I have taken a look at your map upon request, and put myself on the top 5 global high score lists ^_^
My name should be spreading far and wide as you read this
Nothing personal, just feeding my little ego cos I can =p
Heh. I haven't finished hacking it as such. The sheer amount of effort you put into it is really reflected by the seemingly endless types of items and stats that you're saving.. I got tired of reading your banksave script (Your library is 18k lines omfg =.='...), so I'm leaving the code generation to anyone who wants to actually cheat it that badly.. I'm just offering to help with signature protection now instead..
This sounds like a case of no. 2. If any random person can just copy your script, replace your hero level etc with static values and generate a code, then it's pretty ineffective if a person wants to hack it. I really have to take a first hand look to judge though. Overall, I still recommend using one of the other 3 methods, signature protection being the easiest to implement.
Thats y u keep an unobfuscated copy on hand =p Server sided banks will be the ultimate solution indeed. If that does happen, hackers will have to either make trainers specifically for each map or breakpoint the banksave code in assembly and manually change values that way. Both ways aren't really worth the effort, so it'll be a win for you guys.
Recently, due to combination of hitting a wall in reversing sc2 internals for a bot api (think bwapi), and real life stresses, I have turned my sights on an easier project which I can release to the hack leeching community on d3scene: cheating custom maps.
I would like to give the community a quick overview of the anti cheating protection I have encountered so far, and tips on what works and what doesn't.
Bank Signature
Despite me having replicated the signature generation code, this method I deem to be pretty secure. It allows you to save your variables without any custom made encryption scheme and still be safe from tampering by 99% of the community.
The signature is generated using a combination of the bank values, player account number, and author account number. It is vital that you note that only the primitives are encrypted(ie. int, fixed, string, bool). Objects such as Text, Unit, etc are not used in the signature generation.
Custom Encryption Scheme
While I'm not aiming to deter people from learning and playing around with encryption, it is important for you to know that any moderately skilled programmer/hacker can simply open your galaxy script and copy&paste all your methods into C# to duplicate your code. The 2 languages are so similar that only a few minor things have to be tweaked, mainly the string manipulations.
I don't recommend putting a lot of time into this method due to how simply it can be hacked. A much better option would be the bank signature.
Obfuscation
Of all the maps I've looked at, only the SotIS map has attempted to obfuscate their code. I want to stress that this is by far one of the best ways to deter hackers from having a crack at cheating your map. Obfuscation makes no attempt to hide the fact that code and saving methods are exposed, but rather makes the code so hard to read and understand that most people deem it not worth the effort.
I have no experience in map making, but I don't see it being too hard to paste your scripts into any old text obfuscator, replacing all the non syntax keywords with random gibberish. Just be sure to keep a readable copy on hand for yourself to work with. =p
Please note: if you decide to do go part way with obfuscation like SotIS (only obfuscates certain code), it is much better to obfuscate your global variables and method names rather than the internal workings of the methods (SotIS fell into this trap). It makes it much harder to tell what variable needs to be changed to cheat a certain stat.
Include Libraries
I only found out how troublesome this was due to me hacking the Zerg Hunter RPG: Betrayl map. This method makes use of the Locked map option that blizzard gives to map makers. When a map is published as locked, the map is split into 2 files which are stored separately in the Battle Net Cache. 1 part stores all the dependencies and natives, while the other part stores your map's custom galaxy script etc. The dependency file can't be scanned by s2ma manager currently, as it isn't a true map file.
If you put your bank sensitive code into a library, it will be stored in the dependency file which is very hard to find. Hackers will have to either create a custom mpq scanner application to trawl through the cache and merge the 2 files together (what I did), or they have to manually click through the hundreds of folders in the cache to find the right file (a massive pain! xD).
The Best Method of All
Very simply... don't save anything =p
Thats all I got for now! Hope this helps you guys =D
If you enable signature protection, the bank file is encrypted with the players account number as well as the author's account number.
By account number I am refering to:
My Documents > Accounts > Random Numbers > YOUR ACCOUNT NUMBER > Banks > AUTHORS ACCOUNT NUMBER > Bank File for Map.
If you save a bankfile in offline mode, no account numbers are used in the encryption. Thus the signature limits the bankfile to the specific player, for a specific region, for a map by a specific author. No other info such as map name, etc are used.
Server sided bank files lol. I dont think thats gonna happen considering the already miniscule capacity they give you guys for storing maps =p
This plus the fact that you can 100% rely on Blizzard not to give a crap ever since its been merged with Activision. Its sad but true
This all boils down to how much battle net 2 sucks =[
Just a heads up. After several hours, I have managed to reverse the signature protection =p
Thus, once again there is no safe method atm for preventing cheating. Just keep updating your encryption schemes to make it more annoying for us hackers!
Hm.. The UnitWeaponPeriod is just the Weapon Cooldown function I was calling before..
That returns a static value for Weapon Speed rather than the actual "Time till Unit can Attack" I'm looking for..
To clarify:
eg. Unit A has weapon speed of 1
Unit A attacks at gametime 0.0
I call function at gametime 0.2, it returns 0.8 to me
0
@DarkRevenantX: Go
Nice SHA256 protection you have there ^_^. It would be secure except for a weakness you didn't account for =]
Its a real pity that you made it so that only 1 kick can be made per game =\
0
@DarkRevenantX: Go
I have taken a look at your map upon request, and put myself on the top 5 global high score lists ^_^ My name should be spreading far and wide as you read this
Nothing personal, just feeding my little ego cos I can =p
Should read this to have better protection against hacking: http://forums.sc2mapster.com/general/general-chat/22160-a-hackers-tips-on-bank-protection
0
@Zantai: Go
Heh. I haven't finished hacking it as such. The sheer amount of effort you put into it is really reflected by the seemingly endless types of items and stats that you're saving.. I got tired of reading your banksave script (Your library is 18k lines omfg =.='...), so I'm leaving the code generation to anyone who wants to actually cheat it that badly.. I'm just offering to help with signature protection now instead..
0
@sigmapl: Go
I'm glad it helped ^_^
@Eiviyn: Go
This sounds like a case of no. 2. If any random person can just copy your script, replace your hero level etc with static values and generate a code, then it's pretty ineffective if a person wants to hack it. I really have to take a first hand look to judge though. Overall, I still recommend using one of the other 3 methods, signature protection being the easiest to implement.
@OneTwoSC: Go
Thats y u keep an unobfuscated copy on hand =p Server sided banks will be the ultimate solution indeed. If that does happen, hackers will have to either make trainers specifically for each map or breakpoint the banksave code in assembly and manually change values that way. Both ways aren't really worth the effort, so it'll be a win for you guys.
0
Recently, due to combination of hitting a wall in reversing sc2 internals for a bot api (think bwapi), and real life stresses, I have turned my sights on an easier project which I can release to the hack leeching community on d3scene: cheating custom maps.
I would like to give the community a quick overview of the anti cheating protection I have encountered so far, and tips on what works and what doesn't.
Bank Signature
Despite me having replicated the signature generation code, this method I deem to be pretty secure. It allows you to save your variables without any custom made encryption scheme and still be safe from tampering by 99% of the community. The signature is generated using a combination of the bank values, player account number, and author account number. It is vital that you note that only the primitives are encrypted(ie. int, fixed, string, bool). Objects such as Text, Unit, etc are not used in the signature generation.
Custom Encryption Scheme
While I'm not aiming to deter people from learning and playing around with encryption, it is important for you to know that any moderately skilled programmer/hacker can simply open your galaxy script and copy&paste all your methods into C# to duplicate your code. The 2 languages are so similar that only a few minor things have to be tweaked, mainly the string manipulations. I don't recommend putting a lot of time into this method due to how simply it can be hacked. A much better option would be the bank signature.
Obfuscation
Of all the maps I've looked at, only the SotIS map has attempted to obfuscate their code. I want to stress that this is by far one of the best ways to deter hackers from having a crack at cheating your map. Obfuscation makes no attempt to hide the fact that code and saving methods are exposed, but rather makes the code so hard to read and understand that most people deem it not worth the effort. I have no experience in map making, but I don't see it being too hard to paste your scripts into any old text obfuscator, replacing all the non syntax keywords with random gibberish. Just be sure to keep a readable copy on hand for yourself to work with. =p
Please note: if you decide to do go part way with obfuscation like SotIS (only obfuscates certain code), it is much better to obfuscate your global variables and method names rather than the internal workings of the methods (SotIS fell into this trap). It makes it much harder to tell what variable needs to be changed to cheat a certain stat.
Include Libraries
I only found out how troublesome this was due to me hacking the Zerg Hunter RPG: Betrayl map. This method makes use of the Locked map option that blizzard gives to map makers. When a map is published as locked, the map is split into 2 files which are stored separately in the Battle Net Cache. 1 part stores all the dependencies and natives, while the other part stores your map's custom galaxy script etc. The dependency file can't be scanned by s2ma manager currently, as it isn't a true map file.
If you put your bank sensitive code into a library, it will be stored in the dependency file which is very hard to find. Hackers will have to either create a custom mpq scanner application to trawl through the cache and merge the 2 files together (what I did), or they have to manually click through the hundreds of folders in the cache to find the right file (a massive pain! xD).
The Best Method of All
Very simply... don't save anything =p
Thats all I got for now! Hope this helps you guys =D
0
If you enable signature protection, the bank file is encrypted with the players account number as well as the author's account number. By account number I am refering to:
My Documents > Accounts > Random Numbers > YOUR ACCOUNT NUMBER > Banks > AUTHORS ACCOUNT NUMBER > Bank File for Map.
If you save a bankfile in offline mode, no account numbers are used in the encryption. Thus the signature limits the bankfile to the specific player, for a specific region, for a map by a specific author. No other info such as map name, etc are used.
0
Server sided bank files lol. I dont think thats gonna happen considering the already miniscule capacity they give you guys for storing maps =p This plus the fact that you can 100% rely on Blizzard not to give a crap ever since its been merged with Activision. Its sad but true
This all boils down to how much battle net 2 sucks =[
0
Just a heads up. After several hours, I have managed to reverse the signature protection =p Thus, once again there is no safe method atm for preventing cheating. Just keep updating your encryption schemes to make it more annoying for us hackers!
Released app: http://www.d3scene.com/forum/starcraft-2-hacks/54245-kalafinas-code-generator-custom-maps.html
I have not bothered to obfuscate the dlls, so you can easily browse the signature generator code if you so wish to ^_^ Have a nice day!
0
@shardfenix: Go
Sorry. You are right, I realize now I posted in the wrong section due to my haste..
0
@shardfenix: Go
Hm.. The UnitWeaponPeriod is just the Weapon Cooldown function I was calling before.. That returns a static value for Weapon Speed rather than the actual "Time till Unit can Attack" I'm looking for..
To clarify: eg. Unit A has weapon speed of 1
Unit A attacks at gametime 0.0
I call function at gametime 0.2, it returns 0.8 to me
0
@shardfenix: Go
thanks for the fast reply!
edit: I rephrase my question. I found the function UnitWeaponPeriod, but what is the "name" of the function to search for in the triggers editor.
0
Hey guys. I've been having trouble finding a Unit property which can tell me:
I have tried looking at Weapon Cooldown, Unit Properties, and Unit Behaviours, but none of those give me what I want.