Home » Stars! 2.6/7 » The Bar » Add to Player Exploitable bugs / "Features"?
Add to Player Exploitable bugs / "Features"? |
Fri, 05 August 2016 01:19 |
|
platon79 | | Chief Warrant Officer 3 | Messages: 185
Registered: February 2004 Location: Norway | |
|
First the background. A little while ago, in a game I'm playing, I tried the tool GameToTestBed to test a battle. I noticed that the following year the mt gave me a certain part. I thought it was just randomly assigned by GameToTestBed. When the game then commenced I noticed that I got the exact same part. So I searched, and found out that what the MT gives is indeed included in the m-files. This means that now that the decryption is known, it is easy for everyone to get to know what the MT gives out as soon as it appears!
This is something of a player exploit, as you may know at once you see a trader what it gives out, so you may decide to leave it alone if it gives out something you don't want, or you may bring additional minerals if you know it is a tech-trader.
What differs from this exploit compared to the others, is that it is only information, so it is 100% impossible for a host to know if a person has checked what a trader gives out or not.
I therefore propose to add this exploit to the "Player Exploitable bugs / Features"-thread with the default setting "allowed". And then we make a tool so that it is easy for everyone to check out what the trader brings. in fact, I am working to include this in my GalaxyViewer-tool right now.
Report message to a moderator
|
|
| |
Re: Add to Player Exploitable bugs / "Features"? |
Fri, 05 August 2016 20:22 |
|
magic9mushroom | | Commander | Messages: 1361
Registered: May 2008 | |
|
This has been known for some time. IIRC there was a project to build a .m file sanitiser that removes that information (along with a bunch of other supposedly-invisible information) from .m files sent out by SAH; I don't know whether it was actually implemented or not.
EDIT: Everyone in the know was being a bit cagey about it, but some comments I read about this when it was first broached a few years back might suggest that among the other supposedly-invisible information in .m files is the location and stats of all fleets and planets (i.e. that the "can you see this" algorithm is client-side). If that's true, it makes for a VERY strong incentive not to permit out-of-client data extraction in ordinary games, because it would turn the game into a complete farce. Certainly, there's at least something bigger than the MT at stake here.
I would strongly object to the public dissemination of a tool to cheat in this fashion until we've at least discussed this a little more and determined exactly what is at stake, as well as the status of the sanitiser.
[Updated on: Sun, 07 August 2016 03:10] Report message to a moderator
|
|
|
Re: Add to Player Exploitable bugs / "Features"? |
Sun, 07 August 2016 06:28 |
|
platon79 | | Chief Warrant Officer 3 | Messages: 185
Registered: February 2004 Location: Norway | |
|
magic9mushroom wrote on Fri, 05 August 2016 20:22This has been known for some time. IIRC there was a project to build a .m file sanitiser that removes that information (along with a bunch of other supposedly-invisible information) from .m files sent out by SAH; I don't know whether it was actually implemented or not.
EDIT: Everyone in the know was being a bit cagey about it, but some comments I read about this when it was first broached a few years back might suggest that among the other supposedly-invisible information in .m files is the location and stats of all fleets and planets (i.e. that the "can you see this" algorithm is client-side). If that's true, it makes for a VERY strong incentive not to permit out-of-client data extraction in ordinary games, because it would turn the game into a complete farce. Certainly, there's at least something bigger than the MT at stake here.
I would strongly object to the public dissemination of a tool to cheat in this fashion until we've at least discussed this a little more and determined exactly what is at stake, as well as the status of the sanitiser.
I have already made an addition to my GalaxyViewer tool that shows what the MT brings. I will postpone committing it and pushing it to github until it has been discussed further. So until this has been properly discussed, I guess we with the knowhow should just try to restrain ourselves from checking what the MT brings, and that also includes using the already available GameToTestBed-tool for meeting the MT. Who was working on the m-file sanitizer? What else was to be included? (I myself started some work on an x-file sanitizer earlier this year, but because I had underestimated how it should respond to the minefield bug I haven't looked at it in a while)
However, I don't think the m-file contains normal info on what you do't see. If that was the case, the m-file-merger from a year back would have been pointless.
Report message to a moderator
|
|
|
Re: Add to Player Exploitable bugs / "Features"? |
Sun, 07 August 2016 06:45 |
|
|
iztok wrote on Fri, 05 August 2016 11:39Here goes away another interesting dilemma we faced in a game ...
Yes.
platon79 wrote on Fri, 05 August 2016 07:19I therefore propose to add this exploit to the "Player Exploitable bugs / Features"-thread with the default setting "allowed". And then we make a tool so that it is easy for everyone to check out what the trader brings. in fact, I am working to include this in my GalaxyViewer-tool right now.
Better to put it into the open...
And thus I agree with your suggestions.
And I think that asap would be best. A direct link to the tool from the "Player Exploitable bugs / Features"-thread should put everybody on equal footing.
magic9mushroom wrote on Sat, 06 August 2016 02:22[...}as well as the status of the sanitiser.
If there will be a sanitiser, we can use it. Until then... see above.
[Updated on: Sun, 07 August 2016 06:47] Report message to a moderator
|
|
|
Re: Add to Player Exploitable bugs / "Features"? |
Sun, 07 August 2016 07:56 |
|
magic9mushroom | | Commander | Messages: 1361
Registered: May 2008 | |
|
platon79 wrote on Sun, 07 August 2016 20:28magic9mushroom wrote on Fri, 05 August 2016 20:22This has been known for some time. IIRC there was a project to build a .m file sanitiser that removes that information (along with a bunch of other supposedly-invisible information) from .m files sent out by SAH; I don't know whether it was actually implemented or not.
EDIT: Everyone in the know was being a bit cagey about it, but some comments I read about this when it was first broached a few years back might suggest that among the other supposedly-invisible information in .m files is the location and stats of all fleets and planets (i.e. that the "can you see this" algorithm is client-side). If that's true, it makes for a VERY strong incentive not to permit out-of-client data extraction in ordinary games, because it would turn the game into a complete farce. Certainly, there's at least something bigger than the MT at stake here.
I would strongly object to the public dissemination of a tool to cheat in this fashion until we've at least discussed this a little more and determined exactly what is at stake, as well as the status of the sanitiser.
I have already made an addition to my GalaxyViewer tool that shows what the MT brings. I will postpone committing it and pushing it to github until it has been discussed further. So until this has been properly discussed, I guess we with the knowhow should just try to restrain ourselves from checking what the MT brings, and that also includes using the already available GameToTestBed-tool for meeting the MT. Who was working on the m-file sanitizer? What else was to be included? (I myself started some work on an x-file sanitizer earlier this year, but because I had underestimated how it should respond to the minefield bug I haven't looked at it in a while)
However, I don't think the m-file contains normal info on what you do't see. If that was the case, the m-file-merger from a year back would have been pointless.
Altruist wrote on Sun, 07 August 2016 20:45iztok wrote on Fri, 05 August 2016 11:39Here goes away another interesting dilemma we faced in a game ...
Yes.
platon79 wrote on Fri, 05 August 2016 07:19I therefore propose to add this exploit to the "Player Exploitable bugs / Features"-thread with the default setting "allowed". And then we make a tool so that it is easy for everyone to check out what the trader brings. in fact, I am working to include this in my GalaxyViewer-tool right now.
Better to put it into the open...
And thus I agree with your suggestions.
And I think that asap would be best. A direct link to the tool from the "Player Exploitable bugs / Features"-thread should put everybody on equal footing.
magic9mushroom wrote on Sat, 06 August 2016 02:22[...}as well as the status of the sanitiser.
If there will be a sanitiser, we can use it. Until then... see above.
This is what I was referring to, the thread where this issue was discussed five years ago. Those in the know seem to believe there's something far more terrible in there. Unfortunately, the details were never released, but upon rereading Ron does have the finished sanitiser and he said he would use it on SAH.
Of course, now I'm wondering how to reconcile that statement with the fact that platon79 clearly managed to hack his .m file productively. Was this game on SAH?
Ron does have a point that there is no way to defend player-hosted games (truly player-hosted, I mean, not "hosted" on SAH) from exploitation. That's the expressed reason why the details of this have never been made public.
Report message to a moderator
|
|
|
Re: Add to Player Exploitable bugs / "Features"? |
Sun, 07 August 2016 11:54 |
|
platon79 | | Chief Warrant Officer 3 | Messages: 185
Registered: February 2004 Location: Norway | |
|
magic9mushroom wrote on Sun, 07 August 2016 07:56Of course, now I'm wondering how to reconcile that statement with the fact that platon79 clearly managed to hack his .m file productively. Was this game on SAH?
Ron does have a point that there is no way to defend player-hosted games (truly player-hosted, I mean, not "hosted" on SAH) from exploitation. That's the expressed reason why the details of this have never been made public.
Yes, the game is SAH, it's the large SBTC game. It was on one of the recent traders that I discovered it in, and I have later run my tool on the current game and found that it correctly displays what the trader gives on both currently active traders. So the aforementioned tool is clearly not running on SAH. Perhaps we should query Ron in some way to see why he never implemented it? Btw, since I have met both traders currently in the universe already, I (and my alliance partners) haven't had any additional information in this game yet, but I guess our opponents, which haven't met the traders yet, would be interested in what they bring. So hopefully they will refrain from finding out until a consencus is made about making it available or not?
Report message to a moderator
|
|
| |
Re: Add to Player Exploitable bugs / "Features"? |
Wed, 10 August 2016 05:46 |
|
magic9mushroom | | Commander | Messages: 1361
Registered: May 2008 | |
|
Drawbacks:
- "Not the way the game is supposed to be played"; this is literally hacking around a designed-in play element.
- Forces the use of a third-party utility bypassing the Stars! client to be competitive. Yes, I know there are a bunch of helpful utilities around already, but none of those tell you anything you couldn't work out yourself with the client, some brains and pen and paper or calculator (and indeed, most are done user-side with the information the client itself gives you; I frown somewhat on those that are done file-side). This does; there is no way within the Stars! client to get that information.
To be frank, I consider any and all hacking to be a far worse "cheat" than any form of bug abuse. It is repulsively inimical to anything remotely resembling "the spirit of the game". You're not playing Stars! anymore, you're playing programming. Or script-kiddie-ing, as the case may be.
[Updated on: Wed, 10 August 2016 05:47] Report message to a moderator
|
|
|
Re: Add to Player Exploitable bugs / "Features"? |
Wed, 10 August 2016 15:44 |
|
neilhoward | | Commander | Messages: 1112
Registered: April 2008 Location: SW3 & 10023 | |
|
Frank,
On one hand feelings are real and valid regardless of whether or not they are completely rational. On the other hand, feelings cannot be the basis for a system of rules. On a stunted claw, I do not want to discourage anyone from developing new utilities. On the face tentacles, I cannot reasonably mediate interpretations of the developer's intentions any more than I can those of The Dark Prophet (madness be upon him); the "spirit" of the game beyond tangible specifics is not something that can usefully discussed.
As host of the game in question I have to consider what rules I am able to reasonably enforce. Therefore the use of any data that a player legitimately receives from the hosting service (e.g. m.file) can and must be accepted as legitimate. It would not be reasonable for me to say "here is a book, but don't read the incantation on page 751". The responsibility for restricting data that players use must be accounted for before the data is distributed. I consider this completely and fundamentally different from using external software to alter the game function (e.g. adding minerals and pop).
The above should in no way be interpreted to suggest that I will restrict myself to acting reasonably.
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.
Regards,
Shirley
[Updated on: Wed, 10 August 2016 15:55] Report message to a moderator
|
|
| | | |
Re: Add to Player Exploitable bugs / "Features"? |
Thu, 11 August 2016 23:06 |
|
Ron | | Commander Forum Administrator Stars! AutoHost Administrator | Messages: 1231
Registered: October 2002 Location: Collegedale, TN | |
|
platon79 wrote on Thu, 11 August 2016 13:39I have now tried to PM Ron about the status of the m-file sanitizer/scrubber. Hopefully he will reply soon.
Yes, I have a StarsKnowledgeCleaner.exe file that can sanitize individual .m files or a folder of .m files.
Xyligun said "I've made more tests and it seems that situation is much better with that hidden knowledge in jrc4 than in jrc3. In jrc3 it works exactly like I described earlier and puts all that hidden knowledge into CA m file. In jrc4 it still puts this knowledge block, but it zeroed it the same way as cleaner. So, the only available hidden info in jrc4 is info about traders and wormholes."
But since only traders and wormhole info is in the .m files for Jrc4 games, is this utility still needed?
[Updated on: Thu, 11 August 2016 23:07]
Ron Miller
Stars! AutoHostReport message to a moderator
|
|
|
Re: Add to Player Exploitable bugs / "Features"? |
Fri, 12 August 2016 04:12 |
|
magic9mushroom | | Commander | Messages: 1361
Registered: May 2008 | |
|
Ron wrote on Fri, 12 August 2016 13:06platon79 wrote on Thu, 11 August 2016 13:39I have now tried to PM Ron about the status of the m-file sanitizer/scrubber. Hopefully he will reply soon.
Yes, I have a StarsKnowledgeCleaner.exe file that can sanitize individual .m files or a folder of .m files.
Xyligun said "I've made more tests and it seems that situation is much better with that hidden knowledge in jrc4 than in jrc3. In jrc3 it works exactly like I described earlier and puts all that hidden knowledge into CA m file. In jrc4 it still puts this knowledge block, but it zeroed it the same way as cleaner. So, the only available hidden info in jrc4 is info about traders and wormholes."
But since only traders and wormhole info is in the .m files for Jrc4 games, is this utility still needed?
Well, it's clearly needed if we're to have "no hacking allowed" games, as (as NH and others have correctly noted) there's no other way to enforce it. Certainly, games without info-hacking banned seem plausible given this new data, but I for one have little interest in playing them.
Would it be possible to publically release the sanitiser? Given that a data-extractor utility is about to be released, it would seem there's little remaining benefit in security-through-obscurity. While playing hosts of private games would still be able to cheat, that can no longer be averted.
Report message to a moderator
|
|
|
Re: Add to Player Exploitable bugs / "Features"? |
Fri, 12 August 2016 06:10 |
|
neilhoward | | Commander | Messages: 1112
Registered: April 2008 Location: SW3 & 10023 | |
|
Altruist wrote on Sun, 07 August 2016 03:45platon79 wrote on Fri, 05 August 2016 07:19I therefore propose to add this exploit to the "Player Exploitable bugs / Features"-thread with the default setting "allowed". And then we make a tool so that it is easy for everyone to check out what the trader brings. in fact, I am working to include this in my GalaxyViewer-tool right now.
Better to put it into the open...
And thus I agree with your suggestions.
And I think that asap would be best. A direct link to the tool from the "Player Exploitable bugs / Features"-thread should put everybody on equal footing.
Agreed. 100%. I can only imagine the motive to fight transparency belonging to players that intend to use the exploit and don't want competition.
Altruist wrote
magic9mushroom wrote on Sat, 06 August 2016 02:22...as well as the status of the sanitiser.
If there will be a sanitiser, we can use it. Until then... see above.
Agreed. And this does not obviate the previous point.
magic9mushroom wrote on Fri, 12 August 2016 01:12While playing hosts of private games would still be able to cheat, that can no longer be averted.
It never could have been, since they would need to have the host file as well as both m files. Merp.
[Updated on: Fri, 12 August 2016 06:14] Report message to a moderator
|
|
| |
Re: Add to Player Exploitable bugs / "Features"? |
Fri, 12 August 2016 16:33 |
|
XAPBob | | Lt. Commander | Messages: 957
Registered: August 2012 | |
|
magic9mushroom wrote on Fri, 12 August 2016 09:12Ron wrote on Fri, 12 August 2016 13:06platon79 wrote on Thu, 11 August 2016 13:39I have now tried to PM Ron about the status of the m-file sanitizer/scrubber. Hopefully he will reply soon.
Yes, I have a StarsKnowledgeCleaner.exe file that can sanitize individual .m files or a folder of .m files.
Xyligun said "I've made more tests and it seems that situation is much better with that hidden knowledge in jrc4 than in jrc3. In jrc3 it works exactly like I described earlier and puts all that hidden knowledge into CA m file. In jrc4 it still puts this knowledge block, but it zeroed it the same way as cleaner. So, the only available hidden info in jrc4 is info about traders and wormholes."
But since only traders and wormhole info is in the .m files for Jrc4 games, is this utility still needed?
Well, it's clearly needed if we're to have "no hacking allowed" games, as (as NH and others have correctly noted) there's no other way to enforce it. Certainly, games without info-hacking banned seem plausible given this new data, but I for one have little interest in playing them.
Would it be possible to publically release the sanitiser? Given that a data-extractor utility is about to be released, it would seem there's little remaining benefit in security-through-obscurity. While playing hosts of private games would still be able to cheat, that can no longer be averted.
Playing hosts of private games can always cheat by pulling a copy of the host file...
Report message to a moderator
|
|
| | | | |
Re: Add to Player Exploitable bugs / "Features"? |
Sat, 13 August 2016 16:15 |
|
neilhoward | | Commander | Messages: 1112
Registered: April 2008 Location: SW3 & 10023 | |
|
Since making the issue more visible...
I will volunteer to setup and host duels on SAH as my schedule allows. I hope some others are willing to do the same, cause I have been hankering for some dueling.
Report message to a moderator
|
|
|
Goto Forum:
Current Time: Thu May 16 13:46:27 EDT 2024
|