I just checked it - I can't really find anything this quick, though I'll be damned if it's impossible. And even if it is, you could probably custom script it.
You can have your map check for a value in the bank. Add this value to your own bank manually.
For Bnet it would be best to upload it so that anyone who joins gets the bank, play a game on your own then update it not to add that value, but still check for it. A lot easier than searching for bank files etc.
I only enable cheats for debugging purposes during single player. If it's online w/ multiple players, I have to disable them due to how easy it is to hack into maps to configure banks. Last thing I want is some guy that abuses cheats to ruin the fun of other players.
Although I haven't tested it, I believe the bank signatures have made things a lot more secure since it uses the player's battlenet id, publisher id, etc to compute the hash. So I think one way to get secure administrative functions is to temporarily update the map that adds an admin value to your bank via some secret input only you know, and then quickly update the map again that makes adding that value impossible. This is assuming no one figures out how to hack signatures.
All these ideas about checking the name of the player or reading information from banks are very bad ideas, totally insecure.
If you really need something like that... Compute some cryptographic hash value for some specific (and long) strings of text. Whenever text is entered by a player, check if it matches the hash value. If they do, trigger the effect.
Assuming you use a secure cryptographic function, there would be no way to reverse-engineer or guess the strings from reading the Galaxy script. One would have to brute-force the function by trying trillions of strings.
It's ridiculous that you can't check the name of a player. It actually angers me. The map author should have complete control over how the game is played. 100%.
Everything from the way lobby positions don't correlate to player numbers to the inability to check player names. It's retarded. Developers should get 100% control.
The game doesn't differentiate between game and non-game chat when you sent a message. ie, Whispers trigger the event, probably the same for chat channels.
I haven't tested it, but in theory you could make a private chat channel and when in the game send the chat command to that channel instead of to other players in game.
Ultimately you can't just have some sort of passcode, it would be trivial to pull the galaxy code out and find it. If it was coupled with a name check that would make it harder, but still not impossible.
As I said AgoutiByte, use a cryptographically secure hash key and no one will be able to find the keyphrase from looking at the Galaxy code.
No need to brute force.
There is nothing like a secure function in Sc2. You can find it, you can reverse it.
It might be harder, depending on your implementation. But it's still possible.
In the end there's only one way so others can't find and use these codes: Don't add them at all.
It helps if you just hide the fact that you HAVE them. If people don't suspect that you have these cheats then they usually don't go look for it.
That worked for me. I even blatantly disclosed I have cheats right here. And no one has found them. I'm surprised none of you have opened it in the editor just to show me up.
No no, I'm talking about cryptographic hash functions here...
The source code for a SHA-1 or MD5 checksum is available all over the internet, you can find the function but you won't be able to reverse it. This is the nature of cryptography.
Let's say you read my SC2 galaxy script, and you figure out that you need to type some text with a SHA-1 sum of "1ac918482e43b271bfc71bc533e4e3fb2229058f" to enable some cheat code. Will you be able to find that string?
You would have to test millions of possibilities, basically brute-forcing the SHA-1 hash function, to figure out that the string of text producing that specific hash sum is "This is my cheat code". As long as commands are stored as cryptographically secure hash sums in the Galaxy script, it's just impossible to break.
You could just have like the ASCII signs and convert them
liek lets see i want to check for Slaydon and slaydon only, it would check everyones name and if it is
S = 115 * 100 +
l = 108 * 100 + etc....
a = 97
y = 121
d = 100
o = 111
n = 110
So it would run this script if your name in ASCII would be 115108097121100111110
And then check if 1 of them correct converted names match that number, because, you wont need all the ASCII, you just do it for your own letters
Because people like to do things like that. Why do you think people use aim bots in Counter Strike? It's completely pathetic and they do it to feel superior. The same applies for doing so in my map. Only it's more pathetic because it's a tower defense.
Nop, no such thing possible >.>
Could you not store someones name in a bank or something? I don't know, I've never used a bank...
@GePanda: Go
I just checked it - I can't really find anything this quick, though I'll be damned if it's impossible. And even if it is, you could probably custom script it.
You can have your map check for a value in the bank. Add this value to your own bank manually.
For Bnet it would be best to upload it so that anyone who joins gets the bank, play a game on your own then update it not to add that value, but still check for it. A lot easier than searching for bank files etc.
I only enable cheats for debugging purposes during single player. If it's online w/ multiple players, I have to disable them due to how easy it is to hack into maps to configure banks. Last thing I want is some guy that abuses cheats to ruin the fun of other players.
Although I haven't tested it, I believe the bank signatures have made things a lot more secure since it uses the player's battlenet id, publisher id, etc to compute the hash. So I think one way to get secure administrative functions is to temporarily update the map that adds an admin value to your bank via some secret input only you know, and then quickly update the map again that makes adding that value impossible. This is assuming no one figures out how to hack signatures.
All these ideas about checking the name of the player or reading information from banks are very bad ideas, totally insecure.
If you really need something like that... Compute some cryptographic hash value for some specific (and long) strings of text. Whenever text is entered by a player, check if it matches the hash value. If they do, trigger the effect.
Assuming you use a secure cryptographic function, there would be no way to reverse-engineer or guess the strings from reading the Galaxy script. One would have to brute-force the function by trying trillions of strings.
@StragusMapster: Go
But that method is useless if you ever want to share replays...
@StragusMapster: Go
I never said they were good ideas.
It's ridiculous that you can't check the name of a player. It actually angers me. The map author should have complete control over how the game is played. 100%.
Everything from the way lobby positions don't correlate to player numbers to the inability to check player names. It's retarded. Developers should get 100% control.
The game doesn't differentiate between game and non-game chat when you sent a message. ie, Whispers trigger the event, probably the same for chat channels.
I haven't tested it, but in theory you could make a private chat channel and when in the game send the chat command to that channel instead of to other players in game.
@VoidPotato: Go
Ultimately you can't just have some sort of passcode, it would be trivial to pull the galaxy code out and find it. If it was coupled with a name check that would make it harder, but still not impossible.
@AgoutiByte:
As I said AgoutiByte, use a cryptographically secure hash key and no one will be able to find the keyphrase from looking at the Galaxy code.
@StragusMapster: Go
I know what some of those words mean.
No need to brute force.
There is nothing like a secure function in Sc2. You can find it, you can reverse it.
It might be harder, depending on your implementation. But it's still possible.
In the end there's only one way so others can't find and use these codes: Don't add them at all.
It helps if you just hide the fact that you HAVE them. If people don't suspect that you have these cheats then they usually don't go look for it.
@s3rius: Go
That worked for me. I even blatantly disclosed I have cheats right here. And no one has found them. I'm surprised none of you have opened it in the editor just to show me up.
No no, I'm talking about cryptographic hash functions here...
The source code for a SHA-1 or MD5 checksum is available all over the internet, you can find the function but you won't be able to reverse it. This is the nature of cryptography.
Let's say you read my SC2 galaxy script, and you figure out that you need to type some text with a SHA-1 sum of "1ac918482e43b271bfc71bc533e4e3fb2229058f" to enable some cheat code. Will you be able to find that string?
You would have to test millions of possibilities, basically brute-forcing the SHA-1 hash function, to figure out that the string of text producing that specific hash sum is "This is my cheat code". As long as commands are stored as cryptographically secure hash sums in the Galaxy script, it's just impossible to break.
@StragusMapster: Go
You obviously know a thing or two about this. Any ideas on a method safe for replay sharing?
I'm sorry, but that is just too self flattering to pass by. Why do you presume anyone cares to do so?
You could just have like the ASCII signs and convert them
liek lets see i want to check for Slaydon and slaydon only, it would check everyones name and if it is
S = 115 * 100 + l = 108 * 100 + etc.... a = 97 y = 121 d = 100 o = 111 n = 110
So it would run this script if your name in ASCII would be 115108097121100111110 And then check if 1 of them correct converted names match that number, because, you wont need all the ASCII, you just do it for your own letters
@Karawasa: Go
Because people like to do things like that. Why do you think people use aim bots in Counter Strike? It's completely pathetic and they do it to feel superior. The same applies for doing so in my map. Only it's more pathetic because it's a tower defense.
@Vexal: Go
It happens once in a blue moon, but we agree! When people do what you mentioned it is pathetic.