"It's like patching the game without going through all the Blizzshit."
Viral: involving a piece of information that is circulated rapidly and widely from one Internet user to another. Bank: the only way to write non-volatile information into a computer from a SC2Map file. Injector: introduce or feed new information into a device.
If you haven't figured it out yet, this library aims to allow the mapper to inject information (strings to be exact) into every player's computer through viral means. It does require that one person starts this, but that will be you. It will also require that "infected" players continue playing to "infect" other players. For some games, this may not be the solution for you.
Why?
Publishing can be a pain in the ass: large uploads, failing uploads, slow uploads, logging in with the Editor. Sometimes it's just not worth it to increment the version of the game and ruining your patch notes. Much worse, the disappointed players who find out that the changes were a bit tiny.
So?
But you still need to tweak the game... Maybe for new announcements or for balancing; that's right, change movement speed, model path, sound path, damage, bans, or what not. Whatever coding can tweak, you can tweak with VBI.
How does it work?
Without going through all the functions first, simplest way to explain it: a bank will have a VBI string with a date, all the players will have their own bank with its own VBI string, you can compare them and determine what's latest with the date... which ever is the latest VBI string, it will be uploaded to the other players' banks.
Security?
The security is my own nooby encryption/locker system. Why my own? Because I can't download KrpytLib for some reason. Do I trust mine? Kind of. Maybe. I dunno, you tell me! But certainly, the VBI system will need all the protection it can get.
Character Code Locker
"The creators of Enigma must be rolling in their graves with the conception of CCL."
It's an untested locking system that outputs an integer value as the checksum. This checksum is determined by several factors of a string: its characters, their position and their casing. Not particularly proud of this since I know there are more sophisticated encrypting systems in SC2. But then again, like I said, they're not available for download for some reason.
VBI & CCL PROGRESS
Currently, it's lacking a function that updates everyone with the latest VBI data. Though finding the player with the latest VBI data is present. Banks are not tested as well. CCL is untested, though the most obvious exploits like changing casing, letters and positions are addressed.
Feel free to moan for updates or you know, do it yourself. Share it though.
So you can cause people to have the updated tweaks to your map by just playing a game with them? That is awesome, this is awesome, you are awesome. Well done..
Looks concerning to me. Essentially because of the fact, that banks are not save, regardless of encryption or signature, anyone who has the skills to circumvent those will be able to introduce balance changes to your map, to his liking.
There are generic programs on other sites, that can create a valid signature for your bank, and the map script is freely available for everyone, cracking a locked map doesn't take more than a minute, making any encryption basically worthless.
Looks concerning to me. Essentially because of the fact, that banks are not save, regardless of encryption or signature, anyone who has the skills to circumvent those will be able to introduce balance changes to your map, to his liking.
There are generic programs on other sites, that can create a valid signature for your bank, and the map script is freely available for everyone, cracking a locked map doesn't take more than a minute, making any encryption basically worthless.
Indeed. That, and the time it would take to play a round of most maps (assuming you don't just leave your own map) is much longer than the time it takes to upload to all 5 servers. That's not even taking into account the inherent inefficiency of a system like this. I can't think of a single use for it.
@MasterWrath: Go
encryption doesn't work, look around the forums. The reason it doesn't work, is that the scripts to the map are available which shows clearly how the bank was encrypted and obfuscated. you can even be lazy and usually just write some console commands in a text map to repopulate the bank how you want. Then you rehash the signature. takes less than 30 min. Which is why everyone says do post anything that can ruin a game to banks.
Because of this this script is a VERY VERY bad idea. The first reason above is clear through out the forums. the second reason this is a VERY VERY bad idea is that unless the map is popular, you couldn't spread the update. if it was popular more people would be inclined to do the first reason why its a VERY VERY bad idea. The third reason is that you asking the second reason to do the first reason and risk getting you map HIJACKED out of your control as some idiot decides to spread his own updates which is a VERY VERY BAD IDEA. This idea is inviting people to screw with it. just reading it i want to screw it up.
I actually think this should be removed, its so unsafe and dangerous.
What you've posted here is nothing short of amazingly useless, with a description which would be misleading if it weren't obvious nonsense. Have a look.
"CCL" is confused about its identity; the identifiers suggest it's intended to be a checksum, yet its relationship with "VBI" suggests it's intended to track versions. Both of which could be barely useful if they actually worked, nevermind that nothing about this "injects" or "infects" players' banks, or does anything with them at all. And if you could overlook the parody of a hash function that demonstrates zero concern for collision, the date tracker that can't even get time from the server, the absence of banks even being used in the code, and that this scrapbook of functions and variables don't accomplish anything in the least, if you could overlook all of that and suppose it might somehow work the way you describe, it would still be exploited by anyone with a few minutes of spare time simply by unlocking the map and coding it to output a bank with a date "checksum" higher than the official.
Moving this to the Trigger Dev forum; it's not a resource to anyone.
Yeah, is the Krpytlib download fixed? I only did that stupid CCL since I couldn't get kryptlib.
I read your whole comment and you seem to have misunderstood how it works. (Though I'll reserve the possibility that you know the code more than myself.)
A general response first: the code you're criticizing isn't complete, some important parts aren't even in there. I only posted it here to see if there would be interest in furthering its development.
Sorry, I can't quote, currently mobile.
CCL is nothing more than a shitty way to put a signature or w/e you call it, VBI will still need some protectiom though.
Banks functions haven't been finished yet.
Date tracker? Server? You determine these dates with the VBI system.
What I must fully agree with you though is the lack of a fool proof encryption system and that the VBI system will be a terrible exploitable.
So go ahead and put it here, I'll finish it up, test it in my game and people who want to risk it with me can gladly do so.
To sum up, I knew it was a bad idea, but I was not fully aware of the security problems of sc2.
By the way, Photon Cycle was awesome
Rollback Post to RevisionRollBack
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.
To post a comment, please login or register a new account.
THREAD TO BE IMPROVED, sleepy as of now.
Viral Bank Injector
"It's like patching the game without going through all the Blizzshit."
Viral: involving a piece of information that is circulated rapidly and widely from one Internet user to another.
Bank: the only way to write non-volatile information into a computer from a SC2Map file.
Injector: introduce or feed new information into a device.
If you haven't figured it out yet, this library aims to allow the mapper to inject information (strings to be exact) into every player's computer through viral means. It does require that one person starts this, but that will be you. It will also require that "infected" players continue playing to "infect" other players. For some games, this may not be the solution for you.
Why?
Publishing can be a pain in the ass: large uploads, failing uploads, slow uploads, logging in with the Editor. Sometimes it's just not worth it to increment the version of the game and ruining your patch notes. Much worse, the disappointed players who find out that the changes were a bit tiny.
So?
But you still need to tweak the game... Maybe for new announcements or for balancing; that's right, change movement speed, model path, sound path, damage, bans, or what not. Whatever coding can tweak, you can tweak with VBI.
How does it work?
Without going through all the functions first, simplest way to explain it: a bank will have a VBI string with a date, all the players will have their own bank with its own VBI string, you can compare them and determine what's latest with the date... which ever is the latest VBI string, it will be uploaded to the other players' banks.
Security?
The security is my own nooby encryption/locker system. Why my own? Because I can't download KrpytLib for some reason. Do I trust mine? Kind of. Maybe. I dunno, you tell me! But certainly, the VBI system will need all the protection it can get.
Character Code Locker
"The creators of Enigma must be rolling in their graves with the conception of CCL."
It's an untested locking system that outputs an integer value as the checksum. This checksum is determined by several factors of a string: its characters, their position and their casing. Not particularly proud of this since I know there are more sophisticated encrypting systems in SC2. But then again, like I said, they're not available for download for some reason.
VBI & CCL PROGRESS
Currently, it's lacking a function that updates everyone with the latest VBI data. Though finding the player with the latest VBI data is present. Banks are not tested as well. CCL is untested, though the most obvious exploits like changing casing, letters and positions are addressed.
Feel free to moan for updates or you know, do it yourself. Share it though.
DOWNLOAD & SCREENSHOTS
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.
So you can cause people to have the updated tweaks to your map by just playing a game with them? That is awesome, this is awesome, you are awesome. Well done..
Looks concerning to me. Essentially because of the fact, that banks are not save, regardless of encryption or signature, anyone who has the skills to circumvent those will be able to introduce balance changes to your map, to his liking.
There are generic programs on other sites, that can create a valid signature for your bank, and the map script is freely available for everyone, cracking a locked map doesn't take more than a minute, making any encryption basically worthless.
Indeed. That, and the time it would take to play a round of most maps (assuming you don't just leave your own map) is much longer than the time it takes to upload to all 5 servers. That's not even taking into account the inherent inefficiency of a system like this. I can't think of a single use for it.
@Kueken531: Go
It's really not that hard to write some nice encryption.
Edit: And even if they get the map script you can obfuscate it.
@MasterWrath: Go encryption doesn't work, look around the forums. The reason it doesn't work, is that the scripts to the map are available which shows clearly how the bank was encrypted and obfuscated. you can even be lazy and usually just write some console commands in a text map to repopulate the bank how you want. Then you rehash the signature. takes less than 30 min. Which is why everyone says do post anything that can ruin a game to banks.
Because of this this script is a VERY VERY bad idea. The first reason above is clear through out the forums. the second reason this is a VERY VERY bad idea is that unless the map is popular, you couldn't spread the update. if it was popular more people would be inclined to do the first reason why its a VERY VERY bad idea. The third reason is that you asking the second reason to do the first reason and risk getting you map HIJACKED out of your control as some idiot decides to spread his own updates which is a VERY VERY BAD IDEA. This idea is inviting people to screw with it. just reading it i want to screw it up.
I actually think this should be removed, its so unsafe and dangerous.
What you've posted here is nothing short of amazingly useless, with a description which would be misleading if it weren't obvious nonsense. Have a look.
"CCL" is confused about its identity; the identifiers suggest it's intended to be a checksum, yet its relationship with "VBI" suggests it's intended to track versions. Both of which could be barely useful if they actually worked, nevermind that nothing about this "injects" or "infects" players' banks, or does anything with them at all. And if you could overlook the parody of a hash function that demonstrates zero concern for collision, the date tracker that can't even get time from the server, the absence of banks even being used in the code, and that this scrapbook of functions and variables don't accomplish anything in the least, if you could overlook all of that and suppose it might somehow work the way you describe, it would still be exploited by anyone with a few minutes of spare time simply by unlocking the map and coding it to output a bank with a date "checksum" higher than the official.
Moving this to the Trigger Dev forum; it's not a resource to anyone.
@JademusSreg: Go
Yeah, is the Krpytlib download fixed? I only did that stupid CCL since I couldn't get kryptlib.
I read your whole comment and you seem to have misunderstood how it works. (Though I'll reserve the possibility that you know the code more than myself.)
A general response first: the code you're criticizing isn't complete, some important parts aren't even in there. I only posted it here to see if there would be interest in furthering its development.
Sorry, I can't quote, currently mobile.
CCL is nothing more than a shitty way to put a signature or w/e you call it, VBI will still need some protectiom though.
Banks functions haven't been finished yet.
Date tracker? Server? You determine these dates with the VBI system.
What I must fully agree with you though is the lack of a fool proof encryption system and that the VBI system will be a terrible exploitable.
So go ahead and put it here, I'll finish it up, test it in my game and people who want to risk it with me can gladly do so.
To sum up, I knew it was a bad idea, but I was not fully aware of the security problems of sc2.
By the way, Photon Cycle was awesome
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.