there's no way EA did this...

"LAN network", from the makers of pin number and ATM machine.

JosephCatrambone

I'm impressed with the level of security for it's time. Considering these were the days when a ton of websites were vulnerable to SQL injection, 2-factor wasn't implemented anywhere, windows passwords could be bypassed in 20 seconds, and malware was so prevalent that we just accepted things pop up now and then. And yet these guys still, to a reasonable degree, protected their network traffic. For it's time it's pretty damn good in my eyes.

ChrisRid

"I was in 3rd grade in 03" dude just made me feel old as hell.

brandonw

"2003, very very old"
I feel assaulted....

TeeEllohwhydee

For those wondering. You can't just say XOR is not encryption in isolation. It's actually 100% secure if you use a one-time pad. But yes, the nonsense specific implementation seen here is not real encryption.

InfiniteQuest

3:46 - "Packet-level encryption is an XOR operation, for speed reasons."
look at this guy taking CPUs having cryptography operations baked into the silicon for speed for granted

aint got SHIT to work with in the start 2000's
you'd be lucky to have your end client supporting SSE2 instructions

TheDoomerBlox

Ah yes, the Security Through Obscurity era of online gaming. LittleBigPlanet is still getting screwed over to this day by this, because not only did the official servers get Unplugged due to rampant hacking incidents, even _the fan-made revival servers_ had to turn off drop-in multiplayer because the games are so insecure (by modern standards) that you can still get your system (your PS3 if original hardware, or _the PC running RPCS3_ if emulator) completely pwned by another player via the game.

WackoMcGoose

Security was definitely already a thing even before 2003.

jon

Technically XOR can be used as encryption, but for that your key needs to be as large as your data and you are never allowed to reuse the key for different data.

kuhluhOG

XOR is so interesting it really does encrypt 99.9% of all internet traffic (since AES GCM mode just generates a stream of bytes which are xorred with your web traffic). But XOR with any bytes ever repeated is, as you say, full stop not encryption.

ProfNinjax

Nothing about this surprises me. I'm more surprised that they used something as advanced as utf-8. In 2003 it was pretty common for a program to use plain ASCII. For context look at where game console "security" was back then. You had Nintendo securing their Wii disc drive by xor-ing the data with the word "password" It's easy to forget how long ago this was.

Humbird

0:24 3rd grade in ‘03? Why am I watching some teenager’s hacking video…oh…oh no.

hammertime

Back then we didn't have the speed to spare properly encrypting network traffic. I actually like the bit where they don't xor-"encrypt" the whole 4 bytes. Makes the data less immediately readable, and if someone tries xor-"decryption" on the data alone, it will still read bad data.

sirflimflam

Big thing to remember was that Generals/Zero Hour was meant to work on Local Network multiplayer only.
This level of protection was already at or above what was the "standard" at the time (looking at you, Windows SMBv1).

TPixelAdventures

It's hard to believe these days young man, but EA and Ubisoft used to care about games, yes, I know it sounds like a joke.

guilherme

"2003, very very old"
*Cries in very very very old*

Miayua-usgd

The cpus from back then didn't have any AES acceleration, so real encryption would have been very cpu intensive. Also remember cpus didn't come in multiple cores till 2005. Sure a modern motherboard could do it all but 22 years ago this was probably a decent compromise.

eshwayri

2003 did not have internet security? My copy of Applied Cryptography is from 1995 thank you very mucjb😂

MeriaDuck

5:30 Security is not my area of expertise, but I know code. And what you're saying here is incorrect. First of all, the leading "0000" of "0x0000Fade" is not a "nybble", it's a "word". Secondly, after the second iteration in the loop, the mask variable will be incremented to "0x00010020", which means that upper word is, in fact, being modified by the XOR operation.

mykalimba

Dude, security was most definitely a thing back then in 2002. Not for nothing, so you understand where I am coming from, I specfically showed some of my cohorts/colleages your channel and told them how bonkers you were and are. You would do well to supplement your skills and knowledge by checking a little about Steve Gibson. I bet you know his name well already but your comment made me think that there is a small chance not. In any case, I get what you mean with the XP null shares pre SP1 and things like that. But there were those of us too that did take it seriously, to all ends. ZoneAlarm was a really amazing product back then if configured well. It took some time to do that too, but once set, it rocked hard. Then it was sold to an Israeli company and it couldn't be widely recommended any longer.

MrChrisRP