Home » Archived Forums » RenGuard Client » This should alleviate your concerns...
This should alleviate your concerns... [message #76233] |
Mon, 05 April 2004 16:50 |
|
Crimson
Messages: 7429 Registered: February 2003 Location: Phoenix, AZ
Karma: 0
|
General (5 Stars) ADMINISTRATOR |
|
|
As you might be aware, RenGuard has been in beta testing for about a week now. In that time, we have changed and fixed dozens of usability feedback items and bugs, and improved error handling. RenGuard changes and improves every passing hour. The feedback from our testers has been excellent and useful.
As you might expect, ways have been suggested to get around RenGuard. Some ways we have already thought of and countered. Some ways we might not. Our beta testers and even most people who read these forums are smart enough, and care about Renegade enough to approach us privately with their concerns. We appreciate those people.
However, there are others who don't care about Renegade and the success of RenGuard. Those people instead decide to take an approach not unlike some script kiddies who terrorized Renegade back in the day and posted their suggested ways to get around RenGuard on their website and tell everyone about it, so that in their mind, we'd be forced to fix the problem. But what they didn't understand is that we have been and are addressing this and other possible exploits and we won't release until they are resolved. We are unwaveringly commmitted to you, the players of Renegade, and there is NOTHING we have ever done that should make you doubt that. Hundreds of dollars and hundreds of hours has gone into this product with only one motive, to stop cheating in Renegade.
On that note, the concern was also brought up that we might be wanting to STEAL your serial number. This is simply not true.
Here, some serial hashes for your enjoyment.
c30aeb22
19576f7
b7c648c8
9f48b277
1e29757c
bc1b2892
Quote: | http://www.watchguard.com/glossary/o.asp
one-way hash function
A mathematical process performed on data to produce a numeric result called a message digest, which cannot be reversed to produce the original message.
See hash and message digest.
hash code
A unique, mathematical summary of a document that serves to identify the document and its contents.
message digest
A mathematical function used in encryption to distill the information contained in a file into a single large number, typically between 128 and 256 bits in length. Message digests are also known as one-way hash functions because they produce results where it is mathematically infeasible to try to calculate the original message by computing backwards from the result. Message digest functions are designed so that a change to a single character in the message will cause the message to result in a very different message digest number. Many different message digest functions have been proposed and are now in use; most are considered highly resistant to attack.
|
Please read and understand this definition of a hash. Not only do we have no use for your serial, but we couldn't get it if we wanted to from the information the client sends to us. The only reason we even want anything close to your serial is for banning purposes. As you can guess, there will be people who will do their best to continue to make our lives miserable. In order to stop them from interfering with our games and the new RenGuard network, it is necessary to find as many ways as possible to ban them from the servers so that they can't disrupt those of us who want to enjoy the game.
In conclusion, I want to apologize for the display of immaturity you may have seen on here earlier, some of which was on my part, and assure you that you have no reason to fear our intentions. If you have any concerns, please feel free to contact me or anyone on the team privately, or visit our new RenGuard support channel, #renguard_support, on irc.n00bstories.com IRC network.
I'm the bawss.
[Updated on: Mon, 05 April 2004 21:57] Report message to a moderator
|
|
|
|
|
|
This should alleviate your concerns... [message #76260] |
Mon, 05 April 2004 18:27 |
|
Blazer
Messages: 3322 Registered: February 2003 Location: Phoenix, AZ
Karma: 0
|
General (3 Stars) Administrator/General |
|
|
v00d00 brought up a good example of explaining how a one-way hash cannot reveal the origional data.
Lets say you have a 5MB file, text file, video clip, whatever.
You can create a 32bit hex number of that file.
So stay with me...5MB file, big number that is a "signature" of that file.
Now lets say that I post that 32bit number on the internet. Can someone use it, and with a super computer or whatever, "decrypt" it back to the 5MB of data? NO. It is simply a numerical signature of some data, it is not some algorithmn that converts the data to some encrypted form that can be reverse engineered.
However, with this signature, you can use it for COMPARISONS, to validate the origional data, without knowing what the data is.
Simple example:
Some file Simpsons.mpg , a 50 MegaByte video file. You create a 32bit hash of it and get a hexidecimal number like "d1f9c69e".
Now you send that number "d1f9c69e" to me. I cannot use this number to recreate your 50MB simpsons episode, even with all the computers in the world. But if I want to verify later that the Simpsons.mpg you have is the same one that you had earlier, I can regenerate a hash of Simpsons.mpg and if I get d1f9c69e again, then I know its the same file.
This is the way RenGuard tests your serial. Its a one-way hash that allows comparisons only to pre-recorded values. There is no way to recreate your serial from the data, except an elaborate brute force attack of generating random serials, hashing them, and then comparing the results to see if the hash matches. Frankly Renegade serial numbers are of such length I doubt anyone would want to dedicate their computer for months on end to do that just to get someones $9 serial number...it would be like trying to recreate 5 seconds of that 50MB video file I talked about, not to mention the only "someones" who even have access to the hashes are the Renguard team. Also, no hashes are saved or recorded, unless they are used for a ban.
I hope this helps clear up any misconceptions about RenGuard accessing your serial numbers. We realize that not everyone is a CS major and a thorough explanation is needed.
As to whether it is illegal or not to access the serial, I don't see any issues as renegades banlist.txt has options to ban by serial EA has shown us they do not support this game and as far as they are concerned it all but doesn't exist. I seriously doubt they are going to spend thousands of dollars to sue a bunch of volunteers who are just doing a good thing (stopping cheats).
LONG story short:
1. Renguard does not steal your serial.
2. Renguard makes an un-reversable signature of your serial, which can be used for comparison only. It cannot be decrypted back to your origional serial...period.
3. These signatures are not even recorded anywhere, until and only while a ban using one is in place (hopefully bans on the RG system will be a rare occurance anyhow).
4. Is RG Illegal for doing anything at all with the serial? Its a grey area. If it was an active game that they cared about, probably a bad idea to do anything including using a logo without their permission. But since Renegade is a legacy game, with no support whatsoever, I'm not expecting anythign to happen to the RenGuard team any more than being sued for using the Renegade windows icon. At any rate, that is OUR problem...so enjoy playing Renegade cheat-free, and leave the legal ramifications to us.
If anyone has any questions or comments, I will be happy to respond to them.
|
|
|
|
This should alleviate your concerns... [message #76295] |
Mon, 05 April 2004 19:53 |
v00d00
Messages: 45 Registered: October 2003 Location: Canada
Karma: 0
|
Recruit |
|
|
Something else I brought up in private, but will share now..
Even if it was feasable to reverse the CD-Keys
1) Why? It's obviously in use by someone.
2) Again, why? There are numerous CD key generators, and it's algorythm isn't very hard to follow. Using it, you could simply create a file of EVERY serial, and try em till you find a unique valid one. (ie: fire em at the WOL server (when it's up) till it OK's it).
3) Reversing the CRC (or even generating a list of ALL serials + CRC's of those to look up against) would take longer than to simply create the list of all serials without crc's, and validate online.
The keygens have been around since the beginning of Renegade. Yes, most keys it create won't work.. Some will. If you have that much time on your hands to try to 1) steal a key, or 2) generate a valid WORKING one, then you obviously don't care about Renegade (because instead of doing that, you could be PLAYING, or HELPING the community).
If you are really desperate for a valid key, do what I did.. BUY it. Hell, with it's price in stores currently, buy 10. I bought it (like all other C&C games) when it first came out at full price. Now I've seen it in local stores for $5-10.
- v00d00
|
|
|
This should alleviate your concerns... [message #76332] |
Mon, 05 April 2004 22:34 |
|
Dante
Messages: 1039 Registered: February 2003
Karma: 0
|
General (1 Star) |
|
|
lets not forget what the post said originally, either way, you still call me an idiot for things that blazer & v00d00 just confirmed as possible.
no you can't decrypt it, but YES you could (with bruteforce) find the serial.
Quote: | As you might be aware, RenGuard has been in beta testing for about a week now. In that time, we have changed and fixed dozens of usability feedback items and bugs, and improved error handling. RenGuard changes and improves every passing hour. The feedback from our testers has been excellent and useful.
As you might expect, ways have been suggested to get around RenGuard. Some ways we have already thought of and countered. Some ways we might not. Our beta testers and even most people who read these forums are smart enough, and care about Renegade enough to approach us privately with their concerns. We appreciate those people.
However, there are others who are not so smart and don't care about Renegade and the success of RenGuard. Those people instead decide to take an approach not unlike some script kiddies who terrorized Renegade back in the day and posted their suggested ways to get around RenGuard on their website and tell everyone about it, so that in their mind, we'd be forced to fix the problem. But what they didn't understand is that we have been and are addressing this and other possible exploits and we won't release until they are resolved. We are unwaveringly commmitted to you, the players of Renegade, and there is NOTHING we have ever done that should make you doubt that. Hundreds of dollars and hundreds of hours has gone into this product with only one motive, to stop cheating in Renegade.
On that note, the concern was also brought up that we might be wanting to STEAL your serial number. This is simply not true.
Here, some serial hashes for your enjoyment.
c30aeb22
19576f7
b7c648c8
9f48b277
1e29757c
bc1b2892
Quote:
http://www.watchguard.com/glossary/o.asp
one-way hash function
A mathematical process performed on data to produce a numeric result called a message digest, which cannot be reversed to produce the original message.
See hash and message digest.
hash code
A unique, mathematical summary of a document that serves to identify the document and its contents.
message digest
A mathematical function used in encryption to distill the information contained in a file into a single large number, typically between 128 and 256 bits in length. Message digests are also known as one-way hash functions because they produce results where it is mathematically infeasible to try to calculate the original message by computing backwards from the result. Message digest functions are designed so that a change to a single character in the message will cause the message to result in a very different message digest number. Many different message digest functions have been proposed and are now in use; most are considered highly resistant to attack.
Please read and understand this definition of a hash. Not only do we have no use for your serial, but we couldn't get it if we wanted to from the information the client sends to us. The only reason we even want anything close to your serial is for banning purposes. As you can guess, there will be people who will do their best to continue to make our lives miserable. In order to stop them from interfering with our games and the new RenGuard network, it is necessary to find as many ways as possible to ban them from the servers so that they can't disrupt those of us who want to enjoy the game.
In conclusion, I want to apologize for the display of immaturity you may have seen on here earlier, some of which was on my part, and assure you that you have no reason to fear our intentions. If you have any concerns, please feel free to contact me or anyone on the team privately, or visit our new RenGuard support channel, #renguard_support, on irc.n00bstories.com IRC network.
|
RenEvo
|
|
|
This should alleviate your concerns... [message #76333] |
Mon, 05 April 2004 22:38 |
v00d00
Messages: 45 Registered: October 2003 Location: Canada
Karma: 0
|
Recruit |
|
|
But again, so can anyone (even without the serial hashes).. Lets see, spend time creating the CRC's, or JUST create the serials.. Creating only the serials = alot faster, and can be done renguard or not.. Hmm..
Hell, lemme just generate a few billion serials, and I bet most people here would be on the list.
Besides, at this point renegade serials aren't a big issue.. The hot topic lately has been getting FDS serials lol.
- v00d00
|
|
|
This should alleviate your concerns... [message #76335] |
Mon, 05 April 2004 22:56 |
|
gibberish
Messages: 366 Registered: May 2003
Karma: 0
|
Commander |
|
|
This whole argument is totally mute.
When it comes down to it, it is all a matter of trust.
Unless you are prepared to disassemble every executable that someone gives to you, you have to trust that the author isn't going to do something bad to you.
For example we only have the Renguard Teams word that Renguard won't format the hard drive of anyone running Final Rengade. In most cases a program has the potential to do anything your user account has rights to do.
So if you are logged in with admin rights the program can format your hard drive. The same goes for serial numbers you either Trust that the Renguard team will not steal your number (or you don't), if you don't trust them don't install the client.
|
|
|
This should alleviate your concerns... [message #76339] |
Tue, 06 April 2004 00:38 |
|
As I am the only one with full source code to the client (MAC has a copy as well but its out of date), I can say for sure that there is no trojans, hard-disk-formatting code or other nasties in there.
I would advise people not to run RenGuard inside a debugger (e.g. if you have SoftIce running in the background) because the protection will trigger on it and I dont know what the protection does in that case but other than that, nothing bad will happen.
|
|
|
This should alleviate your concerns... [message #76345] |
Tue, 06 April 2004 01:30 |
|
England
Messages: 618 Registered: February 2003 Location: High Wycombe, England
Karma: 0
|
Colonel |
|
|
Dante | lets not forget what the post said originally, either way, you still call me an idiot for things that blazer & v00d00 just confirmed as possible.
no you can't decrypt it, but YES you could (with bruteforce) find the serial.
Quote: | As you might be aware, RenGuard has been in beta testing for about a week now. In that time, we have changed and fixed dozens of usability feedback items and bugs, and improved error handling. RenGuard changes and improves every passing hour. The feedback from our testers has been excellent and useful.
As you might expect, ways have been suggested to get around RenGuard. Some ways we have already thought of and countered. Some ways we might not. Our beta testers and even most people who read these forums are smart enough, and care about Renegade enough to approach us privately with their concerns. We appreciate those people.
However, there are others who are not so smart and don't care about Renegade and the success of RenGuard. Those people instead decide to take an approach not unlike some script kiddies who terrorized Renegade back in the day and posted their suggested ways to get around RenGuard on their website and tell everyone about it, so that in their mind, we'd be forced to fix the problem. But what they didn't understand is that we have been and are addressing this and other possible exploits and we won't release until they are resolved. We are unwaveringly commmitted to you, the players of Renegade, and there is NOTHING we have ever done that should make you doubt that. Hundreds of dollars and hundreds of hours has gone into this product with only one motive, to stop cheating in Renegade.
On that note, the concern was also brought up that we might be wanting to STEAL your serial number. This is simply not true.
Here, some serial hashes for your enjoyment.
c30aeb22
19576f7
b7c648c8
9f48b277
1e29757c
bc1b2892
Quote:
http://www.watchguard.com/glossary/o.asp
one-way hash function
A mathematical process performed on data to produce a numeric result called a message digest, which cannot be reversed to produce the original message.
See hash and message digest.
hash code
A unique, mathematical summary of a document that serves to identify the document and its contents.
message digest
A mathematical function used in encryption to distill the information contained in a file into a single large number, typically between 128 and 256 bits in length. Message digests are also known as one-way hash functions because they produce results where it is mathematically infeasible to try to calculate the original message by computing backwards from the result. Message digest functions are designed so that a change to a single character in the message will cause the message to result in a very different message digest number. Many different message digest functions have been proposed and are now in use; most are considered highly resistant to attack.
Please read and understand this definition of a hash. Not only do we have no use for your serial, but we couldn't get it if we wanted to from the information the client sends to us. The only reason we even want anything close to your serial is for banning purposes. As you can guess, there will be people who will do their best to continue to make our lives miserable. In order to stop them from interfering with our games and the new RenGuard network, it is necessary to find as many ways as possible to ban them from the servers so that they can't disrupt those of us who want to enjoy the game.
In conclusion, I want to apologize for the display of immaturity you may have seen on here earlier, some of which was on my part, and assure you that you have no reason to fear our intentions. If you have any concerns, please feel free to contact me or anyone on the team privately, or visit our new RenGuard support channel, #renguard_support, on irc.n00bstories.com IRC network.
|
|
I know a man with the algorythm
In the end it doesn't matter if you are who you say you are. You will still mean nothing to me.
When i have kids, everytime i drive past a fast food restaurant, im gonna punch my kid in the face, then they'll never wanna come..
|
|
|
This should alleviate your concerns... [message #76346] |
Tue, 06 April 2004 01:35 |
|
Even if you knew the encryption or hashing algorithims used for RenGuard, you would still need to figure out the encryption keys.
Difficult, especially given that a new key is generated every time the program connects to a server.
|
|
|
|
|
|
|
|
btw... [message #76373] |
Tue, 06 April 2004 05:24 |
|
The serial is not the only thing we use for banning u.
I wont say what else we are using but even if you get a new serial. you wont automatically be allowed back on the network.
|
|
|
|
This should alleviate your concerns... [message #76416] |
Tue, 06 April 2004 12:34 |
flyingfox
Messages: 1612 Registered: February 2003 Location: scotland, uk
Karma: 0
|
General (1 Star) |
|
|
I dunno m8, doesn't seem to be many cheaters around these dayz.
I'm not sure if GX is still hosting final renegade anyway, if they aren't then that's probably some of the reason there've been less cheaters around. That's not to say they aren't. But face it, last year it was like an outbreak when renguard began development, these days it's nothing like it was then. I'll be glad to play on renguard servers but the it really isn't going to feel any different except you've got a few Kb of memory running in the background and 2 less kiddies per game tossing out the accusations.
|
|
|
|
|
|
This should alleviate your concerns... [message #76666] |
Wed, 07 April 2004 12:24 |
flyingfox
Messages: 1612 Registered: February 2003 Location: scotland, uk
Karma: 0
|
General (1 Star) |
|
|
Then I would hasten to say you're either unlucky or I'm lucky. Cheating just isn't like it was, and that can only be a good thing.
Bring on the renguard. w00t w00t and all that.
|
|
|
Goto Forum:
Current Time: Sun Nov 24 14:11:56 MST 2024
Total time taken to generate the page: 0.01671 seconds
|