You are viewing a single comment's thread from:

RE: Encryption, upgrades, and VO.3 release

in #drugwars6 years ago (edited)

Your encryption was hacked 3 days ago ...

Sort:  

I take the credit for that ;)

Wasn't even difficult. Maybe you need somebody with better ideas for encryption in your team? 😋

!dramatoken

:) Hi Twinner

Lmaooooooooo

!dramatoken

Ayyyy

!dramatoken


You have DRAMA!

To view or trade DRAMA go to steem-engine.com.


Here's your DRAMA. Don't spend it all in one place!

To view or trade DRAMA go to steem-engine.com.


You have DRAMA!

To view or trade DRAMA go to steem-engine.com.

you're right, pal @ twinner and @mwfiae

Bitch you dont have any drama tokens, go buy 10 on steem-engine and then you can fucking give out free money you fucking Bitch

How?

Won't share until the encryption is removed/replaced with something better :)

Every such action is pushing us to be better and to improve. We are open sourced and in each hack, we see a challenge. We are already working on the next level of encryption ;)

In the meantime, leaving the hacked encryption in place makes the hackers extremely powerful. Why are you empowering cheaters? If you immediately drop encryption when it gets hacked, the hackers pay a penalty equal to the time and treasure they spent to cheat.

Leaving it in place lets them profit from cheating, and penalizes all their victims.

C'mon.

Btw. I haven't cheated with it, was just a little fun side project. I also haven't anything automated ingame.

And it only took 15 minutes of my time. (yes thats how bad the encryption was)

DIdnt hear about the hacking. What are the hackers able to do if they get pass the encryption?

Well it wasn't hacking as much imagine it. (ie breaking into the server and beeing able to change stuff. )
Basically all that it means that the custom_json that drugwars writes encrypted into the blockchain can now be read again. Basically bringing us back to the time before the encryption update.
So while others would only see glibberish, I would be able to exactly tell that you build 400 bouncers. For example.

But they cant write in a million Drugs in their account.. Right?
My technical knowledge in this regard is very limited.

Nope we can not change how the game works or what ressources/units we have.
That would require access to the database/server which wasn't compromissed in any way :)
(But I can check if they used the same password for that as well. that could be funny. )

Nope we can not change how the game works or what ressources/units we have.

I assumed if hackers can do that in AAA games. Change how the game works in multiplayer that it wouldnt be difficult to do in a game like Drug Wars.
I might be wrong.

"Hackers" (more correct would be cheaters) in multiplayer games don't change values on the servers. (ie nobody can just hack to get global elite in csgo), but they can change how the client works and for example emulate a perfect aim. And cheat their way to global elite.

Shouldn't you guys just be encrypting everything with the @drugwars public memo key and decrypting it with your private key? The answer is already built into the platform and can't be hacked.

yep that would be a good idea for security. But it leaves another problem... we (the players) can't verify whats is beeing done in the game. Therefore ruining the blockchain character of the game (why post some bs on the blockchain if nobody can use it? Why not only use a normal database? )

We need a way to verify the transactions, otherwise all the "assets" ingame are practically worthless as an admin/whatever can just cheat any amount and then profit of that.

Why not only use a normal database?

At this point they should be, but they are in too deep and they are basically using the witnesses to create this information that is validated by posting key encryption.

Regardless, you are right, at this point the entire game can be taken off chain if they develop a way to let us sign transactions with our posting keys and send them directly to the server.

This is why the game shouldn't even have a centralized server to begin with. It should be run with a decentalized open-source nodes that all sync together just like a real blockchain would.

Easier said than done, I'm afraid.