I realize most mappers are just regular people without good hardware or experience in making professionally done trailers, so I do not expect them make visually high quality trailers.
It's not a big deal for me, I watch most sc2mapster trailers unscaled on a 24" 1920x1200 screen. As long they get the gameplay or idea across in the trailer, it's fine by me.
Of course, if it's a trailer that emphasized on visual representation, then I do expect a little better quality.
There were a few cases where the non-original publisher's glitched & un-updated version was the more popular one. Can you imagine how bad the original author would feel if the glitched version was more popular? The community would give a false impression of the map and might harm the map's reputation.
Not uploading it to sc2mapster will at the very least prevent unaware map makers from publishing bad versions, whether intentional or not. Some people can still open locked maps via cache so no stopping them.
If they want to learn, they should search the forums, view tutorials, or visit the irc. Generally things in most maps can be learnt this way. There might be exceptions of super complex maps with cool stuff, but then you might have a problem following if you're directly reading from the code.
Keys are just name identifiers for a value. Sections are name identifiers for a collection of keys. You really only need one section. Using more than one section is for organization purposes.
From what I recall, all types of chat (including allied & private ones) can trigger chat events so I would assume if a hacker can see data in triggers, then it can see the chat password. Although the method involved in intercepting the data might get the player's account banned. So it might not be worth the risk just for getting access to admin in a single map.
A map with GUI triggers will run the same exact way as a map that deleted its GUI triggers. They're just for convenience of the mapper. You can just edit the MapScript.galaxy & import/rename changes.
Well that's the thing, you can't easily reverse engineer it. A good hashing function is a one-way function in a sense that it's infeasible to reverse engineer it.
As for why add admin functions, I think it's convenient way of debugging things in a random online setting without having to setup a party of testers everytime. One things for sure, I wouldn't add things like kicking or banning since those features are easily bypassable and in the end would only hurt a map.
btw by admins i mean people that have special commands to change variables and stuff, not necessarily an admin that manages an entire community of the map. We all know that doesn't work with a system where almost everything is client-side.
If bank values can be read, then i think the only way for the hacker to to get the password is if he manages to play the same game as the admin that has the correct password loaded. Assuming the admin never plays w/ parties, odds of the hacker encountering the admin in a super popular map is really low. But it could still happen if the hacker is dedicated to it!
My hypothesis would be wrong if the hacker manages to crack the password in a region where there are no admins. For example I only play in NA and i'm the only one that has the password in the bank. If I were to upload my map to EU where no one has the password but then someone figures it out, then this method is no good.
Of course someone from NA could've encountered me and told the guy from EU, but let's assume that doesn't happen.
Hash shouldn't be feasibly breakable, it's SHA-256. I'll generate a random 24-48 alphanumeric character password. I don't need to remember it anyway since I just put it in my bank.
Load the password from the player's bank. Generate a hash from the password and if the generated hash matches the hash in the map, give the player admin powers.
Even if people hack into the map, all they see is the hash that the generated hash needs to be equal to. It would be infeasible to reverse the hash for the password.
The only potential problem I see with this is if there is a way to see the values loaded from other player's banks online. Is it possible to see those values?
The hash function I'll be using is magnificence7's implementation of SHA-256. What do you think?
For the purpose of this topic, ignore Blizzard's method of bank signature verification. Besides, I heard someone hacked it already. If not, well just focus on whether this is secure or not. I know I could use the signature to implement this but I don't trust it 100% yet.
I only enable cheats for debugging purposes during single player. If it's online w/ multiple players, I have to disable them due to how easy it is to hack into maps to configure banks. Last thing I want is some guy that abuses cheats to ruin the fun of other players.
Although I haven't tested it, I believe the bank signatures have made things a lot more secure since it uses the player's battlenet id, publisher id, etc to compute the hash. So I think one way to get secure administrative functions is to temporarily update the map that adds an admin value to your bank via some secret input only you know, and then quickly update the map again that makes adding that value impossible. This is assuming no one figures out how to hack signatures.
0
I realize most mappers are just regular people without good hardware or experience in making professionally done trailers, so I do not expect them make visually high quality trailers.
It's not a big deal for me, I watch most sc2mapster trailers unscaled on a 24" 1920x1200 screen. As long they get the gameplay or idea across in the trailer, it's fine by me.
Of course, if it's a trailer that emphasized on visual representation, then I do expect a little better quality.
0
There were a few cases where the non-original publisher's glitched & un-updated version was the more popular one. Can you imagine how bad the original author would feel if the glitched version was more popular? The community would give a false impression of the map and might harm the map's reputation.
Not uploading it to sc2mapster will at the very least prevent unaware map makers from publishing bad versions, whether intentional or not. Some people can still open locked maps via cache so no stopping them.
If they want to learn, they should search the forums, view tutorials, or visit the irc. Generally things in most maps can be learnt this way. There might be exceptions of super complex maps with cool stuff, but then you might have a problem following if you're directly reading from the code.
0
Now it'd be great if there was a way for the map creator to use these cheats online (for more debugging purposes of course)!
0
Keys are just name identifiers for a value. Sections are name identifiers for a collection of keys. You really only need one section. Using more than one section is for organization purposes.
0
From what I recall, all types of chat (including allied & private ones) can trigger chat events so I would assume if a hacker can see data in triggers, then it can see the chat password. Although the method involved in intercepting the data might get the player's account banned. So it might not be worth the risk just for getting access to admin in a single map.
0
I like the convenience of debugging without reuploading every time to enable/disable :)
Also doesn't hurt to have occasional "fun" rounds now and then to break the map. That is of course with consent of other players first!
0
When you type your password, can't the typed string be seen since all data is synced for every player in a shared gamestate?
0
A map with GUI triggers will run the same exact way as a map that deleted its GUI triggers. They're just for convenience of the mapper. You can just edit the MapScript.galaxy & import/rename changes.
0
Do replays in the current version save bank values? I remember playing a replay of a map w/ banks a while back and the bank values were not saved.
0
Well that's the thing, you can't easily reverse engineer it. A good hashing function is a one-way function in a sense that it's infeasible to reverse engineer it.
As for why add admin functions, I think it's convenient way of debugging things in a random online setting without having to setup a party of testers everytime. One things for sure, I wouldn't add things like kicking or banning since those features are easily bypassable and in the end would only hurt a map.
btw by admins i mean people that have special commands to change variables and stuff, not necessarily an admin that manages an entire community of the map. We all know that doesn't work with a system where almost everything is client-side.
0
yea that's another good point too, the hash can be changed very easily in case the old password is compromised
0
If bank values can be read, then i think the only way for the hacker to to get the password is if he manages to play the same game as the admin that has the correct password loaded. Assuming the admin never plays w/ parties, odds of the hacker encountering the admin in a super popular map is really low. But it could still happen if the hacker is dedicated to it!
My hypothesis would be wrong if the hacker manages to crack the password in a region where there are no admins. For example I only play in NA and i'm the only one that has the password in the bank. If I were to upload my map to EU where no one has the password but then someone figures it out, then this method is no good.
Of course someone from NA could've encountered me and told the guy from EU, but let's assume that doesn't happen.
0
Hash shouldn't be feasibly breakable, it's SHA-256. I'll generate a random 24-48 alphanumeric character password. I don't need to remember it anyway since I just put it in my bank.
0
Load the password from the player's bank. Generate a hash from the password and if the generated hash matches the hash in the map, give the player admin powers.
Even if people hack into the map, all they see is the hash that the generated hash needs to be equal to. It would be infeasible to reverse the hash for the password.
The only potential problem I see with this is if there is a way to see the values loaded from other player's banks online. Is it possible to see those values?
The hash function I'll be using is magnificence7's implementation of SHA-256. What do you think?
For the purpose of this topic, ignore Blizzard's method of bank signature verification. Besides, I heard someone hacked it already. If not, well just focus on whether this is secure or not. I know I could use the signature to implement this but I don't trust it 100% yet.
0
I only enable cheats for debugging purposes during single player. If it's online w/ multiple players, I have to disable them due to how easy it is to hack into maps to configure banks. Last thing I want is some guy that abuses cheats to ruin the fun of other players.
Although I haven't tested it, I believe the bank signatures have made things a lot more secure since it uses the player's battlenet id, publisher id, etc to compute the hash. So I think one way to get secure administrative functions is to temporarily update the map that adds an admin value to your bank via some secret input only you know, and then quickly update the map again that makes adding that value impossible. This is assuming no one figures out how to hack signatures.