System MapLock

[Azlier]

Kay. Scope are added in order. Good.

Still, it should be added through war3Map.j, because of the whole optimizer thing.

 

[Jesus4Lyf]

>Seeing as you have to add this code after optimizing
Pretty sure you're wrong. I even explained this in the original post.

All you have to do is optimize with LOCKED=false and then run the map to get the key, then set it to true and insert the key as usual, then optimize again. The only thing is you have to optimize twice. But I'm sure you'll see that that's not a time consuming or difficult process.

Right. So all in favour of flavours of this?
You could do some nasty things with bytecode here to really obscure this.

Feel free to start submitting flavours of this system here and if I approve them, I'll add them spoilered to the original post, and assign them a colour or something. Then hackers can't just regex it.

 

[Strilanc]

Crashing the map instead of printing a warning just gives more incentive to bypass the system. It's dead easy to find the C2I function, see where it's called, and disable the checks.

 

[Kenny]

I was just wondering, why dont you just format the two library's like you would spells and such, renaming all the functions, to very common names, like Update instead of C2I or something, and rename variables, like KEY, to ABIL_ID or something.

You could even add in dummy functions within the library's to make them less inconspicuous.

Just a thought.

And i think flavours would be cool.

 

[Strilanc]

I was just wondering, why dont you just format the two library's like you would spells and such, renaming all the functions, to very common names, like Update instead of C2I or something, and rename variables, like KEY, to ABIL_ID or something.

You could even add in dummy functions within the library's to make them less inconspicuous.

Just a thought.

And i think flavours would be cool.

The function isn't easy to find because of its name, it's easy to find because of its signature. Almost no user functions take arguments of type code, and even fewer take one code, return an integer, and exploit the return bug.

Modification detection is just not something that works well as a system. Being a system reduces its effectiveness. You'll stop the noobs from modifying the map, but that's not exactly hard to do.

 

[Jesus4Lyf]

Strilanc, please reconsider your statements:

globals
    code Index
    integer Level=5
endglobals
function Init takes nothing returns nothing
    set Index=function SomeBJfunc // I should remove MapLockNorth and anchor on a BJ func instead. Will probably update that.
endfunction
function GetIndex takes nothing returns integer
    if Level<10 then
        return Index
    endif
    return Level
endfunction

You can probably create some very imaginative flavours! I just don't have the time to craft them just yet. And once they're run through the optimizer, I think this would be a bit troublesome to pick up.

Oh, and you don't even need C2I in this system. You can use I2C in a similar manner. And do all kinds of similar things (you do need C2I for key finding, but not key checking). A little tampering with this system would make it very difficult to pick up with regex or signatures.

>Being a system reduces its effectiveness
Agreed, which is why I'd like to not release flavours, and let people make their own instead.

 

[Strilanc]

Strilanc, please reconsider your statements:

globals
    code Index
    integer Level=5
endglobals
function Init takes nothing returns nothing
    set Index=function SomeBJfunc // I should remove MapLockNorth and anchor on a BJ func instead. Will probably update that.
endfunction
function GetIndex takes nothing returns integer
    if Level<10 then
        return Index
    endif
    return Level
endfunction

You can probably create some very imaginative flavours! I just don't have the time to craft them just yet. And once they're run through the optimizer, I think this would be a bit troublesome to pick up.

Oh, and you don't even need C2I in this system. You can use I2C in a similar manner. And do all kinds of similar things (you do need C2I for key finding, but not key checking). A little tampering with this system would make it very difficult to pick up with regex or signatures.

>Being a system reduces its effectiveness
Agreed, which is why I'd like to not release flavours, and let people make their own instead.

You still had to return a code-type variable in an integer-type function. That can be detected automatically, and then I can easily list all the functions which call the c2i function (and functions which call those functions, too).

The hardest part would be finding or writing the tool to find the function and calling functions. Similar to how the hardest part of unprotecting a map is finding or writing to tools.

 

[Jesus4Lyf]

>That can be detected automatically
You're being very theoretical. And theoretically nothing is perfectly secure. But theoretically this is about as secure as it gets. -.-

My point is that any weakness this has to automated detection can be further obscured. Your point is that it can't be perfectly obscured. Both are correct.

(Well, you might be able to obscure it further with bytecode, but this hasn't been made stable enough yet, and even then your argument would be "look for bytecode". XD)

 

[Sim]

Anything that has been made by humans can be undone. The point is to limit the number of people that can unmake it. In this case, a protected map will always be unprotectable, but if one reduces the number of people able to unprotect it to just several individuals... that would achieve this system's goal.

What do you mean by flavors exactly?

 

[Jesus4Lyf]

Versions where the code is shuffled around to make it harder to recognise. But I can't be bothered right now. No time.

 

[SerraAvenger]

>That can be detected automatically
You're being very theoretical. And theoretically nothing is perfectly secure. But theoretically this is about as secure as it gets. -.-

My point is that any weakness this has to automated detection can be further obscured. Your point is that it can't be perfectly obscured. Both are correct.

(Well, you might be able to obscure it further with bytecode, but this hasn't been made stable enough yet, and even then your argument would be "look for bytecode". XD)

Detect all functions that have multiple returns, then check the types and gotcha ; D

I still like it.

 

[Terrabull]

Detect all functions that have multiple returns, then check the types and gotcha ; D

I still like it.

Seems like more work than a computer can easily do.
Besides, this is easily countered. Because you don't need C2I to actually run when you set the variable to false, you can change C2I to whatever else you want as long as you leave the number of lines in tact.

I really like this tool. I have one problem user who keeps posting on a crack site to inject a cheat pack into my map. It really ticks me off. This ought to slow him down a bit.

Great now all you have to do is make some maps that people actually want to play bad enough to cheat...

Your quip comes to late, it appears that is already the case. I found this on war3edit
Map: Jesus4Lyfe Real Life 2.0

Cheats: JJ CP

http://epicwar.com/maps/3576/

 

[Jesus4Lyf]

Rofl, someone hacked one of my maps. I'm honoured.

And you're right. It comes about 5 years too late. I used to be so well known for that dodgey map. XD

I posted in the thread.

PS. EAT THAT COHADAR!

 

[Strilanc]

Seems like more work than a computer can easily do.

Your sense of what computers can and can't do is way off. Compiling vJass to jass does exactly the type of work you seem to think is intractable.

 

[black.sheep]

Hm, is it possible to see how many lines of code have been changed?
Say like 1-5, create anew quest.
6-11 Modify some variables to give weird behavior in the map
12-99999 Crash map.

 

[SerraAvenger]

Hm, is it possible to see how many lines of code have been changed?
Say like 1-5, create anew quest.
6-11 Modify some variables to give weird behavior in the map
12-99999 Crash map.

yes.
Just divide your C2I - Saved Index by 24

 

[Jesus4Lyf]

24 is wrong, I'm pretty sure. Because functions take a different amount of bytecode space to variable stuff, if I recall correctly. Use 8.

black.sheep, I'm not inclined to modify this system in that way because it wasn't the original point and it makes it difficult to implement. HOWEVER! Just take the difference between the key constant and the function instead of checking that they're equal, divide that by 8, and that should get you -roughly- the number of lines add/removed/etc. You can do with that what you like. (Just please don't release it as an alternative system, we don't need 50 of these.)

So um. Might this get approved? I mean, it's pretty cute.

 

[WastedSavior]

I seem to be having an issue.

I place the code in my map.
I optimize my map.
I run my map, but everytime i run it, i get a different key.
So i can't put the key in, cuz it never stays the same.

Am i doing something wrong?

 

[Jesus4Lyf]

From talking to you on chat, this appears to be a b.net issue due to the bytecode exploit fix stuff.

If anyone is interested in debugging this, it seems it may be possible to fix perhaps, but I need to see a few of the different keys it spits out (as many as possible would be nice, for a single map, and the one it spits out in single player). If there's some sort of pattern, it should render a solution.

 

[Terrabull]

Your sense of what computers can and can't do is way off. Compiling vJass to jass does exactly the type of work you seem to think is intractable.

You missed the key descriptor: "easily"
I would never classify compiling vJass to Jass as easy. Also, this is not compiling vJass to Jass, it is decompiling it, analyzing it for several variable patterns that could possibly denote the existence of other code to look for and remove based on what this code is.
Quite a lot of logic to program. It is very unlikely to make it into the automated cheat-add bots because of how that.