A bank signature is dependent on 3 things:
1. The bank name.
2. The bank data.
3. The account of the user the bank was created on.
If any of these changes, the signature will change.
At least from testing that is what I have noticed will change the bank signature.
The name of the map will NOT change the bank signature.
ok do u tried to upload a custom map on battle net, which can write manupulated data into some bank, after someone played it?
i mean, i hope the signatue is also depends on the creator's name
Just tested it and yes it also depends on who published the map.
So it depends on:
1. Who published the map.
2. Who played the map.
3. The name of the bank file.
4. The data in the bank file.
This actually means that bank signatures are theoretically completely secure from other players tampering with your bank files. Unless of course someone cracks how the signatures are created or hacks into your Starcraft account in general.
No, even if you delete the bank and save the exact same data under the same circumstances, the signature is the same.
The signature stays the same if the bank is overwritten with the same data as well. At least as far as I have noticed, there could always be a bug.
Now only thing that worries me is the rare occurrence of a bank validation failing on a legit signature. I'm hearing from several different popular maps where some people's saved stuff are getting deleted.
First of all, dont use all caps, and second off all, It looks like blizzard thinks that melee is far more important that custom maps. Just look at all the bugs in wc3 editer, or the popularity system(which is conviently bypassed by having all the "blizzard" maps having a unique category), or the sc2 upload limits, or pretty much the rest of bnet2.0
First of all, dont use all caps, and second off all, It looks like blizzard thinks that melee is far more important that custom maps. Just look at all the bugs in wc3 editer, or the popularity system(which is conviently bypassed by having all the "blizzard" maps having a unique category), or the sc2 upload limits, or pretty much the rest of bnet2.0
Well, look at the ladder forums.
Everywhere you look you see complaints about imbalances which are not being taken care of (which are very subjective sometimes lol), complaints about how the matchmaker pairs people together, complaints about people who got stuck in their leagues or about positional imbalances in melee maps.
Of course Starcraft is mainly a game to be played and not a toolkit for us mappers. Still, it's not like they are quick to fix bugs in general.
The last possibility for hacking is reverse engineering :D
Hope blizzard don't use local mashine to do the siganture.
Verify Signature should work offline too, shouldn't it? In Test Maps or during offline play. Well, it most probably will, since you couldn't load signature'd banks otherwise. Which would mean the local machine does it.
Awsome question avoiding skills you got there boys.
PhantomInfernal:
"This actually means that bank signatures are theoretically completely secure from other players tampering with your bank files. Unless of course someone cracks how the signatures are created or hacks into your Starcraft account in general."
However, to clear this up, we are able to make a secure save/load system?
To give you the best answer I have:
Although we don't exactly know how the signaturs work I can tell you that it won't be completely secure. It can still be cracked.
However, depending on how hard it will turn out to be, we might not see many banks cracked because of the effort evolved in it.
how about putting all important functions and stuff into a MOD? AFAIK MODs aren't stored on the client side and so you can't read them with a mpq-editor. So all custom Items, XP, Points, save-load processing into the MOD would make it more save?
Eg. The map "Chrono Agents" seems pretty save for me (as save as a map can be in sc2). (Or am i just not intelligent enough? :P )
Greetings
Edit: mods are saved too, i just didn't search hard enough. So *cough* forget it :P
Good craftsmanship needs incentive... a server hosting an sc2 mod (gathering the stats from sc2 games from the mod for instance) with a good size community would warrant loads of stuff working for a decent "locking" of maps/mods results banks etc...
Just do it so it's too long to decipher and change it as frequently as your paranoia / time to devote to it ratio allows you (change regularly before you feel it's "been out too long")
Anyway it's communities that find cheats or thieves, not coding... coding is just a buffer of time.
the only real problem is blizz publishing security coding, they won't .. they'd loose control...
How would i go about it:
Coding blizz woud not allow yet is out...
A set of starting scan checks for players (before game (feature in mod)), then irregular checks (maybe save specific information for a follow up if needed (by admin) for instance, the ways are numerous and that's the whole point: buy time and change / mix them) through out the game, to finish in an admin checking of each of the "replays" stats for players or mapmakers to have to contend with would do fine... but it's work to be done (graciously)... much like updating after patches, advertising, coughboostingcough... all work! It needs incentive (several thousand people invested in the mod) for it to be worth it...
Sad thing: the incentive works for hacker too (they would only "work on" a highly successful mod.
The new top maps in europe neither use signatures, nor encrypt or compress their data.
If people at least used the tools they gave us 90% of the people willing to hack a bankfile will give up. Who really wants to search for the mapfile, look at the raw galaxy script and try to understand the encryption/compression functions just to have some more xp or fame?
Lol. I put a really confusing trigger in my prisoner rebellion map to save out your wins to losses as something like "SDHA*34Hada"... and the trigger itself was so poorly organized no one could read it if they opened the map haha.
Also, as 'unprotected' as any client-side data is... I was quite surprised when Blizz released SC2 they let us download it ahead of time. I was shocked, guessing some random dude would crack it open before 'official' release. So what did they use to protect their data? And why can't we do the same in a bank file? (FYI I'm asking genuinely... i don't know).
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
A bank signature is dependent on 3 things: 1. The bank name. 2. The bank data. 3. The account of the user the bank was created on.
If any of these changes, the signature will change. At least from testing that is what I have noticed will change the bank signature. The name of the map will NOT change the bank signature.
@PhantomInfernal: Go
ok do u tried to upload a custom map on battle net, which can write manupulated data into some bank, after someone played it?
i mean, i hope the signatue is also depends on the creator's name
@avogatro: Go
If bank signatures are independent of the creator's name, whoever programmed it wasted time.
@avogatro: Go
Just tested it and yes it also depends on who published the map.
So it depends on:
1. Who published the map.
2. Who played the map.
3. The name of the bank file.
4. The data in the bank file.
This actually means that bank signatures are theoretically completely secure from other players tampering with your bank files. Unless of course someone cracks how the signatures are created or hacks into your Starcraft account in general.
So this means map protection is working?
@PhantomInfernal: Go
what happend if u save same data for same user from same creator into the same bank twice? Do u see some changes?
Do they have salt in the soup?
@avogatro: Go
Soup isn't tasty without salt. I'm sure they have.
@avogatro: Go
No, even if you delete the bank and save the exact same data under the same circumstances, the signature is the same. The signature stays the same if the bank is overwritten with the same data as well. At least as far as I have noticed, there could always be a bug.
Now only thing that worries me is the rare occurrence of a bank validation failing on a legit signature. I'm hearing from several different popular maps where some people's saved stuff are getting deleted.
@Mephs: Go
First of all, dont use all caps, and second off all, It looks like blizzard thinks that melee is far more important that custom maps. Just look at all the bugs in wc3 editer, or the popularity system(which is conviently bypassed by having all the "blizzard" maps having a unique category), or the sc2 upload limits, or pretty much the rest of bnet2.0
OK then use the signature.
The last possibility for hacking is reverse engineering :D
Hope blizzard don't use local mashine to do the siganture.
Well, look at the ladder forums.
Everywhere you look you see complaints about imbalances which are not being taken care of (which are very subjective sometimes lol), complaints about how the matchmaker pairs people together, complaints about people who got stuck in their leagues or about positional imbalances in melee maps.
Of course Starcraft is mainly a game to be played and not a toolkit for us mappers. Still, it's not like they are quick to fix bugs in general.
Verify Signature should work offline too, shouldn't it? In Test Maps or during offline play. Well, it most probably will, since you couldn't load signature'd banks otherwise. Which would mean the local machine does it.
Awsome question avoiding skills you got there boys.
PhantomInfernal: "This actually means that bank signatures are theoretically completely secure from other players tampering with your bank files. Unless of course someone cracks how the signatures are created or hacks into your Starcraft account in general."
However, to clear this up, we are able to make a secure save/load system?
@Ceratul: Go
To give you the best answer I have:
Although we don't exactly know how the signaturs work I can tell you that it won't be completely secure. It can still be cracked.
However, depending on how hard it will turn out to be, we might not see many banks cracked because of the effort evolved in it.
Hi,
how about putting all important functions and stuff into a MOD? AFAIK MODs aren't stored on the client side and so you can't read them with a mpq-editor. So all custom Items, XP, Points, save-load processing into the MOD would make it more save?
Eg. The map "Chrono Agents" seems pretty save for me (as save as a map can be in sc2). (Or am i just not intelligent enough? :P )
Greetings
Edit: mods are saved too, i just didn't search hard enough. So *cough* forget it :P
Good craftsmanship needs incentive... a server hosting an sc2 mod (gathering the stats from sc2 games from the mod for instance) with a good size community would warrant loads of stuff working for a decent "locking" of maps/mods results banks etc...
Just do it so it's too long to decipher and change it as frequently as your paranoia / time to devote to it ratio allows you (change regularly before you feel it's "been out too long")
Anyway it's communities that find cheats or thieves, not coding... coding is just a buffer of time.
the only real problem is blizz publishing security coding, they won't .. they'd loose control...
How would i go about it:
Coding blizz woud not allow yet is out...
A set of starting scan checks for players (before game (feature in mod)), then irregular checks (maybe save specific information for a follow up if needed (by admin) for instance, the ways are numerous and that's the whole point: buy time and change / mix them) through out the game, to finish in an admin checking of each of the "replays" stats for players or mapmakers to have to contend with would do fine... but it's work to be done (graciously)... much like updating after patches, advertising, coughboostingcough... all work! It needs incentive (several thousand people invested in the mod) for it to be worth it...
Sad thing: the incentive works for hacker too (they would only "work on" a highly successful mod.
And we do have a great community potential.
@TimSin112:
mods are still downloaded to the client PC and can still be opened with an MPQ editor without anything stopping you.
The new top maps in europe neither use signatures, nor encrypt or compress their data.
If people at least used the tools they gave us 90% of the people willing to hack a bankfile will give up. Who really wants to search for the mapfile, look at the raw galaxy script and try to understand the encryption/compression functions just to have some more xp or fame?
@maverck: Oh, yes, you are right. Thx for clearing.
@Rushhour: Go
Lol. I put a really confusing trigger in my prisoner rebellion map to save out your wins to losses as something like "SDHA*34Hada"... and the trigger itself was so poorly organized no one could read it if they opened the map haha.
Also, as 'unprotected' as any client-side data is... I was quite surprised when Blizz released SC2 they let us download it ahead of time. I was shocked, guessing some random dude would crack it open before 'official' release. So what did they use to protect their data? And why can't we do the same in a bank file? (FYI I'm asking genuinely... i don't know).