probably be held off until someone like Ratt makes a definitive post on the matter.



zfod

fryfrog
10-31-2002, 03:00 PM
i'm not sure if you realize it, but fee is a developer too. i'm not sure exactly who has been responsible for the last couple of libeq.a files (and encryption decrypting...?) but i don't think it was primarily ratt. of course, my memory sucks and i also don't know everything...

i'm just saying, usually its the seq community arguing about the new encryption with narry a post from a dev. this time its a dev starting a doom and gloom thread... what does that say?

Mr Guy
10-31-2002, 03:10 PM
It says SOE never learned anything from WWII.


MAD only works if both sides have the equal power to destroy each other, or in this case, each other's product.

The problem here, is ShowEQ will always work. They can break it for a short time but there is always one more level to go to. We never wanted to go there (indeed, most of us on our own wouldn't be able to get there) because we actually LIKE the game. In an odd way, many ShowEQ users should be considered SOE's best customers. With the small issue of ShowEQ aside, most of us have multiple accounts, most of us have had them for years, and most of us want to keep them. We WANT to prevent rapant cheating; We WANT to prevent exploits. We want this because we enjoy the game.

However, most of us only enjoy the game in the context of ShowEQ. Without it, most of us don't see the point in playing. The risk of dying because you screwed up is fun. The risk of dying because of bad pathing isn't fun. With ShowEQ you can focus on the first, and RARELY experience the second.

We haven't wanted ShowEQ for Windows as a failsafe: It protects the game we like from at least a large portion of the idiots. SOE has gotten complacent in that we try to AVOID sniffing memory. Once we go to sniffing memory, it can never be broken again for more than a couple days. Once we go to it though, and it leaks, there will be no stopping the derivatives. This encryption change may turn EQ into Ultima Online. They aren't stopping to think that they can't beat ShowEQ, or they don't to admit it. However, making ShowEQ easy to the masses can destroy EQ.

In another thread, I joked about releasing a windows version with EQW. Think how bad that would suck though, if everyone with eqw started using ShowEQ as well.

It's sad, really. I had really hoped EQ would be fun for a couple more years.

Ratt
10-31-2002, 03:19 PM
I'm making a definitive post on the matter... Whoeve the brainiac at Verant was that said "Hey, what a good idea, lets make it so SEQ has to use the EQ machine to get the key!" was just signed their own termination papers... or if that persons boss is smart, that's what would happen.

The fact is, with the lid blown off of the Linux version, forcing us to use a leech on the Windows machine, there is absolutely, positively no reason not to have a WinSEQ... and it is now inevitable anyway. If we don't do it, someone else will... because the port really is trivial.

The social contract that we've enjoyed for so long has been broken by some idiot brain (hows that for an oxymoron?) and the corporate suit who agreed with it (who obviously had absolutely no concept of the implications of his or her actions)... and since it's been broken... as I say on the main page... Cry 'Havoc,' and let slip the dogs of war!

I hope Verant is prepared to ban $100,000's in revenue... because the download staticsics on the new libEQ.a were startling, even to me. I had no idea so many *UNIQUE* people were using libEQ.a.

In one way, it's sad... it's the end of an era. In another way, it's funny... the absolute hell and damnation they have just brought down upon themselves is staggering. Prepare for an onslaught of thounds upon thousands of users using SEQ ... prepare for mass bannings. Prepare for chaos and stupdity... but in the end, SEQ will still exist and Verant will be out HUGE monetary sums from the bannings.

Welcome to your own little corner of Hell, SOE... you have no one to blame but yourselves for this. I hope the millions of dollars per year of lost revenue will make up for banning the *mostly* responsible SEQ users out there.

SOE can't stop SEQ... that's what at the root of the humor. It will always be there, in one form or another. They had a nice little deal going here, keep it contained and as responsible as reasonably possibe, for ZERO development and operational costs. Now, not only are they going to have to expend resources to find and detect SEQ users, but they will ALSO lose revenue with the banned accounts. This is a NO WIN situation for Verant. There is no possible financial benefit to this move, ALL POSSIBLE outcomes are detrimental to the profitablity of EQ as a commercial entity.

Instead, they've chosen the path of chaos, and not even Sony can tame chaos in any meaningful and lasting way. So let them reap the chaos whirlwind they have sown. I will not hold it in check any longer. Let the Windows versions flow! Let the commercial products SELL. LET THEM RUIN THEIR OWN GAME with the thoundsands of moronic idiots using SEQ.

The bar has been broken, there will be NO barrier to entry now, and there WILL be a bannings aplenty, make no mistake. I expects hundreds, if not THOUSANDS of bannings. I expect utter horror and chaos, ridiculous actions by SOE and othe opposition. But in the end, this will only harm us, the players, because the game will be ruined in new and imaginitive ways... because Verant can't stop them all... and they will keep coming, and coming... and coming. But by harming us, they harm themselves, because they slowly erode their player base.

I wish good luck to the Verant programmers, because I know their life just turned into a living hell... most just don't know it yet.

I liken the new order to Echo Star hacking. The smartcards DTV and Echostar use for encryption are INFINITELY more secure than the joke crap that Verant could use (because the smart cards are ASICs designed SPECIFICALLY AND SOLEY TO do FAST, SECURE decryption)... but Dish and DTV can't stop the signal theft? Why? Because you CAN'T STOP the dedicated hordes of people that work for free. You CAN'T thrown enough money at a problem to overcome thoundands of people, working together and seperately for a common goal... all for free.

If Huges Networks, and Echostar can't defeat the problem with sophisticated smart cards and tens of millions of dollars spent per year to prevent people from intercepting HEAVILY encrypted signals, do you think the piddly little budget of EQ can even get close? Haha, not a chance.

Anyway... it was a good show the whole time and very enjoyable. I'm sad that it has come to this. The rushing flood waters are already speeding towards the little EQ village... what will remain standing after the wave crashes over the town limits is anyones guess. I feel I played fair and did my part in the whole EQ deal and there was nothing more I could have done, so I am comfortable. Now it's SOE's job to pick up the pieces in the aftermath. I don't envy anyone that job, and I feel bad for some of you that are going to get washed away (banned) by the flood. The only advice I can offer you is DON'T BE STUPID. Think about what you are doing before you do it. If you don't feel comfortable with your conclusions, ASK... and then weigh the risks. I also suggest you pick up a good C++ or VB book and figure out how to write your own key sniffer.

Now, if you'll excuse me, I have a war to fight. Oh wait... no I don't... I can just let the waves of inevitibility wash over our opponents and crush them far quicker and easier than I could ever manage with my meager resources. Cry 'Havoc,' and let slip the dogs of war indeed...

gore
10-31-2002, 03:34 PM
My god... now this is going to be interesting :>

I enjoyed using SEQ, but porting it to Windows means that it can - and will - be detected and banned, so I have no plans to use this version once released.

Ratt - is there any plan to maintain the Linux version of the project with broken decode? Its utility is certainly not as great, but it is at least undedectable and is still better than nothing.

-gore

Fatal
10-31-2002, 03:38 PM
Ratt,

I knew this was coming, it was the only obvious thing left. With that said, what is the path of this project? Is it switching to a window based project? Continuing as a *nix based project?

Will a seperate project be created to focus on the WinSeq?





-
One is left with the horrible feeling now that war settles nothing; that to win a war is as disastrous as to lose one.
Agatha Christie (1890 - 1976)


You can no more win a war than you can win an earthquake.
Jeannette Rankin (1880 - 1973)
-

Poser
10-31-2002, 03:42 PM
I understand that SOE has implemented new encyption. I've noticed that several posts mention that SOE said they were going to and that they made a statement last night that said they didn't care what os seq was on. Can someone post the link to this discussion that SOE was involved in. Or a link to their statement. I have looked for and been unable to find it. I like to completely research a topic before I speak. ;)

Fatal
10-31-2002, 03:44 PM
Only if someone logged IRC.

bonkersbobcat
10-31-2002, 03:45 PM
I am not a dev, but here is my take on the situation…

The bottom line is that if SOE decides they want communication to be network-secure between the servers and the EQ clients they can make it so. Period. Saying otherwise would be to say that SSL and every other secure protocol on the Internet is not a valid form of security. By "network-secure" I mean protected from monitoring the network (network sniffing.)

If SOE decides to make their data stream network-secure, then SEQ in its current architecture (a packet sniffer) will no longer be viable.

For performance reasons, SOE is limited in the level of encryption they can use. However performance limitations would not prevent SOE from using a level of encryption that we cannot brute force.

What SOE cannot do is secure the end point of the communication. The EQ client has to run on our computers and we have full physical access to our computers. Full access gives us access to physical memory and thus the information need to decrypt the EQ communication.

This approach, however, will require some code to run on the same machine as the EQ client. This will be a significant change in the architecture of SEQ. It also opens up risk for detection by SOE.

The downside of the memory sniffing architecture is that the thing we are trying to find (the decryption key) will be in a different memory location with each compile (patch) of EQ. This means that every time EQ is patched, we will have to update the memory sniffer program.

Since fee posted the poll asking about new SEQ architectures, I am assuming that he and the other developers have determined or are at least worried that SOE has decided to use true secure network communications.

Given this a new architecture would be in order, and that this new architecture would require some code to run on the EQ client, the question is should all of the code run on the EQ client?

My answer to this is no. Some of the reasons why have already been stated but in review:[list=1] A small memory leach written as a driver (or some other low level OS construct) will be the most difficult to detect.
Since stealth may require each person to have a custom version of the leach, the smaller it is, the easier it will be for each user to customize.
The SEQ GUI is already written and works well. I don't see a reason to port it to Windows. (Yeah QT is supposed to be platform neutral, but it will still require porting work.)
Users will want to have the SEQ display on a different monitor[/list=1]

Spot
10-31-2002, 03:51 PM
Ratt,

If you guys do go ahead with a windows version, I would publicize the project on every EQ web page, message board, and Gammer News site possible. Get as many people to use Winseq as possible. There is no way they would ban everybody that would start using this easy to use version. I would bet there loss in revenue could be shot up into the Million dollar range. If you guys make this so easy to use and keep it working, it might force them to go back to the old key encryption? Who knows, Im just sad it has come to this.

dum1
10-31-2002, 03:57 PM
ok, question

with todays cvs we can input the decode key manually

so, if you use a windows machine on the network(not the client box) to scan for the key in memory on the client box, is that detectable?

dum1

bonkersbobcat
10-31-2002, 04:11 PM
so, if you use a windows machine on the network(not the client box) to scan for the key in memory on the client box, is that detectable?You can't get to the memory on the client box from another machine, unless you have an agent or some other software running on the client box. (Memory is not directly available from the network.)

Hedge
10-31-2002, 04:15 PM
This makes no sense to me from a SOE standpoint. If they shut down the Linuz version there will eventually be a Windows version. You can expect A LOT more people to use the windows version than are currently using the Linux version. So why on earth would they do it if for no other reason than to ban peoples accounts? If they do that it's like Ratt said they lose money. I would not rerole a new character on a new account I would just move to a different non-SOE game.

If we can still keep it Linux then lets do. If not then I agree with Ratt screw SOE lets do a full port to windows and make it as undetectable as we can.

Nano
10-31-2002, 04:19 PM
I am surprized SEQ has lasted as long as it has.

I am wondering though, if VI feels threatened enough by this, might they just decide to spend the resources into converting the EQ server-client communication system into something of a 'bubble' system that other online MUDs use?

While SEQ would still be able to theoretically decode mobs that enter within the players 'bubble' range, doing this would still dramtically cut down on the field of view SEQ has within a zone.

As a matter of fact if VI did manage to move EQ to a bubble system, it would help players on poor internet connections since the server would theortically not even be sending data reguarding spawns or players outside of the bubble.

Yes, VI would have to revamp the 'tracking' game skill to accomidate it, but like I said, if they felt threatened enough by this, they may decide to spend the recources into developing such a system.

Blaze
10-31-2002, 04:22 PM
well, SOE may be smarter then they look.

People are not going to want to move on to SWG or EQ2 if eq is fine, and they are really far along.

Now if something came along, that made you question all the other players in the game 'Did he just have lucky timing, or is he cheating' people will love to move to a new game as long as SOE tried to push the fact that they are working alot harder on the encryption.

SeqTester
10-31-2002, 04:25 PM
/cheer Ratt

I love reading your posts. Also on the Dave (DTV/Hues) issues they spen XXMillion on designing a new card that was unhackable, Well as I am sure Ratt and a few others know, the P4(New "Secure" smart card) has already been hacked by the Det/Windsor team(/cheer Dex and his Crew).

So even the MOST secure things are not secure.

PS: I dont even play anymore bu Girlfried is still Addict so I keep up on this. I told her No Decode, just GPS. But I am sure there will be a fix, like all unhackable things.

PSS: Nothing is 100% secure even condoms say they are ony 99.9% effective.

quackrabbit
10-31-2002, 04:31 PM
In case you don't know, Patrick is the coder from SoE responsible for today's fiasco. Here's his comments on today's changes:

<somenick> Patrick, what was the real intention of changing the encryption a tad?
<Patrick> um
<Patrick> to break showeq
<Patrick> why else?

There ya have it.

zfod
10-31-2002, 04:38 PM
Welp,

There we have it.

Now I'm just chillin, waiting for the code to be set completely free.

Let me know when all the hand-waving and doomsday predicting subsides.


zfod

Fatal
10-31-2002, 04:39 PM
The thing that gets me is them basically throwing down the gauntlet. It's very comparable to what Dave (dtv) did.

Everyone was fine running 3m's on the hcard and minding their own business watching their free movies. The HU card was out but folks were not really too interested in messing with it. Let me rephrase, they weren't 'dedicated' to cracking the 'uncrackable' card. Then Dave made a mistake. He put out the ECM that over wrote the first bytes of the card that said GAME OVER. He threw down a gauntlet and said "Let's play".

And the community got riled. Sure, it was mass mayhem for a couple weeks. Then they started glitching the cards past the bad spot. They put more effort in to hacking the HU (p3) and they then cracked the p4. Dave spends millions of dollars trying to stop a relatively few folks from hacking a card, meanwhile making it worldwide knowledge that these cards were in fact crackable.

They spent millions of dollars to make sure everyone knew there were folks out there watching their DTV for free. The problem is bigger than ever.. and now its no longer just a hobby.. it's a game.

SOE is doing the same thing. You have a group of folks who like to play the game using SEQ. Now by targetting them, they are going to feed a fire that is going to burn their house down.

Soe should give Dave a call and ask if they would do things differently.

Opps, gotta go watch DTV.

Spook
10-31-2002, 04:42 PM
Ratt,

Thanks for the post declaring your thoughts. I completely agree. What you said abouit porting to be trivial is completely true. I have been using SEQ with a few mods to transmit decoded information along my local net as a server to a VB.Net client with a similar interface. Why ? I detest QT ;) I have developed the 3D mapping on Win32 and port to Linux after dev'in on Win32. The only thing holding back the floodwaters is the methods to implement the decoding as you well know. What's held me back from releasing my SEQ frontend ? The same reasons as always and the respect to keep to them.

The power of the SEQ project remains in yours and the other core devs hads by virtue of the decoding techniques. It will still take talent/time to work out a memory sifter. I ported Anarchy Online's famous ClickSaver to VB.Net with my own modifications so I know this is not too difficult, just time consuming.

I'd like to see the SEQ project turned into a black box, a Linux black box. Where, the decoding is still kept relatively secret and a small API used to stream information to whatever client (OS independant) that wants it.

You're right, SOE is crowding the SEQ community into a tighter corner. They want the utility and they will have it regardless just as in your fine example about the sat hacks. Well, fine, if this is the case, lets make it easier on ourselves by controlling how the wave will be ridden. Meaning, control how decryption will be done. I'm pretty sure it exists already, but memory sifting is not in the forefront as the popular method or it would have been widely known due to people not wanting to screw with setting up Linux. That part makes me think the SEQ core community can still work with the latest SOE stupidity.

I'm not releasing anything to anyone (aside from 3D map work for Linux SEQ) without consultation with you as I consider you to be the one holding the reins on the project. I wish I had de-crypto talent, but all I have is some skill at making front-ends. Either way, I'd still like to contribute so let me/us non-core devs know the new focus.

Havok !!!

PawnOrc
10-31-2002, 05:40 PM
I think you guys have all missed the boat. Unless I missed something in this thread ...

This has nothing to do with EQ. It is about SWG. SOE is working on a better method to roll into the SWG development. Don't expect them to stop. They are beta testing SWG security on you.

Imagine a corporate conference room in Foster City, CA:

Lucas Rep: You guys have cheaters in EQ. We don't want kids being cheated in SWG.

SOE Rep: We can stop the cheating. It was a small problem not worth the cost of fixing.

Lucas Rep: We will split the cost with you. Just find technology that will keep the kids from being cheated by these guys.

SOE Rep: No problem. We are working on it now.

Second miss: You don't understand the privacy laws as well as you claim. One example question - can SOE get consent to scan? Answer - absolutely. Only limitation is the fear that people will not buy the product if they do. At this point I think they can safely bet that most people will gladdly give consent - just to nail SEQ users.

My bet: SOE will escalate everytime you do. Eventually, they will ask for and get consent to task scan. Expect a SOE poll about that sometime after Christmass.

Suggestion: Find a way to make the task hard to scan for. Is the scan name based? Is it based on op calls? How does scanning work?

devnul
10-31-2002, 05:47 PM
RATT DON'T DO IT!!

WE know you can.

Look they screwed up. But it's still not time to drop the big one.

THINK about it. Yeah your ego is saying 'they deserve it!'

But its probably just one idiot that talked his boss into doing this.. a boss that has no idea.

If you do this you have to think when you hurt SOE you aren't just hurting some nebulous corporation.. it's real people with real jobs. Only a couple people are likely guilty of stupidity.

Your weapon is one of mass destruction and I hope you will be responsible with it's use. You can hurt a lot of people, I implore you don't do it unless you have to.

We understand why you feel the way you do, but play it straight.

When you use your weapon of last resort.. well you have no more resorts:)

Ratt, you're the MAN. You kept this together and you kept it contained. Many people owe you more than they can repay.

But AS the man you need to not go all emotional over one cockup from SOE.

dn

Manaweaver
10-31-2002, 05:55 PM
You have a point with SWG, but I think the issue is that there is no way to permanently break SEQ or programs like it...I'm not an expert in any form of cracking decryption but I'm simply agreeing with what has been said...if we want it to be, eventually through the hard work of the fantastic dev team, it will be. I try not too take your work for granted and if it wasn't for those bastards at pay-pal I would've all ready donated for Pizza/beer =)...they say something about me all ready being registered...go figure.

Not even just the dev team...the other bunch of people out there who find joy in cracking decryption and breaking things that are supposed to be unbreakable.

I totally agree with the statement that most people who use ShowEQ are not the big dicks in the game. I personally only use SEQ when there is something I want for myself...not on spawns so that I can Farm a JBoots MQ(best example i think would fit)...or to farm endless rallic packs(I did that without SEQ heh heh)....I think the majority of what I use SEQ for is Travelling, finding out what MOB's actually look like (IE level...class....that sorta thing), seeing what the zones look like as a whole, and quad kiting....I try not to use it to camp spawns and I definately hate the thought of someone abusing SEQ and making it horrid for the rest of us.....either way whats done is done and I support the dev team on any decision they make. They've been at it for quite some time now and I think they know whats best for SEQ. Go dev team, godspeed.

I'd love to see SEQ in its mostly current form for as long as possible.

Oh and a PS...I think SOE is also retarded for opening this can of worms as well....and I loved that nice long rant =). really filled me with joy to see someone who is hellbent of thwarting the man....but enough of my truely innane rambling....let someone who knows what they're talking about speak now =)

Manaweaver
10-31-2002, 06:01 PM
Oh, just a quick though...have you actually thought about setting up a meeting with a member of SOE? I mean...you can explain the case and all the possibilities of what may happen but think of it...you would be actually seeing their responses of whats all ready been stated here in this forum...I'm SURE there are plenty of SOE people who read this forum on a daily basis seeing what we're cooking up...i mean seriously Yahoo Search: SEQ Install HOWTO comes up with this site pretty quickly...and we're not a secret....so what is there to lose? Simple questions from a simple man...try to be constructive with your thoughts...we're all supposed to be a community after all =)

Killian
10-31-2002, 06:12 PM
Absor's comment about this rant in Graffe's.

About 1/2 way down the first page.

http://pub140.ezboard.com/fgraffeswizardcompilationfrm1.showMessageRange?top icID=22508.topic&start=1&stop=20

Mr. Suspicious
10-31-2002, 06:13 PM
Actually, personbally, I don't have the impression this encryption change was done to cut down on ShowEQ usage. SOE has a far bigger poblem then ShowEQ users. A problem that DOES hurt their entire playerbase directly: MacroQuest (http://macroquest.sourceforge.net/phpBB2/index.php).

With more and more users of MacroQuest making upto 50.000pp per hour, all server economies are overheating. MacroQuest isn't your "average macro-tool" either. It actualy "hacks" into eqgame.exe and manipulates the datastream from within (if I understand the little explanation I received correctly). Seems to me, from SOE's point of view, such programs _have_ to be stopped, getting ShowEQ to stop at the same time is just a little perk for them IMO.

BlueAdept
10-31-2002, 06:29 PM
Rowyl was in the irc. The encryption change was designed to break SEQ. Said it took about 20 min to make the change but would effectively stop SEQ.

He didnt seem to concerned about a windows version so I say what the hell. Publish it and opensource everything. Let it be a free-for-all and see where the chips land. The more people involved now and the more publicity, the better.

S_B_R
10-31-2002, 06:35 PM
MacroQuest reads raw memory, an encryption change has no effect on MacroQuest. All they have to do is find the new memory offsets which takes them all of about 30mins (usually much less). They have to do that everytime a new eqgame.exe is pushed, whether the encryption changes or not.

For example: http://macroquest.sourceforge.net/phpBB2/viewtopic.php?t=1165

MacroQuest is already working after todays patch...

Manaweaver
10-31-2002, 06:50 PM
I'm stupid. Just read the next post. After my long rant, lol

LordCrush
10-31-2002, 06:52 PM
Perhaps we all should wait some days to draw conlusions ... with 64 bit change on the first look it seemed that it was undoable but it turned out not to be ... perhaps one skilled person finds a way ...


just a 2cp to cool things down !

i think all the "declare war on SOE" posts dont help us in any way

casey
10-31-2002, 06:53 PM
if you'd like to add real time discussion on the issue of windows software, feel free to pop into irc.

irc.trifocus.net channel #showeq

Manaweaver
10-31-2002, 06:54 PM
You know...all SOE has to do to eliminate the tradeskill reprecussions is limit the ammount of combines possible in a given amount of time...

EDIT: Time to download IRC again...see ya'll in a while.

casey
10-31-2002, 06:58 PM
SOE doesnt care if you ruin the economy. SOE doesnt care if you use a GPS showeq. But if you can see a mobs level and class, well thats just overpowering, and thats what the've stated that they would like to stop.

eq_freak
10-31-2002, 07:48 PM
I would say go for it. If not someone else probably will, too many people addicted to SEQ by now.

Also will be nice to get rid of VMware from my NT box and be done with it :D

grinningpizza
10-31-2002, 08:53 PM
so Patrick = Megaton?

naggro
10-31-2002, 09:04 PM
/yawn

I ported SEQ to 'winblows' a while back (mainly because i was very interested in how much data was being sent back and forth between our client and their server) - In short I have SEQ running on a second 'winblows' box using a crude DX setup and crude gfx engine (its quite nice acutally).

I reversed 'libEQ.a' and i`m using my own (rather crude , not well commented) version of it in my 'winblows' port.


Lets face... I did it, so someone else has done it also... Windows SEQ already exsists guys - It just hasnt been released yet.


*F* *u* *c* *k* SOE - Lets do a full win32 port and release it! I already have the code in a form where i can #ifdef it to compile on windows or *nix - If you give me the goahead I`ll upld it :)


If SOE want to ban 50-100k users who WILL download a win32 port of SEQ , let them... They`ll be kissing goodbye to a shitload of cash... I cant see them banning that many accounts... It would fuck them too hard.


SOE are in this for the money... NO WAY will they ban 50-100k accounts for using SEQ , they`ll just keep fucking with us to break it every patch....

Ratt
10-31-2002, 09:32 PM
Originall Posted by Absor on Graffes

Well, let me describe it to you.

Kind of a upcurving on the lips on the left side of my face, while at the same time raising one eyebrow (I have no idea why I do that eyebrow thing) and a bit of a shrug of the shoulders.

A

I find this very saddening. Us "cheaters" care for you, the player, more than Absor does. He smirks at this turn of events? Heh, how pathetic is that?

This is the company you pay money to, folks... they smirk at the hell you are going to have to endure, until you get fed up with all the l33t d00ds and k00k k1dd13s who can finally run SEQ and finally quit. Why? Because they know you'll keep paying, that's why... they don't have to cater to you... where are you going to go?

I CAN'T stop a windows version now even if I wanted to. This small "20 minute" act is beyond anyones ability to control at this point. And all Absor can do is smirk and take apparent joy in your discomfort and frustration. How very, very sad.

JustACoder
10-31-2002, 09:57 PM
Run a "Log Logger" that whenver you zone it sends a recieves a few bytes and sends a few bytes (hopefully the key) over to the linux box, or how about updating it to a webpage that SEQ looks at? Geocities has the room host it up and see how it works.

If not I say we fuck verant over like they've never been fucked before. release a window let them ban everyone, help out the EQEmu folks to get there emu working crystal clean, FREE EQ, No SEQ encryption changes. Let EQ die out and fuck them hardcore. I know I don't want it to end like this because you (the players) and I have spent so much money to play a game. If we can get a hold of a pissed of EQ Dev and help perfect the EMU's that'd be fantastic. The emu's are working okay as it is, and I would hope that they would cancel out the n00b commands , but that would make people have to work for their commands. what do you get as a veteran from SOE for playing EQ so damn long? a few extra levels and some spells that are dropped off of rare mobs, oh yeah thanks, i'm sooo happy. They fuck us over every single expansion. "it's so much better then the last" . "more places to travel" , "more levels, and fantastic spells" . they are feeding you the same lines every time, and you believe it.

JustACoder
10-31-2002, 10:02 PM
One last thing Fee and SEQ Devs.

I support you now, i'll support you later and i'll support you to the end

binky
10-31-2002, 10:13 PM
Whew, big thread.

Well here's what i think is the best option. Seems to have already been half done in CVS.

1. Option to input key as text into ShowEQ. (Already done it looks like?)
2. *win32 console* program called "freecell.exe" or "explorer.exe" ;) that you run *manually* once you've zoned in etc. It scans eqgame.exe's memory, copies key to clipboard, and exits - hopefully this process takes a few milliseconds. No fixed window title or window class to detect, it's open for a jiffy (EQ won't be scanning process lists constantly - bit of a performance hit?), and it's called something that looks innocent.

OR
3. *win32 console* program again as above, that sends a quick UDP packet or opens up a TCP connection to an IP:Port specified in the command line or an .ini file (which is also set in ShowEQ and is NOT fixed and IS configurable - eg: you don't want EQ scanning 192.168.*.* for a fixed ShowEQ port xxxx), and then exits quickly.

I don't mind *in the slightest* having to fire up the session key extracter every time i zone.

If you're worried about EQ scanning the clipboard for its session key and banning you if it finds a match, well.. Encrypt it then place it in the keyboard, then decrypt it in ShowEQ. Beat them at their own game. ;)

And if you're worried about EQ scanning packets - lol, they don't, and they can't. You need drivers to do that and EQ cannot go this far, has not gone this far, and will not go this far. Find me 1 firewall that does not install a service or driver and i'll go back on that statement.

Which reminds me, a ShowEQ windows driver is *too* detectable. Go with the manual win32 console app that you run and it closes within milliseconds.

Cheers.

sakshale
10-31-2002, 10:41 PM
I liked the image I got from reading an earlier post -- lost many pages back, so I won't try to quote it. :)

When I run my standard scripts, CVS-Update and Build, I end up with two items; linux showeq and a window .exe file. The .exe file contains the IP number of the host I built it on, a key that it shares with the showeq file and a port that it knows the showeq program will listen on... All twisted into a custom little binary... :)

cheeze69
10-31-2002, 11:06 PM
Originally posted by Manaweaver
Well all i think i have to say is, "Damn the man." at this point. The amount of people using showeq is so insignificant they really are spending money where they don't have to...I mean 100,000+ people play EQ and only a fraction of them actually use SEQ, and spread across all of the servers I highly doubt the impact is any where near hurting the game.


Well, I must agree. I have always understood the devel's desire to keep the "barrier to entry" high enough that every AOL user and his retarded brother can't use SEQ, but it seems that SOE has dropped the gauntlet on this one...

I'm really surprised that with the impending death (no flames needed, just an observation) of EQ with the upcoming EQ2, that they have bothered this much with keeping SEQ users out. I wonder if they are using this to test the resilience of their "methods" for use in EQ2...

Anyway, the knee-jerk reaction I had to this is to say "fuxx0r them" and release the Winbloze version of SEQ. If you're reading the info right out of windows RAM, unless they move the data every day, it should be fairly easy to stay on top of (total uneducated opinion). Then, SOE would be penalized for their efforts by 100 TIMES more users using SEQ than are using it today.

But, like I said, that is my knee-jerk reaction and not necessarily the best one. The one thing to remember, though, is that we (the "hackers") will win in the end because we have the desire and the ability (it's probably more the challenge than the actual result that drives the SEQ developers). Like every other technical "roadblock" implemented in the past, this one will be crushed because no company can pay a team of developers to stay ahead of hundreds of "hackers" and the time they will devote to figuring-out a workaround.

If only SOE would give us a decent map function, then (as the FAQ says) most of the incentive to use SEQ would be gone. Until then, they can FOAD.

binky
10-31-2002, 11:08 PM
Originally posted by sakshale
I liked the image I got from reading an earlier post -- lost many pages back, so I won't try to quote it. :)

When I run my standard scripts, CVS-Update and Build, I end up with two items; linux showeq and a window .exe file. The .exe file contains the IP number of the host I built it on, a key that it shares with the showeq file and a port that it knows the showeq program will listen on... All twisted into a custom little binary... :)

Now that's sexy. ;)

I was a bit concerned about storing ShowEQ IP:Port numbers in an .ini file. Would be trivial for EQ to get each process' starting directory and scan for an .ini file they know will exist and they know the format of.

So embedding a random/customisable port, an IP, and an encryption key (not really essential) into the .exe would give better security. Wtg!

Cheers.

Virusmaster
11-01-2002, 12:23 AM
Imagine, if you will, a sniffer program that also has the added functionality of peeking in your address book and emails itself out to users with the letters "SEQ" in consecutive order and all in caps. This little sniffer virus would also have to check it's version, updating older copies of itself if needed. Since it would be a virus, how could you hold someone responsible for having it installed and running on thier computer? Wouldn't prove a thing if they were running it, and not their fault if they had a hotmail account name of "[email protected]"

Opensource provides some protection, but for the really dirty work a virus is always safest :)

intous
11-01-2002, 01:39 AM
I think there needs to be a winSEQ so that SoE will be busy detecting that and not have time to figure out how to detect the memory leech that grabs a key for linuxSEQ.

bonkersbobcat
11-01-2002, 02:03 AM
I'm really surprised that with the impending death (no flames needed, just an observation) of EQ with the upcoming EQ2, that they have bothered this much with keeping SEQ users out. I wonder if they are using this to test the resilience of their "methods" for use in EQ2... Another thing to consider...

SOE has a coming problem, that problem is to get the EQ users to leave EQ and to buy and play EQ2.

Why would someone who has invested literally years into building EQ characters, abandon those characters and build EQ2 characters? Especially if those users are really comfortable? One way would be to remove the level of comfort. Removing the level of comfort could be making sure that nice things like SEQ don't work.

Perhaps they are trying to degrade the EQ experience so that people won't be as attached to EQ and are willing to go to EQ2?

Just a thought.

hhh
11-01-2002, 04:27 AM
I'd venture to say that 90% of the ppl that were 'comfortable' with EQ will not buy another Verant product, myself included.

I'm sure the next company will apprecaite my $ of 5 account as much as verant did.

Maybe Horizens or Shadowbane, but not EQ2 or SWG.

These guys are digging their own grave.

spungee
11-01-2002, 04:36 AM
I'd say screw'em, it's been mentioned before, and I think the arguments for not having a Winseq because it would be easier to detect is bottomless. After the legal threats, some time back they wouldn't raise an arm to ban people they discovered running seq.
BUT with the upcoming release of EQ2, and maybe a (modified) seq version for that one, I'd say stick with the development on Linux.
The decryp key... why are we walking so silently, we got more combined knowledge than SOE/VI can ever dream of, why are we being so cautious(sp?) SOE/VI will NOT spend time=money on trying to track down/break a couple of their users that are using this program, atleast not within EQ(1).

Some good points has been made on this thread, and a lot of ranting...focus guys, there's no need to flame other people for brainstorming, that's part of why were here, or did I totally misunderstand the concept of this site :confused:
constructive feedback is another thing, but don't make people scared of tossing out ideas, that's the last thing we need.
and now you can ask....who the hell am I?

not telling

-plato-

lostinspace
11-01-2002, 06:03 AM
Why not to go both ways:
- winSEQ
- small program (memkeyreader) that can extract key from memory and send it to SEQ on other box

That way you can have benefits of both solutions. Linux SEQ needs to be defined to listen on certain port and when it receive packet, use key. Packet should be sent by sniffer on EQ PC, and it can be encrypted by some simple shared-key based procedure.

With this approach, even if winSEQ is not made now, someone will make it from open source code. Advantage is that you could use winSEQ or linuxSEQ on 2nd box, both would be able to receive key from sniffer. And of course, winSEQ can use its own key sniffing if run on same PC.

If function of memkeyreader(sniffer) program is kept simple (read EQkey from given offset in EQ memory, simple encrypt EQkey with sharedkey and sent to IP:port of SEQ listener) - then lot of people could make their own sniffer program. That would result in hundreds of unique memkeyreader versions and thus make impossible for SOE to detect some known pattern. Not to mention that if you play EQ under winXP/2000/NT, they can not read your memory unless they install kernel mode driver (which they cant do on your PC). Therefore they could only scan process name (which you can set to any name you want). So if you have NT based OS, and until SOE can install kernel driver on it, even winSEQ on same box would be safe.

So I propose you make both options. Start with setting up listening port on SEQ and give us offset into EQ and I'm sure memkeyreader programs will just pop-up :) Ah, define simple encription method so SOE wont know it is packet with their key even if they sniff packets. Some simple XOR with given shared key and random starting offset for payload (EQkey) would be enough for this purposes.

After that only needed update would be to post new EQkey offset after they rebuild(patch) EQ, so memkeyreader could use new offset.

BlueAdept
11-01-2002, 07:32 AM
Originally posted by spungee
I'd say screw'em, it's been mentioned before, and I think the arguments for not having a Winseq because it would be easier to detect is bottomless. After the legal threats, some time back they wouldn't raise an arm to ban people they discovered running seq.
BUT with the upcoming release of EQ2, and maybe a (modified) seq version for that one, I'd say stick with the development on Linux.

The decryp key... why are we walking so silently, we got more combined knowledge than SOE/VI can ever dream of, why are we being so cautious(sp?) SOE/VI will NOT spend time=money on trying to track down/break a couple of their users that are using this program, atleast not within EQ(1).


I disagree. After the first bannings for WinSEQ (scanning the task manager) they "reserve the right to scan the task manager and hard drive contents but choose not to do so at the present time" (that isnt word for word but is similar to the press release they did back then). Besides, they dont have to say they ban you for WinSEQ, they can ban you for nothing.

The developers apparently have nothing better to do than to screw with SEQ. Rowyl made it plain that it is an all out war against SEQ. Im sure that there will be mass bannings as soon as they are able to figure out if someone is using WinSEQ or a key sniffer. BUT I still say screw them. If they want to go down that path, then so be it. Open up everything and support windows versions. SOE feels that after the first wave of bannings, people will stop using it. They are wrong. The more publicity this gets, the more people will hear about it and find out what SEQ really does, the more people will use it.

Aurelius
11-01-2002, 07:49 AM
I'm don't believe that I will move over to the EQ2. I have many accounts on EQ as it is. I've grown accustomed to EQ and it cracks my ass everytime they come along with new expansiions that require me to upgrade my systems. Then they raised the price of admission (true $3 is not the end of the world, but times the number of accounts per month adds up.)

I will end up buying multiple copies of PoP only because it is a nice transit station. I have several characters that could go to PoP but it doesn't interest me personally. I have a lot of the old world to look at yet. Hell, I don't even have all the stupid Kunark spells yet. I am a plodder. I usually play solo (if playing with multiple computers can be called solo) and I enjoy the information SeQ provides.

I'll go with Ratt, Fee and the rest. I guess I am just a follower at heart but I'll support in what ever way I can to the cause.

Give 'em hell.

PS If any of you guys decide to dump your old accounts, let me know. I'd be happy to share your sundries and weapons with my crew. ))

MisterSpock
11-01-2002, 08:42 AM
To Ratt and all the developers:

Thank you for everything you've done. I'm with ya to the end, whatever direction you choose. In unity there is strength. I will do whatever I can to help.


To Sony/VI:

I wonder if you realize just how many people like me there are out there. We're the players who are frustrated with your lies. We're the ones who are frustrated with your nerfs. We're the ones who are frustrated with the way the game cheats the players.

I played your game for many months before I knew anything about SEQ's existence. I bought in to all that you said about how the con system worked, how pets worked, how NPCs worked, etc. I did, at least, until it became painfully obvious that either you didn't know how your own game worked, or you were lying to us.

Enter SEQ. From that moment on, my eyes were opened. I saw how pathetically simplistic your con system really is. I saw the way you made NPCs artificially harder than they should be, yet yield low amounts of experience. I saw the various ways you allow NPCs to follow a different ruleset than the PCs. It was those of us in the SEQ community who proved to you, but more importantly to other players, things that were out of whack, and that what you were telling us was just plain wrong. That, to me, sounds like people who cared about the game.

I never got in to the fancier features of ShowEQ like filtering and alerts. All I used it for was as a map (to keep from getting lost), as radar, and as a improvement to your con system. In short, I used it to add functionality to the game that should have been there in the first place. Other games (like AC / AC2) have radar, mapping, and a more reasonable con system built in. In those games, there is no purpose, to me, for a ShowEQ equivalent.

Can ShowEQ be used to cheat? Sure, to some extent. However, that extent is relatively minor to the myriad of trade skill exploits, quest exploits, scamming, and pathing exploits that other players are doing (probably a very large percentage of them are not seq users, either). SEQ cannot be used to make rare mobs spawn; it cannot be used to improve a characters run speed; it cannot be used to automate trade skills; it cannot be used to dupe items.

What is even worse, in my mind, is that you have agressively targeted a relatively benign program, yet you have done NOTHING to crack down on the myriad of macro programs out there. These are the programs that have wrecked the EQ economy. These are the programs that alter the client's memory in such a way as to directly alter a character's in-game abilities. These programs, in their relatively short existence (relative to SEQ), have done FAR more damage to the game than SEQ ever did. Yet your response to the some of the most egregious examples of macro-created havoc was late, at best, and of questionable effectiveness. How many millions of macro'd plat entered the market before you got off your collective posterior and acted? Chances are very good that some of the people who reported the macro exploit to you were SEQ users who still, for whatever reason, care about this game.

Frankly, SEQ was one of the few reasons I continued to play. The challenge of knocking the rust off my Unix and C/C++ skills was quite enjoyable, all that while keeping a sanity check on what you're telling us about the game. To me, it made the game marginally palatable. I will not go back to the dark ages. I will not ever again take what you say at face value. You have proven to be unreliable.

This latest act, while well within your rights, is poorly thought out, at best. The long term effect on the game is going to be detrimental. As much as you have angered me, I still find this to be sad. I suppose it is because some small part of me still cares about the game and those that play it.

RavenCT
11-01-2002, 08:47 AM
I work in the IT field, but I'm not a developer... Here's my question though. It was from something that someone else previously posted.

Regarding a memory key grabber/sniffer, in the case of 2000/XP, wouldn't you need some sort of Kernel driver to do this? I know that the memory under the Windows NT based O/S's is much better protected that under the Win9x based systems. This is mostly what gives NT/2000/XP a good portion of its stability.

So, for Veriant to scan for other things in memory (i.e. looking for the signature of a memory scanner in active memory) it would need a Kernel level driver to do as such? Wouldn't a memory sniffer need the same?

How easily detectable would this be? And would this require EQ to be running on a Win9x based (Win ME) OS?

I don't know about the rest of you, but I much prefer running EQ on a Windows 2000/XP OS! Much more stable and it actually runs faster that if I ran it on 98/ME...

:confused:

JustACoder
11-01-2002, 08:52 AM
Why not make a small program like xylobot that does macros of the sort and has a little popup that shows you your key so you can enter it in manually. This seems to be the way we are heading, and I wouldn't mind entering the key every zone, as I usually would just use the GPS function to travel in zones and start to hunt when I get settles. I.E. DL, RM, and the Planes.

EnvyEyes
11-01-2002, 09:06 AM
Each user of the leach will probably have to customize it so that it has it's own memory signature. Perhaps the leach needs to be distributed uncustomized, and unworking until customized to prevent a common signature that SOE could use to find.

I think this is an excellent suggestion. I was thinking the same thing while reading through this thread. I'm curious what the Dev Team (gods) think of this idea.

DontWannaSay
11-01-2002, 09:58 AM
What if the memory/key sniffer on the Win box didn't even stay in memory all the time - it was only called when SEQ detected that it needed a new key to continue decryption.

Every Win2K/WinXP has IIS as an optional component of installation (yes, the MS Web Server) and in many cases it is installed by default. With .NET technologies you can create a WebService on the windows box that would sit unused on the HD until it was called over a SOAP call from the SEQ box - at which point IIS would load the program into RAM, run it (under a process name of DLLHost.EXE), return the results to SEQ, and then depending on the configuration of IIS, either keep it cached in RAM for a while, or unload it as soon as it's done.

The other option if you want it to run as a standard Win32 program and just stay in RAM for the duration of the EQ session, would be to write only a DLL and no EXE. Then bring it into RAM from the command-line with RunDLL32.exe (again, RunDLL32 is what will show up on the process list, and is a very common thing to see floating around in there, often a few times).

seqseq
11-01-2002, 10:23 AM
Yes, rundll is too common to task sniff. However the .dll that it would be calling, if sitting on your hard drive, would be (if they searched for it). Perhaps some method of changing the name of the called DLL itself on he fly using our own encyption would be in order here?

Nothing fancy is needed even... just a method so that Sony doesn't even know what they are looking for.

Another method I don't think has been mentioned could be to have the option to grab the key out of memory then dump it to the printer (with or without a hotkey perhaps so that it doesn't print every zone change... only in the ones that I want it) --that way one could still run on the windows box full-screen.

In any zone that I want decoding I simply request the key, it prints, I key it into the Linux box... zone is decoded.

S_B_R
11-01-2002, 10:39 AM
You know, I got to thinkin about everything that's been said. A few things keep coming back up in my thought process. People charging for a Version of SEQ. Another thing is SOE making such a bone head move as this, it sure to cost them money. The final thing is SOE probably doesn't really care all that much about EQ anymore with all the other games they have coming in the near future. Now, if you combine all those together you come up with: SOE making thier own version of SEQ which they sell as an enhancement. They would make money on the deal. It would probably impact the game negatively, which would move people to thier new game(s). It would also lessen the Customer support required for certain things like finding corpses and what not, thus saving (making) SOE more money.

Maybe it's just me and maybe it's because I haven't slept for a couple days.....

Resiliant
11-01-2002, 10:59 AM
Alright, after doing some basic research, I believe that I now understand the nut that needs to be cracked (btw, if there's a standard ICQ forum, I'd very much like to drop in and take a listen, although I've never used ICQ before, I tried downloading it last night but couldn't connect, or couldn't figure out how to connect to the previously posted address). The nut is VERY hard.

I just voted, along it would appear with the vast majority for a separate Linux box w/sniffer. Here is my analysis for what it's worth:

1) I don't want SEQ to run on the EQ computer simply because I don't want to have to use up extremely valuable screen real estate displaying it along with the EQ output.

2) Trying to get it to work physically on the same machine as EQ would add complexity and difficutly to the current situation.

3) At this time, the highest priority should be placed, I believe, on the EQ-side sniffer. This sniffer should simply transmit the client side keys, as soon as they are generated, to the SEQ machine using a standard pipe.

4) As regards the sniffer -- To hell with Wincrap 9x and ME. Lets make SEQ dependent on running an NT derivative as the EQ client. Then, just make the sniffer a kernel-mode driver. These do not appear in the task list, and are virtually undetectable by any normal program running in user mode under Win2K or WinXP. Remember, EQ for all it's power is still running as a normal user in a normal user space. We have the power to make the EQ sniffer be super-user level, and as such there are literally scores of ways of hiding it from a user-level process. Heck! make it part of the TCP-IP stack! There are lots of places in the NT environment that a user level process can never see nor get at. All the kernel mode code need do is determine the ProcessID of the EQ task, and BINGO we have access to that address space WITHOUT them having any way to either detect or control it.

5) Simply modify the current LINUX SEQ to recieve and apply the keys as they are generated on the EQ machine. In fact, the result of all of this is a MUCH improved SEQ! No longer do we have to wait for a spawn to occur to see the output! No sitting in Kedge for example, for a LONG time, or actually having to summon some external entity in order to see the spawns. The moment the key is generated...bingo! We've got it! I actually LIKE this... in fact, the more I think about it, the more I like it.

Finally, you know what, I join my voice along with the thousands of others herein. Let the idiots at SoE screw themselves. I couldn't agree more with Mr Spock's post above. Let loose the dog's of war indeed! And you know what? If they decide in their infinite wisdom to ban me for using SEQ, so be it. I'd rather be banned than be told how I can play a game in the privacy of my own home!

Oh... and PS... after the sniffer is good and well hidden from SoE (and i belive in the NT environment this will be extremely easy and secure btw) then *YES* lets do a port of SEQ to the windows environment, just to well and truly destroy the heck out of the idiots at SoE that think they can tell me how to use data that I pay for.

And ... remember ... in the end ... its only a game :)

Fatal
11-01-2002, 11:11 AM
pssst.. it's IRC not ICQ ;)

Resiliant
11-01-2002, 11:13 AM
Ahh tyty

RavenCT
11-01-2002, 11:15 AM
If it DOES get ported to a Win32 app, I still think it should run on a seperate machine... That, at the very least, would cut down on a SMALL number of users.

bonkersbobcat
11-01-2002, 11:28 AM
Remember, EQ for all it's power is still running as a normal user in a normal user space. We have the power to make the EQ sniffer be super-user level, and as such there are literally scores of ways of hiding it from a user-level process.Doesn't EQ have to run in an account with "Administrtor" privs? I know that it used to anyway. If this is the case, does anyone know what exact low level privs EQ needs to run (that a normal user would not have?)

throx
11-01-2002, 11:37 AM
Saying this will cost Sony money is a fallacy. They may lose some people who depend on SEQ because they find it more enjoyable to have an edge of people who are playing within the rules laid down by SOE. On the flip side, they generate a lot of customer goodwill by taking a strong stance on what almost every non-SEQ user views as cheating.

Like it or not, SEQ users are in the minority and if you gain the trust of the majority of your customers by offending a small minority then you are doing good business. If more people sign up for EQ2 than AC2 or whatever other competition is out because Sony can publicly demonstrate they take a strong stand against cheating then it may well be worth their while to lose your business.

If you think SoE has screwed themselves by alienating the SEQ community then I believe you are in for a world of hurt. Declaring "let loose the dogs of war" and other nonsense is the mental equivalent of a 5 year old child threatening to hold their breath because they can't have a cookie. There never was a social contract between SEQ and Sony - that's a flight of fancy. All that happened was SEQ was low on the priority lists until now. The storm was coming and there's no use pissing in the wind over it.

Sony can trivially break the decode every patch if they decide to set some resources on it. If they patch often enough, or even do some half-decent masking of the in-memory session key and decrypt nuances, or even download the crypt algorithm dynamically and separate from the patching then they can ensure any version of SEQ stays broken for long enough to frustrate the users and devs.

I'm not sorry to see this happen. I don't think Sony cares about your business enough to care about any dogs of war the SEQ crowd may wish to conjure. In fact, I'm sure Absor pissed his pants laughing at the responses generated here.

Resiliant
11-01-2002, 11:39 AM
Not the same thing bonkers. First, I'm not aware of any such requirement. I believe EQ can be installed by any normal user. Second, even *if* (and its a big if) the system need be installed as an Administrator, the program itself must still run in the CPU's 'user' mode. This, by definition, means that the address spaces of all other programs, and the system address space are hidden from it.

And Throx. We shall see. Sony has lost, continues to loose, and will yet loose large sums of money spending their time trying to break SEQ. They will fail. The simple fact of the matter is that SEQ wouldn't exist if their customers were happy with their product. We are not. The product is fundamentally flawed, and we all know why. SoE is more interested in making money than in any form of customer awareness and support. The whole 'cheater' issue is specious. Sony can define individuals as 'violaters' and 'non-violaters' as they see fit. I can also play this game as i see fit. If you think that the ten's of thousands of people using SEQ are a mere annoyance then you discount both the size of the SEQ community, and our ability to track what Sony has, is, and will do.

If you think that Sony has more money then the SEQ community -- guess what? you're WRONG. We have at least a hundred times the software development staff that Sony has, and guess what? We have, in the open source system, a power that is many times the power that Sony will ever be able to bring to bear on this problem. And finally, perhaps fifty or a hundred analysists and software experts that are every bit as capable, and in most cases (based on the crap code that comes out of Verant) many times more capable than anything SoE has to offer.

bonkersbobcat
11-01-2002, 11:40 AM
Originally posted by DontWannaSay Every Win2K/WinXP has IIS as an optional component of installation (yes, the MS Web Server) and in many cases it is installed by default. Using the web server is an interesting idea. You could have a web page that simply listens for a request from a SEQ box. That request could even contain the actual code that does the memory key sniffing. This way the sniffing code would never exist on the hard drive of the EQ machine and be that much more difficult to detect. Of course allowing someone to upload code to your box and execute it does open up big security problems, but these could be mitigated by only allowing access to the particular web page from the SEQ machine. The communication between SEQ and the web page may need to be protected via SSL so that attempts by EQ to sniff the SEQ to key grabber data stream would be foiled. Each user could customize the local path to the sniffer URL and potentially the code that loads and executes the passed sniffer code. This would help to mke the detection of the sniffer bridge code more difficult.

link129
11-01-2002, 11:42 AM
I think trying to hide anything from SOE is useless. You don't think they have examined/use SEQ?

Just a thought...

bonkersbobcat
11-01-2002, 11:46 AM
Originally posted by Resiliant
Not the same thing bonkers. First, I'm not aware of any such requirement. I believe EQ can be installed by any normal user. Second, even *if* (and its a big if) the system need be installed as an Administrator, the program itself must still run in the CPU's 'user' mode. This, by definition, means that the address spaces of all other programs, and the system address space are hidden from it. It can be installed as a regular user, but last time I tried it would not run as a regular user.
It is true that programs don't have access to other programs memory space by default, but I believe that if you are running in the context of an administrative account, you can ask for and recieve the proper sercurity tokens to allow you to access the memory space of other programs. You do specifically have to code for this.

Resiliant
11-01-2002, 11:52 AM
Hmm this would be very interesting to test. I don't believe that EQ operates, or requests superuser priority. The fact that it uses DirectX to do all its UI would indicate otherwise. In any case, if it's installed as a normal user, then it cannot achieve superuser status.. let me test this.. brb

Well it can definately be run as a non-superuser. We now need to determine if it can be *installed* as a normal user. If so.. it has no superuser access.

Virusmaster
11-01-2002, 12:02 PM
4) As regards the sniffer -- To hell with Wincrap 9x and ME. Lets make SEQ dependent on running an NT derivative as the EQ client. Then, just make the sniffer a kernel-mode driver. These do not appear in the task list, and are virtually undetectable by any normal program running in user mode under Win2K or WinXP. Remember, EQ for all it's power is still running as a normal user in a normal user space. We have the power to make the EQ sniffer be super-user level, and as such there are literally scores of ways of hiding it from a user-level process. Heck! make it part of the TCP-IP stack! There are lots of places in the NT environment that a user level process can never see nor get at. All the kernel mode code need do is determine the ProcessID of the EQ task, and BINGO we have access to that address space WITHOUT them having any way to either detect or control it.

/agree

Also, I don't believe we would need to port to windows, someone else would do it once the sniffer was available. Make the sniffer, do a nice job of it, fix SEQ to use it and let the other cards play themselves. No need to get too complicated until forced to do so.

fester
11-01-2002, 12:03 PM
Making a few corrections to misunderstandings:

1) Zfod, a PCI hardware debugger is a PCI card that is inserted into any PCI machine (would work in Intel PC's, Mac PCI systems, Alpha systems).

2) Zfod, The PCI debuggers do not require (nor do they HAVE available) any software on the client system. They only require a PCI bus.

3) Every PCI debugger has a connector on the back of the PCI card (usually RS232, but sometimes Ethernet) and include software to run on another system (management console) which allows you to snoop the memory of the other system.

In short, they are usually used for debugging PCI cards by hardware manufacturers. But could easily be used to examine the process table structure in Windows (one would need to code it for each release of Windows possibly) to find the LDT for the process in question and personally translate from the virtual address in the process address space to the physical page in memory this page is presently stored, then transfer this page over the PCI bus or access specific chunk out of it via the PCI bus.

In any event, it would be untraceable to anyone.

4) Zfod, fee is a primary developer and Ratt did make some statements.

Resiliant
11-01-2002, 12:07 PM
Virusmaster...

Precisely what I had in mind.. and testing indicates that EQ client does, in fact, run in user mode, as it should. It CERTAINLY has no access to the kernel code.

Virusmaster
11-01-2002, 12:10 PM
On this PCI debugger card thing, I would have to think it would limit entry, so much so that many current SEQ users would be left out in the cold. I like it :) Damn the man, and while I'm at it, damn everyone else!

Doubt it will happen, but would be cool. CAn these cards really be built? Wouldn't you need an EEPROM writer or something??

Madfish
11-01-2002, 12:22 PM
>> Now, if you'll excuse me, I have a war to fight. <<

EQ has always been a PvV game (Player vs. Verant). That's one of the reasons I was drawn to seq to begin with (that, and I sniff packets for a living).

It makes me sad that Sony is spending time focusing more effort on PvV (ie, stronger encryption) than fixing EQ bugs that have been around for years. That's big business for you.

fester
11-01-2002, 12:26 PM
Virusmaster, there seems to be a continued confusion.

"Can these cards really be built?"

I thought I cleared that up.

Yes they can. In fact there is a whole industry built around building cards like this with companies trying to woo the buyers. The cards are not cheap (usually $1000 or more), but there are probably 20 or more companies making them.

One google search, a whole screen full of companies:

http://www.silicon-control.com/PCI850%20data%20sheet.pdf
http://www.pcibusanalyzer.com/
http://www.catalyst-ent.com/TA690_data.pdf
http://www.pcixanalyzer.com/pci/PBT-515.htm

TheColonel
11-01-2002, 12:34 PM
I'm sorry, did I miss the post where is became legal for SoE to "sniff" the computer's memory for such a program? I don't believe that either Xylobot or Macroquest would still be operating if they could/felt it was worth the risk. And if they DO indeed start sniffing a user's memory... this brings about a butt-load of un-needed law suits and court costs... which would kinda negate that money that they'd be "saving" by setting such a high standard. Personally, I've been using MQ for quiet some time... only used the trade skill macro option once... well ok twice... but still. I don't think they would/could scan our computers for any sort of program w/o telling us.

SQWISLAME
11-01-2002, 12:43 PM
I came across this thread posted on a class specific board.Please explain why you gimps feel the need to cheat and have an advantage over other people?I understand the "thrill" of doing something your not supposed to,but,how does it make you feel for being partly if not totally responsible for the death of games?BOOHOO bad pathing,HAHA,that is so sad.This isnt even a game of skill like a FPS and you STILL need to cheat jesus christ.You all are the same Llama's and lamers that wish every single game had god mode.Get a clue fucktards and play games as they should be.Go ahead and try to justify it,i fucking dare you.

Resiliant
11-01-2002, 01:07 PM
Note:

The language in the previous post clearly indicates the level of maturity as nearing the IQ of the individual. No response required inasmuch as the IQ of same individual would render any such response unintelligible as such.

Having said this, lets see if i can say this in as few a words as possible... using as few syllables as possible so ol' SQ can understand.

You don't have the right to define what is cheating. Since you don't have the common decency to use non-profane language, your opinion is worthless. Go Away.

S_B_R
11-01-2002, 01:08 PM
Originally posted by SQWISLAME
I came across this thread posted on a class specific board.Please explain why you gimps feel the need to cheat and have an advantage over other people?I understand the "thrill" of doing something your not supposed to,but,how does it make you feel for being partly if not totally responsible for the death of games?BOOHOO bad pathing,HAHA,that is so sad.This isnt even a game of skill like a FPS and you STILL need to cheat jesus christ.You all are the same Llama's and lamers that wish every single game had god mode.Get a clue fucktards and play games as they should be.Go ahead and try to justify it,i fucking dare you.

Well unfortunately there is no way to justify it to you. That would be like Justifying God to an Atheist. But I can justify it to myself and that's all that matters.

One thing I would ask of you would be what exacly do you believe ShowEQ does? Please be as specific as possible.

SQWISLAME
11-01-2002, 01:13 PM
Youll have to excuse me,i apologise.I have been playing games for 10 years and dealing with people such as you cheating.Every game has been ruined via speed hack,packet sniffing etc.Do not say SEQ is anything other than a cheat(exploit).What is it that makes you feel the need to use it?Feel "uber" getting that mob first ?Haha.Please man,dont try to say it is anything other than that.Just say yeah i cheat and i like it.

Poser
11-01-2002, 01:19 PM
SQ,

10 years? Wow!! So that makes you 11?

Whatever!

BTW, Yeah, I cheat and I like it.

All further posts from you will be ignored.

S_B_R
11-01-2002, 01:25 PM
The cool thing about the way ShowEQ works(ed) is it had a relatively high cost of entry. Meaning you had to setup linux, you had to fill the dependancies, and you had to have the correct network setup. This high cost of entry has kept the type of people you are familiar with out. Which is also why the actual decryption method is not open source, it keeps people from developing/distributing a windows version of ShowEQ, keeping it to a small group of users that are more responsible than most of the 1337 d00ds. ShowEQ has been around almost as long as EverQuest itself. It has not (and would not have) ruined the game.

I don't think any of the regulars here will dispute that it is cheating, I surely won't.

fester
11-01-2002, 01:27 PM
SQWISLAME, I am sorry we spoiled your "fletching macro for PP to sell for $" plans, but you shouldn't blame us.

I will not play a game without a realtime map. All other major games have this (a la Diablo with the overlay map, Baldur's Gate with the maps). SOE does not provide this feature, so people added it.

SQWISLAME
11-01-2002, 01:28 PM
Your right,there was no reason to post here.Cant win against the horde of people that would rather cheat than play a game correctly.Whats even more sad is the the amount of intelligence here being wasted to sploit a game.None of you have ever played other games i guess where cheating is rampant and the game was ruined,hell,more than likley you spoit any game you play.Gratz on cheating yourself.

SQWISLAME
11-01-2002, 01:33 PM
HAHA ,no map.Thats rich.Umm,yeah,i bet the "map" is only reason you use it.Thats why youi learn the zones.Im sorry this game seems to be a little much for some of you to deal with whaaa...

Jel321
11-01-2002, 01:36 PM
SQWISLAME,

Im curious to know where you have been for the last 4(?) years that SEQ has been running.

EQ continues to grow and more people play, so obviously SEQ is not ruining the game.

I won't argue the 'cheating' point because it can't be won by anyone using the tool, but the whole ruining the game argument is a joke because its simply not true.

SEQ doesn't let you fly, run faster, cast more spells, melee better or anything like the 'hacks' you are describing ruined those others games.

Poser
11-01-2002, 01:37 PM
spoit? Sorry, I don't speek d00d. I find it uncouth and script kiddish.

You probalby meant "exploit". I'm with someone else that just recently posted. I don't use SEQ to camp "UBER MOBS" or find "P4at L00tz". I use it for a map. That's it. That's all. Even now, broken as it is, it fulfills that purpose, and I am still happy with it.

If SOE saw fit to include a map and radar ability in EQ, I would probably never look at my SEQ box again. If someone came up with a way to do the same thing in the new GUI, same goes. The spawn info was just a bonus for some people.

I think you will find that the SEQ users are mostly the kinder ones in game. The ones more likely to help you. And, I know they are the most intelligent.

Thanks for everything, devs.

RavenCT
11-01-2002, 01:37 PM
I think what he is missing is that SEQ is "enhancing" the playability of the game more than anything else... I've been playing EQ for YEARS, almost from the start... I was ready to quit it until I came across SEQ more than a year ago. I work in IT so I have a little more of a clue than most average users in getting a Linux box up and running and getting SEQ to work on it...

Now, is it cheating? In the strictist definition, yes it is. There, you won that argument. We can't debate that...

Doesn't it change the overall playability of the game for all the users on line in all the zones, or give someone greater speed, better casting, etc. etc. etc.? Certainly not! Due to the completely passive nature of the app running on a Linux box SEQ has NO ability to affect the data stream. If this was the case I'm sure SoE (formerly also VI) would have discovered a way to watch for that.

Maybe your thinking of the char editors for Ultima (the PC based games, not UO), Bardstale, Diablo, etc. etc. etc...

Do I use it? Yes I do, and I have. Why? Because it has prevented uncounted deaths by stupid people who either don't care or are too lazy to notify you there bringing Vox out to play or some other train of 100+ nasties... Do I use it to camp items etc? Nope... Never have. I have used it to see if someone is already at a camp, since like has been stated before, so many people are too lazy or busy to say they have something camped. I would much rather save the time going to some other zone or camp instead of fighting my way for 30 to 40 minutes to get somewhere only to find that there is a group there.

If you actually took the time to really investigate what SEQ does, how it works, and realistically what can and (more importantly) cannot be done with it, you might not be quite as critical of it. I have NEVER used it to KS or (say) chase down the AC for JBoots. As a matter of fact, I don't even HAVE JBoots.

If all your going to do is spew out profanities and "SEQ IS BAD AND YOUR ALL LOOZERS FOR USING IT AND YOU RUIN THE GAME AND YOUR A BUNCHER OF F***ERS" etc etc etc, don't even bother... SEQ's been around just about as long as EQ and it hasn't ruined it yet!

workhorse
11-01-2002, 01:38 PM
SQWISLAME is probably a Ranger with tracking, and if he wasnt he'd be a SEQ user himself.

Oh wait, judging from his replies, im sure he is too much of an idiot to get it running anyway.

So that's 2 reasons why he is flaming. Lets recap:

1) Probably a Ranger.

2) Tried to get it running but is a moron.

Shut up and go away whiner.

Resiliant
11-01-2002, 01:45 PM
Yep. I'ts cheating.

But then, so is looking at Alla's or CastersRealm.

So is taking advantage of exploits like Mannaburn.

Every single epic holder on every single server cheated to get his epic.

The term 'cheating' is completely useless since it is entirely subjective. Fact is? NO ONE on line plays the game strictly as it was defined by SoE. If that were the case the only printed material you could use would be that officially distributed by SoE. Fact is?... Every single player using EQ 'cheats' to some degree.

SEQ is just one example of an above-average aid.

Ataal
11-01-2002, 01:59 PM
If SOE had their own version of SEQ, I probably wouldn't think twice about using it.

To be horribly honest, linux is more of a fascination for me. I think it's a great OS and it's far more powerful than any Microsoft OS I've ever played around with. BUT, that's about it.

I'm in an IT department for a very large software company(no, not microsoft). We support mainly microsoft OS's, Mac OS, OS/2, some really dumbed down versions of Unix for our security system, and about 200 various applications enterprise-wide. I don't really have the oppurtunities to learn linux as well as I have other OS's. I'm very busy at work, and play EQ when I come home(when the wife isn't ticked off at me for playing so much).

I love learning though, and what I have learned about linux in the very short time I've been using SEQ(6 months tops) has made me pretty happy.

SQWISLAME
11-01-2002, 02:02 PM
Lol.No im not a ranger,61 shaman.I understand what exactly SEQ does.I was wrong "possibly" to lump it into the same category as other EXPLOITS(sorry for being so lazy to spell it all the way out).I have known about SWQ for a little over 2 years.I.Umm there is a UI that displays you loc and the map for EVERY ZONE,whats your excuse now?Runs on linux also.If it still exists i will link it possibly.For those that use it for "just" a map,im sorry learn the zone and play as it should be.WOW i cant /ooc a camp check,laugh.Gratz again on takin the fun of risk out of the game.I also understand that not all of you use to farm mobs,umm,what about those that do?What about the guilds that have multiple peopel using this beat other people to epic/needed mobs for people within their guild.Im done here,its not fair period.

S_B_R
11-01-2002, 02:07 PM
Originally posted by SQWISLAME
Lol.No im not a ranger,61 shaman.I understand what exactly SEQ does.I was wrong "possibly" to lump it into the same category as other EXPLOITS(sorry for being so lazy to spell it all the way out).I have known about SWQ for a little over 2 years.I.Umm there is a UI that displays you loc and the map for EVERY ZONE,whats your excuse now?Runs on linux also.If it still exists i will link it possibly.For those that use it for "just" a map,im sorry learn the zone and play as it should be.WOW i cant /ooc a camp check,laugh.Gratz again on takin the fun of risk out of the game.I also understand that not all of you use to farm mobs,umm,what about those that do?What about the guilds that have multiple peopel using this beat other people to epic/needed mobs for people within their guild.Im done here,its not fair period.

If you are in a guild, of any size, I'm sure there is more than 1 person in your guild using ShowEQ.

Also the cost of entry really does (did) keep 99% of the exploit/KS's/loot-whores from using it.

fryfrog
11-01-2002, 02:09 PM
I'm posting what I posted in another thread hear, so that anyone who wants to can read it. Also, feel free to rip it off and do what you want with it. I think its a decent "defense" of ShowEQ (if thats what I can call it?). Perhaps its something else, but I can't think of a title or description ;)



Remember that time you were level 12 and you lost your body in a new zone? You spent hours and hours looking for it, you learned that you should issue a "/loc" right before you die the hard way. Remember that person that finally said "/ooc hey, I just passed your body at about loc X,Y"... they were using ShowEQ. Wasn't it great having your body back without having to track down a bard or necro?

Remember when you were in dreadlands and you found this really great group? The puller was on top of his game, rarely pulling more than 1 or 2 mobs at once? Wasn't it great that most of those mobs were higher cons? The puller was using ShowEQ.

Remember when you and a group of friends decided to goto a fairly new zone, which none of you had experience in? You all wandered around and got hopelessly lost (or so you thought). When it came time to go home, one of your group mates just KNEW where the zone out was. Wasn't it great not being lost for hours when you needed to log because you were already late for work? Guess who was using ShowEQ.

Remember when the uberguild you were in was raiding that really cool uber mob? Do you remember how the pull worked very well and was coordinated between a few monks and other classes? Wasn't it great when it got to the right spot, didn't agro anything else and the fight was won and well planned? Yeah, guess who was using ShowEQ to coordinate the pull...

Remember when you went to fear/hate for your epic piece? A "tracker" told everyone that your mob was up, and you were very happy. The raid started, and eventually your epic mob is pulled and you get your epic part... someone there was using ShowEQ.

Do you remember KC? Boy, that zone is train city. Remember that time you grouped there but somehow managed to never train the zone, never pull more than was intended? Or maybe a train was approaching and the puller said "run, train". Did you really think he was just "narrowly escaping it" himself? He was using ShowEQ.

Remember when you were search for that rare spawn that drops a part for your epic, but EVERY time you stood a chance of finding it some druid or ranger was already there killing it and offering to sell you a cloak they didn't need for 10k? Bet you wish you had ShowEQ.

Remember when VI messed up that encounter, but refused to fix it because it was "working as intended"? Or when that skill/ability seemed to not really be doing anything? What tool do you think was mostly responsible for figuring out that something was truely wrong in the first place? Some hidden tool that VI uses? No, it was SEQ.

Will I quit because SEQ only works as a GPS? Probably not. I won't have as much fun in the game, I won't stand much of a chance against the uber guilds and the loot farmers. I don't think I will get lost, but I might run accross mobs that kill me.

What would it take to break ShowEQ perminently? Add some of its features to the game. A "Map Making" skill along with a "Map Reading" skill would remove the need for a GPS. Some way of actually losing agro when you finally outrun a mob would help. Tracking classes that had an instinctual picture of the close mobs surrounding them on their "map". Instead of trying to break ShowEQ with encryption and banning, perhaps focus should be spent on making the features of ShowEQ not needed.


Next time you are playing, look around you. Chances are very good that 1 of the people in your group is using ShowEQ. Chances are even better that someone in the zone is using ShowEQ. Your friends use it, and probably a few people in your guild use it. We wish we could point out in game how we might have helped you just because we use it... but we can't.

The cost of entry and the knowladge requirement of setting up ShowEQ really has been a great barrier for preventing the stupid aim bot and wall hack cheaters from using it. Before you accuse everyone of ruining the game, take some time to learn the history. No matter what level you, class you play, server you play on or guild you are in... ShowEQ has at some point made your life easier even if you did not realize it. Read the FAQ, look at the "installation" guide. It is not a pop in the cd and you are going type thing, it is a install an alien operating system, learn how it works and learn how to compile a program thing. It has kept the idiots out. I think every single one of us hates the exploiters and dupers in eq. We also don't like wall hackers and aim botters in HL:CS (most of us watched the demise of that game).

Poser
11-01-2002, 02:11 PM
The only UI maps I have found are ones that simply show the map. Not your position on the map, direction you are heading, etc. But, if you have one, post it.

What about radar though? As someone else posted, all the other games have it (BG, NWN, etc.) This would be a great enhancement!!! With a level 61, you can't say that you have never gotten lost and killed because you couldn't find the zone point. When that happened, you were probably agitated. Some of us have decided to deal with that agitation.

We do learn the zones. Probably faster than anyone. Once again, not to farm them, but because it enhances our game. In the real world, I have a map and a compass or a GPS and can always find my way around even if I have never been there before. Why should it be any different in game? Just to annoy me?

I am always willing to help out someone who is lost. Always for free. Why? Because if they had a map, they wouldn't be in a bad situation with train of red mobs on their tail and no zone in sight. Once again, I think you will find that SEQ users are the kindest players in the game.

Hobo
11-01-2002, 02:25 PM
OMG Fryfrog, you are a GOD. :) That post hit the nail on the head more times than I can remember. I play a monk and I can't tell you how HUGE of a help SEQ is to pulling safely and effectively for my group and guild.

I've located corpses for people many, many times, just the way you spell it out. I've found my way out of many tight mazes and zones using SEQ. I've helped several people get epic pieces by checking zones for them. The list goes on and on. So did I tarnish the game? I don't think so. I think I made friends. I think I saved people lots of frustration. I think I actually HELPED VI (SOE) keep customers.

Especially that level 59 caster a few weeks ago that had only an hour left on his rotting corpse and couldn't find it. He'd gone LD a week earlier and didn't realize he'd died. Came back after being out of town and had NO idea where his corpse was but knew it didn't have much time left on it. Found it stuck partially in a wall, got consent and dragged it to zone for him. Boy was he happy and boy did I feel good helping someone. Thanks SEQ.

Again, Fryfrog you nailed it. Excellent post. Thank you!


Hobo

Poser
11-01-2002, 02:28 PM
Yeah, FryFrog. That was beautiful, man.

RavenCT
11-01-2002, 02:34 PM
Originally posted by SQWISLAME
Lol.No im not a ranger,61 shaman.I understand what exactly SEQ does.I was wrong "possibly" to lump it into the same category as other EXPLOITS(sorry for being so lazy to spell it all the way out).I have known about SWQ for a little over 2 years.I.Umm there is a UI that displays you loc and the map for EVERY ZONE,whats your excuse now?Runs on linux also.If it still exists i will link it possibly.For those that use it for "just" a map,im sorry learn the zone and play as it should be.WOW i cant /ooc a camp check,laugh.Gratz again on takin the fun of risk out of the game.I also understand that not all of you use to farm mobs,umm,what about those that do?What about the guilds that have multiple peopel using this beat other people to epic/needed mobs for people within their guild.Im done here,its not fair period.

What about those people who talk to friends on the phone while playing, coordinating there efforts with them without having to type...

What about people who read on some message board the complete thread or walk through on how to complete a quest?

What about the people who are in a Guild and help a lower guildie obtain something that is WAYYY over there head?

What about someone having two accounts (and there by paying SoE two monthly subscriptions, or more) power leveling a char on another account?

What about people exploiting game issues (not a prevelent with traids between players as it used to be) to get items from other players for free or forcing the items to drop to the ground?

What about people begging for buffs that there is no way they normally would have? (i.e. a level 1 tank with the Cleric Shield of Words)

When simply put, there are many many ways of "cheating" that don't even deal with using some other program, or machine, etc... That is what they have been saying, that the game is inherently flawed from the get go.

But I don't suppose those things ever came to mind... Have YOU ever powerleveled a friend? Kept them from dieing when they certainly should have? CHEATER!

It's all a matter of persepctive.

MisterSpock
11-01-2002, 02:38 PM
If EQ had several small additions, there would be no need for ShowEQ for a large percentage of its users.

1) Built-in map, like AC2 and many other games have.
2) Near-field radar like AC2, NWN, and MANY other games have.
3) A con system that is actually meaningful.

Conning should also be a skill. The better you are at it, the more info you get.

Trackers could have everything they have now, plus a longer range on their near-field radar.

Mapping could even fill-in as you go (like D2), and/or be a skill that determines how much detail the map holds.

Gosh, these features might even make the game (gasp) more fun for *everyone.*

As I have stated before, if these features existed in the game (and I strongly believe that they should), I would have no use for SEQ.

Ratt
11-01-2002, 02:42 PM
Originally posted by SQWISLAME
Lol.No im not a ranger,61 shaman.I understand what exactly SEQ does.I was wrong "possibly" to lump it into the same category as other EXPLOITS(sorry for being so lazy to spell it all the way out).I have known about SWQ for a little over 2 years.I.Umm there is a UI that displays you loc and the map for EVERY ZONE,whats your excuse now?Runs on linux also.If it still exists i will link it possibly.For those that use it for "just" a map,im sorry learn the zone and play as it should be.WOW i cant /ooc a camp check,laugh.Gratz again on takin the fun of risk out of the game.I also understand that not all of you use to farm mobs,umm,what about those that do?What about the guilds that have multiple peopel using this beat other people to epic/needed mobs for people within their guild.Im done here,its not fair period.

Dude, you're posts are fucking painful to read. Learn to spell and use punctuation properly or I'm going to gag you. If you want to come here and bitch, you better stay on your toes to do it. I'll allow bitching and this kind of crap, but I won't allow it to degenerate into a frigging scr1pt k1ddi3 l33t speak flame fest.

There's SPACES after periods and comma's. Spell check, at least marginally.

Shape up or go back to your "class" site and hang out with the rest of the 12 year olds. This club is for intelligent people to converse intelligently, son... country hicks aren't wanted here, hayseed.

RavenCT
11-01-2002, 02:44 PM
/clap Ratt!

SQWISLAME
11-01-2002, 02:48 PM
"marinally".....Too bad SEQ doesnt spell check for you :)Fine whatever,play the game how you want.So let me get this straight,if the game doesnt have a feature you think it should its ok to use a program to make it so?100 to 1 odds half of you lose interest in the other games you play because you insist on getting cheats.

Ratt
11-01-2002, 02:51 PM
What the hell did I just tell you about spaces?

You've got a frigging space bar for a reason. USE IT.

You, my friend, are the LAST person to lecture me on typo's and spelling errors, trust me.

This isn't your "class site." We don't cater to hicks. Go BACK TO YOUR CLASS SITE if the best you can offer is your country bumpkin dialect and "worldly" insite about how "fun" the game is being deaf and blind, as god intended it to be. We are educated here, we don't need your religious preaching on how "god intended it to be."

JustACoder
11-01-2002, 02:59 PM
Originally posted by RavenCT
Have YOU ever powerleveled a friend? Kept them from dieing when they certainly should have? CHEATER!

It's all a matter of persepctive.

that's not cheating...

DontWannaSay
11-01-2002, 03:01 PM
Originally posted by JustACoder

that's not cheating...

It's not cheating, but it would be incredibly easy to argue the point that twinking/PL'ing has done far more damage to EQ than SEQ ever has.

domesticbeer
11-01-2002, 03:10 PM
Hell, I have twinked every character except 1. Why well once you get to the post 50 game starting over with nothing just plain old sucks. I wish every item in the game was No Drop that will do wonders for the world economys.

testeater
11-01-2002, 03:14 PM
Create a generic, network controlled memory scanner, that can be used to scan any memory of any program on a Windows machine, remotely.

Make it public domain / freeware or something and upload it onto normal freeware sites (tucows/cnet etc). Make it clear that this program can be used for many, many different purposes.

However, we'll be using this program to do whatever is needed to grab the key from EQ...

Testeater.

Whitefire
11-01-2002, 03:52 PM
I had some free moments to waste today so I spent some time thinking of what to do about SEQ. The problem as of right now is decryption. To fix the decryptions there would have to be a some sort of memory scanning program on the client that sent the key into to the linux box OR there would have to be a Windows version of SEQ.

To be honest neither of these ideas excite me, but after giving it much thought I would hvae to say that a Windows Version of SEQ makes more sence and this is why:

First it doesn't matter what the program does that is running on the PC. SOE has the ability to scan processes and search for things. So if both programs are going to have to run on the EQ Client might as well port the entire program over.

The second reason is this. If SOE is as scared of a Windows version of SEQ as everyone thinks they are then they will take steps to try and stop its use. Said steps might include banning people, constant patching and more. Here is the kicker, if there is a windows version and EVERYONE that plays EQ has it, how are they going to stay in business when they start banning people.

I seriously think there should be a windows verions and everyone should go and post links on every guild website to download it. If enough people are using SEQ, SOE will have no option but to accept and move on or to ban everyone and put themselfs ou of business.

Just my crazy thoughts...

WhiteFire

Fatal
11-01-2002, 04:03 PM
Just a quick note..

That UI that was released with the maps in it and all the LOC's..
You know the one.. the one 20,000 of you downloaded ..

Make sure you all stop by and say thanks, since the maps came directly from this site and the people who use it.

Poser
11-01-2002, 04:07 PM
Good point, Fatal. Haven't used it yet (why should I, I have SEQ). But, thanks need to go out to the mappers anyway.

Fatal
11-01-2002, 04:23 PM
Heh, the point of the post was all these people saying "if you want maps, use that map ui" needed to be informed exactly where those maps came from.

Pretty funny actually.. the number one request from folks who downloaded the ui was to know if would be possible to make it show where they were on the map.

Hypocrites. 20,000 of em.

Poser
11-01-2002, 04:29 PM
Yep. I understand the intent of your post. Just feel like I have overlooked saying "Thank You" long enough.

You are right. If any of them actually open their minds and just read up on what SEQ can do and not do, they wouldn't be so ready to flame everyone.

Ignorance is a curable disease. Stupidity is not (save by a bullet)

;)

Manaweaver
11-01-2002, 05:36 PM
I'm sure it would be elementary to add a script in the XML to constantly access the /loc command (I know there is a compass or somethign that always shows your LOC). The difficult part I think would be to have a graphical representation of your player on the map in the correct LOC. I used the map mod once so I could trash my SEQ box...I found it very VERY lacking. All of the maps are divided into maybe 5 or 6 categories based on where the zones are grouped. IE: West Antonica, East Antonica, Faydwer, etc. All the maps in said group were on the same window that you had to scroll around to find the proper map and even then it was still a bit of a hassle to read considering the shear size of the window in relation to my player window. I was using 1280X1024(numbers may be slightly off) Well suffice to say I deleted the mod and went back to SEQ. Simple convenience I think was my issue. Why should I use a shitty map mod when I have SEQ? Perhaps if the mod was made to mimmic the mapping style of SEQ I would reconsider using it, however I doubt that is a very viable option. Just my 2 copper.

devnul
11-01-2002, 05:55 PM
"Cant win against the horde of people that would rather cheat than play a game correctly" SQWISLAME

hehe, you don't understand what the game is

we're talking about the game here and how to win it

if you want to contribute to the discussion on how to win this particular skirmish please do

if you want to call us cheaters, consider your mission accomplished

dn

ps used no punctuation for ease of reading by the intended audience

RavenCT
11-01-2002, 08:12 PM
Originally posted by JustACoder


that's not cheating...

True, my statement about powerleveling as "cheating" isn't all togeather accurate, but my point more was "it's all a matter of perspective".

Take, for example, the poor newbie who (unfortunatly) just bought the game and has hardly any idea how to get out of Freeport, let alone find there way around East Commons or N Ro... Along comes Mr. Powerleveler... And he keeps stealing every mob around that he can find so that his level 1 twinked out tank can get to level 10 in one night. The poor newbie is left trying to kill the one or two mobs that either spawned away from the P/Ler or that he doesn't care about.

Is this fair? Is it fair that the poor newbie has to wait for his pittaly 50 HP's to regenerate while the P/Ler has given his little tank a cool 300 to 500 HPs to play with and enough buffs so that hardly anything will touch him?

The poor newbie might look at this as "Hey! I'm just trying to play the game and you keep taking all the monsters away from me!", the P/Ler is thinking F* him, I've played this long enough to get an UBer char, and if I want to P/L a new char, I'll P/L a new char...


Now, is this argument right or wrong? Like I said, in the strictest definition of the word, no this is not cheating... but it sure as hell doesn't feel that way to the newbie...

darkangelx
11-01-2002, 08:32 PM
Ignorance is a curable disease. Stupidity is not (save by a bullet)
You are my hero Poser

darkangelx
11-01-2002, 09:05 PM
My thoughts:

First of all, to all the dev's, I offer a big thankyou. You have done so much for one person more than you know. I was a better than average windows user before SEQ. I was the poor shmuck that always died and could not find my corpse. (thanks Sgt Slate a lv 45-50 mob in a zone where newbies could get killed) Then I hear about a great program that allows you to have a map and it will tell you where you are 100% of the time. I couldn't believe it. There was a catch, I soon learned. What the hell is Linux? I asked myself. I spent hours on hackersquest back in those times reading and reading and reading. I chose something less talked about for my flavor of *nix. Slackware. (does anyone but me use it?) Anyway, neither here nor there. Me having this has helped me find lost friends, lost corpses(underwater). You all have I know it. ShowEQ has enlightened me and expanded my mind, forcing me to grow beyond my limited scope by challenging me with something new. Change, new things helps someone grow. Thank you devs.

However. I emplore you, please do not go WINSEQ. If nothing more than for the those that have used the tools and knowledge bestowed upon us by others including the devs. Make it so you still need the Linux box to view. The idea behind WINSEQ was and still is a bad idea.

Cam69
11-02-2002, 01:50 PM
I would use a WinSEQ version personally...though, EQ would soon have a Diablo-ish feel about it I imagine once WinSEQ became very widespread...

Maybe just have a stub to grab the key on the Win box, then send it to the *Nix box for processing...

Wartrack
11-02-2002, 08:08 PM
Keep an open mind to the possibility that they are not done changing the encryption. They said it was a 20 minute fix, and he smirked when he read the war doctrine....

I know it's possible... to secure the spawn info. They could do it. Change the format, change the encryption, use a creative key array with a checksum, and it may never be broken..

I'd hate to see a lot of development time wasted.... I think Verant should release a zone radar window, and everyone should just play or quit... I quit. Just posted 3 auctions, heh.

-Wartrack

a_guide_01
11-02-2002, 08:31 PM
though the game would be radically different, I don't think it would be diabloish because no SEQ for windows would allow you to cast anarchy or whatever from a 255 charge stick and give you godly plate armor. I wouldn't get rid of all the monsters on the way to target x, just let you know where they are.

I agree as well, SOE isn't done screwing around... but no doubt whatever Absor and the crew of crack heads comes up with, there is an answer and way to work around it.

Good luck dev's with all the upcoming things. and yes windows SEQ is not the worst idea I've heard.

smoothielover
11-04-2002, 02:10 AM
id just like to point out again that most of the everquest info sites are based on information gathered by SEQ users. thus SOE actually need us in some way.

BIG BROTHER issue will become more apparent as they change the encryption. this measn things that we know are not quite rigth will again be unfixed for weeks. anyone else notice that the AC and LODI are not spawning anywhere near what they used to? is this a server issue? probably. can they check yes. will they if we dont bitch. unlikely.

SoE cannot police their naming system let alone half the other things they probably should be doing so it comes down to us to police it to some extent. we tell them whats broken they fix it faster. some things cannot be fixed or solved using seq such as broken spawns etc but we sure as hell know when mobs spells and other things change.

anyone who looks at the bestiary or looks at a quest with specific information regardin mob abilities and spawnpoints most likely would be reading information SEQ has provided in some way. be logical about this. its been said before how do people know what lvl mobs are over 65 if they not ever had PoP. how is it possible that rare spawns are calculated to the hour if they are a random spawn accross a zone. how else can mobs be identified as things to hunt other than the experiences of people hunting that zone. i know sure as hell i dont know anyone who would sit in a zone doing nothing but watching a spawn point for a mob they think spawns there for over 3 weeks to find out the spawn times if the mob is reset on a patch/reboot etc.

there are some things that could be explained as normal research but some just dont add up unless they are SEQ users.

when anyone looks at eq atlas they are cheating the same as we are. we just know EXACTLY where the mobs are MOST of the time. sometimes we dont as the encryption changes but we still can help people find bodies etc. and i continue to do so.

the reality is that if a rare spawn pops that is a uber loot mob we need to get people all in the zone as fast as anyone else. if your camping LODI you either have a person at the spawn point or a ranger waiting and tracking etc. if you dont your not camping him and hes open game.

as far as i have experienced as a seq user and as a player there has NEVER been a situation where i could point a finger and say I WAS CAMPING THAT. HOW DID YOU KNOW IT WAS UP??

isnt hunting in the same zone as a mob that pops with an alt for XP still cheating if you swap chars to kill it? not really its in the game and is done. i hunt zones with rare spawns and risk death alot because of this reason. sure seq allows you to see mobs all across the zones and yes we can look for them better than most BUT the fact remains we still need to amass the people to kill have the skill to kill have the intelligence to install it and INVARIABLY the INGAME knowledge of where to hunt BEFORE we go there.

dont know about you but none of the maps or seq things ive seen ever said you should hunt these zones and you kill the mob using these strategies and that you need at least this many people.

ISNT giving this information away far more influencial on the game than anything else? throretically the specs of a mob are SoE's intellectual property. i dont see mobs changing a significan amount of times because this information is available to them.

for instance if eq atlass was to put colorfull areas on their maps stating lvl or mobs if they were rootable and where they hang out then most of the seq users would hjave exactly the same info as anyone else

THE ONLY PEOPLE the long range tracking helps is the pullers. and they are the ones who die the most. its only fair in my books that the people who risk the most should get the most help.

i dont risk a great deal most of the time in groups as in not normally the puller. the fact that i dont know where mobs are atm as i havent updated the cvs after they rebroke the encryption doesnt affect me in the slightest BUT i have to admit if you stand in the dangerous pull zones im noticing a significan amount of more trains and rezzes on my server. UP is one in particular im talking about. sure its a hard zone but even getting to the elysians camp with a LVL 60 group can be scary if the DARK assasin and masters are roaming around. surely the world understands that the games is not about how many times you die when travelling its about how many times you die FIGHTING.

anyone ever asked anyone in GUILD if whoposhi is up? there ya go they are cheating.

anyone ever ask in guild if such and such is dangerous? theyre cheating.

anyone ever get information from another player on anything they are technically cheating as SoE never intended that information to be spread in any other way than hailing the NPC who tells your or by killing the thing yourself.

by desigh the game is about grouping . think about it hard for a moment. if the tracking is the issue they want to break and thats ALL that broke in the last eqgame patch from what i saw then simply dont put it back up.

for some reasin all the unknowe spawns are not being displayed on my map. they are there when i targetr them etc so i can work out whats around if i try but the general concept of knowing if its a heavy spawn in the zone or whats camped can be done via shouts etc but that depends on other people in game. this is not a bannable thing so not asking and just knowing shouldnt really be bannable. the fact we know specifics about the mobs only assists in intelligent hunting and time saving because we dont need to study the bestiary. i still have old hand maps with rough area spawns and the reason i got seq was because i was approaced by a GM saying your a seq user. i didnt even know it existed at the time but the fact i knew more about the zone than the GM at the tiome seemed to piss him off. i said ask me a question about the zone which he did and i told him the answer.

he asked where does such and such spawn and whens he due. ui replied somthing along the lines of....http://everquest.allakazam.com/id=122232 or somthing along those lines.

obviously he pissed of about 2 minutes later btu the fact we learn from seq isnt actually the reason we win. the reason we win is beacause we understand how it works.

yes i write the long posts here it seems

also in regards to winseq/ any prog for memory searching.

WINDOWS cant handle its own memory properly in general really

as a techy who works on a few different OSs i would use the example in the smoothwall FAQ

THROW OUT THE MS junk and use linux. even a memory snffer on a windows system will be defeated easily. they just change 1 line of code EVEN put a comment line at the start of the source and the memory address will most likely change unless that are hardcoding it. the speed in which they are updating things and the DLL linkages shown in the intefaces & client imply thay are not hard coding them and thus EVERY time EQGAME changed so would the memory address. sure we can set up a snaffer based on the timings from a call etc but do we really want to write something for MS OS? its not really an OPEN SOURCE project anymore if we do.

Vlad
11-04-2002, 02:54 PM
Can't believe people give a shit if it's cheating or not. Too many stupid arguments can be made for or against it - so let the freaking topic drop.

As for SEQ - in the long term, I can only see verant winning this battle. They have control over their source, and can, if anything, change things faster than the SEQ dev team can adapt to them. Bring SEQ to Windows, and that long term is going to become very, very, very short term. The only option, it would seem, is to create a key sniffer on windows clients and have the program either relay the key to the SEQ box or just broadcast it on the local subnet, perhaps 'hiding' it as a windows service and encapsulating it in netbios traffic. That should at least prolong the inevitable.