Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - CompMix

Pages: [1] 2 3 4
Drama / Re: Key Compromise
« on: May 12, 2020, 08:10:31 AM »
Sorry if it seems like I'm Mr. Important Pants by posting all of this too... there's a really good feeling that comes with coming clean that I'm unsure is selfish or not. I am also refreshing this page manically so that's a sign that I'm doing it for myself if anything, I don't intend to be all noble or whatever, I just want to fix this crappy behavior for good no matter the consequences. So help if you want but I really just want to be done with being a stuffty person.

Drama / Re: Key Compromise
« on: May 12, 2020, 07:34:10 AM »
I was able to get my DMs with celau back. Unfortunately Discord makes it impossible to re-open closed DMs when a user removes you and you close the chat, so my bad for doing that. I wish to be as honest as possible here, so if anyone wants pictures of my chat with celau (I will probably blur his chat out though) you can either request what you want here on BLF or add me on Discord.

After reviewing chat, a revision to my original post I would make is that there *was* an agenda against Badspot from my end. I don't remember this being a major reason behind doing this, so I'm going to theorize a bit here and say that it was more power-tripping than anything. I genuinely did not want to hide anything here and I hope this post will prove that to you. Here is a snippet of chat to show you what I mean:

Your own thoughts and theories are welcome. In the past, I used to flaunt around my hacks and accomplishments to feel better about myself, and I knowing how much damage this would cause, I got excited thinking about the attention I would get maybe.

There's this about how I think it will impact Blockland:

And me trying to think of ways to get important people to join our servers so we could ultimately have a bigger impact when the time comes:

I also speculated about other things we could do with the exploit, like an eval backdoor or using a RAT against Cca to get his "special hack."

So, I want to make it clear why I'm doing this. It is ultimately 1. to completely expose my behavior to you guys, and 2. so I can not repeat this behavior ever again. By exposing this bad behavior that seems to come back time and time again, and fully facing the consequences and hearing what this community has to say about it, I will learn what to do to keep myself from going down this hole again. I don't want to be this person anymore, I made a resolution when I left rehab about a year ago that things would change and I violated my promise. So I'm fully prepared to face the consequences.

Some of my friends say that I'm beating myself up on purpose to get sympathy from others, or that there is some kind of ulterior motive by me making these posts, but if this is the case I can guarantee its subconscious and I want it to be exposed NOW. I could not be more genuine here when I say that I do not wish to hide anything, that I don't care about my reputation in this instance, and that I want to get help. Help isn't expected either, I expect there to be a lot of anger over this too, and nobody is obligated to talk to me ever again.

Development / Re: 2020/05/03 - Blockland r2005-r2007
« on: May 06, 2020, 03:45:36 PM »
We posted a temporary fix here, there's also research to what causes the crash that may help Badspot:

Help / Re: Problems running the Steam Version
« on: May 06, 2020, 01:08:16 PM »
We found a way to make the game work by disabling CFG for the exe. NOTE: CFG is an important security protection and shouldn't be disabled, but since the recent exploit has been patched, you should be safe to temporarily disable it.

Open Blockland.exe in a hex editor (I use HxD) and find these two bytes:

Change "C1" to "81" and save. The game should work now.

Help / Re: Problems running the Steam Version
« on: May 06, 2020, 12:27:45 PM »
OP ran the game in a debugger and gave me a stack trace of the crash. It is related to CFG and GLEW.

This is glewContextInit(), called by OpenGLDevice::activate(...):

It crashes at the last __guard_check_icall_fptr right before calling glGetString with the error STACK_BUFFER_OVERRUN. This is the error you get when CFG fails to find a valid indirect call entry in the function table. I am not sure why glGetString() would not be in this table, maybe it has something to do with how GLEW resolves OpenGL functions through its own loader.

Drama / Re: Key Compromise
« on: May 06, 2020, 06:17:38 AM »
Lol, you knew what was going to happen yet you were still complicit in doing this stuff. I wouldn't pity you if you ended up with a hefty fee or behind bars.

Pity is not the point, nor do I want good boy points for "doing the right thing" either. I made a big mistake and I'm here to do my best to fix it by offering to do what I can, and listening to opinions like Trogdor's, of which I will put into action here soon. Which brings me to my next point...

pretty big mistake posting this here, you basically had a test run seeing how someone would respond to your actions when you DM'd me about it. i told you all the same stuff thats been said here but way nicer and without the self inflicted public shaming

I don't believe it was a mistake posting this. Clearly people are angry and that's to be expected, but if I didn't want the backlash or repercussions, I wouldn't have said anything to Badspot or posted here. The odds were in my favor and I could have easily gotten away with this. If people want to hate me for this or burn my house down, they should feel valid. I do not fear public shame if it means that I right my wrongs or bring people the satisfaction of knowing who messed with their game.

Drama / Re: Key Compromise
« on: May 05, 2020, 10:04:54 PM »
my issue is that regardless of the intent or knowledge of problem users that computermix had he knew that he found a major vulnerability in the game and he decided it was appropriate to share this vulnerability with other users rather than immediately send it to badspot and keep quiet. this exploit could have resulted in severe real-life ramifications and the only reason it did not is because nobody made the keylogger that celau requested

This is an interesting point. Let's get philosophical here and I'd appreciate any feedback I could get from you guys.

I keep regressing back to old behavior despite multiple visits to rehab, which I feel like they shape up my behavior pretty well. I always have a firm resolve to do the right thing when I leave, including staying off drugs, but part of keeping clean is staying away from bad behaviors and attitudes.

So why do I keep going back to this? It's like if I got into a car accident-- suddenly, I'm extremely nervous and cautious when I drive now, because I want to avoid another crash from happening. But over time my driving habits loosen up and I'm basically back to where I was, because the memory of how terrible the accident was has now faded.

It's the same for this exact scenario. If you put this exploit in front of me when I just left rehab, I can say with almost certainty I would have just reported it. But I decided to take advantage of it and see it work. Is it because it's interesting? Tempting? Do I lack morals, or do I just not care?

The only answer I can come up with now is that yes, I don't really care. Happy people seem to have a strong moral code and well, they have no problem upholding it because they're happy enough to. I don't feel happy and haven't for about two years now. If only I could find another source of happiness, then maybe I would start caring for myself and my reputation with others, but I'm very lonely and feel neglected by my friends enough to where there's nobody to even be there to stick me to it.

This isn't an attempt at begging for sympathy, I'm genuinely interested how I can become a better person and actually stick to guidelines instead of caving into temptation like this. Thoughts welcome.

Drama / Re: Key Compromise
« on: May 05, 2020, 07:18:18 PM »
Hey, I wanted to write to tell you guys that I'm the one who made the exploit for celau to use on his server. I wanted to come clean and make things right because that's what I believe a good person would do in this situation. I let Badspot know how everything works a few days ago through e-mail and I told him I would wait a little bit to clear my head before I made a post.

I will make a timeline of the events leading to the key leak and a bit after:

This originally started with Heedicalking and I discussing about the ideas of a fully modifiable game engine that syncs from server to client. But after more reading, he found papers about how easily exploitable game engines are (source, unreal 3), and bet that Blockland had similar vulnerabilities. I wanted to see for myself, so I found one and told him about it and we discussed the severity of this exploit and what could be done. He didn't want to do anything malicious nor did he really care about Blockland anymore, but we discussed ideas like automatically downloading GUIs to clients or making an "NPC Virus" where people's avatars would be forced grey.

I then came to celau and mentioned the possibilities an RCE could have, and we (celau and I) decided together that key stealing would be interesting. My friends mention the spotlight shouldn't be taken away from celau, and that this scenario is similar to "making the gun and celau using it," however I feel like it's more along the lines of "making the gun requested by celau who told me he was going to kill innocents." I still knew what was going to happen and willingly participated, so I'm definitely not trying to avoid blame. I don't hate Blockland nor have some kind of agenda to take down Badspot, that I can say with certainty was celau's mindset.

While keys were being collected over the span of a few days, something interesting with Cca was happening. I am not sure of the innocence of Cca. I believe celau handed him the exploit and requested that a RAT be made in order to target people like Oak for some reason. Cca then started joining celau's servers and crashing constantly as if he was "investigating" the exploit. Slowly information about how it works was being leaked to other people. There's two possibilities here-- either he actually found out how it works through a debugger (extremely unlikely, this exploit was particularly difficult to track down) and he did the right thing by reporting it, or he had the exploit the entire time and tried playing the good guy. I am doubtful it is the former only because celau informed me in voice chat that Cca and his "hacker group" apparently already found this exploit long ago, which was a blatant lie. Cca has also given me fake screenshots of a sophisticated hacking GUI to con me into making something better, a manipulative move that ultimately would have ended him up with a new version of BLHack.

The day came for the leak and celau had quite an arsenal of keys to use. I forwarded the CBM leak list to him as well which enabled him admin access on a few servers. I do not agree with the hateful things he said, and I started feeling a lot of pressure as soon as I saw the damage he and his group were doing. I joined a group of people dedicated to finding the exploit and how it works, and pretended to not know anything to protect my innocence. Interestingly, this group's research was centered around hints given to them by Cca, but apparently StreamShark leaked information about it first ( so maybe Cca swooped in to cover his ass after he knew this.

This group of people that were researching the exploit were my good friends, so I felt an unbelievable amount of pressure since I knew I was mistreating some very close people. After a long voice chat with celau, with him reassuring me multiple times that I could get away with this if I stay silent, I decided I would do the right thing because I sincerely regret my actions. I told everyone that I did it and how it worked, and they were incredibly supportive. We got the information to Badspot and did our best to straighten the situation out. I want to note that when the leak was happening I got an e-mail from Badspot asking what was going on, and I originally responded acting like I was helping the research team, but later I e-mailed him again just coming clean. So I lied originally but did my best to make up for it.

That about sums the timeline up, I think I got everything, so I'll move on to amend making.

I want to make things right and repay any damages I've done. I'm not sure exactly how to do this, but the first idea that comes to mind is paying back any keys that were lost in this fiasco one way or another. Users may get their keys back from Badspot as mentioned in that development thread, however if any keys are truly lost I will compensate them. I don't have money *yet* but I'll be able to afford this soon.

Thank you for reading and for your time, and I'm sorry I put you through this.

Off Topic / Re: Post real life pictures of yourself.
« on: February 29, 2020, 09:18:48 PM »
Why donít you ask him
I dunno how or where he is

Off Topic / Re: Post real life pictures of yourself.
« on: February 29, 2020, 09:15:28 PM »
Anyone got sleep's/Donnie's discord?

Off Topic / Re: Post real life pictures of yourself.
« on: February 29, 2020, 04:35:58 PM »
target employees wildin
Heck yeah, worked as a front of store attendant pushing carts and cashiering all day. It paid well but the hours were meh.

Modification Help / Re: [DLL] Rendering Optimization Experiments
« on: February 29, 2020, 01:15:12 PM »
Could this fix item rendering in the future? I remember some servers when looking in that direction has an insane FPS drop

The items themselves would need different LODs for that. There can probably be a solution that automatically reduces poly count of shapes far away, but that gets complicated and unpredictable.

Speaking of, there is work to do for brick LODs. Brickadia has shown that brick rendering is largely vertex limited, so reducing the amount of verts sent to the GPU would improve performance substantially.

Right now the custom renderer suffers with brick updates. Brickadia solves this by building new brick batches in a different thread and probably swapping VBOs when finished. I'll be giving that a shot soon. The only other improvement I can think of is utilizing texture arrays for the brick textures instead of rebinding multiple times for each chunk. That will require shader magic, though, and I'm not looking forward to it.

Off Topic / Re: Post real life pictures of yourself.
« on: February 29, 2020, 12:27:06 PM »

Modification Help / Re: [DLL] Rendering Optimization Experiments
« on: January 26, 2020, 05:31:03 PM »
Bump for new version!! Enjoy!

Modification Help / Re: [DLL] Large Orthographic Screenshots
« on: January 26, 2020, 02:54:03 PM »
I made a quick script to snap your view to a certain vector to make it easier to take isometric shots (adapted from old aimbot script):

Code: [Select]
function snapAimToVec(%obj, %target)
    %ev = %obj.getEyeVector();

    %x = getWord(%ev, 0);
    %y = getWord(%ev, 1);
    %z = getWord(%ev, 2);

    %xx = getWord(%target, 0);
    %yy = getWord(%target, 1);
    %zz = getWord(%target, 2);

    $mvYaw   = mATan(%xx, %yy) - mATan(%x, %y);
    $mvPitch = mATan(%z, mSqrt(%x * %x + %y * %y)) - mATan(%zz, mSqrt(%xx * %xx + %yy * %yy));
    if ($mvYaw > $pi)
        $mvYaw -= $pi * 2;
    if ($mvYaw < -$pi)
        $mvYaw += $pi * 2;

Try "snapAimToVec(findclientbyname("namehere").getControlObject(), "0.57735 -0.57735 -0.57735");"! You can also do "0 0 -1" for %target and then use "$mvYaw = $pi / 2;" for top-down shots.

Edit: Someone wanted to make a 360 view of a build, so I wrote a quick script for that too:

Code: [Select]
function snapAimCircle(%obj, %angle, %center, %height, %width)
    %circle = vectorScale(mCos(%angle) SPC mSin(%angle) SPC 0, %width);
    %pos    = getWords(vectorAdd(%center, %circle), 0, 1) SPC (getWord(%center, 2) + %height);
    %obj.setTransform(%pos SPC getWords(%obj.getTransform(), 3, 6));
    snapAimToVec(%obj, vectorNormalize(vectorSub(%center, %pos)));

"snapAimCircle(findclientbyname("namehere").getControlObject(), <angle in radians>, <center of build xyz>, <height>, <width>);" to move your control object (camera works best) and snap its view to the center around a circle.


(I'm really terrible at making GIFs, but more skilled people can use this to make something better!)

Pages: [1] 2 3 4