Nexon's Private/Public Key's

[mirnes15]

Ok so what you're saying is we make our own CA, get sued by Nexon and arrested great idea, just not for the arrest part. I like that you figured a way
to do a trendiness thing like this but really dude! Nexon will be ontop of our asses if MPGH did something like this. It would be the end of the site.

[Impakt]

Ok so what you're saying is we make our own CA, get sued by Nexon and arrested great idea, just not for the arrest part. I like that you figured a way
to do a trendiness thing like this but really dude! Nexon will be ontop of our asses if MPGH did something like this. It would be the end of the site.

@mirnes15
It wouldn't be our own Combat Arms, it would be our own client. Like how trainers work on games like Adventure Quest or something.

[Lattice]

If you need to ask what this is, or what it's for it's probably above you anyway

[restlessluk]

would this change if nexon updated the game

[xx404xx]

The key's normally are only changed when there usage period's expire's,and to those who don't understand this mean's that if a hacked client is made once, nexon will be unable to patch it with just a revision change,so basically they then have to revoke there own key,make a new key and distribute them to an updated client.The only thing is, if we get the key before they change it and we get it working,we can patch client's that use the old key's to use the new key's,or just patch them to appear as the latest update.

And to those who said nexon would shut this site down,think about how wow/rs/many other mmo's have private server's with huge player bases and owner's who make upward's of 1g a month(For "DONATION'S" as they call them),so why not C.A.

Here's an example, if we can patch there client's we can turn off hack-shield so we don't need a bypass to use DLL's.If we get the key's we can patch the client directly,without the need of Patcher's/DLL'S. Also,you have a lot more to work with when you'r "hack" is a piece of "Trusted" Code within nexon's client, basically with the key's you are the able to generate code that the client think's is From Nexon,when it was made by insert your name here instead.

[xx404xx]

Updated with new info,and my time attack challenge.

https://www.mpgh.net/forum/207-combat...-6-9-11-a.html

[freedompeace]

@OP, Unless Nexon are absolutely stupid, you can't obtain the private key. Nice work though.

The key's normally are only changed when there usage period's expire's,and to those who don't understand this mean's that if a hacked client is made once, nexon will be unable to patch it with just a revision change

If we (or you) ever obtain Nexon's private key, Nexon can cause a chain of events that leads to revocation of the current key, rendering all our efforts wasted. This will ripple down through the official and trusted CA revocation lists down to every modern computer, browser and device in existence.

Here is the read key command for openssl

Edit:There's still the Verisign problem also,unless someone happen's to find valid cert's somehow.

Edit2:Verisign has been hacked before,and im pretty sure this hash exploit is still out there that would let us generate %100 valid cert's.

Researchers hack VeriSign's SSL scheme for securing Web sites - Computerworld

The researchers notified Verisign of the flaw before the presenting the matter for the speech at a security conference. Verisign and all other CAs have updated their schemes to use the SHA (SHA-1 minimum) rather than MD5 as their designated hashing algorithm.

[xx404xx]

I believe this was after it was proven you could beat MD5 making 2 prog's with different function's but the same MD5......

[freedompeace]

I believe this was after it was proven you could beat MD5 making 2 prog's with different function's but the same MD5......

Of course. MD5 was never built for complete security - it had speed in mind. Of course, now, we have multi-core GPUs that can computer billions of hashes a second, so that's kind of... well... death for MD5 security.

That's also why so many security professionals are strongly advocating the use of bcrypt, a variable difficulty hashing algorithm to store passwords. Rather than a few billion hashes a second, we can change the workload for our bcrypt hash to take 10 times, 100 times or even 1,000,000 times more than MD5, meaning we can keep up with new and powerful hardware (that consequently would have otherwise made brute forcing hashes a lot easier if not for variable workload algorithms).

[xx404xx]

Sony is only 1 example,texas instrument got there private key's for some board's leaked as well as various other examples.

Not fully true,even huge company's like sony that have spent MILLION's of dollar's on development have had there private key uncovered and leaked.I do somewhat agree though at the same time,as making an insecure system is like making a lock that can be picked easily, the strong "lock's" or in other word's algorithm's shouldn't be easily or at all picked.

@OP, Unless Nexon are absolutely stupid, you can't obtain the private key. Nice work though.



If we (or you) ever obtain Nexon's private key, Nexon can cause a chain of events that leads to revocation of the current key, rendering all our efforts wasted. This will ripple down through the official and trusted CA revocation lists down to every modern computer, browser and device in existence.



The researchers notified Verisign of the flaw before the presenting the matter for the speech at a security conference. Verisign and all other CAs have updated their schemes to use the SHA (SHA-1 minimum) rather than MD5 as their designated hashing algorithm.

[freedompeace]

Not fully true,even huge company's like sony that have spent MILLION's of dollar's on development have had there private key uncovered and leaked.I do somewhat agree though at the same time,as making an insecure system is like making a lock that can be picked easily, the strong "lock's" or in other word's algorithm's shouldn't be easily or at all picked.

Bad (no) security on Sony's part is not representative of the entire industry. It is impossible to uncover the private key with the public key alone without a hypercomputer.

I mean, Sony even let me get into their system as root (*NIX admin) without much effort...

[phooj]

LOL Thanks now i can convert it > HEEHE IMA HACK NEXON >DDD EVIL EVIL EVIL!! hehe thanks now i can make a knew thing and combine it with mine thanks ;Dchewheheheheheeh SSOOO HAPPY DANKE THANK YOU

[spookyskunkk]

LOL Thanks now i can convert it > HEEHE IMA HACK NEXON >DDD EVIL EVIL EVIL!! hehe thanks now i can make a knew thing and combine it with mine thanks ;Dchewheheheheheeh SSOOO HAPPY DANKE THANK YOU

HAHAHAHAHAHAHAHAH....i look at you with a grin HAHAHAHAHAHAHH You sir have no ida what your talking about...THIS ISN'T AN INJECTABLE HACK THAT YOU THINK YOU CAN COMPILE HAHAHAH. @phooj

[fragbox]

HAHAHAHAHAHAHAHAH....i look at you with a grin HAHAHAHAHAHAHH You sir have no ida what your talking about...THIS ISN'T AN INJECTABLE HACK THAT YOU THINK YOU CAN COMPILE HAHAHAH. @phooj

LOL CRACKED MY ASS OFF WHEN I RED THAT

[_Fk127_]

[IMG]https://i825.photobucke*****m/albums/zz177/quebecgold/This-thread-is-now-about-ponies.jpg[/IMG]

Really guys, don't post if you have no idea what you are talking about