FBI Half-Life 2 Raids

A weblog post mentioned in a Slashdot story apparently gives the account of a San Francisco native's encounter with the FBI as the fed's raided his home looking for evidence in connection with the theft of the Half-Life 2 source code (story). According to Slashdot (since the site has been, naturally enough, Slashdotted), the blog includes a scan of the FBI's search warrant. Thanks Captain Trips.
View : : :
98.
 
No subject
Jan 20, 2004, 09:04
98.
No subject Jan 20, 2004, 09:04
Jan 20, 2004, 09:04
 
Gah! where's the soap? he mentioned programming in VB!

Swiffer:

It would have been stupidly negligent to spend a few days on Steam after the breakin and then release it. Off the top of my head you'd *at least* need to do a rundown of the stolen code and get a few programmers to team up and go through it for vulnerabilities, since you really don't want someone else to find a buffer overrun vulnerability in your source code while also having the ability to access all the online server lists, and then all the online player lists.

That would only be prudent and responsible, just so you don't distribute something that has the ability to track down and infect all your customers [remember, Steam interfaces with itself, but also with all the games that run it for messaging at the least, and as the model stands, even the single player will require people to be online to allow Steam access to verify them]

Steam performs the copy protection. If it were as simple a matter as just waving your hands and mentioning encryption, that might be fine, but there is some finer detail to consider. As you said, you need to stop people from generating the codes to validate a HL2 purchase on steam, but you've got more than just that as a problem. You're also quite likely trying to make sure that people can't get at the result of the one way hashing function you [I would have to guess] use to generate a unique identity for a computer.
They also probably have to consider the vulnerability of any of the algorithms that they use to known plaintext attacks, then doublecheck that no-one's got lazy anywhere (I'm sure most people familiar with the different versions of the enigma will be able to recall how despite a pretty robust design, some versions were implemented slightly differently with weaknesses, and how at some stages of use they were preceding the encrypted message with the key, repeated twice at the start)

You've also got to make sure you prevent people from simply finding where the game gets the ip of the central steam servers and then redirecting it to their own local and cut down server, which is programmed using the same steam code they now have in order to happily fool the game into thinking it's connected and authorised with the main servers, and that any bogus key they might have fed it was fine.

There's a lot of little things that Valve would have needed to consider. I can certainly see how your model of business might work with shadow / particle system code, but I think you make too many assumptions that their issues would be the same as yours across the board.
This comment was edited on Jan 20, 09:10.
Date
Subject
Author
1.
Jan 19, 2004Jan 19 2004
5.
Jan 19, 2004Jan 19 2004
8.
Jan 19, 2004Jan 19 2004
9.
Jan 19, 2004Jan 19 2004
96.
Jan 20, 2004Jan 20 2004
2.
Jan 19, 2004Jan 19 2004
3.
Jan 19, 2004Jan 19 2004
4.
Jan 19, 2004Jan 19 2004
6.
Jan 19, 2004Jan 19 2004
7.
Jan 19, 2004Jan 19 2004
10.
Jan 19, 2004Jan 19 2004
11.
Jan 19, 2004Jan 19 2004
13.
Jan 19, 2004Jan 19 2004
18.
Jan 19, 2004Jan 19 2004
26.
Jan 19, 2004Jan 19 2004
27.
Jan 19, 2004Jan 19 2004
33.
Jan 19, 2004Jan 19 2004
14.
Jan 19, 2004Jan 19 2004
15.
Jan 19, 2004Jan 19 2004
17.
Jan 19, 2004Jan 19 2004
20.
Jan 19, 2004Jan 19 2004
23.
Jan 19, 2004Jan 19 2004
24.
Jan 19, 2004Jan 19 2004
      Re: pointless raid
21.
Jan 19, 2004Jan 19 2004
22.
Jan 19, 2004Jan 19 2004
28.
Jan 19, 2004Jan 19 2004
29.
Jan 19, 2004Jan 19 2004
30.
Jan 19, 2004Jan 19 2004
32.
Jan 19, 2004Jan 19 2004
34.
Jan 19, 2004Jan 19 2004
      .
35.
Jan 19, 2004Jan 19 2004
36.
Jan 19, 2004Jan 19 2004
      Re: pointless raid
38.
Jan 19, 2004Jan 19 2004
40.
Jan 19, 2004Jan 19 2004
43.
Jan 19, 2004Jan 19 2004
      Re: pointless raid
46.
Jan 19, 2004Jan 19 2004
       Re: pointless raid
47.
Jan 19, 2004Jan 19 2004
        Re: pointless raid
51.
Jan 19, 2004Jan 19 2004
         Re: pointless raid
52.
Jan 19, 2004Jan 19 2004
          Re: pointless raid
54.
Jan 19, 2004Jan 19 2004
          Re: pointless raid
56.
Jan 19, 2004Jan 19 2004
72.
Jan 20, 2004Jan 20 2004
135.
Jan 24, 2004Jan 24 2004
31.
Jan 19, 2004Jan 19 2004
39.
Jan 19, 2004Jan 19 2004
48.
Jan 19, 2004Jan 19 2004
50.
Jan 19, 2004Jan 19 2004
55.
Jan 19, 2004Jan 19 2004
     Re: No subject
58.
Jan 19, 2004Jan 19 2004
      Re: No subject
59.
Jan 19, 2004Jan 19 2004
       No subject
64.
Jan 19, 2004Jan 19 2004
        Re: No subject
60.
Jan 19, 2004Jan 19 2004
       Re: No subject
87.
Jan 20, 2004Jan 20 2004
        Re: No subject
88.
Jan 20, 2004Jan 20 2004
         Re: No subject
95.
Jan 20, 2004Jan 20 2004
        Re: No subject
85.
Jan 20, 2004Jan 20 2004
      Re: No subject
86.
Jan 20, 2004Jan 20 2004
       No subject
89.
Jan 20, 2004Jan 20 2004
        Source code =/= beta
117.
Jan 20, 2004Jan 20 2004
         Re: Source code =/= beta
94.
Jan 20, 2004Jan 20 2004
       Re: No subject
103.
Jan 20, 2004Jan 20 2004
        Re: No subject
106.
Jan 20, 2004Jan 20 2004
         Re: No subject
108.
Jan 20, 2004Jan 20 2004
          Re: No subject
109.
Jan 20, 2004Jan 20 2004
          Re: KEEP QUIET
119.
Jan 20, 2004Jan 20 2004
        Re: No subject
120.
Jan 20, 2004Jan 20 2004
         Re: No subject
134.
Jan 24, 2004Jan 24 2004
       Re: No subject
136.
Jan 24, 2004Jan 24 2004
        Re: No subject
137.
Jan 26, 2004Jan 26 2004
         Re: No subject
102.
Jan 20, 2004Jan 20 2004
     Re: No subject
104.
Jan 20, 2004Jan 20 2004
      Re: No subject
49.
Jan 19, 2004Jan 19 2004
16.
Jan 19, 2004Jan 19 2004
19.
Jan 19, 2004Jan 19 2004
25.
Jan 19, 2004Jan 19 2004
37.
Jan 19, 2004Jan 19 2004
41.
Jan 19, 2004Jan 19 2004
42.
Jan 19, 2004Jan 19 2004
45.
Jan 19, 2004Jan 19 2004
53.
Jan 19, 2004Jan 19 2004
57.
Jan 19, 2004Jan 19 2004
44.
Jan 19, 2004Jan 19 2004
61.
Jan 19, 2004Jan 19 2004
62.
Jan 19, 2004Jan 19 2004
63.
Jan 19, 2004Jan 19 2004
67.
Jan 19, 2004Jan 19 2004
73.
Jan 20, 2004Jan 20 2004
74.
Jan 20, 2004Jan 20 2004
116.
Jan 20, 2004Jan 20 2004
65.
Jan 19, 2004Jan 19 2004
66.
Jan 19, 2004Jan 19 2004
69.
Jan 19, 2004Jan 19 2004
71.
Jan 20, 2004Jan 20 2004
75.
Jan 20, 2004Jan 20 2004
76.
Jan 20, 2004Jan 20 2004
90.
Jan 20, 2004Jan 20 2004
92.
Jan 20, 2004Jan 20 2004
       Re: Quick observation
93.
Jan 20, 2004Jan 20 2004
        Re: Quick observation
77.
Jan 20, 2004Jan 20 2004
110.
Jan 20, 2004Jan 20 2004
113.
Jan 20, 2004Jan 20 2004
       Re: Quick observation
114.
Jan 20, 2004Jan 20 2004
        Re: Quick observation
118.
Jan 20, 2004Jan 20 2004
        Re: Quick observation
78.
Jan 20, 2004Jan 20 2004
79.
Jan 20, 2004Jan 20 2004
124.
Jan 21, 2004Jan 21 2004
125.
Jan 21, 2004Jan 21 2004
       Re: Quick observation
128.
Jan 21, 2004Jan 21 2004
       Re: Quick observation
129.
Jan 22, 2004Jan 22 2004
        Re: Quick observation
105.
Jan 20, 2004Jan 20 2004
68.
Jan 19, 2004Jan 19 2004
70.
Jan 19, 2004Jan 19 2004
80.
Jan 20, 2004Jan 20 2004
81.
Jan 20, 2004Jan 20 2004
82.
Jan 20, 2004Jan 20 2004
83.
Jan 20, 2004Jan 20 2004
84.
Jan 20, 2004Jan 20 2004
91.
Jan 20, 2004Jan 20 2004
107.
Jan 20, 2004Jan 20 2004
100.
Jan 20, 2004Jan 20 2004
101.
Jan 20, 2004Jan 20 2004
97.
Jan 20, 2004Jan 20 2004
99.
Jan 20, 2004Jan 20 2004
 98.
Jan 20, 2004Jan 20 2004
No subject
111.
Jan 20, 2004Jan 20 2004
112.
Jan 20, 2004Jan 20 2004
123.
Jan 21, 2004Jan 21 2004
115.
Jan 20, 2004Jan 20 2004
122.
Jan 21, 2004Jan 21 2004
126.
Jan 21, 2004Jan 21 2004
127.
Jan 21, 2004Jan 21 2004
121.
Jan 21, 2004Jan 21 2004
130.
Jan 22, 2004Jan 22 2004
131.
Jan 22, 2004Jan 22 2004
132.
Jan 22, 2004Jan 22 2004
133.
Jan 22, 2004Jan 22 2004