Jump to content
Maintenance : Final step ×

Owsap

Honorable Member
  • Posts

    293
  • Joined

  • Last visited

  • Days Won

    30
  • Feedback

    91%

Owsap last won the day on October 15 2024

Owsap had the most liked content!

About Owsap

  • Birthday 09/02/1997

Informations

  • Gender
    Male

Social Networks

Recent Profile Visitors

19662 profile views

Owsap's Achievements

Grand Master

Grand Master (14/16)

  • Well Followed Rare
  • Problem Solver Rare
  • Reacting Well
  • Dedicated
  • Very Popular Rare

Recent Badges

9.8k

Reputation

  1. Like you said, it's very unlikely a man in the middle would want to extract this data, there is nothing really interesting. The only stress here was about the credentials being sent too, which I understand. However, I've explained that already many times during this topic and for whatever it's worth, for years there hasn't been a single problem with this and I would never do things to damage my name and reputation. I could have done things differently, this was probably a mistake, we live and learn but no harm was ever done. Regardless, I still propose the same as I mentioned before, both for the review of the system and as for the removal of my license system.
  2. As I mentioned, I didn't want to send the plain text in the URI string so I used Base64 to encode the credentials, then on the backend I decoded it. It was just my way of saying (reversible format, encode / decode). Yes, I could have hashed the credentials and compared the hashes, which would have been more secure for transmitting the data via HTTP. However, that would still require an explanation as to why I'm reading the credentials from the library file and sending them via an HTTP request, bringing us back to the beginning of this topic. The usage of that sql data was and is simple, a direct comparison to check if they are the default credentials, nothing more. As for the rest of the data (ip, key, hostname, port, etc...), I believe they're self explanatory.
  3. Before anything, I would like to state that the decompiled library is from an older version. I used Base64 encoding as a simple and fast solution to avoid sending the credentials in a raw form within the URI string. I know Base64 doesn't provide any encryption or protection so in newer versions of the library I added XOR encryption with a key and before you say it, I know it isn't the best solution either but it does the job and for the purpose I didn't need something to robust because I had to reverse the process. Regardless, on the backend (PHP), the Base64 string is decoded and the system verifies whether the provided username and password match the default credentials for the server which are: "localhost", "mt2", and "mt2!@#". Yes, I use HTTP and still do (I was working on another version but I canceled it) but I don't think it's necessary to encrypt an IP address, Channel, Port and a default publicly available Metin2 database credential which by default you cannot access remotely unless you manually change it. Regardless, on newer version of the library the full URI is encrypted with XOR, you would not see plain text. I understand this approach might seem questionable at first and sketchy while looking at the library request. However, I did it this way to "enforce" the use of these default database credentials. This is necessary because the database setup (script to install the database tables) and operation rely on these specific credentials. Sure they can change it but they need to know what they're doing. As long as these default credentials are strictly assigned to "localhost," I believe this approach is secure and ensures proper installation and functioning of the database. I have no problem sharing this small procedure with everyone, but I can’t reveal every single line of code publicly just to prove that I'm not doing anything harmful with the data or storing it. Even if I did, some people still wouldn't believe me. I've already messaged the forum administrator to offer a full review of the "system" if they're interested, but I'm not going to share it publicly here.
  4. The purpose of the license system is straightforward, like any license verification system, it transmits the essential information needed to verify the legitimacy of those who have purchased my services. Does it help? Yes, to some extent, it helps in maintaining control, though it does not completely prevent misuse or bypassing and I understand that it can be useless to some but as I said before it helps detecting who uses my project fairly. I believe everyone who has purchased my project is aware of this licensing approach. While I may not explicitly specify on my terms which data is sent to my remote server, it should be clear to them what kind of information is involved. If I had anything to hide, I would have implemented the system differently. I am aware that my license system could have been decompiled and that the query it executes would be visible. However, I stand by the fact that it operates transparently and doesn't harm any of my customers or their servers. Everything is open source except my license system so it is clearly visible to everyone who holds a copy of my project to see if there are any malicious code. Regardless, if my license system is perceived as problematic, I am willing to open a poll on its removal within my projects community. If the majority agrees, I can remove it today through a simple and quick update. That being said, I want to reassure everyone that this system has never caused any harm to anyone or any server. To address concerns and accusations of dishonesty, I am willing to provide additional proof, even though I am not obligated to do so. Specifically, I can share the complete code of my license system, including its backend, with the forum administration for review so that people don't call me a liar.
  5. I honestly don't understand all these accusations, especially when there's no concrete proof to support them. I've explained how my license system works, detailed the purpose of the HTTP request, and even shown my database logs to prove that I don’t store any SQL credentials. Honestly, why would I even want to store those in the first place? Despite all this, you still choose not to believe me. It's clear you've already made up your mind, assuming I'm doing something wrong. What's most frustrating is that no actual customers of mine have raised these concerns, only people who don't work with me seem to be making these complaints. So many developers here have already added license systems to their work without facing such criticism. Why am I being singled out? I have always responded to accusations against me and made every effort to prove otherwise. I've never ignored any claims, because doing so would suggest indifference to my reputation and I care deeply about it. Someone who values their reputation doesn't act in ways that would harm it. Everything I do I always think both sides of it to prevent such problems but it seems that whatever I do there will always be such criticism. However, no matter how much I try to defend myself or provide evidence, people still assume I'm lying or a being a manipulator. It feels like my efforts to preserve my reputation are disregarded entirely. I've done everything I can to explain and prove my point, yet it seems usless. I really don't know what you want from me.
  6. I have been running my project this way for a long time, and removing something that has been an integral part of it since the beginning would be counterproductive. Besides, I've built the user dashboard around it (as I explained from the "dissembled code" from the topic author), making the experience for the members more professional. You can feel questionable about it and ask why and for what but I don't feel the need to explain how I manage my project or run my business to anyone. If any of my customers have a question about how I treat their data I will tell them with transparency because I respect their data. Besides, I've already explained here what it's all about. Regardless, everyone has their own way of doing things, I just do mine differently but I truly don't understand what's the problem with it. It's hard to believe that people would think I'd charge a premium price for my project that I constantly work on and update to only misuse their data, even if they disrespected my rules, it doesn't make sense to me. While it's true that the license system can be bypassed, doing so clearly demonstrates a lack of compliance with my rules. By taking such an action, you effectively reject my terms of service and I will eventually notice this. Without it, I wouldn't have such a clue of anything going on. I take this very seriously, and the only thing I ask and expect from new members/customers of my project is to respect my work and help keep their investment secure, ensuring it doesn't fall into the wrong hands. Respecting the rules means allowing the license system to perform its intended purpose. It's not doing anything harmful, on the contrary, it ensures that everyone uses my project correctly and fairly. I can completely understand how it might seem strange and suspicious to see this information in this thread for the first time, but it's not what it seems, it's simply information to check who are legitimate customers and ensure compliance with my terms of service. When a server is started, the following information is sent to my remote server via HTTP request: addr - The machines IP address. key - The unique license key assigned to the member. hostname - Hostname of the game being executed, this will show which core is trying to execute, if provided in the hostname. channel - Game channel that is being executed. sqlu, sqlp - Encrypted SQL Credentials, used only to ensure correct setup and synchronization of the database files, never stored or used for any other purpose! The credentials are the default "localhost", "mt2", "mt2!@#", which need to be exactly the same in order to install and operate the server's database. Now, even if I or anyone wanted to access this remotely, it would not be possible because the database user is configured to only allow connections from localhost. This setup is recommended for security purposes and has always been configured this way. os - The operating system version, this helps me to know if the members is running a server on Windows or FreeBSD. hash - A hash of specific parameters, used to validate data integrity. server - The remove server address to process the HTTP request. This data is used exclusively to verify the license key and update the members dashboard profile to reflect any anomalies or configuration issues. Which data is actually stored in my remote server database? I can confidently say that none of my serious customers who truly value my work engage in such behavior because they know I am not a fraud. I always do my best to bring value to them. The issues has been always been coming from "haters" or people upset over past events with me, trying to prove something that isn't true or make others believe I'm doing something wrong. That's simply my perspective, and ultimately, the truth...
  7. None, if you don't read why bother commenting? What's the problem any way in adding a license to a system?
  8. You edited your message. You don't even need IDA or anything to remove the verification lol, unbelievable, this is too funny already. You think I don't know who are the idiots that like to pass my work around? Like I said, I despise people like you that only come here when my name is mentioned because all you want to do is put me down but you don't have nothing to prove. I don't care if you have my files on your PC or not, I honestly wouldn't be surprised that you already pass them around or even sell them, I know exactly which version you have of my files, you must think I'm living under a rock or something, your only luck is that you find stupid people that don't value other peoples work and end up with things that you don't deserve to have. The license system isn't even a big deal, all you need is a key (which is lifetime) and add your server address on the dashboard of the project. When you start the server, the information is sent to my remote server to validate that address and information you added on the dashboard. Even if a customer breaks the rules and gets banned from my project he can remove the verification and use it freely. Such drama for no reason, all its purpose is for logging legit customers and troubleshoot if there are any issues, I've already explained what everything is for on my first reply. What do you know about work? You don't know shit about what you're talking about, you don't know what I've contributed and worked all these years for. Despite touching intelectual material, it doesn't remove the fact that it is still my time invested and work involved. Neither do you, me or anyone here that creates systems, assets or whatever the fuck that directly comply with Metin2 have rights over. We still need to credit and value the people who contribute and make what private servers are today. You're just too ignorant to see understand that. If I worked years on something I would like to protected it somehow even if it's not 100% possible, it's still better having something than nothing, that's why I created that license system. I don't understand why you target me on such things. @ martysama0134 (sorry for mention) also doesn't have the rights to Metin2, but it's okay for him to sell the source code, why isn't he mentioned? Other developers here like @ Mali (sorry for mention) that creates systems that directly touch Metin2 functions, it's still okay for them to sell their systems and have the rights too sell it? No, but it's still they're work. You see, don't talk about Metin2 rights because it's irrelevante in this community. I haven't stole any code from @ Mali, all the systems that is on my files from him are shared publicly and he knows that all the credits are mentioned. I did my own research and reversed the remaining code of the official's multi-language system and added country flags to it, I don't know why you think I copied from him, I think your possessed with me or something, share the code I don't mind. This is not the first time people say I copy from him. I'm not stealing my customers details, I'm not reselling, I'm not stealing code, I'm not forcing anyone to buy my stuff, give me a fucking break. If I bother you that much or my work, leave me alone. If you have any real evidence that I'm the above then open a ticket or enter in contact with the administration team. I'm tired of saying this, but you won't do this because all you want to do is hurt my image. Keep going.
  9. I'm not forcing anyone on nothing and I can add whatever I want and please, it's the customers decision to accept or not, like I said it's non of your business and please, spare me, don't start the bullshit, neither do you or anyone here have rights of any material of Metin2. I already explained the purpose of the license system I'm not going to repat myself to ignorant people like you.
  10. It's non of your business, you only show up when my name is involved so I despise people like you.
  11. Oh no! You caught me red handed! I never imagined someone would go to the trouble of creating a fake account just to decompile my library and poke around! Oopsie daisy! Now, of course, everyone must think I'm stealing my own customers passwords and information to sell on the black market! What a revelation! Sarcasm aside, I have nothing to prove to you, it's just a real shame you came here trying to damage my image, you don't know nothing about my business and how I handle it so you shouldn't be trying to prove something you don't know about. I've seen about everything, this doesn't even surprise me anymore. Its no secrete that I use a licensing system to verify who my legit customers are, this implies sending such information you saw in the query. It's ultimately the customers decision to read and accept my terms of service. For years, ever since I've provided such a project, this has always existed and there has never been any issues of trust from the customer nor the security of their data from my side. This is simply a protection of what I've worked for years, it shows me who is trying to run my project with or without a valid license, which channel, core, port they're trying to run, if they're running a test or live server, from which operating system they're trying to run and if they're using the default credentials for the installation of the database files. What you're seeing in the query doesn't mean I'm doing something bad with that information, you don't know what I'm doing with it in the backend. All the data passed in the query is simply for logging, analysis and for troubleshooting purposes and most of the data in query is send to work in conjunction with the users settings in his personal dashboard. All of this information has and will always will be safe and properly protected and by the way most of that decompiled code isn't accurate.
  12. Flower Power Event Official Version Preview Available for Sale For more information, visit my website, https://owsap.dev/shop/flower-event/
  13. Very interesting, I haven't seen this done before on Metin2, nice work.
  14. Here is my version of the fix for the random dots issue in fonts. While this is not a direct solution to the root cause, it acts as a "hot-fix" and has shown consistently good results in my testing. The issue is caused by unintended artifacts appearing when characters are rendered too close to one another in the texture atlas. By adding a small amount of padding between glyphs during the rendering process, we can prevent these artifacts (dots). Comparision Let's quickly look at the differences with and without padding. Why Padding Works? Adding padding works because it creates a small "safe zone" around each character in the texture atlas, preventing other characters from overlapping into each other during rendering. Code Test Script If you're interested in using the script shown in the comparison above to test the results on your system I will leave the code below. This isn't a perfect solution but by adding a small padding of 1 or 2 pixels between glyphs has shown to be an effective workaround for the random dots issue. I've tested this in various languages including Arabic but I can't guarantee that the code above is the final solution to the problem. Feel free to try it and give some feedback.
  15. Can you shut the fuck up already? All you're doing is creating unnecessary drama on this topic. Wasn't this supposed to be a complaint? Defamation is a crime, and your threats are hilarious. You keep calling me a scammer, which is bullshit. I provided you with the archive, system included, and an implementation guide and you even showed it to everyone. You got exactly what you paid for. You're just spreading misinformation because you're mad I didn't respond to you in time and eventually blocked you, for a reason. You're acting like a complete moron. I wouldn't curse, but you're really showing what a plague you are. I've already said I've provided support and even unblocked your sorry ass, so stop with the harassment. You're getting on my fucking nerves. Every day I'm bombarded with emails and forum notifications on this topic. Isn't it enough? Haven't you already said what you wanted? Why keep being a bitch about it? Didn't you get the solution already? You're making me sick, showing everyone who you really are. I wouldn't be surprised about the accusations made on your person. So since you started this, let's see how much of a liar you are. Full Conversation (Context and Proof) Later Support (Provided 07/11/2027) Can the forum administration please close this topic or mark it as resolved? There's no point in letting this drag on.
×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.