Skip to Content
5-07-2008 @ 11:39AM
I'm an automation test engineer by trade, which means I pay my bills (including two WoW subscriptions) by writing applications just like this.While I cannot tell you if things are legal, illegal, covered under the DMCA, or anything else like that, I might be able to shed a little light on the -how- of all this.It is possible to reverse the communications protocols used by a client/server application by doing nothing more than watching the wire between the client and the server. This means that *you* don't need to install the application, you just need access to the network. I'm pretty sure this is the technique used my a lot of the 'private server' builds out there, but I'm not sure if 'glider' uses anything like this.Now, to do things like direct operations on address space to watch for client info updates (entity locations, server-side status updates for skills/spells, etc.) really requires the application to be installed on a system with something like softice or another debugger loaded. This is so you can watch the memory the application is using for data updates... So lets say you spot a zhevra on the horizon, you can watch memory as you approach it to find out where the client stores the positional data. Once you know that, you can send keyboard commands to the OS character buffer and 'steer' the player towards the location in memory.The other example would be watching memory for health or mana information and when the numbers get to small fire off a 'bandage' or 'invocate'... And if you know where the client sends this information to the server, you can bypass the keybord completely and just insert the data into the right location and have it happen.This is all greatly simplified, of course.Anyways, it's my understanding that going to such lengths to deobfuscate data in an application without explicit permission of the code's owner is a violation of the DMCA... Then again, I am not a lawyer - much to my parents chagrin. ;)
5-07-2008 @ 1:18PM
Interesting post.Re: DMCA, I'm only familiar with cases related to "circumventing an access control mechanism". Blizzard's in-RAM game data really wouldn't meet the standard for an "access control mechanism". (People have tried to stretch that provision pretty far, but haven't successfully taken it to that extreme.)
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.