How to fix auth server

[Souris]

Warning: technical post ahead!

This is how I fixed auth server in the files I released (http://forum.ragezone.com/f694/1-4-minimal-development-server-823016/). I believe there is another way, at least from what I've seen in the russian leaked files, but this one is simple enough and works.

The new thing
Auth server uses a certificate to encrypt the communications with delivery server. The reason is most likely that on official it is on a separate network or something like this.

The problem
Leaked auth server is incomplete and does not have the necessary certificates so it won't work.

Solution: in a nutshell
We'll tell delivery to accept any certificate and then create our own self signed certificate to use with the auth server.

Solution: delivery
You just need to set in the config:

au_cert = false

This causes delivery server to not check the authenticity of the auth server's certificate.

Solution: auth
Now that delivery will accept any certificate, we create a self-signed certificate. Then we pack it in a java keystore file which auth server can use.

Firstly,

You must be registered to see links

. You do not need to use a CA, but you will want to strip the key of its password. We'll assume the key is named "osppw.key" and the certificate "osppw.crt".

Once we have the key and the certificate, we'll convert them to DER format.

openssl pkcs8 -topk8 -nocrypt -in osppw.key -inform PEM -out osppw.key.der -outform DER
openssl x509 -in osppw.crt -inform PEM -out osppw.crt.der -outform DER

Those files can now be packed in a java keystore (see references for the "ImportKey" script).

java ImportKey osppw.key.der osppw.crt.der 
mv ~/keystore.ImportKey auth.keystore

We're nearly done, now we just need to modify the certificate initialization in auth server to use our keystore. Here in an example of what it can look like:

            // set security
            if(0 != CertVerify.getInstance().initJKS(AuthServer.class.getResource("auth.keystore").getPath(), "passphrase")) {
                throw new Exception("load JKS failed.");
            }

Attached is the keystore I used in my release. The certificate is valid for 10 years and the passphrase is "osppw_auth".

References

You must be registered to see links

jd-gui and fernflower java decompilers.

thanks to the people who helped me get the files and such

 

[marceloantonio1]

Re: How to fix 1.4 auth server

LOL It was so simple!!!
(but some people will go here and ask what a certificate is -.-')

 

[Souris]

Re: How to fix 1.4 auth server

LOL It was so simple!!!
(but some people will go here and ask what a certificate is -.-')

It indeed was quite simple with a bit of logic and decompiling. I don't expect most people to fix it themselves, but thought I'd post it here for posterity. So it is available if ever needed again.

 

[letanduy]

Re: How to fix 1.4 auth server

Sry im noobs!
How to use your auth.keystore? Where do i put it in my server and what things i have to do with it?

My authd has errors, cant add cubi gold, ptemplate.conf not work, some skill no effect...

 

[Romulan]

Re: How to fix 1.4 auth server

Sorry I'm noob! I don't know why the guy above me can't search on the forum..

 

[Souris]

Re: How to fix 1.4 auth server

Sry im noobs!
How to use your auth.keystore? Where do i put it in my server and what things i have to do with it?

My authd has errors, cant add cubi gold, ptemplate.conf not work, some skill no effect...

Sorry this is not a generic 1.4 support thread. Also you don't want to use the above tutorial if you don't know how to (de)compile java. Wait for someone to release a fully working version and meanwhile try to do useful things

 

[rbb138]

Re: How to fix 1.4 auth server

Actually no, this isn't how this works at all.

The certificate is not used if you set au_cert=false.
You do not need a certificate at all, you can just bypass it and save yourself alot of time.

And we do in-fact have the offical certificate, good luck cracking.

We had this authd working back in January for mars1980 lol, before he screwed us over.

 

[hrace009]

Re: How to fix 1.4 auth server

Actually no, this isn't how this works at all.

The certificate is not used if you set au_cert=false.
You do not need a certificate at all, you can just bypass it and save yourself alot of time.

And we do in-fact have the offical certificate, good luck cracking.

We had this authd working back in January for mars1980 lol, before he screwed us over.

lol yeah, sory to hated you before mars1980, if not because of you maybe the auth will not work

thanks for fix it. robb, anubis, bash, das

 

[rbb138]

Re: How to fix 1.4 auth server

anubis more than most, btw souris did you talk to anubis or something because you and him both used the exact same way to get the authd cert request working oO, and its not even the one offical uses (they use psck11).

 

[risingsoft]

Re: How to fix 1.4 auth server

good for noting?

 

[Souris]

Re: How to fix 1.4 auth server

Certificate without private key is just as good as no cert at all. I will have to try the no-cert-at-all way.

As for how I came to this, decompiling jio.jar shows the JKS-related methods, which seemed way less troubles than messing with PSCK#11.

 

[Dysmo]

first off, awesome tutorial, it was really easy to follow.

However, I am not as awesome and manage to mess up just about anything =\. I got an error while running start.sh involving the authd.sh, mainly this:

Spoiler

set security
if(0!=CertVerify.getInstance().initJKS(AuthServer.class.getResource("auth.keystore").getPath(), "osppw_auth")) {
throw new Exception("load JKS failed.");
}

The error was:

./authd.sh: 12: Syntax error: "(" unexpected (expecting ")")

 

[Psytrac]

let's see... line 12 needs a ")" gee.. that was hard..

 

[Dysmo]

I'd love to see where, I've changed this code about 100 times....

 

[AcidRayne]

the only part im having trouble with is where to put this

We're nearly done, now we just need to modify the certificate initialization in auth server to use our keystore. Here in an example of what it can look like:
Code:

// set security
if(0 != CertVerify.getInstance().initJKS(AuthServer.class.getResource("auth.keystore").getPath(), "passphrase")) {
throw new Exception("load JKS failed.");
}

Yes im aware this makes me noob but after searching for it for as long as i have i no longer care. XD

Edit:

./authd.sh: 13: //ermission denied
./authd.sh: 14: syntax error: "(" unexpected (expecting ")")

 

[Dysmo]

the only part im having trouble with is where to put this



Yes im aware this makes me noob but after searching for it for as long as i have i no longer care. XD

Edit:

./authd.sh: 13: //ermission denied
./authd.sh: 14: syntax error: "(" unexpected (expecting ")")

Erase the "//" at the beginning to remove the permission denied error. And we're on the same page for the syntax error.

 

[AcidRayne]

Erase the "//" at the beginning to remove the permission denied error. And we're on the same page for the syntax error.

yea i am trying everything i can think of and it just tells me it's expecting something else.

 

[NeOCzx]

in my understanding, i think its need decompiling of some .class files and inject the key to make it auto auth without needing a cert file.

it cant be done by simply add the code to ur authd.sh files. maybe that is the source of ur error. plz correct me if i wrong.

 

[AcidRayne]

in my understanding, i think its need decompiling of some .class files and inject the key to make it auto auth without needing a cert file.

it cant be done by simply add the code to ur authd.sh files. maybe that is the source of ur error. plz correct me if i wrong.

when you add the code on the first page to your auth.sh files is when you get the syntax error i am thinking the code is writing wrong but i haven't been able to fix it

 

[NeOCzx]

hmm.. what i mean is the code was supposed to be injected into decomplied java server auth (maybe some .jar or .class) to make use the of the keystore created.(sorry for bad explanation. my english sucks.)

= The code is not meant to be injected into authd.sh . that explains the error.