Forums » General
"The compression is crazy. It's damned near impossible to extract stuff from it. "
Complexity does not ensure security.
Complexity does not ensure security.
Pyro, they use blowfish for the password database, the packets are compressed with a huffman-based algorithm(figuring out the tree for it would be fairly non-trivial, but it is possible).
Still, with the amount of sanity-checking they do? You -might- be able to use the dev's "warp to any sector from any sector" feature. But /oper /kill uses a server-side account checker (AFAIK), and all the normal movements and attacks are sanity-checked.
I suspect that warping at any location is quite possible, distance checking would be kept client side due to the amount of load it'd put on the server. It may also be possible to warp out of a system so long as you're in the sector, however it'd be a bit easier to sanity check that. And yes, packets are compressed via HUFF, and would actually be fairly simple to decompress. So far they've done an excellent job protecting the game from most simple hacking methods, however holes still do exist =)
Heh, this thread is entertaining. Keep it up. :)
Coding Nerds.
:P
:P
Ray's just sitting there, grinning because we're completely wrong... :P
like when we tried to crack the media.rlb file years ago and someone finaly got it? then it was forgotten about. And someone get it again? that was interesting
By all means start the .rlb discussion again, but do it in off-topic please.
There was a very simple reason it was forgotten about, but you're making Ray smile so carry on.
There was a very simple reason it was forgotten about, but you're making Ray smile so carry on.
Don't disregard my advice. What ctishman doesn't seem to realize is when you find a bug/cheat/or what not, when you exploit/test it(to a degree) you usually find more bugs that either link off of it, or are very similar. As I also said before, we are all getting reset anyway, so even if you manage to give everyone endless money or spill a bug that does. It will be fixed and it will all go away. But money bugs no matter work, as I do believe all of them have been fixed.
We are beta testing for a reason, and just to find a bug and then not messing with it can still leave something you didn't see. Plus when you test with it more you can give the devs more input on what you tried and did exactly to remake it. The more information(more exact important information) the devs can get, the easier it is for them to find a way to fix it.
ohh yea last thought to alienb: har har har :)
We are beta testing for a reason, and just to find a bug and then not messing with it can still leave something you didn't see. Plus when you test with it more you can give the devs more input on what you tried and did exactly to remake it. The more information(more exact important information) the devs can get, the easier it is for them to find a way to fix it.
ohh yea last thought to alienb: har har har :)
I'll actually start trying malformed / crafted packets tonight, just need to write a huffman decoder/encoder on the gateway. This will probably come with limited success, since there are many ways to complicate this process, even something such as a simple ascii shift will do wonders on obscurity. If the huffman decoder I write doesn't work, my only other option would be to fire up softice and see just how devious the devs were.
Been doing some reading on Huffman trees... Anyhow, isn't it possible that they implimented a weighting algorithm such that larger patterns were made parents? Wouldn't that mean that to decompress it, you'd need to know the meaning of each part of the packet? Eh?
Question... What would happen if you started duplicating packets at random? Most of them would be stuff like moving, which wouldn't do much, but what about the odd few? Would anything interesting happen?
Like I said before Pyro, the server kicked me off when I tried that. I think you'd need to modify the new packets to update the timestamp and whatever other per-packet info was needed to keep the sanity-checks from kicking you off.
/me looks at a1k0n and grins. Entertaining indeed.
Sorry for the off-topicness but:
/me looks at his hand.
/me sees it coming at his forehead.
/me feels it hit his forehead.
/me rolls on the floor in pain saying, "Why don't I know computer stuff?"
/me goes to learn about computer stuff...
/me looks at his hand.
/me sees it coming at his forehead.
/me feels it hit his forehead.
/me rolls on the floor in pain saying, "Why don't I know computer stuff?"
/me goes to learn about computer stuff...
I am so baffled that I am incapable of describing it....
I think I'll go back to "Pong."
I think I'll go back to "Pong."
Haha, and as far as the huffman tables go, they can be retrieved or reconstructed. The server from what I hear has basic sanity checks, if it's not expecting it, it'll kick you off.
just smile and pretend like you know what they are talking about........eff this, im playing X-wing!
It's not THAT complicated, Really!
http://img71.exs.cx/img71/3681/working2.jpg
Making progress meanwhile...
http://img71.exs.cx/img71/3681/working2.jpg
Making progress meanwhile...