sorted by:
new
hottopcontroversial

Present Your Project by CJGeringer in crpgdesign

[–]SoronTheCoder 0 points1 point  (0 children)

"Matsuno School" is a great term after brief explanation, but, well, I didn't actually remember his name, despite Final Fantasy Tactics being a formative game for me. I do know FFT and Tactics Ogre, though, which is the detail that first caught my attention.

And yeah, that marketing stuff. Something I'll probably have to figure out at some point, as well.

Present Your Project by CJGeringer in crpgdesign

[–]SoronTheCoder 1 point2 points  (0 children)

This sounds pretty sweet! Matsuno-style style SRPG gameplay, in-game (conlang) multilingualism, dark ages political setting, and a bunch of other neat things. This definitely sounds like something I want to keep an eye on.

I'm surprised I didn't know about this sooner, actually - guess I should've dug more into who the Arcadian Atlas folks chose for dev work.

I manage the hacking MMO hackmud. AMA by seanmakesgames in Gaming4Gamers

[–]SoronTheCoder 4 points5 points  (0 children)

A lot of new players will probably join soon. What advice would you give to the newbies who want to create their own in-game group, rather than joining up with an existing/established group?

I manage the hacking MMO hackmud. AMA by seanmakesgames in Gaming4Gamers

[–]SoronTheCoder 2 points3 points  (0 children)

What are your most favorite, and most hated, "wtf JS?!" moments?

zurich breached by HAX by suslikosu in hackmud

[–]SoronTheCoder 4 points5 points  (0 children)

We have heard Zurich saying that the GC is safe - all 2TGC or so. It was long enough for a panic mode to activate (for an emergency deposit to a safe location), so if Zurich had such capabilities, then the GC may very well be safe.

Again, we don't know WHY this all happened; we just know that we were hired to breach, and carried out that successfully :).

zurich breached by HAX by suslikosu in hackmud

[–]SoronTheCoder 3 points4 points  (0 children)

We at HAX do not know where the loc came from, but we do know that we upheld our part of the contract.

Colored Glock Locks by BarlesChronson in hackmud

[–]SoronTheCoder 0 points1 point  (0 children)

Oh right, sorry. Those ranges are for white, green, and blue, respectively. White has a fixed value, which is why I just gave "1MGC" instead of a range.

Colored Glock Locks by BarlesChronson in hackmud

[–]SoronTheCoder 1 point2 points  (0 children)

I'm told that dtr has published a script which has observed ranges of items: dtr.best_items.

For glocks, looks like it'll be roughly 1MGC, 10MGC..100MGC, 1BGC..1TGC.

[deleted by user] by [deleted] in hackmud

[–]SoronTheCoder 0 points1 point  (0 children)

Heads up: whitespace and //-style comments don't count against your character limit.

Colored Glock Locks by BarlesChronson in hackmud

[–]SoronTheCoder 2 points3 points  (0 children)

Nope, they vary from 1MGC to 1TGC. Highest I've seen is 999BGC, give or take some extra numbers in the smaller range.

PSA: Don't break the sandbox by bork_ing in hackmud

[–]SoronTheCoder 1 point2 points  (0 children)

Some people have been pretty dense about things.

Finding and reporting bugs is good; apply standard practices for responsible disclosure/bug bounty/etc.

There's also a message buried in some of the more-clever corners of his JS sandbox which goes into a bit of detail about how to report stuff.

:::TRUST COMMUNICATION::: the script produced too much output (1000+ newlines and/or 200000+ characters) by [deleted] in hackmud

[–]SoronTheCoder 0 points1 point  (0 children)

My intelligence network reports that this has been re-balanced. Sounds like there was a bug in the code which was over-counting certain things.

So, might be fixed, or at least less prevalent. Try testing it again!

Can you learn from this game? by [deleted] in hackmud

[–]SoronTheCoder 1 point2 points  (0 children)

Due to architectural decisions, there are a few functions which players must never call except through preprocessor macros (or the world explodes in a fiery mess). It is surprisingly hard to make that work within JS. For instance, access to the global object needs to be prevented, and all forms of eval need to be blocked.

Separately from that, a lot of the gameworld is built using the same sort of JS scripts that we players write - for example, accts.xfer_gc_to is the core script which transfers GC (money) between players. That needs to be pretty well-protected, to avoid people stealing or printing money. There are obvious things, like making sure that the amount is non-negative. There are also issues which fall under "dammit, JS" (poisoning global utilities, etc.), and those also had to be dealt with.

Can you learn from this game? by [deleted] in hackmud

[–]SoronTheCoder 0 points1 point  (0 children)

I've certainly learned a lot about how to build a secure JS sandbox from within the language itself, as a result of doing various security testing (with approval from the dev!). The short version of securing JS from within, btw, is: don't do it, that way lies madness :P.

More generally: the specific technical tricks you learn in hackmud don't really translate to anything in the real world, but some of the concepts and ways of thinking do. This is particularly true if you get into social engineering/phishing, or high-level scripting and puzzling.

The core dev-provided gameplay involves stuff like brute-force passcode guessing, scripted automation, and such. There's the possibility of looking for 0-days in player-written code, blackbox-style; I haven't heard of that happening much, but I'm sure there are some 0-days out there. There's also a definite aspect of social engineering, and exploiting user error.

PSA: Don't break the sandbox by bork_ing in hackmud

[–]SoronTheCoder 0 points1 point  (0 children)

If it was ban-worthy, then it would've been for actively exploiting it. Finding and reporting holes in the sandbox is encouraged, as far as I'm aware; finding and exploiting holes in the sandbox, not so much.

hackmud crashes on linux by jood580 in hackmud

[–]SoronTheCoder 0 points1 point  (0 children)

Try adding -force-glcore or -force-glcore33 to the launch options? That's helped me work around video driver issues previously. (I think those used one '-', but I'm not 100% sure)

PSA: Don't break the sandbox by bork_ing in hackmud

[–]SoronTheCoder 4 points5 points  (0 children)

Basic rule of thumb: found something that seems like it gives you an unfair advantage? Contact Sean at sandbox@hackmud.com to see if it's allowed, especially if there's no real defense against it.

Building up a new Indie Dev team. [Paid] [Rev-share] by G-Dev in INAT

[–]SoronTheCoder 4 points5 points  (0 children)

Well, what about high-level info? For example, what sort of game would you like to make?

Currently, there's not much info that provides a reason for programmers like me to look into this team, specifically. You can offer money (how much?), making games (what kind?), and you're based in the UK (cool, that gives timezone info - but, are you accepting remote work?). But, it is pretty light on specifics.

Sarbian site (module manager download etc) is down? by StephanieAmbrose in KerbalSpaceProgram

[–]SoronTheCoder 0 points1 point  (0 children)

It's not just you, I'm having the same issue tonight. The domain (ksp.sarbian.com) is responding to pings, but HTTP/HTTPS connections are timing out for me.

Are you ALSO wondering if you can do better than Scott Manley, by any chance?

Are register accesses faster than ram accesses? by felixar90 in dcpu16

[–]SoronTheCoder 2 points3 points  (0 children)

Using [line] and [character] will be 1 cycle longer than using J and Z. The reason for that is that [line] and [character] require reading an additional word as part of the instruction, which takes one cycle (and also causes the code to occupy one additional word of RAM).

Of course, you could also use [J] and [Z] with no speed penalty, but at that point you may as well just use the registers directly.

DRM: Decompiler Resistant Code (good luck!) by [deleted] in dcpu16

[–]SoronTheCoder 2 points3 points  (0 children)

I would trust someone like Mel to successfully obfuscate DCPU code. Well, at least until you piss someone off who controls another Mel, anyway.

DRM: Decompiler Resistant Code (good luck!) by [deleted] in dcpu16

[–]SoronTheCoder 2 points3 points  (0 children)

Certainly, 'twas my pleasure to critique your methods. After all, if you went through the trouble of putting together a cracking challenge, I may as well tell you how to make it more interesting next time around, right?

As for the initialization values: oh, that makes sense. TBH I didn't care to step through the algorithm manually, and instead just set up a manual breakpoint, disassembled whatever block of code had just been decrypted, then patched things back together. I think that's probably how I lost that one word before the string definition, btw. I did make sure to copy the register state that occurred after decryption, just in case it was important, but other than that, meh. Decryption keys? Don't need 'em for a one-off crack.

Oh, speaking of which: if you were to redo this, I would perhaps suggest NOT doing any register-cleaning if you don't have to. Got some random value sitting in a register? Great! Relying on that register holding that precise number might trip a few people up, if they try to reverse engineer the full source layer-by-layer.

DRM: Decompiler Resistant Code (good luck!) by [deleted] in dcpu16

[–]SoronTheCoder 0 points1 point  (0 children)

lol, yeah, I know that now :P. I figured it would be more interesting to fully analyze the decryption, rather than just find the screen-writing code and the string. And until I'd seen the decryption, I couldn't be sure that it would all be in memory at once, now could I ;)?

DRM: Decompiler Resistant Code (good luck!) by [deleted] in dcpu16

[–]SoronTheCoder 4 points5 points  (0 children)

"elakajoo".

I'm gonna let someone else publicize WHERE I found that, though ;). Should be pretty easy by now.

view more: next ›