Load the password from the player's bank. Generate a hash from the password and if the generated hash matches the hash in the map, give the player admin powers.
Even if people hack into the map, all they see is the hash that the generated hash needs to be equal to. It would be infeasible to reverse the hash for the password.
The only potential problem I see with this is if there is a way to see the values loaded from other player's banks online. Is it possible to see those values?
The hash function I'll be using is magnificence7's implementation of SHA-256. What do you think?
For the purpose of this topic, ignore Blizzard's method of bank signature verification. Besides, I heard someone hacked it already. If not, well just focus on whether this is secure or not. I know I could use the signature to implement this but I don't trust it 100% yet.
Blizzard Bank Signatures aren't save. In fact they are very easy to hack (once you found out, how). Many won't break it, but there are still people, who are able to.
I don't have any good idea how a hacker could get the password. (How long does it take to break the hash, with your password size?)
-getting it from replay(not sure if possible)?
-try to intercept your password, before its hashed
-try to "steal" your bank
For my knowledge its the second best solution. The best solution is still not using any admin privileges.
Hash shouldn't be feasibly breakable, it's SHA-256. I'll generate a random 24-48 alphanumeric character password. I don't need to remember it anyway since I just put it in my bank.
Hashes aren't reversible. The idea is that multiple strings can hash to the same thing. So it's feasible to accidently pick a string that hashes to the same string, but the longer the hash the less likely this is. From a hash, it's impossible to get the source string, because there's no way to determine how long the source string is. It is extemely difficult, although not 100% impossible, to hack. Brute force is the best method to hack it, which is exteremely inefficient.
I think this is a pretty clever idea and it should prove stronger than just relying on bank security. However, the three options TimSin mention may or may not be viable ways to circumvent the hash altogether. Unfortunately, a system is only as secure as it's weakest link.
Rollback Post to RevisionRollBack
Pocket Warriors - A pokemon-style game with SC2 units and full banking. New demo coming soon!
Banks are loaded for every player into the shared gamestate during the map's loading, so even if you're only reading the bank and the map doesn't know the password, you're still vulnerable.
Surely the map would have to have the key inside it to be able to generate the hash? Why couldn't someone hack the map, find that key and then run a program that repeatedly generates a hash from a random password using that key until the hashes match (Or systematically instead of randomly)? Although I probably have the idea completely wrong :/
You don't need a key to run a hash. The hash itself would be stored in the map, and the bank would store a password to be hashed. As I said, hashes aren't reversible (per se). Yes, it can be brute forced as you say. The larger the hash, however, the more difficult this becomes. However, since you don't need to match the actual password, just the hash, this could be a little easier. You just need any password that matches that hash, and it doesn't have to be the original.
As motive said, however, the password would be transmitted over the network during map initialization. A packet sniffer could retrieve the password in plain text fairly easily.
Rollback Post to RevisionRollBack
Pocket Warriors - A pokemon-style game with SC2 units and full banking. New demo coming soon!
Could someone post a link to someone bypassing bank signatures?
As far as I can tell unless Blizzard let slip their algorithm for generating bank signatures, they are impossible to crack and would be completely secure.
As for the OP, that is the method used in my map and no one has cracked it since that method was implemented.
This is a very popular map with many avid hackers and quite a few people that hate me as well and would love to crack it. I would say the method is very safe, and while obviously brute forcing is an option, most people aren't even going to bother wasting that much time. Combine the method you mentioned with a bank signature, and you have a very secure system. (Basically make a trigger to generate the bank and add the signature, then delete that trigger before publishing)
I mean, if you put a condition like "name of player sending the message equals adminame" you could safely implement this, cause I doubt they'll re-puload your map with changes, or they'll buy a new name.
I'm not sure if that's available as an option (in W3 it was), so no idea, but I think it may work fine. For once, Bnet 2.0 limits are at our side :).
Infernal, wasn't there a player that hacked the admin system and abused it to kick/ban players? I actually brought this up to Tordy yesterday, because it seemed like the BNet report system actually worked in the instance. Or maybe you just changed your map?
Rollback Post to RevisionRollBack
Pocket Warriors - A pokemon-style game with SC2 units and full banking. New demo coming soon!
In past versions the admin system was not stored very securely.
This was at a time when I didn't know how terrible the "Locking" on Blizzard's part was.
However since a system like one the OP mentioned was put into place I haven't heard of anyone cracking it.
In fact the score tracking hasn't even been hacked yet and that isn't even encrypted, it just uses bank signatures. (This is why I wanted to know if bank signatures were really hacked, or if people just don't trust Blizzard)
As far as I can tell unless Blizzard let slip their algorithm for generating bank signatures, they are impossible to crack and would be completely secure.
As for the OP, that is the method used in my map and no one has cracked it since that method was implemented.
This is a very popular map with many avid hackers and quite a few people that hate me as well and would love to crack it. I would say the method is very safe, and while obviously brute forcing is an option, most people aren't even going to bother wasting that much time. Combine the method you mentioned with a bank signature, and you have a very secure system. (Basically make a trigger to generate the bank and add the signature, then delete that trigger before publishing)
Yesterday I hacked Nexus Word Wars after RodrigoAlves added banksignatures (EU). He told me to try again. It's not much efford if you know how to do it (the bank signature part at least).
NWW is really very ugly code to hack (those triggers,values,functions look all the same and its really fuzzy...) and was much more work than the lame bank signature. I PMed it to RodrigoAlves and told him what he could do better but there's not much he can do better :/
I don't want to "destroy" any map, that's why i don't share the "exact" way, how i did it.
I didn't see "my method " anywhere so far, so i won't tell it to prevent abuse, since it only could be fixed by blizzard itself...
PhantomInfern, can you tell me your map, because i can't see it in your profile. So i could give it a try on your map. :)
If bank values can be read, then i think the only way for the hacker to to get the password is if he manages to play the same game as the admin that has the correct password loaded. Assuming the admin never plays w/ parties, odds of the hacker encountering the admin in a super popular map is really low. But it could still happen if the hacker is dedicated to it!
My hypothesis would be wrong if the hacker manages to crack the password in a region where there are no admins. For example I only play in NA and i'm the only one that has the password in the bank. If I were to upload my map to EU where no one has the password but then someone figures it out, then this method is no good.
Of course someone from NA could've encountered me and told the guy from EU, but let's assume that doesn't happen.
I do like the idea. Admins are few and far. Chance of random hacker meet with admins and saw him using admin power on his own map is very rare.(So eliminate capture network traffic, banks or replay) Beside that, final hash value in inside map can be changed as frequent as once a week.
I dont have much knowledge into how knowing the hash method used (by hack open your map) help in brute-forcing the password but this should be time consuming enough.
Well that's the thing, you can't easily reverse engineer it. A good hashing function is a one-way function in a sense that it's infeasible to reverse engineer it.
As for why add admin functions, I think it's convenient way of debugging things in a random online setting without having to setup a party of testers everytime. One things for sure, I wouldn't add things like kicking or banning since those features are easily bypassable and in the end would only hurt a map.
btw by admins i mean people that have special commands to change variables and stuff, not necessarily an admin that manages an entire community of the map. We all know that doesn't work with a system where almost everything is client-side.
The hashing function is the best way to secure Admin rights. If it is a good hashing function, there is no way to break it. But Hackers dont need to.
Every game you play with that bank in the right folder, you are risking to reveal it. Hackers ingame or getting the replay of that game can easily get the bankvalue.
But if you change that password every update or every week, the hacker can't do much against it. Also old replays aren't a threat anymore.
Load the password from the player's bank. Generate a hash from the password and if the generated hash matches the hash in the map, give the player admin powers.
Even if people hack into the map, all they see is the hash that the generated hash needs to be equal to. It would be infeasible to reverse the hash for the password.
The only potential problem I see with this is if there is a way to see the values loaded from other player's banks online. Is it possible to see those values?
The hash function I'll be using is magnificence7's implementation of SHA-256. What do you think?
For the purpose of this topic, ignore Blizzard's method of bank signature verification. Besides, I heard someone hacked it already. If not, well just focus on whether this is secure or not. I know I could use the signature to implement this but I don't trust it 100% yet.
@tordecybombo: Go
Blizzard Bank Signatures aren't save. In fact they are very easy to hack (once you found out, how). Many won't break it, but there are still people, who are able to.
I don't have any good idea how a hacker could get the password. (How long does it take to break the hash, with your password size?)
-getting it from replay(not sure if possible)?
-try to intercept your password, before its hashed
-try to "steal" your bank
For my knowledge its the second best solution. The best solution is still not using any admin privileges.
Hash shouldn't be feasibly breakable, it's SHA-256. I'll generate a random 24-48 alphanumeric character password. I don't need to remember it anyway since I just put it in my bank.
@TimSin112: Go
Hashes aren't reversible. The idea is that multiple strings can hash to the same thing. So it's feasible to accidently pick a string that hashes to the same string, but the longer the hash the less likely this is. From a hash, it's impossible to get the source string, because there's no way to determine how long the source string is. It is extemely difficult, although not 100% impossible, to hack. Brute force is the best method to hack it, which is exteremely inefficient.
I think this is a pretty clever idea and it should prove stronger than just relying on bank security. However, the three options TimSin mention may or may not be viable ways to circumvent the hash altogether. Unfortunately, a system is only as secure as it's weakest link.
@jaminv: Go
Banks are loaded for every player into the shared gamestate during the map's loading, so even if you're only reading the bank and the map doesn't know the password, you're still vulnerable.
@MotiveMe: Go
Ok. That's the kind of info Tordy was looking for. If the bank data is being transmitted over the network, thats going to be the weak link.
Thanks Motive for clearing that up.
Surely the map would have to have the key inside it to be able to generate the hash? Why couldn't someone hack the map, find that key and then run a program that repeatedly generates a hash from a random password using that key until the hashes match (Or systematically instead of randomly)? Although I probably have the idea completely wrong :/
@wOlfLisK: Go
You don't need a key to run a hash. The hash itself would be stored in the map, and the bank would store a password to be hashed. As I said, hashes aren't reversible (per se). Yes, it can be brute forced as you say. The larger the hash, however, the more difficult this becomes. However, since you don't need to match the actual password, just the hash, this could be a little easier. You just need any password that matches that hash, and it doesn't have to be the original.
As motive said, however, the password would be transmitted over the network during map initialization. A packet sniffer could retrieve the password in plain text fairly easily.
Could someone post a link to someone bypassing bank signatures?
As far as I can tell unless Blizzard let slip their algorithm for generating bank signatures, they are impossible to crack and would be completely secure.
As for the OP, that is the method used in my map and no one has cracked it since that method was implemented.
This is a very popular map with many avid hackers and quite a few people that hate me as well and would love to crack it. I would say the method is very safe, and while obviously brute forcing is an option, most people aren't even going to bother wasting that much time. Combine the method you mentioned with a bank signature, and you have a very secure system. (Basically make a trigger to generate the bank and add the signature, then delete that trigger before publishing)
Hm...
Have any of you tried checking the "playername"?
I mean, if you put a condition like "name of player sending the message equals adminame" you could safely implement this, cause I doubt they'll re-puload your map with changes, or they'll buy a new name.
I'm not sure if that's available as an option (in W3 it was), so no idea, but I think it may work fine. For once, Bnet 2.0 limits are at our side :).
@PhantomInfernal: Go
Infernal, wasn't there a player that hacked the admin system and abused it to kick/ban players? I actually brought this up to Tordy yesterday, because it seemed like the BNet report system actually worked in the instance. Or maybe you just changed your map?
In past versions the admin system was not stored very securely.
This was at a time when I didn't know how terrible the "Locking" on Blizzard's part was.
However since a system like one the OP mentioned was put into place I haven't heard of anyone cracking it.
In fact the score tracking hasn't even been hacked yet and that isn't even encrypted, it just uses bank signatures. (This is why I wanted to know if bank signatures were really hacked, or if people just don't trust Blizzard)
Yesterday I hacked Nexus Word Wars after RodrigoAlves added banksignatures (EU). He told me to try again. It's not much efford if you know how to do it (the bank signature part at least).
NWW is really very ugly code to hack (those triggers,values,functions look all the same and its really fuzzy...) and was much more work than the lame bank signature. I PMed it to RodrigoAlves and told him what he could do better but there's not much he can do better :/
I don't want to "destroy" any map, that's why i don't share the "exact" way, how i did it.
I didn't see "my method " anywhere so far, so i won't tell it to prevent abuse, since it only could be fixed by blizzard itself...
PhantomInfern, can you tell me your map, because i can't see it in your profile. So i could give it a try on your map. :)
If bank values can be read, then i think the only way for the hacker to to get the password is if he manages to play the same game as the admin that has the correct password loaded. Assuming the admin never plays w/ parties, odds of the hacker encountering the admin in a super popular map is really low. But it could still happen if the hacker is dedicated to it!
My hypothesis would be wrong if the hacker manages to crack the password in a region where there are no admins. For example I only play in NA and i'm the only one that has the password in the bank. If I were to upload my map to EU where no one has the password but then someone figures it out, then this method is no good.
Of course someone from NA could've encountered me and told the guy from EU, but let's assume that doesn't happen.
@tordecybombo: Go
I do like the idea. Admins are few and far. Chance of random hacker meet with admins and saw him using admin power on his own map is very rare.(So eliminate capture network traffic, banks or replay) Beside that, final hash value in inside map can be changed as frequent as once a week.
I dont have much knowledge into how knowing the hash method used (by hack open your map) help in brute-forcing the password but this should be time consuming enough.
yea that's another good point too, the hash can be changed very easily in case the old password is compromised
couldnt I just open your map look at your trigger scripts and reverse engineer it......
most players wouldnt spend that kinda time though....
but games that require admin privleges really arnt gonna make it anywhere on bnet anyways.
Well that's the thing, you can't easily reverse engineer it. A good hashing function is a one-way function in a sense that it's infeasible to reverse engineer it.
As for why add admin functions, I think it's convenient way of debugging things in a random online setting without having to setup a party of testers everytime. One things for sure, I wouldn't add things like kicking or banning since those features are easily bypassable and in the end would only hurt a map.
btw by admins i mean people that have special commands to change variables and stuff, not necessarily an admin that manages an entire community of the map. We all know that doesn't work with a system where almost everything is client-side.
The hashing function is the best way to secure Admin rights. If it is a good hashing function, there is no way to break it. But Hackers dont need to.
Every game you play with that bank in the right folder, you are risking to reveal it. Hackers ingame or getting the replay of that game can easily get the bankvalue.
But if you change that password every update or every week, the hacker can't do much against it. Also old replays aren't a threat anymore.
Do replays in the current version save bank values? I remember playing a replay of a map w/ banks a while back and the bank values were not saved.