I've been reading posts here and getting some conflicting information on bank signatures. So are they secure or not?
Is it true that the signature is generated based on the data in the bank file, the bank name, the map name, the current player name AND the author name?
If that is true, then how can they be so easily hacked? Even if you copy the bank file and load it to write back to it, your author name will change and so should the signature, creating an invalid signature when you copy the bank file back.
I'd say that the signatures themselves are secure. The only insecure part is how we work around that signature, attacking it from a different, much easier direction.
Yeah it's not so much wether the signatures are secure, people aren't generating their own signatures, it's more how easy they are to bypass. It doesn't matter how secure a code/hash key is if it's easily bypassed.
^Mille25 said he is going to retest that stuff when he gets a chance, hopefully that gives us some insight.
I've been reading posts here and getting some conflicting information on bank signatures. So are they secure or not?
Is it true that the signature is generated based on the data in the bank file, the bank name, the map name, the current player name AND the author name?
If that is true, then how can they be so easily hacked? Even if you copy the bank file and load it to write back to it, your author name will change and so should the signature, creating an invalid signature when you copy the bank file back.
What am I missing?
People just open banks in notepad and modify the data there. They don't actually modify the signature.
Starcode is the best defense against this that I could find. Search for it on the website and you should find it pretty easily.
That wont work for them because when you verify the signature it will fail.
i thought banks a save? Keep this thread up pls
4 days without anyone disagreeing seem to suggest that the signatures are secure indeed.
I'd say that the signatures themselves are secure. The only insecure part is how we work around that signature, attacking it from a different, much easier direction.
http://forums.sc2mapster.com/development/map-development/17512-warning-for-everyone-who-uses-bank-files/
didn't test if this is still true
Yeah it's not so much wether the signatures are secure, people aren't generating their own signatures, it's more how easy they are to bypass. It doesn't matter how secure a code/hash key is if it's easily bypassed.
^Mille25 said he is going to retest that stuff when he gets a chance, hopefully that gives us some insight.
Even if it can be hacked easily, it's probably useful to have in addition to other security methods.