Jump to content

[PoC] brAthena's MAC address ban system bypass proof-of-concept

Secrets

By Secrets
in Client Releases

 Share

Recommended Posts

Secrets Marin

Secrets

Posted
Posted

[Untested]

Slap Roarrr.asi into your RO client folder and watch brAthena get confused.

 

I take no responsibility of any kind from consequences of using this client add-on. It is simply provided as a proof-of-concept on how weak brAthena's MAC address ban system is.
Use it at your own risk.

anacondaq Poring

anacondaq

Posted
Posted (edited)

I don't understand your hate to different emulators, like hercules or brathena, but his src mod will not work at all because of its nature and ethernet
Also, your changes can break almost all protection if focusing and having a goal for it. I talk about protections which use simple mac address taken from client's network adapter PC's (hardware mac) as a unique identifier of a player session for doing different manipulations. Also, macs can be very easy edited with default GUI from windows without any problems. So mac protection for server owners = bad idea, must be used something more interesting and unique like motherboard + cpu + some other PC part like hard drive + some salt.

 

Edited by Anacondaqq
Secrets Marin

Secrets

Posted
  • Author
Posted
14 hours ago, Anacondaqq said:

I don't understand your hate to different emulators, like hercules or brathena, but his src mod will not work at all because of its nature and ethernet
Also, your changes can break almost all protection if focusing and having a goal for it. I talk about protections which use simple mac address taken from client's network adapter PC's (hardware mac) as a unique identifier of a player session for doing different manipulations. Also, macs can be very easy edited with default GUI from windows without any problems. So mac protection for server owners = bad idea, must be used something more interesting and unique like motherboard + cpu + some other PC part like hard drive + some salt.

 

brAthena's solution is using a launcher or some custom mod to read the computer's physical address and put it into packet 0x0825 (enabled with SSO login packet patch) at 0x3C offset.

Secrets Marin

Secrets

Posted
  • Author
Posted

 

15 hours ago, Normynator said:

Do you have Source Code for that PoC publicly available?

No, it's my other experimental "secure login" project with with codes commented and a line for this bypass added, and I'm too lazy to clean it up for a release. It just hooks into the "send" function and modify the buffer.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...