mm, non-steam works by a combination of things including you logging into the real steam client with your username and password, then copying the clientregistry.blob over to the non-steam directory from the steam one, then exiting the real steam, putting your account details in steamapps.cfg then starting the non-steam game. Basically, it appears to do the steamid and username/password part, it just doesn't appear to check if you have the game enabled on your account or not. Not that I actually know how it all works technically. :P
- Bruce "Bahamut" Andrews
Whisper wrote:
So one has to wonder why, if Valve has complete control over which STEAM_ID's are assigned to which Account Name/Password combinations, what the difficulty is in checking these 2 details to be sure the person is who they say they are?
On Sat, 18 Dec 2004 17:22:25 +1100, Whisper <[EMAIL PROTECTED]> wrote:
AFAIK the STEAM Account Creation Process works like this
You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question & CD Key.
The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login & Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name & Password.
The STEAM_ID that everybody see's on the Server should match that persons STEAM Account & Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online!
The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address & Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account.
In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations.
On Sat, 18 Dec 2004 00:29:53 -0000, Graham McMaster <[EMAIL PROTECTED]> wrote:
It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers.
-Graham
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce "Bahamut" Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the "nosteam" hacks be fixed?
They are, though non-STEAM appears to bypass this connection.
- Bruce "Bahamut" Andrews
Whisper wrote:
Thats exactly what I thought!
On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod <[EMAIL PROTECTED]> wrote:
forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account.
On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason <[EMAIL PROTECTED]> wrote:
CDKeys can and should be used FOR verification (since we all have them,
and
the internet cafes pay for them as well). Screw SteamIDs, email addys,
and
everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it
was
a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a
CDKEY
verification server now????
Come on fellas - how about some communication Valve! What the heck is
going
[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]&[EMAIL PROTECTED]
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the "nosteam" hacks be fixed?
The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are
also
temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to
confirm
it is a legit address and then the account is gone a day later.
Email should not be used for identification as one person can have as
many
accounts as they please.
CD key can't really be used as some people play from internet cafe's so
they
may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an
unlimited
amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum of 5 users per retail CD key would be an option as there would only be a finite
number
of times someone could re-register without having to part with some cash
for
another copy of the game.
IP address changes, so that's no use. MAC address can be changed.
CPU ID, Computers have the ability to use a unique identifier on the CPU
but
the bios has the ability to disable it, so that's no use.
Credit card number and registered billing address. Probably th most reliable and traceable, but that limits the customer base as not
everyone
has one and there is one thing companies hate doing and that is limiting their customer base, so despite this being probably the best solution, I doubt that valve will use it.
Public key certificates from a trusted third party. This could work but is just moving the problem one link further back in the chain. The Certificate Authority still needs to identify a person and you would need
to
ensure they couldn't register for more than one certificate per person. In the long term I see a market for selling these if several game developers used the system. It would have to be slightly different to the current CA's around as you can register for as many certificates as you are willing to pay for with the existing ones.
Basically until their is an international ID card with a centrally verifiable database (around 2048 I reckon, and half life 8 will be out
then
with the same problems :) ) or the implementation of the Trusted
Computer
Base, it is very hard to uniquely identify a machine or user. The closest thing there is to a centrally identifiable card tied to a persons address, that is internationally recognized is a credit card.
End brain dump.
I'd better do some real work now :)
SlyOne
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
-- Clayton Macleod
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
