Login only with custom client

kaiqu3gabriel · Mar 27, 2019

Hi, I have a online server and I need to upgrade sprites but it can make problems with debugs when player use the normal tibia client.

How I configure to make login only with my custom client and normal tibia client never login more?

hans henrik · Mar 28, 2019

oen432 said:
As @Mustafa1337 pointed out, using custom RSA key is the best and secured way.

changing the RSA key for the cipsoft client is easy, if you don't want anyone to login with the Cipsoft client, then change the login protocol, even just a little (don't change a byte, but ADD a byte that the real cipsoft client don't add). it's very difficult to update the cipsoft client to use a custom login protocol with extra bytes. (an excellent example of this is outcastserver.com 's custom client, it was very difficult to get the cipsoft client to log in there, according to the owner of outcast, i'm the only person who has ever managed to do it, and the server has been running since 2004!!! (i did it with OllyDBG and BlackD Proxy))

kor · Mar 28, 2019

OH MY GOD, can I touch you?

Felipe93 · Mar 28, 2019

kor said:
OH MY GOD, can I touch you?

HAHAHA xd best comment ever
im pretty sure is not that hard to do that

hans henrik · Mar 29, 2019

Felipe93 said:
im pretty sure is not that hard to do that

oh really? then make and publish a solution for logging into outcastserver.com with a cipsoft client,
i bet $100 (100 USD) you can't do it. (and i won't accept the solution unless you login AND the client doesn't crash AND the client renders the map)

Edit: expires at 2019-05-01 (a little over a month since this post was made)

Felipe93 · Mar 29, 2019

hans henrik said:
oh really? then make and publish a solution for logging into outcastserver.com with a cipsoft client,
i bet $100 (100 USD) you can't do it. (and i won't accept the solution unless you login AND the client doesn't crash AND the client renders the map)

i could take your bet but are you sure if i do that would you pay me 100 usd?
because im not gonna waste my time, maybe a few hours to try to access into a sh@t server with normal client just to bot...
in that case would be easier to use otclient and enable bot feature..
im sure i can get both anyway(normal and otc) shouldn't be that hard anyway like i said before

hans henrik · Mar 29, 2019

Felipe93 said:
i could take your bet but are you sure if i do that would you pay me 100 usd?

yes, i'm sure. i can pay with bank transfer or paypal (or if you're in Norway, i can pay with vipps)

in that case would be easier to use otclient and enable bot feature..

is there any decent cavebot for otc? the specific feature i needed was a cavebot, and the cipsoft 7.6 client + BlackD Proxy gave me that.

im sure i can get both anyway(normal and otc) shouldn't be that hard anyway like i said before

as far as the bet is concerned, i'll only accept a solution which gets the cipsoft client logged in. (i know it's not difficult to port otc to the custom login protocol tho

)

Merrok · Mar 29, 2019

Felipe93 said:

you need source edit your server files in order to change rsa and then put that rsa in your client to it's useless anyone can check the rsa by hexediting the client, the same with ports and ip (with ports and ip is more easy you, can check those changes via cmd with the command netstat -n)

anyway atleast in otx (which is based on tfs 0.4)
its in configmanager.cpp and you need to edit rsamodulus

C++:

m_confString[RSA_PRIME1] = getGlobalString("rsaPrime1", "14299623962416399520070177382898895550795403345466153217470516082934737582776038882967213386204600674145392845853859217990626450972452084065728686565928113");
        m_confString[RSA_PRIME2] = getGlobalString("rsaPrime2", "7630979195970404721891201847792002125535401292779123937207447574596692788513647179235335529307251350570728407373705564708871762033017096809910315212884101");
        m_confString[RSA_PUBLIC] = getGlobalString("rsaPublic", "65537");
        m_confString[RSA_MODULUS] = getGlobalString("rsaModulus", "109120132967399429278860960508995541528237502902798129123468757937266291492576446330739696001110603907230888610072655818825358503429057592827629436413108566029093628212635953836686562675849720620786279431090218017681061521755056710823876476444260558147179707119674283982419152118103759076030616683978566631413");
        m_confString[RSA_PRIVATE] = getGlobalString("rsaPrivate", "46730330223584118622160180015036832148732986808519344675210555262940258739805766860224610646919605860206328024326703361630109888417839241959507572247284807035235569619173792292786907845791904955103601652822519121908367187885509270025388641700821735345222087940578381210879116823013776808975766851829020659073");

Not exactly. You need to edit the primes as well as the modulus and the private key.
The modulus and the private key are being calculated using the primes.
So all of these need to be changed in order for RSA to work.
But as I said before, before you change anything in the source code, make sure there is no way to configure it in the config file.
You can read about how it works exactly here:

Cryptography - An Introduction

Cryptography Basics Since I see lots of wrong assumptions about what IT-Security actually is and how it is practiced i thought I'd write a "small" thread on the topic to help you make your OT and personal data more secure. Please be aware that i will just talk about basics and not go deeper...

otland.net

hans henrik said:
changing the RSA key for the cipsoft client is easy, if you don't want anyone to login with the Cipsoft client, then change the login protocol, even just a little (don't change a byte, but ADD a byte that the real cipsoft client don't add). it's very difficult to update the cipsoft client to use a custom login protocol with extra bytes. (an excellent example of this is outcastserver.com 's custom client, it was very difficult to get the cipsoft client to log in there, according to the owner of outcast, i'm the only person who has ever managed to do it, and the server has been running since 2004!!! (i did it with OllyDBG and BlackD Proxy))

Good for you. You seem to be very proud of it.
The point is that of course there are people who know how to do it but don't assume that the normal OT user even knows what an IDE is.

Felipe93 · Mar 29, 2019

hans henrik said:
yes, i'm sure. i can pay with bank transfer or paypal (or if you're in Norway, i can pay with vipps)

is there any decent cavebot for otc? the specific feature i needed was a cavebot, and the cipsoft 7.6 client + BlackD Proxy gave me that.

as far as the bet is concerned, i'll only accept a solution which gets the cipsoft client logged in. (i know it's not difficult to port otc to the custom login protocol tho )

ofc there is otclient cavebot - Google Search (https://www.google.com/search?q=otclient+cavebot&rlz=1C1CHBF_esCL832CL832&oq=otclient+cavebot&aqs=chrome..69i57.3127j0j7&sourceid=chrome&ie=UTF-8)

but im not gonna start because im not sure if that i accomplish this task i will get pay . so that's the problem

let's talk via PM and stop discuss here, because we are going out of focus (this is not for what the thread was made)

Login only with custom client

kaiqu3gabriel

New Member

hans henrik

Active Member

kor

PHP ziom

Felipe93

Ghost Member

hans henrik

Active Member

Felipe93

Ghost Member

hans henrik

Active Member

Merrok

Magic Tomato

Cryptography - An Introduction

Felipe93

Ghost Member

Similar threads