Poll: Will my account get hacked?
You do not have permission to vote in this poll.
Yes
42.96%
61 42.96%
No
57.04%
81 57.04%
Total 142 vote(s) 100%
* You voted for this item. [Show Results]

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Please, hack my account
So I A.D.D. twisted my musings into an absolute aimed at dismantling ignorant thought. So it took me two posts to truly say what I meant because you felt the necessity to correct a statement that was intentionally gray, as I clarified later. What do you seek to accomplish by obliterating my thoughts into a simple sequence of words you can pick and probe at for "correct" logical patterns? Can a human being be entitled to opinions that, while perhaps presented in unconventional pragmatism, may still advance the wisdom of others analyzing them through diverse paradigms?

Try and read between the lines next time and understand the thought behind the post before dissecting it like a defendant you are required to prosecute. After all, you're not infallible yourself (something you acknowledge, at the least); your comment "...it was an absolute that supplied the motivations of others, falsely, or at the very least misinterpreted the potential meanings of the vote." is confusing to me, yet you don't see me breaking it down for clarification or in the attempt to find some kind of hidden enigma through which I can shine the light of reason and "truth." I'm a flawed human, but I don't waste my time over analyzing everyone's comments. Look into what others have to say and you may learn something, rather than wasting your time obscuring one's attempts at conveying wisdom by ripping into some technicality.
Reply
FrozNlite Wrote:So I A.D.D. twisted my musings into an absolute aimed at dismantling ignorant thought. So it took me two posts to truly say what I meant because you felt the necessity to correct a statement that was intentionally gray, as I clarified later. What do you seek to accomplish by obliterating my thoughts into a simple sequence of words you can pick and probe at for "correct" logical patterns? Can a human being be entitled to opinions that, while perhaps presented in unconventional pragmatism, may still advance the wisdom of others analyzing them through diverse paradigms?

why do you talk like this
Reply
FrozNlite Wrote:So I A.D.D. twisted my musings into an absolute aimed at dismantling ignorant thought. So it took me two posts to truly say what I meant because you felt the necessity to correct a statement that was intentionally gray, as I clarified later. What do you seek to accomplish by obliterating my thoughts into a simple sequence of words you can pick and probe at for "correct" logical patterns? Can a human being be entitled to opinions that, while perhaps presented in unconventional pragmatism, may still advance the wisdom of others analyzing them through diverse paradigms?

Try and read between the lines next time and understand the thought behind the post before dissecting it like a defendant you are required to prosecute. After all, you're not infallible yourself (something you acknowledge, at the least); your comment "...it was an absolute that supplied the motivations of others, falsely, or at the very least misinterpreted the potential meanings of the vote." is confusing to me, yet you don't see me breaking it down for clarification or in the attempt to find some kind of hidden enigma through which I can shine the light of reason and "truth." I'm a flawed human, but I don't waste my time over analyzing everyone's comments. Look into what others have to say and you may learn something, rather than wasting your time obscuring one's attempts at conveying wisdom by ripping into some technicality.

Take it to PMs you two. This isn't the place to argue such things. You've stopped sticking to the topic at hand.



Fiel, any updates yet? Or has everything pretty much just stayed the same?
Reply
FrozNlite Wrote:So I A.D.D. twisted my musings into an absolute aimed at dismantling ignorant thought. So it took me two posts to truly say what I meant because you felt the necessity to correct a statement that was intentionally gray, as I clarified later. What do you seek to accomplish by obliterating my thoughts into a simple sequence of words you can pick and probe at for "correct" logical patterns? Can a human being be entitled to opinions that, while perhaps presented in unconventional pragmatism, may still advance the wisdom of others analyzing them through diverse paradigms?

Try and read between the lines next time and understand the thought behind the post before dissecting it like a defendant you are required to prosecute. After all, you're not infallible yourself (something you acknowledge, at the least); your comment "...it was an absolute that supplied the motivations of others, falsely, or at the very least misinterpreted the potential meanings of the vote." is confusing to me, yet you don't see me breaking it down for clarification or in the attempt to find some kind of hidden enigma through which I can shine the light of reason and "truth." I'm a flawed human, but I don't waste my time over analyzing everyone's comments. Look into what others have to say and you may learn something, rather than wasting your time obscuring one's attempts at conveying wisdom by ripping into some technicality.
You over-verb things way too much. No one is impressed. Quit trying so hard and just say what it is that you're trying to say. Also you can't expect everyone to interpret what it is exactly that you're saying. All we have to work off of is what you type, and expecting everyone to interpret what you're trying to get across isn't always going to happen when dealing with only written language.
Reply
FrozNlite Wrote:Try and read between the lines next time and understand the thought behind the post before dissecting it like a defendant you are required to prosecute.

Your clarity is your own responsibility, expecting the rest of the internet to determine every possible meaning you may have had invites far more opportunity for disaster and misunderstanding. We have no insight into your thoughts, only into what you've actually written, and you wrote absolutes that put words in the mouths of everyone who voted differently than you.

This digression is off topic, if you wish to continue discussing the subjective nature of reality and how it applies to factual statements feel free to PM me.
Reply
You can do PIC reset requests, but the same rules apply for a PIC reset as for a PW reset.
Reply
[color="red"]You need to chill out, Dan. He's not attacking you personally, he's being reasonable. The odds of it being hacked in fourteen days are astronomically low, and if they're just waiting until the time exprires to do it, then they rape the s[b]hit out of it the next day, I'm willing to guess Fiel will report it as such. Eos is right, anything can be done with unlimited time, and there's only fourteen days to work with here. Maybe the hackers will use Paul's account as a test for future things; we may never know. Nexon's PIC might be secure after all.

On tawpic: I surely hope there isn't some unreasonable idiot who's found a bypass running crackers for each possible number of digits...Shine
[/color][/b]
Reply
Blaine Wrote:[color="red"]You need to chill out, Dan. He's not attacking you personally, he's being reasonable. The odds of it being hacked in fourteen days are astronomically low, and if they're just waiting until the time exprires to do it, then they rape the s[b]hit out of it the next day, I'm willing to guess Fiel will report it as such. Eos is right, anything can be done with unlimited time, and there's only fourteen days to work with here. Maybe the hackers will use Paul's account as a test for future things; we may never know. Nexon's PIC might be secure after all.

On tawpic: I surely hope there isn't some unreasonable idiot who's found a bypass running crackers for each possible number of digits...Shine
[/color][/b]

Finding a cracker to crack 62^16 possible combinations? Goggleemoticon
Reply
I have to wonder... if you'd given out the PIC and kept the password secret, would you have been hacked by now?
Reply
FrozNlite Wrote:So I A.D.D. twisted my musings into an absolute aimed at dismantling ignorant thought. So it took me two posts to truly say what I meant because you felt the necessity to correct a statement that was intentionally gray, as I clarified later. What do you seek to accomplish by obliterating my thoughts into a simple sequence of words you can pick and probe at for "correct" logical patterns? Can a human being be entitled to opinions that, while perhaps presented in unconventional pragmatism, may still advance the wisdom of others analyzing them through diverse paradigms?

You need to take a break from reading your vocabulary lists and talk like a reasonable individual. Congratulations on having a colorful library of words at your disposal, but using them in such great volume in a casual conversation/disagreement as it may be is pretentious, if anything.
Reply
Whoa guys. The petty argument is over; no need to keep bringing it up. I get you all hate me, think me pretentious, etc., whatever, but seriously, Eos and shouri both tried to deter the discussion back on track, and yet you're still harping on me. Insult me all you want over PMs/Visitor Messages, as I'd be happy to receive your hate, but don't waste anymore space in this thread doing so. Thanks.
Reply
FrozNlite Wrote:Whoa guys. The petty argument is over; no need to keep bringing it up. I get you all hate me, think me pretentious, etc., whatever, but seriously, Eos and shouri both tried to deter the discussion back on track, and yet you're still harping on me. Insult me all you want over PMs/Visitor Messages, as I'd be happy to receive your hate, but don't waste anymore space in this thread doing so. Thanks.

On topic: A cracker, I think, would be out of the question in this case. It seems as though there would need to be a bypass of sorts to make getting through a PIC feasible. Trying to crack anything higher than eight to ten alphanumeric characters is far more difficult than the combinations before that point. From my understanding, the size of Rainbow Tables, for example, increases substantially when you're moving past that. Then again, there surely must be alternative methods to doing this. The only two I've ever looked into have been Rainbow Tables and time/memory tradeoff.

 Petty Argument
Reply
Things are pretty much the same. Just a lot of PIC requests. No one has hacked into my gmail account yet (given the password I put on it, not surprised).
Reply
IllegallySane Wrote:Finding a cracker to crack 62^16 possible combinations? Goggleemoticon
For numbers alone (6-16 characters): Over 2,000,000,000,000,000(15 zeros) PICs. I can't imagine how many more possibilites if you do numbers alone, and combine them both. :f6:

Even if there was a computer that typed/clicked out all this, it would take a LONG time to figure it out. Geez.
Reply
I doubt this account will be hacked, or, not with the timeframe.

9,999,999,999,999,999 + 26 Letters? I don't know, I don't have a PIC, so I don't really know how it works.
Very high possible amount of combinations...., even without the letters.
Reply
SlayerZach Wrote:For numbers alone (6-16 characters): Over 2,000,000,000,000,000(15 zeros) PICs. I can't imagine how many more possibilites if you do numbers alone, and combine them both. :f6:

Even if there was a computer that typed/clicked out all this, it would take a LONG time to figure it out. Geez.

52^16 = 2,857,942,575,000,000,000,000,000,000 (or 2.85 times 27 zeroes) combinations, or 2.85 octillion. This is why this will prove whether Nexon has a possible databse breach or not. Brute force won't be getting your PIC anytime this century unless you have supercomputers all hitting different combinations at once.
Reply
I think Fiel, as well as myself, might be interested in other things such as if there's a PIC bypass. It's a nice experiment to weed out if there's an easy way to tackle PIC security, let it be bypass, bruteforce, database leak, keylog, or other intermediate methods. So don't think just in terms of bruteforce, think outside of the box. (Maybe there's a glitch to enter a character somewhere, like quick login or show characters option that didn't incorporate the verification of PIC) It might be easy to miss out on certain parts of coding when GMS transferred it over from KMS, and to adapt it to our database and system without conflict. If a security box is made of paper, how easy will it to access the content inside, if a very secured lock (PIC) is placed outside of it?
Reply
Jellyflower Wrote:I think Fiel, as well as myself, might be interested in other things such as if there's a PIC bypass. It's a nice experiment to weed out if there's an easy way to tackle PIC security, let it be bypass, bruteforce, database leak, keylog, or other intermediate methods. So don't think just in terms of bruteforce, think outside of the box. (Maybe there's a glitch to enter a character somewhere, like quick login or show characters option that didn't incorporate the verification of PIC) It might be easy to miss out on certain parts of coding when GMS transferred it over from KMS, and to adapt it to our database and system without conflict. If a security box is made of paper, how easy will it to access the content inside, if a very secured lock (PIC) is placed outside of it?

Pseudo-client, as I've documented in my previous post.

Write a client that logs in to your own account/character with your own PIC on the loginserver, but after transferring to the channelserver, instead of sending your character's characterID, send the characterID of bisubuild, which you can obtain from the charselect screen.

This does not work with the normal MapleStory client because it checks if the character is the same as the one it logged in to. If not, it disconnects.

This is where the pseudo client comes in. If the server does not have any form of checking (checking if the IP that logged into bisubuild in login is equal to the IP that logs into bisubuild in channel. If not, disconnect and possibly IPban), you should login to bisubuild as if you logged in using the normal login procedure. The pseudoclient should then automatically open a trade request with your character. It then waits for your character to enter the trade, then immediately puts in the 50 million mesos, and then locking the trade. It waits for the trade success packet, and then immediately logs off.

This is not completely unblockable.

Two ways:
1. Checking if the IP that logged into bisubuild at LoginServer is equal to the IP that logs into bisubuild at ChannelServer. If there is no IP that logged into bisubuild successfully at login, or the IP doesn't match, disconnect.
2. Checking that the characterid that your IP logged into at LoginServer is the same as the characterid sent at ChannelServer.
3. Requiring that the PIC (and to completely block this, password as well!) is sent to the ChannelServer on login, to verify.

Note that the first part is optional, you can just connect to the channelserver and send the packet if the server doesn't do appropriate checks.

Fiel Wrote:You still have to provide the correct PIC to progress from double-clicking on your character to going in game. That's when the PIC check occurs. I can see where you're coming from, but I cannot see how this would be a valid way to get into bisubuild.

I also see where you're coming from, but the PIC is normally checked at loginserver, and nothing of it is normally mentioned at the channelserver (which are completely seperate applications). That means you can just skip the loginserver entirely. But knowing Nexon's server team they probably thought of it. (Yes I did just praise them)

If you still don't get it, feel free to PM me on IRC or here.

---

Think of it like this: there's a huge open-ceiling passageway that is guarded in the middle. It leads to a room. The guard only looks at people coming in from the start of the passageway. You then use a helicopter and jump into the passageway (it is open-ceiling) AFTER where the guard(s) are placed. Since the guard doesn't look the other way, you have successfully circumvented their protections.

Now the way the IP checking works: There are now two guards instead of one. The first guard is positioned, again, at the middle of the open-ceiling passage. The second guard is placed at the entrance to the room. The first guard would give you a pass of some sort. The second guard, which is the channelserver, would check for that pass. If you don't have it, the guard kicks you out.
Reply
GjokezPb/Cassilicious were hacked an hour ago, 50b gone. Rumors of another 'database breach' are being discussed right now. However I'm second hand source, can't clarify or provide evidence.
Reply
DustBunny Wrote:GjokezPb/Cassilicious were hacked an hour ago, 50b gone. Rumors of another 'database breach' are being discussed right now. However I'm second hand source, can't clarify or provide evidence.

Wallowing in self pity isn't going to make any one believe you. There's going to be rumor of database breach for awhile now. Time will tell I guess.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)