Haha. I remember I opened your map as well, OneTwo. I was debating using it as one example, but I took a look at the save function and I didn't want anything to do with it. xD I loved playing your map and was going to try to make my wins/losses 1337 or something stupid. :P
@avogatro: Keep in mind most of the point I am making isn't in the weakness of the encryption method itself (AES is good, Starcode not so much but still ok for our purposes). It's more about how the user uses it than anything else. If you wield it like a blunt object, you'll fail miserably, whereas if you are aware of it's flaws and weaknesses and only use it in ways that it excels in security, you're fine.
I decided to make a point last night and write a program to demonstrate one of the attacks someone can do on for example, Starcode, after I saw a popular map attacked.
Since I don't like doing Galaxy if I can help it, I wrote a program in C# that would undo a popular map's mechanic by figuring out the encryption key it used.
Essentially, it stored the encrypted and plaintext versions of a string in it's source, and lets the admin supply the key that connects the two.
Anyone who's remotely touched cryptography can see the problem already. This is easy to reverse.
If you look at the DecryptKey method it uses the differences in ordinals to find a solution for the key variable.
Thusly, in under a second once the "run" button was hit on my test application, the secret key was found and the encryption broken.
I made a demonstration with different values to protect the map from being exploited to high hell.
publicstaticvoidTest(){Starcodesc=newStarcode();Stringoriginal="HelloWorld";Stringkey="SC2Mapster";Stringresult=sc.Encrypt(original,key);Console.WriteLine("Encrypted {0} with key {1}. Result: {2}",original,key,result);Console.WriteLine("Calculating key from plaintext and encrypted values: {0}",sc.DecryptKey(original,result));}
Quote from Output:
Encrypted HelloWorld with key SC2Mapster. Result: 8Qn?y[QUzE
Calculating key from plaintext and encrypted values: SC2Mapster
As you can see, just because there are open source encryption libraries such as Starcode out there, does not mean they make your work secure! You still have to use them properly (the author in this case should've used a hash rather than encrypt functions like this. But even StarCode's hash is fairly vulnerable to brute source attacks).
You might argue that the work involved for something like this (psh who's going to do all this for a map) is somewhat high, but to anyone experienced this is a walk in the park.
In general, unless you want to spend time worrying about these things, don't add them to your map. Better to be safe.
So do c_keyUp + 2*i ?
You don't need to use literals or constants for everything.
Just give the programmer a clue to what the number represents so when it breaks it stands out and it's easy to fix.
(Though it's unlikely this would break, ever)
@caspersc: Go
Well, I can iterate literals. But constants? It's a little hard (maybe impossible?) to do.
inti=c_messageAreaSubtitle;while(i<=c_messageAreaChat){UIDisplayMessage(PlayerGroupAll(),i,StringToText("Look, it's message area "+IntToString(i)));i=i+1;}
See the Galaxy FAQ, you shouldn't have any problems, even with a lot of string literals. We're talking about extreme amounts of data here.
As for storing strings outside Galaxy, I believe s3rius means through the StringExternal() mechanism which returns a text. Ex: StringExternal("Unit/Name/Marine") returns a text holding "Marine."
It also takes about 30 seconds to undo the protection that prevents the Editor from opening a map. You simply have to reconstruct one file, which takes about five seconds. I keep a copy of one that works on pretty much any US map and I can import it and it's basically plug and play from there.
I won't provide details, for fear of less experienced and morally ambiguous people making use of this thread, but it's all very easy to do with the right knowhow.
So any idea if the built-in bank signature thing will at least (much more) difficult to hack banks? I removed encryption and hashing for my map completely to reduce some processing. Only reason I still use starcode is for string compression, which is very nice.
I wouldn't worry about the processing of Galaxy that much. Compared to the other stuff going on in the game it's not much.
As for the map signature... that remains to be seen with how Blizzard handles 1.2. :)
But I'll certainly be experimenting once it's live.
It took me about 15 minutes to come up with the ultimate savefile for the popular NOTD map, out of boredom to see if it was worth getting.
After a million XP and 2200 player rating all I got was shit. :P
On one hand, I get that authors want to discourage cheating but on the other, if I had wasted all those man-hours grinding XP on their map I'd feel so ripped off, so I'm glad I didn't. Having said that though, I did enjoy playing their map and it's extremely well-made, especially compared to other popular maps.
But the process was fairly simple, use fseventer (OS X ftw) to detect which .s2ma is being downloaded, extract the MapScript.galaxy, add a few lines to the save function, run a test map, then copy the new bank to the Battle.net area and run with it.
Don't take this the wrong way, I encrypt my own map's bank data as well, but let's be realistic here, you can encrypt your bank data all you want, SHA512 it, whatever, but someone intelligent enough is still going to be able to destroy it. I don't need to reverse your encryption algorithm to engineer my own bank file to suit my needs, I just need to extract your MapScript.galaxy (with Blizzard's lax protections this is cake), change my player data to whatever I want (this is in plaintext) and then use your own save routines to make my encrypted bank file for my use. No amount of hackery on your end will ever stop this.
Which brings me to my next point: a significant number of people try to put admin systems into their map. Please, for the love of God, design yourself a good encryption system that doesn't take someone like me 5 seconds to break into and gain admin access. If you're going to add that kind of feature, secure it so that it can't be abused. Keep a public hashed password in the map, and then have it read your bankfile, run a hash on it, and compare it to what the map knows. Even this isn't perfect but it's better than some of what I've seen.
In summary:
Banks are client-side data. No matter how much you encrypt or obfuscate it, client-side data can NEVER be trusted. Ever. Say it with me, I do not trust client-side data.
Starcraft 2 Maps are an inherently insecure medium, and you can guarantee that given enough time, a good number of individuals will attack your map and discover things you potentially don't want them to.
Yes, there are assholes like me that deprotect your maps just to find admin information. Beware. (Sidenote: In the flawed systems I did discover, I contacted the authors to render a fix)
Stop looking to make everyone else be what you want them to be. Just because you're a gentlemen doesn't mean that every woman wants a gentlemen, especially at your age. If you're a good guy, just make some friends, and eventually you'll find someone who's looking for the same thing.
Look at it this way, would you really want a girlfriend who would fuck a random stranger on a toilet? I wouldn't. No thanks.
Fuck anyone that thinks losing his/her virginity is some kind of status symbol. It's not. It's not worth worrying about.
Edit: And don't listen to anyone who's telling you to 'act indifferent' or whatever bullshit. A good girlfriend is someone you can open up and be yourself with. Why change for someone else?
So, a lot of people come to these boards looking for how to learn Galaxy, and how they're going to learn C or Cxx, or Java, or some other language that's "similar" but in reality is a load of more work necessary.
So consider this Galaxy 101. I assume if you're reading this you're familiar with some basic programming concepts. If not, well, learn some.
Galaxy is a fairly simple language, and the majority of the work you'll be doing is in functions. I find it helps to illustrate examples of how things work and then explain them rather than write giant paragraphs about how they work. So here we go.
So here we have a basic Galaxy function. All of your code will exist inside of a function's scope (with the exceptions of global variables).
For those completely new, "void" basically means here that there will be no return type. We'll get into that later, but you can assume it's the "default".
UIDisplayMessage is a native function provided by Blizzard to write text to the screen. The header of this native is something like:
voidUIDisplayMessage(playergroup,int,text);
This header provides the parameters you can put into the function.
PlayerGroupAll() is another native provided by Blizzard that returns a playergroup containing all of the players in the game.
The int parameter is actually what the Galaxy Editor has as "presets" in GUI. You're meant to put in one of the c_messageAreaX constants. These constants are in another file entirely. We use "c_messageAreaChat" here to write to the chat area. And lastly, there's text. Text is essentially an immutable string. StringToText(string) converts the given string into a text. Because a text is immutable, you can't do anything with it, except for concatenate and set it to a new variable. You also cannot do comparisons with texts.
Next, we have a more complicated example, a function to find the factorial of a number.
This makes use of something called recursion, which is possible in Galaxy. For more on recursion: http://en.wikipedia.org/wiki/Recursion.
In this example, you see the basic workings of an if statement, the comparison operator ==, and return values.
The way return values work is simple. If I had another block of code later that read:
voidtest(){intx=factorial(3);// x now contains 3 * 2 * 1 = 6.}
Ideally, any kind of code that's reuseable like that should end up in it's own function. By making the things you do into functions you decrease the likelihood of a bug and make your code easier to debug and read. Throwing pages of code into one function is a very bad idea.
Now you may be wondering how you can actually make some triggers, rather than this correct but mostly useless code. Okay then, let's try to make a trigger that outputs the name of a unit when it dies.
When you're going to start with something like this, it's a good idea to find the functions you'll probably need.
Let's open the Galaxy Editor and search for them.
First, we need an event to register the trigger that fires when a unit dies.
Finding the "Unit Dies" event in the GUI is simple. From there, hit View -> Raw Data to see what the actual function and parameters are.
voidTriggerAddEventUnitDied(unit);
That's all the GUI provides for us. The GUI lies to us though. There's a hidden first parameter in all events that is the trigger to call when the event activates. So it's really:
voidTriggerAddEventUnitDied(trigger,unit);
We also need to figure out how to write to the chat area. Let's pretend we don't already know and find the "Text Message" function in Galaxy.
Here it is:
UIDisplayMessage(playergroup,int,text);
From looking at the GUI we know the second parameter (in regular view) is a Message Area preset. So let's find the Preset for that...
Find the Message Area preset and find the option you want. Then switch to Raw View again and it'll say "Script Value: c_messageAreaChat" for example. That's a constant for the integer.
So, lastly, we need a function that returns the name of a unit and one to return the unit we're actually working with (the one that died).
A little searching with the same method, and ...
unitEventUnit();textUnitTypeGetName(string);
It appears we need a Game Link for UnitTypeGetName(string) so we'll have to find one to get a unit's Game Link as well.
stringUnitGetType(unit);
Now we have all the functions we need to make this trigger. As you learn and program more Galaxy, you'll get better at remembering the functions and their parameters.
voidRegisterTriggers(){triggert=TriggerCreate("OnUnitDeath");TriggerAddEventUnitDied(t,null);// null here means any unit.}boolOnUnitDeath(boolcheckConds,boolrunActions){unitdyingUnit=EventUnit();// the unit that just died.stringunitType=UnitGetType(dyingUnit);textunitName=UnitTypeGetName(unitType);UIDisplayMessage(PlayerGroupAll(),c_messageAreaChat,unitName);returntrue;}
This is the basic format for a trigger. We'll assume you use a custom script block or other to call "RegisterTriggers()" at the start of the map.
The cool part about Galaxy is you can use this format to actually register events at run-time in the game.
The basic format for the trigger is bool myTrigger(bool checkConds, bool runActions). Should the function return true, the trigger is assumed to have run successfully. false, otherwise. The "checkConds" and "runActions" parameters are useful if you plan on using "Check Conditions on Trigger" or other kind of functions but I mostly ignore them for simplicity. They are however, required.
Hopefully this guide's helped you get a basic grasp of Galaxy. If not, well, keep trying. I didn't learn overnight and neither will you.
Another helpful way to figure out how to do things would be to do what you want to do in Galaxy, except in GUI. Once you have the desired trigger in GUI, go to Data -> View Script to view the resulting code. It will be messy and somewhat difficult to read (GUI, eww!) but you can gain valuable insights from it.
Also be sure to check out the language overview on Mapster. I won't lie, a lot of the other resources (or all of them) for galaxy are outdated, but this one is very good and correct.
You also can check out http://paste.sc2mapster.com/1985/ for a list of all the somewhat cryptic natives. You should use the GUI though to find out what the parameters mean. (Unless it's blatantly obvious)
0
Haha. I remember I opened your map as well, OneTwo. I was debating using it as one example, but I took a look at the save function and I didn't want anything to do with it. xD I loved playing your map and was going to try to make my wins/losses 1337 or something stupid. :P
@avogatro: Keep in mind most of the point I am making isn't in the weakness of the encryption method itself (AES is good, Starcode not so much but still ok for our purposes). It's more about how the user uses it than anything else. If you wield it like a blunt object, you'll fail miserably, whereas if you are aware of it's flaws and weaknesses and only use it in ways that it excels in security, you're fine.
0
I decided to make a point last night and write a program to demonstrate one of the attacks someone can do on for example, Starcode, after I saw a popular map attacked.
Since I don't like doing Galaxy if I can help it, I wrote a program in C# that would undo a popular map's mechanic by figuring out the encryption key it used.
Essentially, it stored the encrypted and plaintext versions of a string in it's source, and lets the admin supply the key that connects the two.
Anyone who's remotely touched cryptography can see the problem already. This is easy to reverse.
http://pastebin.com/AiJKDHft
If you look at the DecryptKey method it uses the differences in ordinals to find a solution for the key variable.
Thusly, in under a second once the "run" button was hit on my test application, the secret key was found and the encryption broken.
I made a demonstration with different values to protect the map from being exploited to high hell.
As you can see, just because there are open source encryption libraries such as Starcode out there, does not mean they make your work secure! You still have to use them properly (the author in this case should've used a hash rather than encrypt functions like this. But even StarCode's hash is fairly vulnerable to brute source attacks).
You might argue that the work involved for something like this (psh who's going to do all this for a map) is somewhat high, but to anyone experienced this is a walk in the park.
In general, unless you want to spend time worrying about these things, don't add them to your map. Better to be safe.
0
@FuzzYD: Go
So do c_keyUp + 2*i ?
You don't need to use literals or constants for everything.
Just give the programmer a clue to what the number represents so when it breaks it stands out and it's easy to fix.
(Though it's unlikely this would break, ever)
0
0
@SexLethal: Go
Who says there has to be an if-then-else?
I use this method in my own Cortex Engine and there are no ifs.
Hell I don't even use an array anymore.
Just store your triggers in the data table, use a meaningful key for them, and then pull them out and execute them. Fairly simple, eh?
In the execution it'll look something like
0
See the Galaxy FAQ, you shouldn't have any problems, even with a lot of string literals. We're talking about extreme amounts of data here.
As for storing strings outside Galaxy, I believe s3rius means through the StringExternal() mechanism which returns a text. Ex: StringExternal("Unit/Name/Marine") returns a text holding "Marine."
0
@s3rius: Go
It also takes about 30 seconds to undo the protection that prevents the Editor from opening a map. You simply have to reconstruct one file, which takes about five seconds. I keep a copy of one that works on pretty much any US map and I can import it and it's basically plug and play from there.
I won't provide details, for fear of less experienced and morally ambiguous people making use of this thread, but it's all very easy to do with the right knowhow.
0
I wouldn't worry about the processing of Galaxy that much. Compared to the other stuff going on in the game it's not much.
As for the map signature... that remains to be seen with how Blizzard handles 1.2. :)
But I'll certainly be experimenting once it's live.
0
It took me about 15 minutes to come up with the ultimate savefile for the popular NOTD map, out of boredom to see if it was worth getting.
After a million XP and 2200 player rating all I got was shit. :P
On one hand, I get that authors want to discourage cheating but on the other, if I had wasted all those man-hours grinding XP on their map I'd feel so ripped off, so I'm glad I didn't. Having said that though, I did enjoy playing their map and it's extremely well-made, especially compared to other popular maps.
But the process was fairly simple, use fseventer (OS X ftw) to detect which .s2ma is being downloaded, extract the MapScript.galaxy, add a few lines to the save function, run a test map, then copy the new bank to the Battle.net area and run with it.
0
Don't take this the wrong way, I encrypt my own map's bank data as well, but let's be realistic here, you can encrypt your bank data all you want, SHA512 it, whatever, but someone intelligent enough is still going to be able to destroy it. I don't need to reverse your encryption algorithm to engineer my own bank file to suit my needs, I just need to extract your MapScript.galaxy (with Blizzard's lax protections this is cake), change my player data to whatever I want (this is in plaintext) and then use your own save routines to make my encrypted bank file for my use. No amount of hackery on your end will ever stop this.
Which brings me to my next point: a significant number of people try to put admin systems into their map. Please, for the love of God, design yourself a good encryption system that doesn't take someone like me 5 seconds to break into and gain admin access. If you're going to add that kind of feature, secure it so that it can't be abused. Keep a public hashed password in the map, and then have it read your bankfile, run a hash on it, and compare it to what the map knows. Even this isn't perfect but it's better than some of what I've seen.
In summary:
0
Stop looking to make everyone else be what you want them to be. Just because you're a gentlemen doesn't mean that every woman wants a gentlemen, especially at your age. If you're a good guy, just make some friends, and eventually you'll find someone who's looking for the same thing.
Look at it this way, would you really want a girlfriend who would fuck a random stranger on a toilet? I wouldn't. No thanks.
Fuck anyone that thinks losing his/her virginity is some kind of status symbol. It's not. It's not worth worrying about.
Edit: And don't listen to anyone who's telling you to 'act indifferent' or whatever bullshit. A good girlfriend is someone you can open up and be yourself with. Why change for someone else?
0
@Vermore: Go
You'll have to show us what it compiles to in native Galaxy as well, if you can.
0
It's been a while, but updated!
The latest version is more responsive, pretty, and doesn't error out. xD
0
So, a lot of people come to these boards looking for how to learn Galaxy, and how they're going to learn C or Cxx, or Java, or some other language that's "similar" but in reality is a load of more work necessary.
So consider this Galaxy 101. I assume if you're reading this you're familiar with some basic programming concepts. If not, well, learn some.
Galaxy is a fairly simple language, and the majority of the work you'll be doing is in functions. I find it helps to illustrate examples of how things work and then explain them rather than write giant paragraphs about how they work. So here we go.
So here we have a basic Galaxy function. All of your code will exist inside of a function's scope (with the exceptions of global variables).
For those completely new, "void" basically means here that there will be no return type. We'll get into that later, but you can assume it's the "default".
UIDisplayMessage is a native function provided by Blizzard to write text to the screen. The header of this native is something like:
This header provides the parameters you can put into the function.
PlayerGroupAll() is another native provided by Blizzard that returns a playergroup containing all of the players in the game.
The int parameter is actually what the Galaxy Editor has as "presets" in GUI. You're meant to put in one of the c_messageAreaX constants. These constants are in another file entirely. We use "c_messageAreaChat" here to write to the chat area. And lastly, there's text. Text is essentially an immutable string. StringToText(string) converts the given string into a text. Because a text is immutable, you can't do anything with it, except for concatenate and set it to a new variable. You also cannot do comparisons with texts.
Next, we have a more complicated example, a function to find the factorial of a number.
This makes use of something called recursion, which is possible in Galaxy. For more on recursion: http://en.wikipedia.org/wiki/Recursion.
In this example, you see the basic workings of an if statement, the comparison operator ==, and return values.
The way return values work is simple. If I had another block of code later that read:
Ideally, any kind of code that's reuseable like that should end up in it's own function. By making the things you do into functions you decrease the likelihood of a bug and make your code easier to debug and read. Throwing pages of code into one function is a very bad idea.
Now you may be wondering how you can actually make some triggers, rather than this correct but mostly useless code. Okay then, let's try to make a trigger that outputs the name of a unit when it dies.
When you're going to start with something like this, it's a good idea to find the functions you'll probably need.
Let's open the Galaxy Editor and search for them.
First, we need an event to register the trigger that fires when a unit dies.
Finding the "Unit Dies" event in the GUI is simple. From there, hit View -> Raw Data to see what the actual function and parameters are.
That's all the GUI provides for us. The GUI lies to us though. There's a hidden first parameter in all events that is the trigger to call when the event activates. So it's really:
We also need to figure out how to write to the chat area. Let's pretend we don't already know and find the "Text Message" function in Galaxy.
Here it is:
From looking at the GUI we know the second parameter (in regular view) is a Message Area preset. So let's find the Preset for that...
Find the Message Area preset and find the option you want. Then switch to Raw View again and it'll say "Script Value: c_messageAreaChat" for example. That's a constant for the integer.
So, lastly, we need a function that returns the name of a unit and one to return the unit we're actually working with (the one that died).
A little searching with the same method, and ...
It appears we need a Game Link for UnitTypeGetName(string) so we'll have to find one to get a unit's Game Link as well.
Now we have all the functions we need to make this trigger. As you learn and program more Galaxy, you'll get better at remembering the functions and their parameters.
This is the basic format for a trigger. We'll assume you use a custom script block or other to call "RegisterTriggers()" at the start of the map.
The cool part about Galaxy is you can use this format to actually register events at run-time in the game.
The basic format for the trigger is bool myTrigger(bool checkConds, bool runActions). Should the function return true, the trigger is assumed to have run successfully. false, otherwise. The "checkConds" and "runActions" parameters are useful if you plan on using "Check Conditions on Trigger" or other kind of functions but I mostly ignore them for simplicity. They are however, required.
Hopefully this guide's helped you get a basic grasp of Galaxy. If not, well, keep trying. I didn't learn overnight and neither will you.
Another helpful way to figure out how to do things would be to do what you want to do in Galaxy, except in GUI. Once you have the desired trigger in GUI, go to Data -> View Script to view the resulting code. It will be messy and somewhat difficult to read (GUI, eww!) but you can gain valuable insights from it.
Also be sure to check out the language overview on Mapster. I won't lie, a lot of the other resources (or all of them) for galaxy are outdated, but this one is very good and correct.
You also can check out http://paste.sc2mapster.com/1985/ for a list of all the somewhat cryptic natives. You should use the GUI though to find out what the parameters mean. (Unless it's blatantly obvious)
Good luck!
0
Alternatively you can add the "Suppress Cloak" behavior if you want to do this on the fly or whatnot.