Secrets Posted November 27, 2018 Posted November 27, 2018 [Untested] Slap Roarrr.asi into your RO client folder and watch brAthena get confused. I take no responsibility of any kind from consequences of using this client add-on. It is simply provided as a proof-of-concept on how weak brAthena's MAC address ban system is. Use it at your own risk. Quote
Normynator Posted November 27, 2018 Posted November 27, 2018 Do you have Source Code for that PoC publicly available? 1 Quote
anacondaq Posted November 27, 2018 Posted November 27, 2018 (edited) I don't understand your hate to different emulators, like hercules or brathena, but his src mod will not work at all because of its nature and ethernet. Also, your changes can break almost all protection if focusing and having a goal for it. I talk about protections which use simple mac address taken from client's network adapter PC's (hardware mac) as a unique identifier of a player session for doing different manipulations. Also, macs can be very easy edited with default GUI from windows without any problems. So mac protection for server owners = bad idea, must be used something more interesting and unique like motherboard + cpu + some other PC part like hard drive + some salt. Edited November 27, 2018 by Anacondaqq Quote
Secrets Posted November 28, 2018 Author Posted November 28, 2018 14 hours ago, Anacondaqq said: I don't understand your hate to different emulators, like hercules or brathena, but his src mod will not work at all because of its nature and ethernet. Also, your changes can break almost all protection if focusing and having a goal for it. I talk about protections which use simple mac address taken from client's network adapter PC's (hardware mac) as a unique identifier of a player session for doing different manipulations. Also, macs can be very easy edited with default GUI from windows without any problems. So mac protection for server owners = bad idea, must be used something more interesting and unique like motherboard + cpu + some other PC part like hard drive + some salt. brAthena's solution is using a launcher or some custom mod to read the computer's physical address and put it into packet 0x0825 (enabled with SSO login packet patch) at 0x3C offset. Quote
Secrets Posted November 28, 2018 Author Posted November 28, 2018 15 hours ago, Normynator said: Do you have Source Code for that PoC publicly available? No, it's my other experimental "secure login" project with with codes commented and a line for this bypass added, and I'm too lazy to clean it up for a release. It just hooks into the "send" function and modify the buffer. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.