I've went to multiple threads in order to search for the best way to protect a bank. Some members are saying that any good hackers could decrypt an encoded bank. But I wonder, can hackers hack our map?
The map we play are downloaded on battle.net but I don't see them on my computer like warcraft 3 maps were. Only banks appear on our computer on the sc2 directory.
If hackers can't get to our triggers, could we use the RSA encrypting method in order to encrypt our bank?
The map is not displayed in your folder, however they do cache as downloaded file in a battlenet folder (somewhere I cant remember on top of my head). You can easily find that file and open it like any mpq archive (or just rename the extension and open it in the editor). When the map is locked it will be slightly different but essentially you can just open it.
In short, if they want to hack your bank, they can do it, though technically its not the same as hacking your map
My plan was mostly just obfuscation rather than using encryption or w/e... so my bank saving/loading triggers were extremely confusing to any onlooker... granted I made it pretty hard for even myself to read lol. In conclusion, I obfuscated my triggers AND I obfuscated the saved bank values (though encryption for you is taking care of that).
The other thing I did was save out to multiple banks. For instance, with regards to my map Death Haven, I would save to DeathHavenBank.sc2bank AND to StarBattlesChar.sc2bank (a random name lol) at the same time... so people would go try and edit DeathHavenBank.sc2bank and completely ignore StarBattlesChar.sc2bank... even though i was secretly only loading from the fake starbattles bank. No one could really ever assume that my fake bank was actually tied to my map other than the last modified date of the file...
But in a way it's all useless because they could just open the map like Progammer says. They could just run a trigger to auto-level them and save and then copy that bank file over into the right bnet bank folder.
I never did try the signature protection stuff, so not sure if that would help with ^
All in all, your average person will not be able to perform these 'hacks'.
Which mean any talented hacker can see my triggers, and find the RSA code I'm using?
I can confirm this is possible, it seems there is no way to truly protect a map as any hacker that puts enough effort would be able to extract the code, deobfuscate it and figure out how the banks are being encrypted.
Rodrigo made all his bank triggers use lowercase L's and capital I's. So any hacker had to find the difference between "lllIIllIII" and "llIIIIIIIlll" and "llIIllIlI". Obfuscation with an encryption is probably the way to go.
edit- When I was typing this, the I's and L's looked the same....my point was just destroyed by our forum software.... :(
Hello mapster!
I've went to multiple threads in order to search for the best way to protect a bank. Some members are saying that any good hackers could decrypt an encoded bank. But I wonder, can hackers hack our map?
The map we play are downloaded on battle.net but I don't see them on my computer like warcraft 3 maps were. Only banks appear on our computer on the sc2 directory.
If hackers can't get to our triggers, could we use the RSA encrypting method in order to encrypt our bank?
Thank you Mike
The map is not displayed in your folder, however they do cache as downloaded file in a battlenet folder (somewhere I cant remember on top of my head). You can easily find that file and open it like any mpq archive (or just rename the extension and open it in the editor). When the map is locked it will be slightly different but essentially you can just open it.
In short, if they want to hack your bank, they can do it, though technically its not the same as hacking your map
@progammer: Go
Which mean any talented hacker can see my triggers, and find the RSA code I'm using?
Well, I'll just let them hack in then.. Whatever.. if they want to remove their own pleasure of playing an RPG normaly...
@mnadeau1992: Go
My plan was mostly just obfuscation rather than using encryption or w/e... so my bank saving/loading triggers were extremely confusing to any onlooker... granted I made it pretty hard for even myself to read lol. In conclusion, I obfuscated my triggers AND I obfuscated the saved bank values (though encryption for you is taking care of that).
The other thing I did was save out to multiple banks. For instance, with regards to my map Death Haven, I would save to DeathHavenBank.sc2bank AND to StarBattlesChar.sc2bank (a random name lol) at the same time... so people would go try and edit DeathHavenBank.sc2bank and completely ignore StarBattlesChar.sc2bank... even though i was secretly only loading from the fake starbattles bank. No one could really ever assume that my fake bank was actually tied to my map other than the last modified date of the file...
But in a way it's all useless because they could just open the map like Progammer says. They could just run a trigger to auto-level them and save and then copy that bank file over into the right bnet bank folder.
I never did try the signature protection stuff, so not sure if that would help with ^
All in all, your average person will not be able to perform these 'hacks'.
Which mean any talented hacker can see my triggers, and find the RSA code I'm using?
I can confirm this is possible, it seems there is no way to truly protect a map as any hacker that puts enough effort would be able to extract the code, deobfuscate it and figure out how the banks are being encrypted.
@OneTwoSC: Go
Rodrigo made all his bank triggers use lowercase L's and capital I's. So any hacker had to find the difference between "lllIIllIII" and "llIIIIIIIlll" and "llIIllIlI". Obfuscation with an encryption is probably the way to go.
edit- When I was typing this, the I's and L's looked the same....my point was just destroyed by our forum software.... :(
@zeldarules28: Go
God I miss that guy now haha.
Yeah, as long as the bank/map files are stored locally they can (and likely will) be "hacked."