I removed the files since they're better off out of sight.
I continued working on it and it's functional now. I use it to make announcements in my game and it does its job. Now in regards to security, I don't about you guys, but it's not like money is in stake here, so I don't care. I don't know how good hackers can get, but the security involved will reject invalid modifications.
Summarily, the system works like this:
Read each player's string in each player's bank
Check for validity for each player's string (against modifications)
Compare each player's string's date to each other (supplied in the start like 140122 (Jan 22, 2014))
Pick a player with the most up-to-date string
Write that player's string to everyone else's banks
I love the idea of viral infection as a way to update the game without publishing it again.
I'm just telling you guys in case anyone has a need for it. I'm happy to share this system to anyone who asks.
Lets say you implement this on THE THING. i could hijack your bank and start spreading out bad updates. Make The Thing have 100000000 hp with 1000000 Regen, or a human.
The thing is it can ruin a game. Yes Encryption, Obfuscation, Signatures, and such all help but they can all be broken.
Also viral banks means that you need to have a popular game with many players each game, few games have the number your talking about. The greater the popularity the better the bank but the more chance you have to get them hijacked.
Finally, other servers like EU would also need a player base and you would have to spread for a couple games.
Yeah, I don't want to use it to modify gameplay. I'm using it for announcements, but even then, I'm still worried some hacker will make it look like I'm violating the ToS and have Blizzard kick my ass.
Good points, I'm not really expecting that many people to use this system, but I love sharing, so yeah.
Rollback Post to RevisionRollBack
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.
Cleaver, and I hope you don't mean me because, I was trying to prevent other players with malicious intentions... Unlike mine. What I wanted to suggest to you on the forums was a monitoring trigger... Still not sure if it will make sense but, it's worth a shot.
A system that resets your stas when tampered with on the bank file itself when the date and point vales do not add up correctly
That is if you ever suggest doing it?
I also want to know if you can trick people into thinking banks are encrypted into some other scripting languages by making them look like Java, or some kind of Binary... That would be useful.
Meaning they will hold the same values but, just look incomprehensible, the only thing is that it probably will not be compatible at that point and time though...
The values generated by Starcode already look incomprehensible. You wouldn't want to make anything look like java or binary because that would limit the characters you can use in the encryption, reducing the base of the values from something around 85 to much less, 2 in the case of binary. In other words, your bank wouldn't be able to hold as much information.
I should add that obfuscation is easily achievable by saving the encryption key in the data table instead of just as a variable name. Then they have to look it up by the key you save it into the data table with, but you can break up the key into separate pieces to obfuscate further so that it can't just be searched.
In fact, even better: put the encryption key in some data value, the field of some unit or something, and use catalog triggers to look it up and save it into the data table. Then they can't find the encryption key unless they have the data for your map too.
The first link would have to be the point of interest, the other 2 are just for those people who do not know how to enjoy a game, and they use map hacks.
What makes me wonder about it is that these people are using developer tools, and getting the actual map cache and messing with all of the galaxy.
Who would go to this extent to destroy a game that has been built up with hard work? I don't get it...
Also to clarify when I said developer tools I meant the bank cache manager.
You never said what reason I was getting banned for and besides I was trying to make a point on what to look out for. not sure why I would get banned for that if you read my entire post.
There are plenty of topics already about accessing the galaxy script of locked maps. It's not something people get banned for. People have the tools to do it so there's no point to being in denial.
You could make the system completely secure using private and public keys with asymmetric encryption. Update banks are signed by your private key which you never ever show to anyone but yourself. Your map then has the public key used to decrypt the signature to verify if the change is legitimate and if not simply discards it. This is the system Blizzard employed in WC3 to secure "Blizzard" maps by signing them with a checksum which needed to verify in order to have the "Blizz" icon. To this day I do not know of anyone who managed to crack it despite the public key being common knowledge due to the nature of asymmetric encryption.
That's true, asymmetric encryption would actually be pretty useful in this case. About the only thing it could be useful for encrypting in SC2 (well for non-blizzard mapmakers anyways).
Original thread: http://www.sc2mapster.com/forums/development/triggers/57968-viral-bank-injector-vbi-character-code-locker-ccl/ ^People were concerned about security, something I cannot guarantee you, even now.
I removed the files since they're better off out of sight.
I continued working on it and it's functional now. I use it to make announcements in my game and it does its job. Now in regards to security, I don't about you guys, but it's not like money is in stake here, so I don't care. I don't know how good hackers can get, but the security involved will reject invalid modifications.
Summarily, the system works like this:
I love the idea of viral infection as a way to update the game without publishing it again.
I'm just telling you guys in case anyone has a need for it. I'm happy to share this system to anyone who asks.
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.
It's a very interesting idea. But I can't say that i'd use it personally for anything more than gimmicks :P
Lets say you implement this on THE THING. i could hijack your bank and start spreading out bad updates. Make The Thing have 100000000 hp with 1000000 Regen, or a human.
The thing is it can ruin a game. Yes Encryption, Obfuscation, Signatures, and such all help but they can all be broken.
Also viral banks means that you need to have a popular game with many players each game, few games have the number your talking about. The greater the popularity the better the bank but the more chance you have to get them hijacked.
Finally, other servers like EU would also need a player base and you would have to spread for a couple games.
@SoulTaker916: Go
Yeah, I don't want to use it to modify gameplay. I'm using it for announcements, but even then, I'm still worried some hacker will make it look like I'm violating the ToS and have Blizzard kick my ass.
Good points, I'm not really expecting that many people to use this system, but I love sharing, so yeah.
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.
Cleaver, and I hope you don't mean me because, I was trying to prevent other players with malicious intentions... Unlike mine. What I wanted to suggest to you on the forums was a monitoring trigger... Still not sure if it will make sense but, it's worth a shot.
A system that resets your stas when tampered with on the bank file itself when the date and point vales do not add up correctly
That is if you ever suggest doing it?
http://www.sc2mapster.com/forums/development/triggers/61599-update-your-game-through-banks/#p5
Or my second idea was actually going to be Starcode, and if you already considered using it don't mind me then.
I also want to know if you can trick people into thinking banks are encrypted into some other scripting languages by making them look like Java, or some kind of Binary... That would be useful.
Meaning they will hold the same values but, just look incomprehensible, the only thing is that it probably will not be compatible at that point and time though...
@NoblePandaPower: Go
The values generated by Starcode already look incomprehensible. You wouldn't want to make anything look like java or binary because that would limit the characters you can use in the encryption, reducing the base of the values from something around 85 to much less, 2 in the case of binary. In other words, your bank wouldn't be able to hold as much information.
Edit:
I should add that obfuscation is easily achievable by saving the encryption key in the data table instead of just as a variable name. Then they have to look it up by the key you save it into the data table with, but you can break up the key into separate pieces to obfuscate further so that it can't just be searched.
In fact, even better: put the encryption key in some data value, the field of some unit or something, and use catalog triggers to look it up and save it into the data table. Then they can't find the encryption key unless they have the data for your map too.
Well played... So I did some digging and I found a few topics regarding it.
http://www.d3scene.com/forum/starcraft-2-custom-maps/54105-guide-hacking-custom-maps.html
The first link would have to be the point of interest, the other 2 are just for those people who do not know how to enjoy a game, and they use map hacks.
What makes me wonder about it is that these people are using developer tools, and getting the actual map cache and messing with all of the galaxy.
Who would go to this extent to destroy a game that has been built up with hard work? I don't get it...
Also to clarify when I said developer tools I meant the bank cache manager.
I think you should remove those websites if you don't want to get banned.
@Necromoni: Go
You never said what reason I was getting banned for and besides I was trying to make a point on what to look out for. not sure why I would get banned for that if you read my entire post.
@MasterWrath: Go
Good feedback Btw. It's been something I wanted to know for a while...
@Necromoni: Go
There are plenty of topics already about accessing the galaxy script of locked maps. It's not something people get banned for. People have the tools to do it so there's no point to being in denial.
It seems that their having internal issues with the tools that they claim work... Good riddance
@MasterWrath: Go
This sounds good, thanks for the advice!
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.
@SoulTaker916: Go
Please go ahead and hack my VBI system in -The Thing- [Revival] . Thanks!
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.
@NoblePandaPower: Go
That method no longer works blizzard developed countermeasures to it.
@Vicboy: Go
Okay I'll become a general with only 35 games played :)
Still alive and kicking, just busy.
My guide to the trigger editor (still a work in progress)
You could make the system completely secure using private and public keys with asymmetric encryption. Update banks are signed by your private key which you never ever show to anyone but yourself. Your map then has the public key used to decrypt the signature to verify if the change is legitimate and if not simply discards it. This is the system Blizzard employed in WC3 to secure "Blizzard" maps by signing them with a checksum which needed to verify in order to have the "Blizz" icon. To this day I do not know of anyone who managed to crack it despite the public key being common knowledge due to the nature of asymmetric encryption.
@ImperialGood: Go
I think that's what I did with CCL. Check it out, I'm uploading the file later.
Member since 2010. Made the -The Thing- [Revival] game. Nostalgic of the WC3 days.
@ImperialGood: Go
That's true, asymmetric encryption would actually be pretty useful in this case. About the only thing it could be useful for encrypting in SC2 (well for non-blizzard mapmakers anyways).
Still alive and kicking, just busy.
My guide to the trigger editor (still a work in progress)