encryption of certain variables

05-14-2006, 02:17 AM

How can I encrypt a string variable for use with a trigger?

(What I plan to do)
I'm making a system inside my map for the Developers to log in during the game to give them free reign to do stuff like test events and stuff. Also to help a player who might get stuck. This is in a way to do a GM(Game Master) system.

Edit: opps, just noticed i placed it in the wrong spot, my bad. please move, unless you don't care.

05-14-2006, 02:31 AM	#2
PipeDream	I don't understand what sort of behavior you want. If you want to type stuff with out other players seeing, set your chat in I believe F12 to observer.

05-14-2006, 02:41 AM

Linera

I want to encrypt a sting variable that is stored at startup, as I don't want a player to open the made through a mpq like I've been able to do and look at the jass coding to find out how to log into the game as a GM. As GM login will be based on the user's name. So I want the variable to be encrypted and then when the player types the command to login it decrypts the encrypted sting i set inside the editor and check to see if it matches the player's name.

For example the encrypted string variable might be 4fd5de4d6 then when the player attempts to gm log in it takes that string decrypts it and checks it with the player's name.

05-14-2006, 07:42 AM	#4
Tim.	What he wants is a save code specific for a username. There are plenty of those floating about.

05-14-2006, 07:48 AM

Linera

actually tim you are a little wrong.

you see as of now my code simply checks the name to a string and if the player's name matches that string it allows that player to login as a gm. however once i protect my map you can still find out the name needed to login as gm by opening the map through a mpq editor so i wanted to simply encrypt the string so you can't see it in the jass code through the mpq editor. which makes it hard for someone to find out the how to login as a gm.

05-14-2006, 07:54 AM

PipeDream

The precise behavior you need is called hashing.
This algorithm is adequate. It returns an integer that is sufficiently random with respect to an input string. It's actually my first foray into triggering. Ah memories.

JASS:

function hashblock takes integer h, integer c returns integer
    local integer n = 1
    local integer delta = 117
    local integer sum = 0
    local integer k1 = 51
    local integer k2 = 27
    loop
        exitwhen n > 32
        set h = h + ((c * 16) + (c / 32)) + c + sum + k1
        set sum = sum + delta
        set c = c + ((h * 16) + (h / 32)) + h + sum + k2
        set n = n + 1
    endloop
    return h
endfunction
function Char2Int takes string c returns integer
    local integer A = 0
    local string cset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Add whatever you need.  I would recommend StringCase'ing to upper or lower case for simplicity
    local integer len = StringLength(cset)
    loop
        exitwhen A >= len
        if SubString(cset, A, A+1)==c then
            return A
        endif
        set A = A + 1
    endloop
    return 0
endfunction
function hashstring takes string s returns integer
    local integer hash = 0
    local integer istring = 0
    local integer n = 0     //should be stringlen(s)
    local integer len = StringLength(s)
    loop
        exitwhen n >= len
        set istring = Char2Int(SubString(s,n,n+1))
        set hash = hashblock(hash,istring)
        set n = n + 1
    endloop
    return hash
endfunction

05-14-2006, 07:58 AM	#7
Linera	so how exactly would i use this as a condition?

05-14-2006, 08:05 AM	#8
PipeDream	Put this in a test map for generating the hash for each string you want to unretrievable. Write down what strings hash to (print hashstring(string)). Then, in your game, run the same algorithm on the input string, and check if it matches with the number you wrote down earlier (if(hashstring(string) == writtendownhash) then do stuff)

05-14-2006, 11:09 AM

Vuen

That's not a very strong hashing algorithm. Anyone opening up the JASS script could see the block of code, rewrite it in C++ and brute-force your password in no time at all.

The hashblock function itself can be greatly simplified. At first glance:

JASS:

function hashblock takes integer h, integer c returns integer
    local integer delta = 117
    local integer sum = 51
    local integer k = 27 + delta - sum
    loop
        exitwhen sum >= 32 * delta
        set h = h + (545*c/32) + sum
        set c = c + (545*h/32) + sum + k
        set sum = sum + delta
    endloop
    return h
endfunction

I wrote out the expansion up to third order steps and there's a very definite pattern that emerges. I'm almost certain this is breakable if I had a few hours to figure out the sums and simplify them.

Admittedly it's probably fine for most purposes, but if you want your password to really be secure, you'll want to implement a stronger hashing algorithm; something professionally used, like SHA-1.

05-14-2006, 05:46 PM	#10
Linera	Well I want this to be as secured as possible as those who find a way to gain access as a GM then they will be able to do a ton of things which will break the game.

05-14-2006, 07:09 PM	#11
Captain Griffen	Basically, it is impossible. Your triggers will aways be accessable, and, being open source, it will be possible to work through it and crack it. All you can do is make the effort required high.

05-14-2006, 07:14 PM

#12

PipeDream

No, Vuen, that's not a simplification. I'm not surprised it trashed the diffusion, although with 32 rounds it's probably still fine. We are working on finite integers. Those multiplications are left/right shifts, not rotations. Once the information falls off the end, it's gone.
This algorithm (severely crippled TEA) is far better than SHA-1 (severely crippled in the same way). The tools we need to implement either properly making it really non linear / secure is unsigned integers and XOR.
This is definitely breakable by someone who knows what he's doing. With only 4B of output it's also obviously trivially bruteforceable. Another 4B, properly mixed, and that's gg. We'd all love to see something better, that doesn't leak megabytes of string or lag the game sideways.

JASS:

function RtoI takes real r returns integer
    return r
    return 0
endfunction
function ItoR takes integer i returns real
    return i
    return 0.
endfunction
function MakePair_II takes integer x, integer y returns location
    return Location(ItoR(x),ItoR(y))
endfunction
function DeletePair takes location oPair returns nothing
    call RemoveLocation(oPair)
endfunction
function SetPair_II takes location oPair, integer iX, integer iY returns nothing
    call MoveLocation(oPair,ItoR(iX),ItoR(iY))
endfunction
function First_I takes location oPair returns integer
    return RtoI(GetLocationX(oPair))
endfunction
function Rest_I takes location oPair returns integer
    return RtoI(GetLocationY(oPair))
endfunction

function hashblock takes location oHash, integer c returns location
    local integer n = 1
    local integer delta = 11742
    local integer sum = 0
    local integer k1 = 5168478 + c
    local integer k2 = 2763741 + c
    local integer h1 = First_I(oHash)
    local integer h2 = Rest_I(oHash)
    loop
        exitwhen n > 32
        set h1 = h1 + ((h2 * 16) + (h2 / 32)) + h2 + sum + k1
        set sum = sum + delta
        set h2 = h2 + ((h1 * 16) + (h1 / 32)) + h1 + sum + k2
        set n = n + 1
    endloop
    call SetPair_II(oHash,h1,h2)
endfunction
function hashstring takes string s returns nothing
    local integer istring = 0
    local integer n = 0     //should be stringlen(s)
    local integer len = StringLength(s)
    local location oHash = MakePair_II(0,0)
    loop
        exitwhen n >= len
        set istring = Char2Int(SubString(s,n,n+1))
        call hashblock(oHash,istring)
        set n = n + 1
    endloop
    call BJDebugMsg("First int: " + I2S(First_I(oHash)))
    call BJDebugMsg("Second int: " + I2S(Rest_I(oHash)))
    call DeletePair(oHash)
    set oHash = null
endfunction

Here's the extension to 8B of hash. This is still trivially bruteforceable-need about 2^32 guesses b/c of the birthday paradox, but with a 2B input you can easily chain to say 64B.
---
Despite the hostility in this post I would be delighted if you broke it and explained your process.
---
Griffen, no. If the map is read only <easy to establish because of download meter>, then it is mathematically possible to make a hash algorithm which can't be worked backwards through, because information is lost in the hashing.

05-14-2006, 07:17 PM	#13
Taur	and honestly, I dont know how many people are gonna try and hack into a wc3 map that is not DoTA. I suggest you finish it first then worry about that.

05-14-2006, 07:28 PM

#14

Captain Griffen

Quote:

Griffen, no. If the map is read only <easy to establish because of download meter>, then it is mathematically possible to make a hash algorithm which can't be worked backwards through, because information is lost in the hashing.

Any information WC3 has can be obtained from the map. Hence, it would be a fairly simple matter to break any encryption if you know what you are doing. I wasn't talking about working backwords; there would be no need, since you could work forwards.

05-14-2006, 07:46 PM	#15
PipeDream	Nope, sorry, you're wrong. I don't know how to explain any further. Try reading http://en.wikipedia.org/wiki/Cryptog..._hash_function.