Cyanide Dice Hacks

[VoodooMike]

Beer? Reading that thread, Jorthax owes captpir8 his savings - maybe the party is on the good Capt?

Technically Jorthax was correct - there's no good way to INFLUENCE the dice rolls. If you alter the value of a dice roll locally then you've got a sync error in the making (which, I should add, is in itself a way to exploit the system). The dice can be predicted, but it is far from a trivial process as many of the armchair programmers seem to claim. He was wrong about the dice being server side, of course. It is logical to assume they are when you seem to be playing through a central server, but we know quite well by now that logical assumptions have no place in discussions about Cyanide products.

Well, at least the publicity generated by this finally forces Cyanide to fix the issue that has been around since the first digital BB they produced. I just hope they would do something about the intentional disconnects that cause games not to get registered (a way to avoid any losses).

And technically they did do something about the disconnects... it was just that their solution is ultimately worse than the problem they set out to solve. Previously if you didn't submit a match report (because you killed the game) the game results were simply not recorded for you. Now, if you submit no match report it uses the match report submitted by the other guy to update your team.

Thus, a p2p game is altering YOUR team based on a report generated completely on another PLAYER'S computer. Its like letting my computer submit password changes for your account based on the assumption that nobody would ever bother to abuse it...

[TuernRedvenom]

And technically they did do something about the disconnects... it was just that their solution is ultimately worse than the problem they set out to solve. Previously if you didn't submit a match report (because you killed the game) the game results were simply not recorded for you. Now, if you submit no match report it uses the match report submitted by the other guy to update your team.

Thus, a p2p game is altering YOUR team based on a report generated completely on another PLAYER'S computer. Its like letting my computer submit password changes for your account based on the assumption that nobody would ever bother to abuse it...

Surely they at the very least add some kind of hash check to such a match report then to make sure nobody tampers with it. Right?

[Darkson]

http://morgnth.org/phpBB3/viewtopic.php?f=7&t=66

[Darkson]

http://www.cyanide-studio.com/forumBB/v ... 25&t=22947

BLOOD BOWL - LEGENDARY EDITION - 2.0.0.4 UPDATE (41 MB) FOR THE DVD/DIGITAL VERSIONS EXCEPT THE DIGITAL STEAM VERSION:

1. Click http://www.focus-files.com/patchs/bb/bb ... -0-0-4.exe
2. Save bble-update-2-0-0-4.exe application file on the hard disk.
3. Once download done, run bble-update-2-0-0-4.exe and follow the instructions.

If you have Windows Vista or Windows 7 and you cannot install the update:
- Right mouse click bble-update-2-0-0-4.exe application file and click Run as administrator.

BLOOD BOWL - LEGENDARY EDITION - 2.0.0.4 UPDATE (41 MB) FOR THE STEAM VERSION ONLY:

THE UPDATE WILL BE AUTOMATICALLY AVAILABLE TONIGHT BUT YOU CAN UPDATE THE GAME MANUALLY NOW.

1. Click http://www.focus-files.com/patchs/bb/steam-2-0-0-4.zip
2. Save steam-2-0-0-4.zip file on the hard disk.
3. Once download done, open steam-2-0-0-4.zip file.
4. Open the 2-0-0-4 folder.
5. Copy all folder content in the Blood Bowl Legendary Edition folder located by default in "\Steam\steamapps\common\".

---------------------------------------------------------------------------------------------------------------------

PATCH NOTES 2.0.0.4:

- It is now possible to chat during Matchmaking research.
- Mercenaries will not lose their extra skill when loading a saved game.
- Replay playback is now working correctly.
- Tentacles and Shadowing are now combining normally.
- A player that has been hypnotized can't use Shadowing anymore.
- Players that collapsed from heat exhaustion will now be properly put in reserve.
- A Vampire that failed the Blood Lust roll will now properly leave the pitch on the time limit turnover.
- Players will always be 11 on the pitch (if there are enough of them for that).
- Players won’t be able anymore to "gracefully" cancel the game in the Pre-Match sequence using the ESC key.
- Update of the manuals, integrating last development information.
- Addition of the Italian manual in PDF version.
- Modifications on the dice generator.

WARNING: using a cheating system during a multiplayer match will end the match and offer victory to the non-cheating player.

Blood Lust is still not 100% CRP compliant, we are doing our best to fix it as fast as possible.

[VoodooMike]

Surely they at the very least add some kind of hash check to such a match report then to make sure nobody tampers with it. Right?

I guess, though it all comes down to how you do the tampering. If the only thing you need to contend with is editing of the .db file on the disk then sure, that could work, so long as you don't pull the hash generating algorithm out of the program and just slap the appropriate hash in for your edit. If you modify the data in memory, however, the game would write it to disk and sign it with that hash on its own. With no server-side component the program has no choice but to trust the data it has in memory.

WARNING: using a cheating system during a multiplayer match will end the match and offer victory to the non-cheating player.

THAT should be interesting. I look forward to seeing how they plan to make that happen!

[TuernRedvenom]

Surely they at the very least add some kind of hash check to such a match report then to make sure nobody tampers with it. Right?

I guess, though it all comes down to how you do the tampering. If the only thing you need to contend with is editing of the .db file on the disk then sure, that could work, so long as you don't pull the hash generating algorithm out of the program and just slap the appropriate hash in for your edit.

This I understand, in this case the system is only as secure as the hash algorithm, if somebody figures that out/cracks it you're in trouble. But any serious programmer should know this and make sure the hash algorithm is very hard to break (nothing is impossible of course).

If you modify the data in memory, however, the game would write it to disk and sign it with that hash on its own. With no server-side component the program has no choice but to trust the data it has in memory.

This would be the best hack, but it seems extremely difficult to perform. The game should keep this data in memory for only a very short time before it's signed off and created on the disk. That's a tiny window of opportunity to search through the memory and replace the right values before its signed.

But this is all assuming the report is signed in the first place. Somehow my confidence in this in this isn't so great...

[Darkson]

But any serious programmer should know this

Already in trouble talking about Cyanide then...

[txapo]

already released patch 2.0.0.5 as the .4 had serious playing problems "¿¿due to the lag and distance of the servers rolling the dice???"

so don't download the one posted over this lines but the one that downloads when launching the game!!!

[dode74]

These are cumulative patches, I understand, so 2.0.0.5 contains 2.0.0.4 anyway. There's a link to it on the Cyanide boards.

[VoodooMike]

This I understand, in this case the system is only as secure as the hash algorithm, if somebody figures that out/cracks it you're in trouble. But any serious programmer should know this and make sure the hash algorithm is very hard to break (nothing is impossible of course).

Serious programmers don't even try to create their own hash algorithms - there exist a myriad of really good and well tested by the cryptographic community algorithms that should be chosen from. Nobody is good at everything, which is why you go with the tools made by people who are good at making that type of tool. There's a reason MD5 and SHA1 are in massively widespread use despite the algorithms being extremely open and well known.

This would be the best hack, but it seems extremely difficult to perform. The game should keep this data in memory for only a very short time before it's signed off and created on the disk. That's a tiny window of opportunity to search through the memory and replace the right values before its signed.

Not hard at all. Remember that when it comes to computer operations ALL windows are small, but outside programs work just as lightning fast as your own does. What the game should do is keep data in memory ONLY - there's no good reason to write it to disk at all. To use an analogy, writing the team data to disk for online play purposes is like putting the dish-rag down while doing dishes. You pick up a dish, pick up the rag, wipe the dish, put the rag down, put the plate in the rack... repeat. Know what works better? Remove the pick up and put down steps and just keep the rag in your hand.

As far as MM type stuff goes, I wouldn't hand players their roster and say "make whatever changes you want and hand it back to me for filing". I'd say "tell me what changes you want to make and I'll change your roster for you".

[PhilG23]

Is anyone else having issues with 2.0.0.5?

I updated tonight and then started getting Virus warning from my AVG and it wouldnt show any of my loaded games or even start a game.

I had to re-install and go back to 2.0.0.0 to get anything to work.

Any ideas??

[VoodooMike]

Two issues you might have with your antivirus program and the new patches, both of which are false positives I should add:

1) DFA.DLL trips some antivirus programs because of the way it tries to protect its code.

2) pmcc is now trying to use code and memory juggling to protect the RNG from viewing, which some antivirus software might also dislike.

In essence, the heuristics on AVs don't trust any "tricky" code because that's exactly the kind of thing that viruses and trojans tend to do to hide themselves from antivirus programs. There are legitimate reasons to do it in your programs, but far more illegitimate uses for it than legitimate, hence the AV alarm bells.

[PhilG23]

Cheers Mike

That's the "why" out of the way. Any ideas on what to do about it?

[PhilG23]

Found the solution.

Update AVG to 2011 and it works fine.

[TuernRedvenom]

This I understand, in this case the system is only as secure as the hash algorithm, if somebody figures that out/cracks it you're in trouble. But any serious programmer should know this and make sure the hash algorithm is very hard to break (nothing is impossible of course).

Serious programmers don't even try to create their own hash algorithms - there exist a myriad of really good and well tested by the cryptographic community algorithms that should be chosen from. Nobody is good at everything, which is why you go with the tools made by people who are good at making that type of tool. There's a reason MD5 and SHA1 are in massively widespread use despite the algorithms being extremely open and well known.

That's why you take such an algorithm and change it a little bit. If a vulnerability comes to light (MD5 was widespread but is now considered insecure) a "default crack tool" won't cut it right away and gives the developer some time to make a better implementation.

This would be the best hack, but it seems extremely difficult to perform. The game should keep this data in memory for only a very short time before it's signed off and created on the disk. That's a tiny window of opportunity to search through the memory and replace the right values before its signed.

Not hard at all. Remember that when it comes to computer operations ALL windows are small, but outside programs work just as lightning fast as your own does. What the game should do is keep data in memory ONLY - there's no good reason to write it to disk at all. To use an analogy, writing the team data to disk for online play purposes is like putting the dish-rag down while doing dishes. You pick up a dish, pick up the rag, wipe the dish, put the rag down, put the plate in the rack... repeat. Know what works better? Remove the pick up and put down steps and just keep the rag in your hand.

I agree that writing the file seems redundant, but are you sure it's not just a backup? It could send it from memory but write the file for diagnostic purposes anyway.