Beware of OTCv8 weakness! Someone is decrypting OTCv8 clients again!

[Hardtoregister]

Unfortunately, I don't have cut proof, but the details I have should be enough for someone else to prove it.

I've heard from a third source that someone's OTCv8 client got cracked by someone of unclear intentions, seems friendly and want to help but who knows.
Same source says he decrypted medivia right after he decrypted their client.
My source says that they aren't using the traditional OTCv8 encryption, since it was cracked a looong time ago, they use a custom one that's been extremely safe until now, when OTCv8 faces their second(?) security risk!

It appears the cracker uses a pyton script of some kind to inject into the client using the client's own updater api.
Then somewhere there, get access to the decryption process of the client.
I wish I could tell more, but if it's true you can hijack the updater, or inject into the clients read-contents functions and dump it to files, then literally everyone using OTCv8 or the update features of OTCv8 has a serious security risk (again).

Could someone please verify this?
I am dying to know more, and I want to find out if it's truly now a problem of pandemic proportions!

 

[Sorky]

Current state of encrypting client is... You do it just to prevent 90% of noobs. Rest with knowledge, or even ChatGPT will crack your client, no matter how good your encryption is

 

[Hardtoregister]

Current state of encrypting client is... You do it just to prevent 90% of noobs. Rest with knowledge, or even ChatGPT will crack your client, no matter how good your encryption is

Of course, anything can be decrypted, but some random guy in OT community, cracking a specific client, no matter their encryption, in just mere minutes.. that's not a normal pro-decrypted CSI-PRO, that's someone who found a serious weakness!

 

[Tenzhiro]

Using built-in encryption or variations of it has been known to be able to get cracked within a minute for a long time.
Depending on what kind of customization you've done to your client, adding modules or whatnot, this shouldn't really matter; nothing added is nothing stolen.

The projects that do have assets to protect are a bit like Chernobyl, they go for the cheapest solution, not the permanent and most effective.
Encryption is just another part of development that one must learn and apply, next to adding more safety protocols.

For the majority of OTS, default encryption is good enough, it's what it's made for, it's a good start.
For bigger projects, if you're still using default encryption, you should go back to the blueprint table and think again..

Same applies to your MAP
Players can eventually scan/track your map, and voilà.
However you can hussle ID's around to negate this a bit, however this requires some leg work (from both developer and "crackhead")

 

[ReggyMcBoggle]

Of course, anything can be decrypted, but some random guy in OT community, cracking a specific client, no matter their encryption, in just mere minutes.. that's not a normal pro-decrypted CSI-PRO, that's someone who found a serious weakness!

And? This is nothing new, and there is nothing anyone can do about it. You can deter those without knowledge, but if someone really wants your client-sided files, whether that be a program or website assets, they are going to get it.

No point discussing it either. What you going to do? Find the guy and sue him? Good luck

 

[Hardtoregister]

Am I the only one here who find it baffling that medivia might be cracked right now?
isn't those the crown jewel of ots and are supposed to be the ones that's better than the rest of us?

 

[fridai]

I am dying to know more, and I want to find out if it's truly now a problem of pandemic proportions!

Always has been, its nothing new. You can decrypt any client with enough time and knowledge.
People pay for decrypting stuff, its really profitable thats why they will continue to do so.
Also its funny, what makes you think medivia is an exception ?

 

[neptuno]

Medivia's encryption is a joke and trivial to reverse.