DARKFORCE wrote on 01/10/14 at 16:30:12:
That's horrible. I thought for sure the Iris packets would be complete. Aced strikes again! lol.
Even without me, I bet you still would've begun using minimum packet size filters at some point down the line anyways
.
No23 wrote on 01/10/14 at 16:58:06:
Btw., I wonder why the login password was transmitted as plain text without encryption
If you think that's strange, wait until you hear this.
TMBO was really bad as far as the potential for abusing aliases and impersonating other players went. Account names were completely disconnected from screen names...
- Account name: A "private" player account name, used solely to login to the server. Past the login screen, the account name isn't shown to any players, at all. Not even the player the account name belongs to can see it once they've logged in.
- Screen name: A player's "public" username. Shown in game lobbies, in-game, scoreboards, etc...
For a typical new player, the first time they'd create an account and login to the server, they'd realize that they're showing up as "Player" everywhere. So, to change their screen name, they had to go to "Options -> Player Settings -> Default Screen Name:" to change the default one ("Player") to something else. FYI the aforementioned option also controls your screen name in LAN matches, and doesn't require a connection to the server.
Unfortunately, there were no limits on what screen names could be set to. As a result, many players took advantage of it by regularly strapping on "alias" screen names, and even impersonating other players (i.e. morons copying the screen names of players they dislike in order to try tarnishing their reputations).
To counter this, a few players began tracing the IP addresses of other players they connected to while in-game.
TMBO uses a P2P network setup, where all players in a given game room maintain direct connections to one-another simultaneously. Via SNMP (to log the IP addresses of newly-established connections) and some persistence, it was possible to gather up IP addresses overtime, and eventually tie them to the usernames of players that would join into game rooms. That method worked fairly well, but was quite a pain to leverage (lots of manual effort).
At some point, DarkForce came up with a setup that allowed him to trace the game's packets. That method was pretty effective, because other players' PS2s would consistently send out packets containing their screen names to all other connected PS2s...
The big kicker came when DarkForce helped me get one of these kinds of setups going.
When logged in to the server, in the main lobby (consisting of a list of all open game rooms), pressing circle while a room is highlighted brings up a status screen that displays real-time information about it (i.e. usernames of all players within, match settings, etc).
Shortly after I got my packet sniffing setup up and running, I noticed something whilst looking at the logged frames... Under the aforementioned circumstances in the lobby, apart from the IP addresses of (initial) room hosts, the packets Sony's servers sent out contained both the
account and screen names of all the players in a given room (!). Tracing really became child's play from then on.
The players that ran amok using aliases, impersonating others, and by extension poisoning the game's small community were too gullible to suspect that the flawed server setup that allowed them to thrive, also spoon fed their account names (which they never ever changed) to more thoughtful players...
.
Anyways, since the primary reason we were logging packets at the time was for tracing purposes, and not with future server revival aspirations in mind, we generally used minimum packet size filters to limit the flow of frames that would otherwise make real time tracing next to impossible. That's why comprehensive packet logs are somewhat uncommon amongst what DarkForce passed your way. I'd recommend focusing on DF's oldest CommView and (especially) Iris logs for comprehensiveness. Most newer ones likely used packet filters in some form or another.