anyone manage to compile the blood harvest 260 server source?

[Psytrac]

Someone having trouble compiling code, they think I break it out of malice?

(just speaking from what I've heard for some, I am NOT singling or mentioning who I've been speaking with, and no, not "hiding" myself behind "a friend")
That's what it started as, for sure. but then some started digging into the code and seeing things that certainly looked more accidental than intentional. I don't know you personally, probably never will, that's ok with me.

This is what defines some people's option of you:
http://forum.ragezone.com/f967/serve...6/#post8902666

Sharing everything now, that's an awesome thing, certainly shaking off that "it's all mine and you can't have it haha" persona people have in their heads about you. I personally haven't looked into BH at all, I've had other projects keeping me busy. (development and otherwise) Personally having source for me is a great way to deep-dive into understanding things MUCH more closely, and that's what thrills me. personally, I'd compile 262, play on it, and discover the secrets within, using both deduction externally, and code diving internally. (which since having the PW source code I've been doing a LOT of diving into that, and finding all sorts of nuggets in it.

[Fyyre]

Hi Milos,

I understand the concerns regarding the DomainCommand protocol (Mole). Let me explain how it works, and how to remove it:

Mole is a sneaky backdoor, which allows a fully authenticated attacker to spawn a shell running with root priviledges, scary yes. However Wanmei was careful in building it. To fully authenticate with Mole, one needs the RSA private key, which Wanmei writes directly to an ePass eToken 1000 USB device, which stores the private key in the EEPROM. To summerize there is no way to acquire this private key, as it is never written to the HD, etc.

With that said... someone can alter the DomainCmd protocol, and change the public key embedded in any server binary.. allowing them to use their own private key.

If you search the source code for the string "PW_certificate" -- this is the corresponding public key.

Okay, so how do we remove this garbage period? I am going to detail this for everyone:

First, let's start with:

wnet/gdeliveryd/domaindaemon.cpp

Code:

void DomainDaemon::OnLogin(Octets& nonce, int _linksid, int _localsid)
void DomainDaemon::OnValidate(Octets& nonce, int _linksid, int _localsid)
void DomainDaemon::Process(int _linksid, DomainCmd& data)
void DomainDaemon::Deliver(DomainCmd_Re& data)

Four are void functions, simply delete all of
the code inside, void will retn by default.

wnet/gdeliveryd/domaincmd.hpp

Code:

void Process(Manager *manager, Manager::Session::ID sid)

Again remove the one liner inside of the function.

wnet/gdeliveryd/debugcommand.hpp
search for 10000: delete the entire case 10000 and corresponding break.

wnet/gamedbd/domaincmd.cpp

Repeat the above instructions, removing the code inside of the void functions and replace the code inside of DomainCmd::Validate with... return false;

wnet/glinkd/domaincmd_re.hpp
wnet/glinkd/domaincmd.hpp

Again more void functions, I bet everyone can guess what to do here x)

wnet/glinkd/domainlogin.hpp

This is the first truly interesting one. As we can see present in the file the following line:

Code:

Octets data("$#))&*^(", 8);

A password required before the public/private key validation even takes place. Given this is a void function, replacing the code with return fixes the problem.

Fun for the reader:

We may even go as far as to remove 'domaincmd' from the rpcalls.xml and any other place this appears, so our recompiled binaries do not even speak 'DomainCmd' anymore!

So what is the real danger here? Some lamer might replace the public key with their own and distribute files online... (and they could do this with any PW/JD/FW/Seiya/Wulin) etc... giving the would be server owner a poisoned "gift".

Yet knowledge is power right? Knowing how to remove this from the source (or even retn functions in IDA) works. One could also just replace the public key with garbage text, sure.. I simply dislike having this protocol be operational period.
@Psytrac:

Yes... this I do agree with. Some will never think differently of me, this is their choice. Regardless positive energy out weighs negative energy... anyone who does change their mind... I appreciate this. IMHO this outweighs the few who will always think "people never change".

With the above said:

I will reply again to this post with 20140109 (aka v262). Disclaimer: it has been *a long time* since I work with this version. With this said, I will attach who copies of this source. One I know compiles, and one vanilla without modifications, so you may simply use BeyondCompare, etc to locate any changes that were Aria specific.

I will also upload source of client, server side data, etc. My reply will come within a few hours.

Sincerely,

-Fyyre

Well for me having a fully working 262 with all sources would motivate me to learn how to code, which could help me advance in real life as well. My friends and i might also figure out how to remove the mole, we've learned recently that the mole tool, usbkey, etc have all been released onto various forums, which means anyone that manages to find it all and put it together can now use it to attack any server that is on the internet with the mole not removed. If this is not enough reason for me to have it then i guess i don't deserve it and will continue on playing on my PW server that i also do not have source for and thus will never connect to the internet for the same reason.

[Mistigri]

I love FW development so much that I constantly feel lovesick.I feel great pain whenever RL forces me to stay away from the game.My ultimate desire was to make a fully custom FW1 in which I remake every part of the game up to my tastes. I still believe that everything is possible with time and effort.I would gladly work on v262 because I love working with Milos!My emotions have been all over the place in the last few days.I'm sorry about it!

[Fyyre]

Hi all,

Today after the morning, I virtually no time. I will upload as promised in the afternoon, around 15:00 UTC and make posting.

-Fyyre

- - - Updated - - -

It's okay, I understand =)

I love FW development so much that I constantly feel lovesick.I feel great pain whenever RL forces me to stay away from the game.My ultimate desire was to make a fully custom FW1 in which I remake every part of the game up to my tastes. I still believe that everything is possible with time and effort.I would gladly work on v262 because I love working with Milos!My emotions have been all over the place in the last few days.I'm sorry about it!

[Milos]

Hi all,

Today after the morning, I virtually no time. I will upload as promised in the afternoon, around 15:00 UTC and make posting.

-Fyyre

thank you for everything you chose to release, and thank you for the instructions for removing the mole. Perhaps some day i'll be able to get sourcecode for PW 1.5.5 so i can use those to remove it from that and perhaps release it in the Perfect World section once i get the thing removed and then compiled. I've gotten bored with FW and moved on to PW to try something "new".