Topic
Bank Signatures - Secure?
|
Edited by Brian on 4/26/11 6:11 AM (PDT)
As far as I know, the algorithm for producing a bank signature hasn't been cracked yet, which means that people cannot create bank signatures for their own sets of information to be used in your map.
If your bank file's purpose is to store scores or statistics and each player will be receiving one, then the bank signature will suffice as protection, given that you verify it at the start of each game. The map author's name is not part of the signature, IIRC. |
This is the problem though, without the authors name or ID it's easy to bypass the signature, you simply copy the bank file, create your own map, rewrite the bank file with your changed data, and you have a 100% valid signature that you created. Takes a whole of 5 minutes. I guess we need to find out for sure whether or not the authors name is involved when banks are saved from multiplayer. |
|
Bank signatures use:
1. Bank Data 2. Author Name 3. Player Name I have been told they can be cracked, although I have seen no proof of this to this day. So if they can be cracked, very few users know how to do it and have yet to post the information publicly online (Hopefully it stays that way). My map uses bank signatures and does not encrypt the data in the bank for player scores. Not one player has been able to tamper with their scores, so I would say bank signatures are more than secure enough for score tracking or save files. You can easily test bank signatures yourself. 1. Change the data in the bank, watch as the signatures change. 2. Have a friend publish a map that generates the same bank as one you published. Play both and compare the signatures. 3. Send a bank file to a friend and see if it still works. The real problem is that if a player leaves or drops from the game when the data is being written, the bank will invalidate and their scores will reset. |
|
If the bank signature includes the author, how does downloading the "locked" map help? Even if you have the map, when you open and do something you become the author so the signature change.
That method works for bypassing encryption, but shouldn't work for signatures *if* they include the author. |
I guess the only thing you can do against this is to make 2 copies of the bank, and only save 1 during the game, then do a backup bank at the end of the game or something? So worst case they end up with 1 game old data. |
|
1. Copy map you want to hack.
2. Edit code to give you a rigged bank. 3. Join an empty lobby of that map on bnet. 4. Replace original map with hacked copy. 5. Start game. 6. Get rigged, signed bank. 7. Replace hacked map with original map. 8. Trololol your opponents. |
1. Copy map you want to hack. You can actually replace the local map file after you have joined the lobby? Don't they do any validation before it loads? |
|
Really? Starting a game and changing the map file with the intent of hacking the bank file seems like a good reason to be banned.
However, their system should do a checksum of the map they are loading and simply not allow it to happen in the first place. Fix the holes first, ban later imo. So does anyone have 100% confirmation that the map author is used in the generation of the signature, I'm still getting mixed reports. |
1. Copy map you want to hack. Good thing it doesn't work. |
|
Oh ok. Yeah that's what I'm just trying to find out if they are secure or not, as there have been a few posts from people that think they can easily be cracked in a few minutes.
Rodrigo keeps claiming his scores are getting hacked, I'm not sure if it's happened since signatures. |
Really? Starting a game and changing the map file with the intent of hacking the bank file seems like a good reason to be banned. Yeah it's immoral, but... What ToU/EULA section are they violating? :P. ________________________________________________ The Chat Gem Lives! |
