http://code.google.com/p/gwlp-revived-open-source/
That's the google code project page. There's currently two main developers and a bunch of minor coders helping out with little things (usually people from GR which is fully supporting this project now). If you think you can help out (or are just interested in the project) just out the project page and get involved.
GWLP: Revived
ErrantVenture
ranger rothers
These Open Source projects crack me up, the summary page doesn't even say what the heck this software does 
ErrantVenture
Quote:
|
Originally Posted by ranger rothers
These Open Source projects crack me up, the summary page doesn't even say what the heck this software does
|
zwei2stein
Hey, arent theese people know for making bots and stealing/reselling accounts?
What is this thread/link still doing here?
Would anyone sane actually run it when antivirus gives you pretty damn good reason not to as it says it is bundled with trojan?
What cracks ME up is that their MOSt important isse now is not development, but getting nice logo for project.
Anyhow, summary is simple: Hi. This is neat attempt to get people who are still interested in playing GW and propably activelly playing it to run some of our code on their computers :-). Please, do NOT forget to log in to your GW1 account very soon, ok? ^^ I hope you have lots of ecto xoxo and turn of antivirus :-*.
What is this thread/link still doing here?
Would anyone sane actually run it when antivirus gives you pretty damn good reason not to as it says it is bundled with trojan?
Quote:
|
Originally Posted by ranger rothers
These Open Source projects crack me up, the summary page doesn't even say what the heck this software does
|
Anyhow, summary is simple: Hi. This is neat attempt to get people who are still interested in playing GW and propably activelly playing it to run some of our code on their computers :-). Please, do NOT forget to log in to your GW1 account very soon, ok? ^^ I hope you have lots of ecto xoxo and turn of antivirus :-*.
_rusty
hi there,
believe me or not, i'm what you guys called the lead dev of gwlpr.
the project is actively continued right now.
its true that we aim for pvp instances, but we've found that pve isnt much more than that (e.g. when you implement quests and npc dialogs, you might as well record the pve data and use it with the same system)
note that we've restructured the project, which is now open source. (really)
if you'r interested and you dont mind the moral dilemma with GR, check out the latest changes, contribute and help us!
believe me or not, i'm what you guys called the lead dev of gwlpr.
the project is actively continued right now.
its true that we aim for pvp instances, but we've found that pve isnt much more than that (e.g. when you implement quests and npc dialogs, you might as well record the pve data and use it with the same system)
note that we've restructured the project, which is now open source. (really
)if you'r interested and you dont mind the moral dilemma with GR, check out the latest changes, contribute and help us!
ErrantVenture
Quote:
|
Originally Posted by zwei2stein
Hey, arent theese people know for making bots and stealing/reselling accounts?
What is this thread/link still doing here? Would anyone sane actually run it when antivirus gives you pretty damn good reason not to as it says it is bundled with trojan? What cracks ME up is that their MOSt important isse now is not development, but getting nice logo for project. Anyhow, summary is simple: Hi. This is neat attempt to get people who are still interested in playing GW and propably activelly playing it to run some of our code on their computers :-). Please, do NOT forget to log in to your GW1 account very soon, ok? ^^ I hope you have lots of ecto xoxo and turn of antivirus :-*. |
tl;dr It's an open source project, that means that probability of someone attempting to use it to distribute malware or steal login info is nearly nonexistent.
Turkey Baster
The amount of ignorance in this thread is mind boggling.
Did you take the time to actually look through the code or even scan the archive? The author along with everyone working on the project are very trusted members who could care less about ecto because I'm sure they have a staggering amount as it is.
Why? To be able to run a server where everyone can start off with all pvp equiment and skills unlocked, tweak the skills to older version (i.e. Smiter's Boon) and have fun is a terrible idea? I'm glad this project is going and I fully support it. NC Soft charges $10 per skill pack and another $10 for equipment. Which is pointless.
Quote:
|
Originally Posted by zwei2stein
Hey, arent theese people know for making bots and stealing/reselling accounts?
What is this thread/link still doing here? Would anyone sane actually run it when antivirus gives you pretty damn good reason not to as it says it is bundled with trojan? What cracks ME up is that their MOSt important isse now is not development, but getting nice logo for project. Anyhow, summary is simple: Hi. This is neat attempt to get people who are still interested in playing GW and propably activelly playing it to run some of our code on their computers :-). Please, do NOT forget to log in to your GW1 account very soon, ok? ^^ I hope you have lots of ecto xoxo and turn of antivirus :-*. |
Quote:
|
Originally Posted by Bebbo
Looks like a terrible idea.
|
ErrantVenture
Quote:
|
Originally Posted by wilebill
Link is blocked and this is against the EULA not to mention a waste of time.
|
http://www.guildwarsguru.com/forum/s...9&postcount=55
Calista Blackblood
Errant are you actually a developer or helper of this project?
own age myname
Damn, I remember when this projected started back in '07
It is not against the EULA. Gaile said so herself.
It is not against the EULA. Gaile said so herself.
ErrantVenture
Quote:
|
Originally Posted by Calista Blackblood
Errant are you actually a developer or helper of this project?
|
_rusty
i dont quite get what you have done with my posts, but one question:
ErrantVenture who are you?
ErrantVenture who are you?
Silmar Alech
It seems to me that this project is perfect to produce private server sandboxes to be able to develop the perfect pvp bots without the risk of being monitored and banned. And it is against the current Rules of Conduct:
You may find that these rules of conduct were last modified Oct 2009, and Gaile Gray's message is dated from Oct 2007, which makes her message outdated.
Quote:
|
Originally Posted by Rules of Conduct
20. You will not attempt to play Guild Wars on any server that is not controlled or authorized by NC Interactive or its designees.
21. You will not create, use, or provide any server emulator or other site where Guild Wars may be played, and you will not post or distribute any utilities, emulators or other software tools related to Guild Wars without the express written permission of NC Interactive, NCsoft Europe, or NCsoft Corporation. |
martyn10011
Quote:
|
Originally Posted by Silmar Alech
It seems to me that this project is perfect to produce private server sandboxes to be able to develop the perfect pvp bots without the risk of being monitored and banned.
|
I wish you the best of luck regardless. I'll be watching with quite a lot of interest...
ErrantVenture
Quote:
|
Originally Posted by martyn10011
You honestly think people would try code something like this purely to try make undetectable PvP bots? Are you absolutely mad? Why are people with absolutely zero knowledge of what is trying to be achieved making their own assumptions and looking down on projects like this?
I wish you the best of luck regardless. I'll be watching with quite a lot of interest... |
zwei2stein
ErrantVenture
Look, i might have been way, WAY overreacting, but i have little love or trust to botting community, so I do have to apologize: sorry.
As for opensource, i have to note that few people read code and fewer compile their own version, with majority simply downloading binaries and thinking that they, by some magic, have to be safe.
Server emulators, bots and other tools were repackaged by malicious third parties before.
The deal was that only people with working GW accounts were allowed to use it.
She said it was against EULA, but that they will allow it to exist under this condition.
Basically, you had to validate your login to emulator server with loging to real GW.
Look, i might have been way, WAY overreacting, but i have little love or trust to botting community, so I do have to apologize: sorry.
As for opensource, i have to note that few people read code and fewer compile their own version, with majority simply downloading binaries and thinking that they, by some magic, have to be safe.
Server emulators, bots and other tools were repackaged by malicious third parties before.
Quote:
|
Originally Posted by own age myname
Damn, I remember when this projected started back in '07
It is not against the EULA. Gaile said so herself. |
She said it was against EULA, but that they will allow it to exist under this condition.
Basically, you had to validate your login to emulator server with loging to real GW.
godis
Look forward to the day when I get my SF sin and 600 monk back 
Spiritz
Us ppl on guru have a lot at risk - we have our gw account security which is no1 concern.
There has been too many times in the past where something looks/sounds gd but turns out otherwise - so hell we`re allowed to be cautious
PPl that promote the use of bots or even have bots on website or even encourage gold selling via adverts etc on their own site , you think us public ppl would go around open armed and accept everything ?
Private servers would need some form of login and tbh just that alone sets of the alarm buttons for many of us - and you must be able to understand why.
The login would require some form of access to gw server itself otherwise you could put anything in and get chrs/inv etc - now if someone gives their gw login details and say that "gw server" that joe bloggs runs on a pc thats been compromised then those details could fall into bad hands.
End of the day its us ppl who want our accounts safe and yes were going to be cautious as hell and the feeling so far towards this project is natural so dont go blowing off at us - that itself looks dodgy.
There has been too many times in the past where something looks/sounds gd but turns out otherwise - so hell we`re allowed to be cautious
PPl that promote the use of bots or even have bots on website or even encourage gold selling via adverts etc on their own site , you think us public ppl would go around open armed and accept everything ?
Private servers would need some form of login and tbh just that alone sets of the alarm buttons for many of us - and you must be able to understand why.
The login would require some form of access to gw server itself otherwise you could put anything in and get chrs/inv etc - now if someone gives their gw login details and say that "gw server" that joe bloggs runs on a pc thats been compromised then those details could fall into bad hands.
End of the day its us ppl who want our accounts safe and yes were going to be cautious as hell and the feeling so far towards this project is natural so dont go blowing off at us - that itself looks dodgy.
_rusty
Quote:
|
Originally Posted by Spiritz
The login would require some form of access to gw server itself
|
Quote:
|
Originally Posted by zwei2stein
Server emulators, bots and other tools were repackaged by malicious third parties before.
|
Quote:
|
Originally Posted by _rusty
ErrantVenture who are you?
|
Cool Name
Quote:
|
Originally Posted by _rusty
It doesnt. (currently)
|
Spiritz
Quote:
|
Originally Posted by Cool Name
Purely out of interest can you explain how you can validate someone's account without using the guild wars servers?
|
How does your private server validate with no means of validating the account details - also the other worrying points are if someone is say not 100% trustworthy and run their own private server - whats to stop them using the details for their own means in gw ?
Whats more worrying is there is nothing currently being said by anet - eg has anyone within last few days contacted anet on their views of this , just incase theres a hidden clause and the makers find themselves in a bad situation.
_rusty
Quote:
|
Originally Posted by Spiritz
How does your private server validate with no means of validating the account details
|
Just so you know:
We don't want to encourage piracy, cause we love playing the game.
We wouldn't want to do any financial harm to the developers.
However, we currently cannot support any authorization of original accounts, because we haven't come up with a secure solution.
That solution might only be achievable with ArenaNet's support, but i guess that wont happen.
In a nutshell, if you've got doubts whether this harms the eula or not, simply don't use it, don't support it and don't spread the word.
(And i highly doubt that it doesn't...)
Silmar Alech
Quote:
|
Originally Posted by ErrantVenture
They don't seem to realize that it would involve FAR less effort to burn a couple throwaway accounts testing a bot to perfection on live servers than it would to completely recode a server from scratch based on nothing but packet logs.
|
But I am 100% sure the bot developers all jump immediately and enthusiastically to use it as their development platform. Burning throwaway accounts may be somewhat easy for account thieves or people with a big wallet (I don't know), but simply using a non-monitored server is so much easier. It even gives more information: you can always look what can be monitored on the server side and how to avoid being monitored.
Don't shoot the messenger: I only tell the bad news.
_rusty
That is partly right, but lets face it:
We dont know how Anet's servers work, all we can do is guess.
(Which means we are missing a lot of packets, development is slow and we cannot provide the exact same functionality)
Also, i never intended any measurements against bot usage on GWLP:R,
thats why you could create a bot on it without any problems,
switch to the real servers and get banned instantly and permanently.
Imo using it to develop bots doesn't make any sense that way, even if it is possible of course.
Apart from that,
...lol
We dont know how Anet's servers work, all we can do is guess.
(Which means we are missing a lot of packets, development is slow and we cannot provide the exact same functionality)
Also, i never intended any measurements against bot usage on GWLP:R,
thats why you could create a bot on it without any problems,
switch to the real servers and get banned instantly and permanently.
Imo using it to develop bots doesn't make any sense that way, even if it is possible of course.
Apart from that,
Quote:
|
Originally Posted by Silmar Alech
But I am 100% sure the bot developers all jump immediately and enthusiastically to use it as their development platform
|
Aljasha
I don't think GWLP could be used to develop bots at all, because server architectures seem to differ so much from each other. Not that I know any of the details, but my best guess is that the devs of GWLP build their own server farm or something that resembles that of GW (separate login and game servers and whatnot).
Actually, I can't say if this project will be successful, because you (the devs) have to invest a lot of time and devotion into this project and even more when you start balancing skills. That alone could get very tedious and I don't think if your motivation will be that great when other games are launched.
I do appreciate what you are doing and hope for the best.
Actually, I can't say if this project will be successful, because you (the devs) have to invest a lot of time and devotion into this project and even more when you start balancing skills. That alone could get very tedious and I don't think if your motivation will be that great when other games are launched.
I do appreciate what you are doing and hope for the best.
KairuByte
Can't you just validate the same way the client does normally? Let the login server do it's thing through a proxy, and after you get the confirmation of account validity server side, cut communication with the login server.
Since it is server side, clients can't mess with the login process.
Since it is server side, clients can't mess with the login process.
_rusty
You can't because we would 'see' the login data. And we don't wanna see that.
But good idea at least ;D
But good idea at least ;D
Spiritz
Quote:
|
Originally Posted by KairuByte
Can't you just validate the same way the client does normally? Let the login server do it's thing through a proxy, and after you get the confirmation of account validity server side, cut communication with the login server.
Since it is server side, clients can't mess with the login process. |
And i assume if your using a proxy server then that users ip will be totally different - and when they do login on their own ip they find their accounts banned due to security issues.
_rusty
As i understood it, we would have to emulate login, then use the client's data to send a login request at Anet servers at the same time, to check if it's valid.
As our server IP doesnt change that is OK.
But as i said, we'll have to handle the login data from the client, and also,
we would possibly overload Anet servers with logins from different Clients with the same IP address.
(Idk if that triggers any security measurement)
As our server IP doesnt change that is OK.
But as i said, we'll have to handle the login data from the client, and also,
we would possibly overload Anet servers with logins from different Clients with the same IP address.
(Idk if that triggers any security measurement)
KairuByte
In all honesty, the only way you are going to take care of the login without the users being able to subvert the check entirely is to do everything server side. Yes there is the chance for a malicious user to take the patched client and steal the password, but there is no real way to avoid this. If you want to release the end result publicly with a lower chance of a lawsuit, your going to have to do it this way.
EDIT: Your going to have to test, instead of throwing out excuses. That's part of the process of coding. You can't just say "I don't think this will work, so I'm not going to bother trying". Seriously.
EDIT: Your going to have to test, instead of throwing out excuses. That's part of the process of coding. You can't just say "I don't think this will work, so I'm not going to bother trying". Seriously.
Lanier
Err, could someone explain exactly what this project is to those of us who don't know all of these technical terms like emulate or coding? As I currently understand it, this would allow people to play on private servers where skill balance can be undertaken by those who run the server, not by anet. Is this correct? Would this be for both PvP and PvE?
_rusty
@ Lanier: yes, check GR if you've got more questions. (Link can be found of the project site)
Well, seriously, we cant simply say:
"Hey guys, give us your valid login data, so we might check if you're allowed to play here.
And dont mind us being a crew consisting of some random people from the internet."
And of course we won't, but thats a fact.
And having to admit that it would be possible for us to save the client's verification data wont give us much of popularity, would it?
I mean, i'm not saying we are not trustworthy, but i wont expect anyone to give us their data. Seriously.
Quote:
|
Originally Posted by KairuByte
Your going to have to test, instead of throwing out excuses. That's part of the process of coding. You can't just say "I don't think this will work, so I'm not going to bother trying". Seriously.
|
"Hey guys, give us your valid login data, so we might check if you're allowed to play here.
And dont mind us being a crew consisting of some random people from the internet."
And of course we won't, but thats a fact.
And having to admit that it would be possible for us to save the client's verification data wont give us much of popularity, would it?
I mean, i'm not saying we are not trustworthy, but i wont expect anyone to give us their data. Seriously.
KairuByte
Quote:
|
Originally Posted by _rusty
@ Lanier: yes, check GR if you've got more questions. (Link can be found of the project site)
Well, seriously, we cant simply say: "Hey guys, give us your valid login data, so we might check if you're allowed to play here. And dont mind us being a crew consisting of some random people from the internet." And of course we won't, but thats a fact. And having to admit that it would be possible for us to save the client's verification data wont give us much of popularity, would it? I mean, i'm not saying we are not trustworthy, but i wont expect anyone to give us their data. Seriously. |
Now, I do have to ask an obvious question. Is the login data encrypted before it is sent to the server? Because in all honesty if it is MD5'd before it is sent there would be no issue.
And seriously, in this day and age.... Is the Guild Wars client susceptible to a packet repeat attack? I would think they would utilize an nonce type system to remove that type of vulnerability.
kikkerbeer
_rusty if us normal fowks can help with the project please tell.
would love to test this stuff
would love to test this stuff
_rusty
Ok your right with that point.
Actually that will work under the following conditions:
The client sends the login data as usual, with a double encryption. (The packets them selfs are encrypted as well as the user password)
The server establishes an encrypted connection with the original auth server and just repeats the data from the client, waiting for verification packets.
Those are sent to the client asap and it will be able to login to the gwlpr servers.
We wont be able to actually use the login data.
Actually that will work under the following conditions:
The client sends the login data as usual, with a double encryption. (The packets them selfs are encrypted as well as the user password)
The server establishes an encrypted connection with the original auth server and just repeats the data from the client, waiting for verification packets.
Those are sent to the client asap and it will be able to login to the gwlpr servers.
We wont be able to actually use the login data.
Jette Antral
...C#, seriously?
Hey, whatever. Maybe when you're done I'll see if I can convert it to something I like, or make some sort of Frankenstein codebase for my changes. Good luck with it. I'll bug some people I know about it and see if they'll release any useful tools or information to make your lives easier, but don't get your hopes up.
Hey, whatever. Maybe when you're done I'll see if I can convert it to something I like, or make some sort of Frankenstein codebase for my changes. Good luck with it. I'll bug some people I know about it and see if they'll release any useful tools or information to make your lives easier, but don't get your hopes up.
zwei2stein
Quote:
|
Originally Posted by _rusty
@ Lanier: yes, check GR if you've got more questions. (Link can be found of the project site)
Well, seriously, we cant simply say: "Hey guys, give us your valid login data, so we might check if you're allowed to play here. And dont mind us being a crew consisting of some random people from the internet." And of course we won't, but thats a fact. And having to admit that it would be possible for us to save the client's verification data wont give us much of popularity, would it? I mean, i'm not saying we are not trustworthy, but i wont expect anyone to give us their data. Seriously. |
I envision this:
1) Player logs into anet system are recieves "key".
2) When players logs into GWLP, he enters this key into character name textfield (or provides it to you while registering account).
3) As part of login, you simply ping anet system with "Is this key linked to valid account valid?" - "Yes, it is linked to [email protected]"
It would be impossible to use this key to log into guildwars/support/anything, but it would be easy to validate that such-and-such account exists.
KairuByte
Quote:
|
Originally Posted by zwei2stein
Can't you make deal with anet for different validation API?
I envision this: 1) Player logs into anet system are recieves "key". 2) When players logs into GWLP, he enters this key into character name textfield (or provides it to you while registering account). 3) As part of login, you simply ping anet system with "Is this key linked to valid account valid?" - "Yes, it is linked to [email protected]" It would be impossible to use this key to log into guildwars/support/anything, but it would be easy to validate that such-and-such account exists. |
It's not exactly that simple, but it would mean that you could login to the private server with valid login data without worry of that host being able to see your password.
I'm curious why the GWLPR team didn't think of this to begin with, as it is a rather normal thing for a login server to do, otherwise people would be having accounts hacked left right and center.