Ok fair enough Now the problem starts to make more sense
If a person can fake the STEAM_ID of legitamate user then that would give them access to the game. Still I don't understand why STEAM_ID Account Name & Password cannot be used to verify if the person has legitamate access to the game they are playing and that the STEAM_ID matches the Account Name & Password. I guess, STEAM Account not activated until E-mails are swapped would help slow these cheats down a little? On Sat, 18 Dec 2004 02:10:11 -0500, Spencer 'voogru' MacDonald <[EMAIL PROTECTED]> wrote: > This is wrong. > > You install STEAM, you don't need any game. > You make an account, with a free email. > > You now have a valid STEAM account with a STEAMID already assigned to the > account (NO CDKEY NEEDED FOR A STEAMID), and then you go do the exploit to > get the games to display on your list. > > You don't need a CD-KEY at all. > > - Spencer "voogru" MacDonald > > > -----Original Message----- > > From: Whisper [mailto:[EMAIL PROTECTED] > > Sent: Saturday, December 18, 2004 1:22 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [hlds] When will the "nosteam" hacks be fixed? > > > > AFAIK the STEAM Account Creation Process works like this > > > > You Install your game > > You put your CD Key in > > You create a STEAM Account which then attaches THAT CD Key to your > > STEAM_ID > > You now have a legitamate STEAM Account which has several variables > > attached to it. > > STEAM_ID, Username, Password, E-mail Address, Secret Question & CD Key. > > > > The only thing you need to now use that STEAM Account on ANY PC with > > STEAM installed is your STEAM Account Login & Password and you are > > assigned the STEAM_ID that is attached to that STEAM Account Name & > > Password. > > > > The STEAM_ID that everybody see's on the Server should match that > > persons STEAM Account & Password and it should be a simple procedure > > to query that STEAM Client for that particular Username and Password > > once a person joins a server, and if the details don't match they > > shouldn't have access, and one would think that a simple Valve server > > side challange/response like this ought to stop people who don't have > > legitamate rights to that STEAM_ID from playing online! > > > > The process is only slightly differenent for games purchased directly > > from STEAM, but still, at the time the Account is created, Valve still > > gets your Account Name, Password, E-mail address & Secret Question AND > > then THEY (Valve) assigns you a STEAM_ID to that Account. > > > > In both Cases, Valve has complete control over the assigning of > > STEAM_ID's to Account Name/Password/E-mail address combinations. > > > > On Sat, 18 Dec 2004 00:29:53 -0000, Graham McMaster > > <[EMAIL PROTECTED]> wrote: > > > It does, the actual Authentication appears to be done server side but if > > the > > > Server has no master servers listed then that's gotta be away around it. > > > Also the same with LAN servers. > > > > > > -Graham > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Bruce "Bahamut" > > > Andrews > > > Sent: 18 December 2004 00:17 > > > To: [EMAIL PROTECTED] > > > Subject: Re: [hlds] When will the "nosteam" hacks be fixed? > > > > > > They are, though non-STEAM appears to bypass this connection. > > > > > > - Bruce "Bahamut" Andrews > > > > > > Whisper wrote: > > > > > > >Thats exactly what I thought! > > > > > > > > > > > >On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod > > > ><[EMAIL PROTECTED]> wrote: > > > > > > > > > > > >>forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? > > > >>I mean, I can't go making 15 accounts and use the same CD key in all > > > >>of them. The second account will give an error stating that the CD key > > > >>has already been registered to the first account. > > > >> > > > >>On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason > > > >><[EMAIL PROTECTED]> wrote: > > > >> > > > >> > > > >>>CDKeys can and should be used FOR verification (since we all have > > them, > > > and > > > >>>the internet cafes pay for them as well). Screw SteamIDs, email > > addys, > > > and > > > >>>everything else. Why am I thinking that WON was a way better system > > than > > > >>>what we have now? Because Valve had a database of all our CDKEYS and > > it > > > was > > > >>>a hell of a lot harder to get online with a keygen'd key than it is > > now. > > > >>>Perhaps there isn't enough money left in Valve's pretty purse to run > > a > > > CDKEY > > > >>>verification server now???? > > > >>> > > > >>>Come on fellas - how about some communication Valve! What the heck is > > > going > > > >>>[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]&[EMAIL PROTECTED] > > > >>> > > > >>>-----Original Message----- > > > >>>From: [EMAIL PROTECTED] > > > >>>[mailto:[EMAIL PROTECTED] On Behalf Of > > [EMAIL PROTECTED] > > > >>>Sent: Friday, December 17, 2004 10:22 AM > > > >>>To: [EMAIL PROTECTED] > > > >>>Subject: Re: [hlds] When will the "nosteam" hacks be fixed? > > > >>> > > > >>>The STEAM_ID databases are as secure as any other online database > > system, > > > >>>the problem is their identification of registering users. > > > >>>They use an email address to tie it to a person. > > > >>>The problem isn't just the abundance of free email services. There > > are > > > also > > > >>>temporary email services that allow you to register with them with no > > > >>>personal information, they give you a temporary email address to use > > > >>>to register for a forum/ steam id / whatever. Once you register > > with > > > >>>this address, you check the mailbox, respond to the mail in it to > > > confirm > > > >>>it is a legit address and then the account is gone a day later. > > > >>> > > > >>>Email should not be used for identification as one person can have as > > > many > > > >>>accounts as they please. > > > >>> > > > >>>CD key can't really be used as some people play from internet cafe's > > so > > > they > > > >>>may have loads of people registering from the same installation > > (unless > > > >>>valve did a multi user license key that cost more but allowed an > > > unlimited > > > >>>amount of users to register from it and much stronger > > > >>>authentication of the purchaser. This would still allow people to > > get > > > >>>another ID if they used all their own ones) Or a family PC may have > > > >>>several users of the same game. I suppose having a maximum of 5 > > users > > > >>>per retail CD key would be an option as there would only be a finite > > > number > > > >>>of times someone could re-register without having to part with some > > cash > > > for > > > >>>another copy of the game. > > > >>> > > > >>>IP address changes, so that's no use. MAC address can be changed. > > > >>> > > > >>>CPU ID, Computers have the ability to use a unique identifier on the > > CPU > > > but > > > >>>the bios has the ability to disable it, so that's no use. > > > >>> > > > >>>Credit card number and registered billing address. Probably th most > > > >>>reliable and traceable, but that limits the customer base as not > > > everyone > > > >>>has one and there is one thing companies hate doing and that is > > limiting > > > >>>their customer base, so despite this being probably the best > > solution, I > > > >>>doubt that valve will use it. > > > >>> > > > >>>Public key certificates from a trusted third party. This could work > > > >>>but is just moving the problem one link further back in the chain. > > The > > > >>>Certificate Authority still needs to identify a person and you would > > need > > > to > > > >>>ensure they couldn't register for more than one certificate per > > > >>>person. In the long term I see a market for selling these if > > several > > > >>>game developers used the system. It would have to be slightly > > > >>>different to the current CA's around as you can register for as many > > > >>>certificates as you are willing to pay for with the existing ones. > > > >>> > > > >>>Basically until their is an international ID card with a centrally > > > >>>verifiable database (around 2048 I reckon, and half life 8 will be > > out > > > then > > > >>>with the same problems :) ) or the implementation of the Trusted > > > Computer > > > >>>Base, it is very hard to uniquely identify a machine or user. > > > >>> The closest thing there is to a centrally identifiable card tied to > > a > > > >>>persons address, that is internationally recognized is a credit card. > > > >>> > > > >>>End brain dump. > > > >>> > > > >>>I'd better do some real work now :) > > > >>> > > > >>>SlyOne > > > >>> > > > >>>_______________________________________________ > > > >>>To unsubscribe, edit your list preferences, or view the list > > archives, > > > >>>please visit: > > > >>>http://list.valvesoftware.com/mailman/listinfo/hlds > > > >>> > > > >>>_______________________________________________ > > > >>>To unsubscribe, edit your list preferences, or view the list > > archives, > > > please visit: > > > >>>http://list.valvesoftware.com/mailman/listinfo/hlds > > > >>> > > > >>> > > > >>> > > > >>-- > > > >>Clayton Macleod > > > >> > > > >>_______________________________________________ > > > >>To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > >>http://list.valvesoftware.com/mailman/listinfo/hlds > > > >> > > > >> > > > >> > > > > > > > >_______________________________________________ > > > >To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > >http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > > > > > > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
