Blizzard, Bnetd Respond on Bnetd Shutdown 675
From: "Tim Jung"
Subject: bnetd.org shutdown
If you would like more information on this please feel free to contact me. I am
one of the developers and the hosting ISP for www.bnetd.org. I have talked at
lenght with both the Blizzard/Vivendi lawyers and with EFF lawyers about our
options both as an ISP and as a developer.
As an ISP I did not force the group to do anything, but rather presented them
with all the legal information I have recieved and asked them what they wanted
to do. As you can imagine neither my company nor any of the developers have the
money to fight the Blizzard/Vivendi lawyers at this time. So until we are able
to get some legal help to fight this we felt we had no choice but to close down
the site for now until the time at which we could fight this legal battle.
If you have any questions or suggestions let me know.
Tim Jung
System Admin
Internet Gateway Inc.
files are still mirrored......for now (Score:5, Informative)
Comment removed (Score:3, Informative)
Re:Well, isn't this a crock of... (Score:2, Informative)
If they have reverse engineered in a clean room environment then they haven't stolen any IP. Who taught you it was illegal to write a product that is compatible at the protocol level with someone elses?
Re:files are still mirrored......for now (Score:1, Informative)
Why not hit KALI next? (Score:1, Informative)
They will still distribute this on DALnet, there were 15000 accounts created and 1700 users on last night (war3.myip.org) You can blame Blizzard for running to Vivendi on this one. They have a weak SHA-1 hash that is lossy and they dont want to release it because its such a crummy job (its been reversed out for how many binary bots on the real battle.net?) You dont need a CD-KEY to play d2 on the closed realms, they dont even check cdkeys accross regions, so really its not a fullproof system. They are just picking on the little guys that cant afford to fight back and that is really irritating. for every person who actually knows what's going on, there are 100 other ones that dont care and are too ignorant to understand.
IT wouldnt surprise me a bit for blizzard to drop this if they actually get taken to court, they will lose or settle out. they would have to modify every game that plays on bnet and implement new technology that has some real circumvetion prevention in it. after all you've seen what thier anti hack policy is and there are STILL working hacks EVERYWHERE. one of the d2 skill hacks im thinking of doesnt require any third party utilities. just some fancy inventory management. how's level 300 charged bolt sound? thought it was limited at 255? so did i.
Point is, they do stuff for show and do a crappy job of doing what they say they will in reality. when is the last time they released a game within 2 years of its original release date? any other gaming company that wont fly. I love thier games, they just dont do what they say they will. only when things become so mainstream they cant help but flail thier arms and cry for help.
New mirror with current cvs (Score:5, Informative)
Re:Well.... (Score:2, Informative)
Can you explain how it's "better and cheaper" then well tested and free? Which is the service that Blizzard is offering with battle.net.
Go read their FAQ on why they have a problem with it. It is not because they don't want a bnet emulator. It's because:
a) Battle.net is part of Blizzard's anti-piracy scheme for Blizzard's other games, such as Starcraft, Diablo II, and the upcoming warcraft III, which the writers of bnet did not write.
b) Using battle.net is integral in their beta test process, both for testing the servers and exipirng old copies of the beta. These can not be done if the software connects to non-battle.net servers.
=Blue(23)
Re:Translation (Score:5, Informative)
Why doesn't Blizzard provide facilities that enable these emulators to authenticate CD keys through Battle.net?
In order for us to keep our proprietary CD-key algorithms secure, we cannot allow outside servers to query for the validity of CD keys
See above. Blizzard puts bread on the table by making money through software sales. Why should they be required to open up their scheme to allow others to be able to pirate their software more easily?
Please don't comment on issues that you don't understand. This is a bare faced lie, and has nothing to do with encryption or security. Here's why:
There is nothing to stop bnetd from doing this already.
The bnetd server could simply open a socket to a Blizzard Battlenet server, and pass on all packets from the clients until it reaches the key challenge/response. It could then kick clients out if they fail the challenge (although the client should terminate itself if it receives a "go away" from the Battlenet server via bnetd).
Why don't they do this? Because one of the points of bnetd is to provide an independent network to Battlenet, which is buggy and prone to dreadful lag and downtime. Being reliant on Battlenet is counterproductive to the basic aims of bnetd.
However, if Blizzard were to set up separate authentication servers, that do nothing but authenticate encrypted CD keys without having to go through the whole login process, everybody wins. They can keep them up more easily, bnetd can use them with more confidence, and pirates can be kept offline. If the Battlenet authentication servers go down, bnetd could let in anyone, so pirates could only play when Battlenet goes down, and, hey, Blizzard aim for 100% uptime, right? By putting a delay on servicing requests from any given IP, Blizzard could protect themselves against crackers just throwing random packets at them, but they don't really have to, because unless you know the client side encryption scheme, that still doesn't help you get valid keys that you can use.
There is exactly zero implication for security. The bnetd server would send on exactly the same encrypted client packet that it already receives. All packet passing is verbatim, there is no need for Blizzard to reveal any details of their encryption scheme. Bnetd doesn't even need to know what a "yes/no" response from the Blizzard servers looks like, although it would be trivial to sniff, and better if they did know, as they could then forcibly terminate the client.
Reminder: bnetd could do this already. Your ISP's routers are doing this already.
There is one slight caveat. Blizzard might have done something "clever" like pack the result of a getpeername() into the CD key packet as Netrek [netrek.org] does with it's RSA packets to stop people inserting hacked "borg" clients between an unhacked client and a server. But there would simply be no reason for Blizzard to do this, and it would actually be counterproductive, as it would place a known and easily manpulated piece of data into the encrypted CD key packet, give a hint as to the encryption scheme used.
To recap: this particular statement from Blizzard is a big fat lie. I'm a professional network programmer, and I've hacked enough lousy and not so lousy encryption schemes to know. If you disagree, please spell out where the security hole is, because I'm simply not seeing one.
Re:Well, isn't this a crock of... (Score:2, Informative)
I'm not sure how you jumped to this from what I wrote. If you can create a game that competes with Blizzards then great. This is a case of taking the game that blizzard created and making it easier for people to steal it. That may not be the intention of many of the developers, but that is the end result.
You can't mak a server emulator that doesn't allow people to to avoid the copy protection. Even if you use some form of authentication, unless it's a central authentication server, you can use the same CD key on multiple servers. Even then, it would be easy to remove the authentication from an open source server.
There's also no good reason for Blizzard to set up and maintain the authentication server. This would be additional cost to them with little or no benefit.
Blizzard's reply to me... (Score:4, Informative)
From: "Rob Beatie"
To: aexia@yahoo.com
Subject: RE: One less copy of Warcraft 3 sold
Certain programs have been developed that allow users to bypass Battle.net's CD-key-authentication process. Although these programs might have been made with good intentions, they directly promote software piracy by allowing users who have illegitimately obtained our games to play them as if they'd been legitimately purchased. Furthermore, because these programs allow access without a CD key, they render malicious users unaccountable, thereby eliminating Blizzard's ability to protect legitimate consumers. Therefore, Blizzard has taken an aggressive stance opposing the use of these programs.
Please take a moment to read through our FAQ regarding these issues at http://www.battle.net/support/emulationfaq.shtml if you have any questions or concerns about Blizzard's stance on software piracy. {WR655}
-----Original Message-----
From: aexia@yahoo.com
Sent: Friday, February 22, 2002 10:31 AM
To: sales@blizzard.com
Subject: One less copy of Warcraft 3 sold
Thanks to your ill-considered invocation of the DMCA, you have one less customer now. I've used alternative server software(bnetd) to play over the Internet because battle.net is laggy and full of cheaters, hackers and other assorted morons. It's simply not a fun place to play.
Creating my own server allows me to play in peace, without lag, with my friends. It's not to promote piracy; it's to play the *game*, not a "license", I paid money to buy. It's mine and I'll play it however the hell I want to.
I'm sure you'll sell plenty of copies of Warcraft 3 anyways, but you won't sell one to me until you catch a clue.
A bit late, but Vivendi's not doing well (Score:2, Informative)
For those who just want a quick reference, here's the 52-week spread:
HIGH
69.23
(4/27/01)
LOW
35.65
(TODAY)
And it's still going down.
Good move, Vivendi. No wonder you're trying to get as much cash as possible.
Re:IPX Emulators (Score:3, Informative)
Apparently, they'll be suing everyone soon.
Re:Dumb (Score:2, Informative)
Loosing out to lhamas who cant "afford" $50 for your product sucks.
I am uncertain how one would go about "letting loose or releasing" out to lhamas. I suspect you intended to use the phrase "losing out".
Congratulations! You have been participant #37 in my campaign to rid Slashdot of this error.
An important update from the bnet.org folks (Score:2, Informative)
Subject: www.bnetd.org [bnetd.org]
and
Subject: Site UPDATE [bnetd.org]
The short version:
They had and have nothing to do with the WC3 Beta, the EFF is taking thier case with the ISP and they need donations.
Be sure to check back to the site for when the donations link becomes active.