Newbie Spellweaver
- Joined
- Sep 19, 2011
- Messages
- 17
- Reaction score
- 0
Hello I would like to take the time to discuss some things about the runescape server protocol, such as legal issues and some things that are good to know.
First on the list: legal issues.
Some people believe that the I/O protocol is copyrighted by runescape, when infact only few of the methods used are actually different then a regular DataOutputStream and a DataInputStream, and many other I/O libraries.
The thing is, runescape packets are split into pieces because in I/O you're never sure when all of the bytes are going to reach the server or the client. So what JaGeX did was develop a way to initialize access of writing packets and ending it when the packets are finished, and they are written as bytes..Also, updates are written in bits. For those of you who don't know, there are 8 bits in a byte, unlike an int or long. For example, an int is a 32 bit integer, which means it's split into 4 bytes.
Write an integer:
Write a packet: (note: this uses the ISAAC algorithm to ensure that packets are cryptographically secure.. I'll talk about that later.)
public void createFrame(int id) {
buffer[currentOffset++] = (byte)(id + packetEncryption.nextInt());
}
The point is, this protocol is widely used among thousands of applications you probably use, and not just in Java either.
In cryptography, ISAAC is a pseudorandom number generator and a stream cipher designed by Robert Jenkins (1996) to be cryptographically secure. The name is an acronym for:
Indirection
Shift
Accumulate
Add
Count.
What a pseudorandom number generator can do, is generate a random number from a seed, given the the equivalent seed, we can produce the same number again. Thus we use this for securing packets.
This is also, a very widely used method alongside RC4, of which it was inspired, for stream ciphering
Another thing that is nice to know about the server protocol is that, if you or someone else wrote the code, it is not illegal, as long as the code is not copyrighted or privately licensed.
The thing about winterlove is that the "stream" and "cryption" classes are both stolen from the 317 client..
It is deobfuscated code but the actual protocol remains the same, a server like hyperion, rs2dv, or any custom frameworks most likely use a custom packet system and ISAAC algorithm(there are a couple Java implementations.)
Part two: Things to know about clients
Clients are not illegal, although the cache is. Really jagex has no way of proving that the code was deobfuscated from their own, although they can prove it is done over a wide basis in the rsps communities. What they can prove: is that you are abusing their contracts by using and raping their images, models, sounds etc. And not to mention their cache format
Really, this isn't a problem because by conventions of law, they can not prosecute for a crime being held in an over-sea or third world country, unless aided by a federal government. So a solution to this problem of hosting servers is that they must be hosted over seas, (or in a third world country) to avoid being prosecuted, although you may still be taken to court.
Another issue brought up in the past is that JaGeX may try to sue you, I mean, hell they've done it before for other things, i.e. frugoo in 06', or impsoft just a couple years ago. (if you want the link to the case summaries provided by the lawyers I would be happy to oblige)
The thing is, unless you're causing runescape major disruption by either stealing players or encouraging breaking of their terms of service of a massive scale, there's no way they will even notice your server.. You can avoid them going on your site by using terms and conditions on the splash page, this could be brought up in court and have all case evidence throw out that was gathered from your website, and JaGeX knows this. The only evidence they could possibly hold against you is evidence they gathered from THEIR servers.
Part three: Viruses in sources?
There is no such thing. It is impossible for text to contain viruses! I don't know how many times I've seen the first post for a release to be "virus scan pls"! It's annoying! Unless a person is releasing something that's super sketchy it's most likely legit, I've never... EVER downloaded a source containing a virus, and I've been at the rsps scene for the past 4 years.
Anyway, those are some of my discussion points, if anybody would like to add to any of this or discuss it you can here. Also I would be happy to answer any and all questions about any of the methods of encryption or I/O I have discussed in this thread.
First on the list: legal issues.
Some people believe that the I/O protocol is copyrighted by runescape, when infact only few of the methods used are actually different then a regular DataOutputStream and a DataInputStream, and many other I/O libraries.
The thing is, runescape packets are split into pieces because in I/O you're never sure when all of the bytes are going to reach the server or the client. So what JaGeX did was develop a way to initialize access of writing packets and ending it when the packets are finished, and they are written as bytes..Also, updates are written in bits. For those of you who don't know, there are 8 bits in a byte, unlike an int or long. For example, an int is a 32 bit integer, which means it's split into 4 bytes.
Write an integer:
Code:
public void writeDWord(int i) {
buffer[currentOffset++] = (byte)(i >> 24);
buffer[currentOffset++] = (byte)(i >> 16);
buffer[currentOffset++] = (byte)(i >> 8);
buffer[currentOffset++] = (byte)i;
}Write a packet: (note: this uses the ISAAC algorithm to ensure that packets are cryptographically secure.. I'll talk about that later.)
public void createFrame(int id) {
buffer[currentOffset++] = (byte)(id + packetEncryption.nextInt());
}
The point is, this protocol is widely used among thousands of applications you probably use, and not just in Java either.
In cryptography, ISAAC is a pseudorandom number generator and a stream cipher designed by Robert Jenkins (1996) to be cryptographically secure. The name is an acronym for:
Indirection
Shift
Accumulate
Add
Count.
What a pseudorandom number generator can do, is generate a random number from a seed, given the the equivalent seed, we can produce the same number again. Thus we use this for securing packets.
This is also, a very widely used method alongside RC4, of which it was inspired, for stream ciphering
Another thing that is nice to know about the server protocol is that, if you or someone else wrote the code, it is not illegal, as long as the code is not copyrighted or privately licensed.
The thing about winterlove is that the "stream" and "cryption" classes are both stolen from the 317 client..
It is deobfuscated code but the actual protocol remains the same, a server like hyperion, rs2dv, or any custom frameworks most likely use a custom packet system and ISAAC algorithm(there are a couple Java implementations.)
Part two: Things to know about clients
Clients are not illegal, although the cache is. Really jagex has no way of proving that the code was deobfuscated from their own, although they can prove it is done over a wide basis in the rsps communities. What they can prove: is that you are abusing their contracts by using and raping their images, models, sounds etc. And not to mention their cache format
Really, this isn't a problem because by conventions of law, they can not prosecute for a crime being held in an over-sea or third world country, unless aided by a federal government. So a solution to this problem of hosting servers is that they must be hosted over seas, (or in a third world country) to avoid being prosecuted, although you may still be taken to court.
Another issue brought up in the past is that JaGeX may try to sue you, I mean, hell they've done it before for other things, i.e. frugoo in 06', or impsoft just a couple years ago. (if you want the link to the case summaries provided by the lawyers I would be happy to oblige)
The thing is, unless you're causing runescape major disruption by either stealing players or encouraging breaking of their terms of service of a massive scale, there's no way they will even notice your server.. You can avoid them going on your site by using terms and conditions on the splash page, this could be brought up in court and have all case evidence throw out that was gathered from your website, and JaGeX knows this. The only evidence they could possibly hold against you is evidence they gathered from THEIR servers.
Part three: Viruses in sources?
There is no such thing. It is impossible for text to contain viruses! I don't know how many times I've seen the first post for a release to be "virus scan pls"! It's annoying! Unless a person is releasing something that's super sketchy it's most likely legit, I've never... EVER downloaded a source containing a virus, and I've been at the rsps scene for the past 4 years.
Anyway, those are some of my discussion points, if anybody would like to add to any of this or discuss it you can here. Also I would be happy to answer any and all questions about any of the methods of encryption or I/O I have discussed in this thread.
Last edited:
