Author Topic: GUID Spoofing questions  (Read 3957 times)

0 Members and 1 Guest are viewing this topic.

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: GUID Spoofing questions
« Reply #15 on: June 18, 2012, 04:40:31 am »
Think of it along the lines of dealing with the national government when you are trying to collect on a benefit.
They will stall,delay and claim denial hoping you will either die from your complaint or give up trying.

Quote
"rumor and false information."
Meanwhile in the real world...fact not rumor and verified for years now.

not sure, but i tried to spoof someone elses GUID before and got immediately kicked for invalid guid.. i logged his key hashes on my own server and used that when joining.

z, i know you persist on this, but you havent verified this yourself or are actively mod-apping right? its your assumptions from many years ago? sadly it seems like guids can indeed not be spoofed properly without getting kicked. tried many variations of this method before.
Not assumptions but a statement of observation and use of such output.

Because you tried a few times and gave up only shows that it was much harder than most people care to involve themselves in...which is as it was meant to be.

If the SALT changed each few months the same basic steps would need to be refreshed for the newer dated ID's is all.
If it was easy then everyone would be doing it...yet the basic steps themselves never change.

Like I said the easiest way is to start at train depot "A".

I do not care to post the "how" here nor will I PM anyone such info...much the same as how to join MP games without a real key or how to game GameSpy.
If a person works/thinks/studies about these things enough to understand them then they are wise enough to not pass that -dangerous- information around in a world filled with Jihad/basement dwelling dweebs.
« Last Edit: June 18, 2012, 05:15:03 am by ZOldDude »

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

bouncer123

  • Klass Klown
  • ***
  • Posts: 349
    • View Profile
Re: GUID Spoofing questions
« Reply #16 on: June 18, 2012, 05:07:53 am »
Think of it along the lines of dealing with the national government when you are trying to collect on a benefit.
They will stall,delay and claim denial hoping you will either die from your complaint or give up trying.

Quote
"rumor and false information."
Meanwhile in the real world...fact not rumor and verified for years now.

not sure, but i tried to spoof someone elses GUID before and got immediately kicked for invalid guid.. i logged his key hashes on my own server and used that when joining.

z, i know you persist on this, but you havent verified this yourself or are actively mod-apping right? its your assumptions from many years ago? sadly it seems like guids can indeed not be spoofed properly without getting kicked. tried many variations of this method before.
Not assumptions but a statement of observation and use of such output.

Because you tried a few times and gave up only shows that it was much harder than most people care to involve themselves in...which is as it was meant to be.

If the SALT changed each few months the same basic steps would need to be refreshed for the newer dated ID's is all.
If it was easy then everyone would be doing it...yet the basic steps themselves never change.

Like I said the easiest way is to start at train depot "A".

I do not care to post the "how" here nor will I PM anyone such info...much the same as how to join MP games without a real key or how to game GameSpy.
If a person woks/thinks/studies about these things enough to understand them then they are wise enough to not pass that -dangerous- information around in a world filled with Jihad/basement dwelling dweebs.

i didnt try it a "few" times only, i did intense research on this. yet you only post assumptions here or facts that were true 10 years ago (i know, 10 years are nothing at your age), which helps no one. in fact it only confuses ppl.

same as this "you can join without any cd-key at all" - true, but the game server kicks you out after a short time. i tried this as well before.


its not about any sort of salt either. the concept simply doesnt work. be seems to check with gamespy if the authentication is valid and its only valid if you know the cd-key - otherwise you cant generate valid auth hashes. you should know this from reading aluigi's documents.

Coronel_Niel

  • Insane Joker
  • ****
  • Posts: 846
  • Why can't I pick my own profile picture...
    • View Profile
Re: GUID Spoofing questions
« Reply #17 on: June 18, 2012, 05:13:41 am »
The server seems to have 2 guids received from the player, and checks both of them against each other and kicks you if there not the same. That's all I could see happening - Changed both entries of your cd-key maybe?
"Now we are going to watch my boys do it" - Joopig

bouncer123

  • Klass Klown
  • ***
  • Posts: 349
    • View Profile
Re: GUID Spoofing questions
« Reply #18 on: June 18, 2012, 05:22:49 am »
The server seems to have 2 guids received from the player, and checks both of them against each other and kicks you if there not the same. That's all I could see happening - Changed both entries of your cd-key maybe?

that sounds strange. i found its simply the gamespy key auth process (read aluigi's doc) and so it sends 2 hashes to the server in one packet. the be guid is then created on the server. but not sure where you saw 2 guids. also, "both entries"?

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: GUID Spoofing questions
« Reply #19 on: June 18, 2012, 05:24:00 am »
The server seems to have 2 guids received from the player, and checks both of them against each other and kicks you if there not the same. That's all I could see happening - Changed both entries of your cd-key maybe?

that sounds strange. i found its simply the gamespy key auth process (read aluigi's doc) and so it sends 2 hashes to the server in one packet. the be guid is then created on the server. but not sure where you saw 2 guids. also, "both entries"?

lol einstein ... reg key .. and memory key. not as clever as you make out really are you .. eh?

right off to bed , nail nice pic in the other thread.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

Coronel_Niel

  • Insane Joker
  • ****
  • Posts: 846
  • Why can't I pick my own profile picture...
    • View Profile
Re: GUID Spoofing questions
« Reply #20 on: June 18, 2012, 05:29:26 am »
EDIT: Moved to PM
"Now we are going to watch my boys do it" - Joopig

bouncer123

  • Klass Klown
  • ***
  • Posts: 349
    • View Profile
Re: GUID Spoofing questions
« Reply #21 on: June 18, 2012, 05:29:59 am »
The server seems to have 2 guids received from the player, and checks both of them against each other and kicks you if there not the same. That's all I could see happening - Changed both entries of your cd-key maybe?

that sounds strange. i found its simply the gamespy key auth process (read aluigi's doc) and so it sends 2 hashes to the server in one packet. the be guid is then created on the server. but not sure where you saw 2 guids. also, "both entries"?

lol einstein ... reg key .. and memory key. not as clever as you make out really are you .. eh?

right off to bed , nail nice pic in the other thread.

the troll is back, yeha! :icon_thumbsup

like i dont know that. once the key is in memory it obviously doesnt matter what the reg key is. the memory one is the only one that matters, einstein2.

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: GUID Spoofing questions
« Reply #22 on: June 18, 2012, 05:34:54 am »
Anyhow,if you wanted to make things harder for those who can,have and will again...simply take the publishers list of valid keys,brake them down into blocks and use a new SALT on each block.


*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

bouncer123

  • Klass Klown
  • ***
  • Posts: 349
    • View Profile
Re: GUID Spoofing questions
« Reply #23 on: June 18, 2012, 05:54:49 am »
Anyhow,if you wanted to make things harder for those who can,have and will again...simply take the publishers list of valid keys,brake them down into blocks and use a new SALT on each block.



not sure if you are talking about something else here altogether... the OP asked for whether a hacker could spoof/steal his own GUID and use it. so generating new keys is not the problem here ;)

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: GUID Spoofing questions
« Reply #24 on: June 18, 2012, 06:10:19 am »
Anyhow,if you wanted to make things harder for those who can,have and will again...simply take the publishers list of valid keys,brake them down into blocks and use a new SALT on each block.



not sure if you are talking about something else here altogether... the OP asked for whether a mod-apper could spoof/steal his own GUID and use it. so generating new keys is not the problem here ;)

Your smarter than that.

Make a Job out of it and run it with the next BE update.

Then again you now not have to decided not what GUID to global ban,but which whole BLOCK.

Now we all understand the bottom line here.

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

kenjamin

  • Poptart
  • *
  • Posts: 5
    • View Profile
Re: GUID Spoofing questions
« Reply #25 on: June 18, 2012, 06:16:35 am »

Then again you now not have to decided not what GUID to global ban,but which whole BLOCK.


wat

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: GUID Spoofing questions
« Reply #26 on: June 18, 2012, 06:26:29 am »

Then again you now not have to decided not what GUID to global ban,but which whole BLOCK.


wat

Read that and all posts above it again over and over again...slowly.

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: GUID Spoofing questions
« Reply #27 on: June 18, 2012, 06:53:17 am »
BTW I just got a 3 month old Australian Kelpie.

Perhaps I will field fence part of the ranch and get some goats next year.

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

bouncer123

  • Klass Klown
  • ***
  • Posts: 349
    • View Profile
Re: GUID Spoofing questions
« Reply #28 on: June 18, 2012, 07:39:25 am »
Anyhow,if you wanted to make things harder for those who can,have and will again...simply take the publishers list of valid keys,brake them down into blocks and use a new SALT on each block.



not sure if you are talking about something else here altogether... the OP asked for whether a mod-apper could spoof/steal his own GUID and use it. so generating new keys is not the problem here ;)

Your smarter than that.

Make a Job out of it and run it with the next BE update.

Then again you now not have to decided not what GUID to global ban,but which whole BLOCK.

Now we all understand the bottom line here.

honestly, no idea what you are talking about here. i dont see how this relates to spoofing one specific GUID. i know, you think a hacker could spoof a whole block and get it banned, right? given that he can generate all these valid keys himself.

only one problem here: math behind keys doesnt matter much as gamespy simply has a list of all sold keys. so its great that you think you can generate a whole block of algo-valid keys, but that wont help much if those are not in the gamespy list

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: GUID Spoofing questions
« Reply #29 on: June 18, 2012, 02:22:00 pm »
game spy ... memory ..  bollox ... you dont know jack shit lol.

EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157