Forum :: EOSERV :: Fast Account Enable

Not to get you mad at me, but, calm down Apollo! People are just trying to help people. :)

I've already said the best you can do to 'some what' bypass account creation delay, is by reducing the delay by about half. You can test it yourself if you don't believe me. xD I've messed with this more than I should have.. Just saying. ='d

Ever since sequence enforcement was implemented, you will lose connection if the account creation hasn't legitimately loaded through half it's delay. Some times you can get away with lower 'unstable' delays, but unless you set the delay to half or more, you will usually be disconnected at the end of account creation. I don't really know much about the sequence enforcement obviously, but the above is definitely the case because of it.

Tested a bit more, and you can go a little faster than I thought it seems.
Have at ER..  00419281 81 BB 90000000 00020000 (Default)

I even wasted my time to find a stable (always 'seemingly' working) delay.. If you lower the delay much more it will likely disconnect you. Maybe not the first time always, but the second, or third..  00419281 81 BB 90000000 AF000000

---
EO Resources/Guides: â—„ eobud.boards.net â–º

Where can this be modified? On the client with Hex editor? I dont find the values you have there

You can use OllyDbg. Follow my crappy unfinished guide/examples.

http://eobud.boards.net/thread/155/endless-exe-modification-basics

You can use Cheat Engine or something similar if you just want to test.

---
EO Resources/Guides: â—„ eobud.boards.net â–º

Good job. I still want to caution that any delay is not server enforced and has nothing to do with sequencing. The problem with most hacks is they break things. As I said before, I have tested with a custom built client and connected after one second. Btw, how low did you move the EO loading counter down (secs)?

After more boring testing, it looks like I was wrong about being able to go faster than what I previously thought. It seems the fastest you can go without having to worry about disconnection, is what I originally noted. 60 seconds. (Half the default account creation time.)

The account creation delay may not be intentionally restricted through sequence enforcement,  but it is certainly a server side, side effect. I know this because I have tested this on the official server and earlier eoserv builds many years ago. You used to be able to make new accounts instantly, and now you can't. That means it's a server side issue. Nothing has changed in the client, but the server code has changed.

Also Apollo, when did you last test and on what server build?

---
EO Resources/Guides: â—„ eobud.boards.net â–º

shayne posted: (14th Dec 2018, 05:04 am)

After more boring testing, it looks like I was wrong about being able to go faster than what I previously thought. It seems the fastest you can go without having to worry about disconnection, is what I originally noted. 60 seconds. (Half the default account creation time.)

The account creation delay may not be intentionally restricted through sequence enforcement,  but it is certainly a server side, side effect. I know this because I have tested this on the official server and earlier eoserv builds many years ago. You used to be able to make new accounts instantly, and now you can't. That means it's a server side issue. Nothing has changed in the client, but the server code has changed.

Also Apollo, when did you last test and on what server build?

Just to reiterate, it's not a serverside "issue" so much as it's a serverside enforcement of the packet sequence.

---
Want to learn to pixel?
Pixelsource.org

I have tested in the sequence enforced environment. The build is recent enough to not be a contridiction to my previous statements as account timers do not exist and sequence enforcement is in place. As I said previously I confirmed this with Sausage. Regarding the client, there must be some other timer integrity check within the client that prevents you from going below 60 seconds. My guess is a raw clock check. Even with Ollydbg it may take more time than it is worth just to circumvent the clock. The important thing about leaving sequencing in place is the nature in which it combats bots and irregular packet spam. Everyone that aspires to run a server should stay under that umbrella. It is simply not a good idea to sacrifice security features for a few seconds shaved off of account creation. Anyway, good work Shayne.

Cirras
I say "server side", because I think this is caused by sequence enforcement. I say "issue", because I don't think it was meant to effect account creation this way, if that's the case. Maybe I am wrong though, and it is not caused by sequence enforcement. I thought at the least, it must be caused by some server side code though, because I have tested this on the official/main server and I was able to create accounts instantly previously, but not on recent eoserv builds. I was fairly certain in older eoserv builds I was able to create accounts instantly , but I may be remembering incorrectly.

Apollo
I can't really argue against both you and especially Sausage, now can I? xD I still have a feeling this is related to something server side, only because of what testing has shown me both previously and recently. I'd have more faith in what the two of you say, than my own thoughts and testing though, especially since I'm not 100% certain myself. Thanks for the information, and for asking Sausage about it as well.

---
EO Resources/Guides: â—„ eobud.boards.net â–º

shayne posted: (14th Dec 2018, 12:22 pm)

Cirras
I say "server side", because I think this is caused by sequence enforcement. I say "issue", because I don't think it was meant to effect account creation this way, if that's the case. Maybe I am wrong though, and it is not caused by sequence enforcement. I thought at the least, it must be caused by some server side code though, because I have tested this on the official/main server and I was able to create accounts instantly previously, but not on recent eoserv builds. I was fairly certain in older eoserv builds I was able to create accounts instantly , but I may be remembering incorrectly.

Apollo
I can't really argue against both you and especially Sausage, now can I? xD I still have a feeling this is related to something server side, only because of what testing has shown me both previously and recently. I'd have more faith in what the two of you say, than my own thoughts and testing though, especially since I'm not 100% certain myself. Thanks for the information, and for asking Sausage about it as well.

You're completely correct in that there has been a serverside change, and even in the fact that the serverside change was EOSERV-exclusive. As I recall, the official EO server software actually did not enforce its own packet sequences, which is why trivial packet replay hacks and the like were easy to perform.

The serverside change was definitely the addition of the sequence enforcement, which didn't exist in earlier revs. I think we're all talking about the same thing in a different way. :P

---
Want to learn to pixel?
Pixelsource.org

I've been writing my own server emulator and I can create an account pretty much instantly with the addons, and I don't do any sequence enforcement.

Tilly posted: (14th Dec 2018, 01:16 pm)

I've been writing my own server emulator and I can create an account pretty much instantly with the addons, and I don't do any sequence enforcement.

Omitting sequence enforcement is a terrible idea. The reason this issue exists is totally client-side. Vult tried to somewhat enforce a delay in account creation. I remember years before EOSERV began Sausage had a talk with Vult trying to correct various exploits server-side, yet they never happened. Vult’s cheap enforcement client side is the culprit. As Shayne has shown, the client account create can be hacked at least down to 60 seconds and possibly further if he continues to dig. The EO game engine I am building includes sequence support and also can create an account instantly if I choose to leave it that way. Back to the topic though, given there is nothing server side preventing fast account creation when a sequenced packet is properly sent to the server, it appears the only legitimate way to obtain instant account creation via the EO game client is in fact further hex edit the executable eliminating whatever timer restrictions that are in place. I cannot recommend disabling sequence enforcement as it creates a potential exploit scenario. 

Apollo posted: (14th Dec 2018, 04:00 pm)

Tilly posted: (14th Dec 2018, 01:16 pm)

I've been writing my own server emulator and I can create an account pretty much instantly with the addons, and I don't do any sequence enforcement.

Omitting sequence enforcement is a terrible idea. The reason this issue exists is totally client-side. Vult tried to somewhat enforce a delay in account creation. I remember years before EOSERV began Sausage had a talk with Vult trying to correct various exploits server-side, yet they never happened. Vult’s cheap enforcement client side is the culprit. As Shayne has shown, the client account create can be hacked at least down to 60 seconds and possibly further if he continues to dig. The EO game engine I am building includes sequence support and also can create an account instantly if I choose to leave it that way. Back to the topic though, given there is nothing server side preventing fast account creation when a sequenced packet is properly sent to the server, it appears the only legitimate way to obtain instant account creation via the EO game client is in fact further hex edit the executable eliminating whatever timer restrictions that are in place. I cannot recommend disabling sequence enforcement as it creates a potential exploit scenario. 

"there is nothing server side preventing fast account creation when a sequenced packet is properly sent to the server"

The above makes me better understand what you mean. I thought you were saying sequence enforcement has nothing to do with losing connection during speedy account creations, which made no sense to me. Here's my logic problem; Putting the account creation delay below 60 seconds, causes an invalid sequence. I don't see what could be done client side to prevent this server check/invalid sequence. Maybe there is more to how this works within the client like you say, and I don't understand or see it, but why does instant account creation always work if I disable sequence enforcement in eoserv, like Tilly mentioned? If it was a client issue, shouldn't instant account creation fail, whether sequence enforcement is enabled or disabled? Doesn't that prove it's the way sequence enforcement works in eoserv, and that you can not bypass a delay of less than 60 seconds, because eoserv sees that as an invalid sequence?  Sorry if I'm way off, just trying to understand how what you're saying is the case. You said you've been able to create accounts instantly with the same sequence enforcement enabled though? This really confuses me of how you were able to do that then. xD I'm assuming you did something server side to allow instant creations?

---
EO Resources/Guides: â—„ eobud.boards.net â–º

At this point you need to inspect the sequence value the client is sending vs the sequence value the server expects. Sequencing is just a counter, but occasionally the count from point moves. If you start from 1 at log in, you may be around 4 at account create. If the server received a 5 instead, the packet should fail and disconnect the client. Under normal circumstances, the client always sends the correct value. My custom build is manipulated within the source to act like the EO client, but faster. The problem comes from within hacking. This is why you should investigate what the client is doing. Is it skipping a packet? Log packets outbound both naturally and sped up creation. This will tell you what is actually happening.

shayne posted: (15th Dec 2018, 06:41 am)

Apollo posted: (14th Dec 2018, 04:00 pm)

Tilly posted: (14th Dec 2018, 01:16 pm)

I've been writing my own server emulator and I can create an account pretty much instantly with the addons, and I don't do any sequence enforcement.

Omitting sequence enforcement is a terrible idea. The reason this issue exists is totally client-side. Vult tried to somewhat enforce a delay in account creation. I remember years before EOSERV began Sausage had a talk with Vult trying to correct various exploits server-side, yet they never happened. Vult’s cheap enforcement client side is the culprit. As Shayne has shown, the client account create can be hacked at least down to 60 seconds and possibly further if he continues to dig. The EO game engine I am building includes sequence support and also can create an account instantly if I choose to leave it that way. Back to the topic though, given there is nothing server side preventing fast account creation when a sequenced packet is properly sent to the server, it appears the only legitimate way to obtain instant account creation via the EO game client is in fact further hex edit the executable eliminating whatever timer restrictions that are in place. I cannot recommend disabling sequence enforcement as it creates a potential exploit scenario. 

"there is nothing server side preventing fast account creation when a sequenced packet is properly sent to the server"

The above makes me better understand what you mean. I thought you were saying sequence enforcement has nothing to do with losing connection during speedy account creations, which made no sense to me. Here's my logic problem; Putting the account creation delay below 60 seconds, causes an invalid sequence. I don't see what could be done client side to prevent this server check/invalid sequence. Maybe there is more to how this works within the client like you say, and I don't understand or see it, but why does instant account creation always work if I disable sequence enforcement in eoserv, like Tilly mentioned? If it was a client issue, shouldn't instant account creation fail, whether sequence enforcement is enabled or disabled? Doesn't that prove it's the way sequence enforcement works in eoserv, and that you can not bypass a delay of less than 60 seconds, because eoserv sees that as an invalid sequence?  Sorry if I'm way off, just trying to understand how what you're saying is the case. You said you've been able to create accounts instantly with the same sequence enforcement enabled though? This really confuses me of how you were able to do that then. xD I'm assuming you did something server side to allow instant creations?

This might need clarification: Apollo has his own custom EO client. It's not public. In his EO client, there is no additional account timer check as there appears to be in the "classic" EO client. This is a definite proven clientside thing, there's no known defect in the way EOSERV does sequence enforcement.

That's why I refer to the serverside "fix" as a cheap hack in the best case. This is really just weird game client behavior.

---
Want to learn to pixel?
Pixelsource.org

Somehow the sequence gets broken within the client when trying to enable fast create. There must be a reason the sequence breaks. This means check the packets and sequence under normal circumstances, and again with fast create. If you have decent logs you should be able to identify the problem. Solving might still prove difficult. This could all be avoided by WebCP account create, but this is a way better technical discussion.