[question]wanna make a game accounts management system, need suggestions

[haohaolee]

Hi guys,

Background:
I am a newbie to wow hacking, and I know not much about reverse engineering, but I'm a C++ programmer. Briefly, my friend recently started a gold farm, and hired some guys to farm. He wanted a accounts management system to make sure those guys cannot touch the game accounts directly, but authenticated themselves with other information first, if successful, then this system will auto login the wow with appropriate accounts.

The key part for this is an auto login function. After some investigations, I know there are 2 ways to do this: one is use something like autoitscript, the other is inject lua code to wow to operate on GlueXML. I don't need other memory hacking till now

My question is: which approach is better, especially for my case: stably starting wow and protecting game accounts, or some other approaches I don't know?

Any suggestion is appreciated.

regards,

[Frosttall]

You should use injection, but have to keep in mind that it would never be a problem to get these informations. They could simply add a detour in the lua-function and read out the values which have been passed by either the direct function-call or entered into the GUI.

But anyways, AutoIs is a very very bad choice since there's no problem to record the entered keys.

[Jadd]

Add authenticators to the accounts, and only supply the codes to them when appropriate. This can be completely automated if you want it to be.

http://www.ownedcore.com/forums/worl...-emulator.html ([Library] Blizzard Authenticator Emulator)

[~Unknown~]

Add authenticators to the accounts, and only supply the codes to them when appropriate. This can be completely automated if you want it to be.

http://www.ownedcore.com/forums/worl...-emulator.html ([Library] Blizzard Authenticator Emulator)

This is probably the only solution that could keep the account actually safe from logging in at will. However I guess if they were clever enough they could log into the battle.net account and take the authenticator off with just 2 codes in succession unless you restricted the automated part to like once a time period (one that restricts two codes to remove it).

The injected solution would only work well if you know the people using the accounts will have zero knowledge of how to retrieve the encoded account information and won't find someone who could.

All this being said, you could use both solutions, but nothing is really foolproof. I mean they have access to the account so why does it matter too much if they have the real info as well?

[Jadd]

This is probably the only solution that could keep the account actually safe from logging in at will. However I guess if they were clever enough they could log into the battle.net account and take the authenticator off with just 2 codes in succession unless you restricted the automated part to like once a time period (one that restricts two codes to remove it).

The injected solution would only work well if you know the people using the accounts will have zero knowledge of how to retrieve the encoded account information and won't find someone who could.

All this being said, you could use both solutions, but nothing is really foolproof. I mean they have access to the account so why does it matter too much if they have the real info as well?

If their using your network, just block the battle.net website IP through your router. Game servers and the realmlist server run from different IPs, so they shouldn't have problem accessing the game, and it will stop them from removing the authenticator from the account.

[haohaolee]

Thank you guys for your warm replies. The information is very valuable

But since we are not playing the wow us, we cannot consider the authenticator approach because it's developed by another local corporation.

Thanks all the same!