Interesting discussion at battle.net + Interesting Idea

Visit this thread, read it all. On the second page an interesting discussion is starting to happen about whether or not you could create a webpage from inside warcraft 3. It would then write to the server. This would fix all game cache issues on battle.net and it would be really interesting to have an online ladder system with the DCM. Each hero could be ranked, have it's name. I wonder how possible this would be to do.

Somehow you would need to convert warcraft 3's floating information into something readable, and then writable. Get all the game variables and store them, then put it into a webpage format at a domain. Anyone have any idea?

cant be done without modifying the game or having players run some kind of 3rd party program, similar to maphack or name spoofer.

If u are really interested in it, I would ask StonedStoopid. I hear hes a programming god and might be able to tell you if its feasible or not.

u could probably hook up with stonedstoopid and make a 3rd party prog. this is getting better and better! i really hope that his DCM is gona kick major ***.

it seems my post was pretty much ignored over there (i think i used too many long words) but there must be a way to get blizzard to add serverside compatability to games... if you don't know what i am talking about look for a post by chaOtic[piOn] on page 1.

acually now that i think about it, it would be easily hackable. in fact I could probably hack that.

Anyone that could do some sort of server hack for this would be awesome. The longer I wait for TFT to be released, the more ideas I think up. 0.o

have u finished every thing? and just thinking of more ideas?

i take back my words yet again. if the sreverside application had a way of determineing what map it sent to it it would be virtually foolproof save direct server hacking.

Actually, this could be possible with no collaboration on blizz's part.

What you'll need is a program like StonedStoopid's that lets the game and a 3rd party prog communicate to each other via a string that the 3rd party prog knows the address of (that's exactly what the fps mod prog does right now). Then the 3rd party prog will be connected to another server (something else that software will have to be written for) and tell it to store info from the string (character stats basically). I imagine it would be relatively simple to make this program be able to determine when the player has exited -- that's when it would upload the information in the string to the server.

When you opened an old game, you'd use the 3rd party prog to put in a username and password (it and the server would also need this feature). It would then retrieve the appropriate string from the server, and put it into the game's memory. Then your character would appear.

Although, now that I think of it, putting it directly into the game's memory would cause a desync. In order to get around this, the 3rd party prog would instead have to make changes in memory to trick the game into thinking the player has selected certain special preplaced invisible units, because this is local and wouldn't cause a desync. Then triggers would be setup in the map to detect the selections and based on this change the player's string, and then create their hero. I have done code very similar to the selection code before and could help StonedStoopid through it if he needed help (I bet he wouldn't).

Now, how is this more secure than making an ingame code?

1. It's just plain more technically sophisticated. Obscurity doesn't necessarily security, but in the WC3 world of stupid L33T PLAY0RZ!!! it counts for alot.

2. Because directly changing the string in memory would cause a desync, the determined hacker would either:

A) have to reverse engineer how selection is reflected in memory like we will have to to make this program, because it won't be open source (more secure in this instance)

B) Record the difference in network traffic when the prog uses the string to start making selections. -- although this is counterable, by throwing in random 'dummy' selections and whatnot, so they would actually have to do some analysis instead of a straight recording.

3. For even more protection, the 3rd party server would keep track of who was in which game (should be extractable from memory -- or at least tell which other players are in the game with them). The server, based on the info it gets from a client about who's in the game, can check to make sure all the other people in the game are connected to the server. If any of them aren't, it can send a response back to the client. The client's 3rd party program will then make several more selections, to spell out a string for the name of the player who is supposedly not connected to the central server. If more than half (if it were all then 2 of them could join a game together undetected) of the players do this, the game will kick (remove their char and disable their controls) the intruder.

4. The element that would probably still be the most vulnerable would be altering the string in the 3rd party program's memory just before it sent it off to the server for saving. First, using a public/private key system the key would need to be encrypted. Second, some method for making the string particularly difficult to find in the 3rd party program's memory would need to be devised. This could mean storing it in random places in memory each time, or even more advanced hijinks. Lastly, the server would check periodically to make sure that the character didn't have more than the max/min for any values (no 9999999 strength, etc.). To make this more difficult still, the 3rd party prog could tell the server each change to the character as it happened (health bonus found, item found, etc.) and then this could be compared to the final product sent. err wait... I just had a better thought:

Do it as a "save as you go" sort of system. Save after every action the player makes that changes their character. Then confirm that the changes made to the character did actually happen by asking all the other clients in the game to corroborate it. For bandwidth purposes there could be a lag behind this (the client sending all character changes that have been done in the last twenty seconds every twenty seconds, etc.) Use the same system as before -- if over half say he's illegit, kick him.

In other words -- not only is it technically possible but you could make it secure! 0_o

Somebody beg StonedStoopid to start work on a concept demo so we can at least make sure it all works, and then start doing tons of development!

*PM's Stoned*

Wow dataangel, either you have too much time on your hands to think of that, or you are really interested (like me! :D).

Also what I was thinking of was when the mod is run (the SEMPQ) it would launch this file. But before it launches warcraft 3, then you would have an option to either create a new hero (possibly through the 3rd party software itself?) or type in an existing username and password. If the username or password does not work, the game will close. If you create a new hero, you would have the option to customize it in the 3rd party software, rather than creating triggers in a map, and once the hero is created, it will encrypt it, save it, and send it.

Another thing that might be useful as a check would be to save a txt file on your hard drive somewhere, when you type in a username/password it will first check your hard drive for the file, if the file checks out OK (ie, no super huge integers beyond the games maximum) it will then check the website for an exact match. Make it even harder to cheat up a hero.

Another thing (again) in order to save bandwidth on my server (assuming this does get very popular) we could have something that would send to a remote computer, not the server entirely, but the remote computer would upload everything to the server in bulk, maybe every 5 mins...

EDIT: As some of you may know, in a txt file, each character is 1 byte. Therefore if we store 200 characters of information, it comes out to 200bytes. 0.2kb, 0.0002mb. Very small.

I could come up with a system that would pass data to a third party program when u typed a message, like lets say /webstats PlayerName. The program would query a webserver and return data back to the game which could then be displayed in anyway that that the game allows via its trigger/jass interface. Though you said you wanted to display a webpage, that isnt possible. Only text, or basicly anything that you would be able to render using the commands available for text output.

With alittle more work it is very possible to have the game send/recieve stats data. But I must warn you this would be exploitable. If someone figured out the system that was used they could create their own map that just kept pumping their stats..

I actually think this is a pretty intresting project, and its quite feasable. The only problem would be time issues, that is i have many of the intresting projects going and i would have to abandon or finish something before i let myself work on something new like this.

If there are any programers that would like to take up the challenge but don't understand how to access a running processes memory, speak to me, its actually a simple concept once you find someone to explain it to you. This project would prob have a better success rate if you could find someone with alittle less load on their shoulders then me.

Well what I mean about a webpage was when you "save" your hero or whatever it will be uploaded to the server. Then when you go to www.darkcrescent.com and click player stats or something, the uploaded string could be broken down, decrypted and put up for information. Using XOR encryption and having it stored remotely it would be pretty secure.

I could do it, I know C++, but don't understand the "running process memory" completly, and I've got the entire summer... Just once TFT comes out I might slack off this project for about a week, but thats understandable, isn't it?

Don't worry, this project isn't planning on being released until sometime when the next "school year" starts, sometime in september I'd imagine. As long as this can be done like this, I can get a webdesigner to take an uploaded txt file, ill give him the encryption code and get him to write something.

What I want to know is if this "program" would be able to take the information from warcraft 3, store it on the hard drive, AND upload it to the web.

A few features that would be extremely cool would be the password thing upon load up, where it would check the username/password from the web, if it matches the mod will load. Like I said in my last post.

I could do skinning too, so don't worry about things like that. MarSara, could you and Stoned talk to each other and try to find a way to conquer this? It would be good if this application wasn't released open source to anyone until the mod is out if it does get completed.

Thank you MarSara for your offer, I hope you can be of help.

Yes, well anything that could be read from a trigger, that is anything that a trigger could write into a integer array or a string array the program could read. It could also write into those integer or string arrays which the triggers would intrepret and make the proper changes to the players avatar.

Why do you want it to be stored on the hardrive?

And to StonedStoopid -- if the value of a global only changes on one comptuer in a game then the whole thing desyncs. You'd have to change a local variable in memory, and setup functions to make selections based on that local variable. The selections would then be interpreted to create the character's real string and change their avatar. I'm pretty sure that's the only way.