SC2Mapster

WARNING: POST IS OUTDATED AND MIGHT INCLUDE WRONG FACTS! SEE LAST POST FOR MORE INFORMATION!

hello again,

some might remember me for testing the banks some long time ago and finding out, that there are some limits according to banks that are very annoying.
in the beta and also in the early retail release of the game, the banks had 2 big problems:

- much to less values could be saved in the banks
- they were not encrypted//

after some time of flaming, blizzard realized that the bank size limit was silly (or a "problem" like they told it) and they removed it in some way, so at least the limit was gone. but everyone who uses bank files also wants security, so the people had to encrypt their bank files, for example with the very usefull STARCODE library by sirius.

since patch 1.2 there is some new feature, called "bank signature". i was inactive for some time but this caught my interrest again, so i wanted to test what this signature exactly is.
after some testing i found out that the bank signature seemed to be quite save. its nothing else than some sort of a checksum thats automatically generated based on each key value of the entire bank. so if you edit or delete any key of the bank the "signature" will not fit any more and you can detect it with triggers (its a function called "verify bank" for everyone who didnt know yet).

so i was very happy and decided to recode some part of my save/load system of my rpg to make it faster, because starcode does a great compression but also needs some time to get things done. after rewirting the entire quest save system i had a talk with my friend robbepop, who had a quite shocking idea:

lets hack the bank signature

at first i had no idea how to do it and what he meant, but then he explained it to me and i was shocked.
after some testing there was the shocking result: EACH bank signature can be hacked in ~ 1 minute. so how did we do it?

basically the idea behind hacking the signature is very easy: let the game to the work!
each bank can be hacked in a few steps:

1) find the bank you want to hack
2) copy the bank and paste it to C:\Users\<Name>\Documents\StarCraft II\Banks (this is the folder where all the custom single player banks get saved)
3) open it with the windows text editor
4) find the value that you want to edit, for example a highscore (change it from 123 to 56445645644654)
5) save the bank
6) create a new map with the map editor
7) create a new trigger exactly like this:

hack signature
    Events
        Timer - Elapsed time is 0.0 Game Time seconds
    Local Variables
    Conditions
    Actions
        Bank - Preload and synchronize bank "<bankname>" for player 1
        Bank - Open bank "<bankname>" for player 1
        Bank - Set Option Signature for Bank (Last opened bank) to Enable
        Bank - Save bank (Last opened bank)

Note: <bankname> has to be replaced with the name of the bank you just edited, and the bank must be in the folder of step 2, because otherwise the trigger cant find the bank and cant "hack" it.

8 ) save the new map and test it with the editor to execute the trigger
9) copy the bank again and paste it back to its original folder, and restore its name
10) your done!

So what does this mean?

This basically means, that the signature feature of blizzard ist TOTALLY useless, because it can be hacked nearly instantly without any work. So if you want to keep your banks save you STILL have to encrypt it yourself! Blizzard did not even include the map name in the signature to make it a bit harder to fake it (it would still be possible because in single player you can name your map like you want) Big thanks to Robbepop who had this idea!

Applause to Blizzard, again!

PS: And still there is no possiblity to get player name as string to make it impossible to trade banks.

PPS: some might be angry that i post this on sc2mapster, but thats exactly what i want. i want EVERYONE to know how to hack blizzards bank signature, because only like that blizzard will realize that its not the right way to protect the bank files AND the mappers will realize that they still have to use starcode to make their banks save. the signature was a good idea by blizzard, but in fact it only makes it easier for cheaters to archive their goals because mappers (like me) think that their banks are save by using the signature feature.

Funny! Good thing I am using my own encryption ;)

Lol, fail. Never thought of that. Where the hell do they get their programmers fresh out of a highschool CS program or something?

They'd need to use their servers for real signatures. It's possible they deemed it not worth the expense.

Quote from zeldarules28: Go

Good to know...A question about encryption by yourself- people are always like "I encrypted my map myself for security"...What the heck are you doing to encrypt it? Are you using a 3rd party program?

depends.
some people might develope an own simple protection, others (like me) use the starcode library by sirius which really does the best encryption for banks right now.

but what we really need is a save protection that can be used by everyone with a simple trigger action.
blizzard is on the right way, but as you see the signature doesnt do the job.

We would only need some information about the map and about the player.
So a player name as a string and maybe a unique id for the map (the id it is stored on the battle.net servers or whatever) and everything is fine.

Even librarys can be hacked "easily". It wil be harder of course, especially when it produceses keys and values which can't be read by humans. But since you can open any map you can look at the galaxy code and copy the encryption and decryption routines in a new map and then let it decode the bank file and encode a new one.

This could once again get harder if the encryption systems is split up in the galaxy script and if function names are unreadable, but never impossible :D

I personally think that the player name as string together with the character key is all we need. In TestMap you are always called sth like LocalPlayer and on battle net you have your own unique name (+key) so you couldn't create fake maps.

I just don't get why they wouldn't give us this function... Do they fear some sort of discrimination/ban lists/ *insert crazy stuff here* ?

greetz :D

Quote from Rushhour: Go

We would only need some information about the map and about the player.
So a player name as a string and maybe a unique id for the map (the id it is stored on the battle.net servers or whatever) and everything is fine.

btw, even the player name would not be enaugh because blizzard allows hundreds of people to use the same name (because of the custom number system), so there could for example be Mille25.001, Mille25.002, so theoretically there could still be 999 (?) people using the same name and they could still trade their bank files. so we would also need some function that returns the custom number of each player to make it 100% save.

however, getting the player name as string would already be a HUGE improvement, because in fact the chance of 2 people using the same name is quite small, so the trading of the bank file would be very limited.

I already thought about something like forcing all players to type each players' names, hoping they don't lie ... would be
great.... if it wasn't totally stupid xD

It's just sad to see that they keep coming up with extremely naive and useless ideas.

It comes down to this: Banks will never be save as long as they are saved on the client side and the bank's map is available. Yes, you can keep the average user from modifying the bank file, but you won't stop the devoted semi-professional.

Now, is it enough to secure the bank with some kind of ID that is saved on blizzards server side? No, it's not. For the bank file to be identified you still need another ID on the client side which can be fooled, yet again.

The only completely save way is to save the banks on the serverside, which means that blizzard needs to store them for us. Sadly, the decisions they made in this matter suggest that they won't do it. They seem to be reluctant to save bank files for players, instead the implement half thought-out solutions like the signature. But what's their (fucking) problem? They already gave us 50 mb for map hosting, just give us another 10 mb for bank files, with current bank size that's thousands of bank files.

Greetings...

Quote from Rushhour: Go

I already thought about something like forcing all players to type each players' names, hoping they don't lie ... would be great.... if it wasn't totally stupid xD

It's not totally stupid. My StarFriend protocol is based on this kind of mentality (albeit the implementation is completely different).

It's fun to bash on the great programmers at Blizzard and all, but did anyone actually try this?

Because, it doesn't work. It has been verified by multiple people that the bank signatures depend on the player's name, author's name, and (published) map-name. I just verified this myself.

Also, if what Mille25 said were true, it would be possible to trade protected banks (it's not).

Signatures are still the only way to protect bank files from hackers - despite what multiple people on this forum have claimed, the algorithm for signatures has still not been cracked (or at least, it has not been released to the public by anyone).

@BlueRajasmyk: Go

yep, thats true.

ive receaved several pms the last week asking whats the truth and if this thread is still up to date: its not.
when making this test my idea was that the bank signature itself is just some checksum generated of the values of the bank itself.
i havent made any multiplayer tests yet but im planning to do so when i find the time (but i think its pretty obvious that the bank signatures are more complex than initially thought)

so sorry again for all confusion caused by this thread, it DOESNT represent the latest discoveries.