Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Xalos

Pages: [1] 2 3 4 5 6 ... 203
1
This library is mainly intended as a proof of concept to demonstrate that the .dso file format can be used to perform tasks that would be slow, cumbersome, or impossible with pure TorqueScript code.

GVarAccess.cs.dso implements two functions: getGlobalVar(%name) and setGlobalVar(%name, %value). They can be used like so:
Code: [Select]
==>$test = "Hello World!";
==>echo(getGlobalVar("$test"));
Hello World!
==>setGlobalVar("$value", "text");
==>echo($value);
text
==>echo(getGlobalVar("%name"));
%name
To execute the file, call exec("./GVarAccess.cs"); as with any other script file.

While getGlobalVar and setGlobalVar are not vulnerable to injection exploits like a naive eval-based implementation, they are capable of reading and writing any global variable.  Use appropriate caution about using untrusted inputs in calls to these functions.


Using .dso here is not intended for obfuscation.  As such, I've also included a text file which breaks down the GVarAccess.cs.dso binary.
Torque 3D has been publicly available under the MIT license for eight years now, so this doesn't reveal anything which could reasonably be considered secret.

GVarAccess.zip download

2
Modification Help / getFullDateTime() - returns MM/DD/YYYY hh:mm:ss
« on: May 14, 2020, 09:09:32 AM »
getDateTime() only returns two year digits, meaning it will not work if you happen to be a time traveller from 1920 or 2120.

If you need the full year, this is the function you need.

Code: [Select]
// returns the date and time, with the full current year
function getFullDateTime()
{
// get the current date and time from getDateTime
%value = getDateTime();
%date = getWord(%value, 0);

// if the date has changed, or the date has never been set, get the current century by creating a temporary file
if ($CurrDate $= "" || $CurrDate !$= %date)
{
$CurrDate = %date;
%file = new FileObject();
%file.openForWrite("base/temp/temp.txt");
%file.close();
%file.delete();
$CurrCentury = getSubStr(getFileModifiedSortTime("base/temp/temp.txt"), 0, 2) + 19;
fileDelete("base/temp/temp.txt");
}

// replace the year in the date with the full year
%date = strReplace(%date, "/", " ");
%date = setWord(%date, 2, $CurrCentury * 100 + getWord(%date, 2));

// return the full date and time
return strReplace(%date, " ", "/") SPC getWord(%value,1);
}

Known issues:
Does not work if the current year is before 1900. If you're time travelling from 1899 or before, you're out of luck.
Does not work if the function is called on the same day of the year, 100 years apart.
Does not work if the file base/temp/temp.txt exists, is read-only, and has a last modified date in a different century.

3
General Discussion / Re: Open Code Server
« on: April 30, 2018, 01:49:11 PM »
while(1);

If you want to run that code on the server, feel free to!

4
General Discussion / Open Code Server (hosted as Open Code's Server)
« on: April 30, 2018, 01:31:06 PM »
I am hosting Open Code once again!

The server is being hosted under an alternate key, named Open Code.

    What does "Open Code" mean?
The concept of an open-code server is something I had bouncing around long before I actually started hosting it.  Essentially, the idea is that everyone has near-unlimited access to the console, via eval - anyone can run basically any code.  Certain functions are blocked, such as crash() and quit().

    So the server is stable, right?
Not even close.  Just because I've blocked as many of the trivially-obvious methods of crashing as I can doesn't mean the server is in any way stable.  We're constantly finding new and bizarre ways to break the server, the game, and even TorqueScript itself.  Don't build anything you can't bear to lose here!

    My eval showed up as yellow/red/dark red!  What does this mean?
Yellow means that there's an error that the (unfinished) validity checker didn't realize existed until the end of the code.  This usually means you have an unclosed string or block pair.  Completely red means the code passed the validity checker but was still invalid; partially red means there's a syntax error where the red portion begins.  Dark red means that the code passed the validity checker but was never run; this only happens if there is some code which is not allowed, such as crash(), quit(), echo(), etc.

    Why is [insert piece of code here] blocked?  Unblock it!
Some portion of the code is inherently malicious - this includes things like crash and quit (obvious), echo (can crash the server and only useful for spamming the console), and trying to define a function with the name servercmdEval (would overwrite the existing /eval command).

    I accidentally crashed the server!  Am I going to be banned?
No.  It's my job to try to make the server as stable as possible, not to hide the instabilities from those who might exploit them.  An brown townogous situation would be antivirus software - they don't have the luxury of banning specific people from writing code; they have to instead flag the code as malicious based on the code itself.

    Did you ever fix chat overwrites breaking eval?
Yep; chat can still be overwritten, but anything prefixed with + will be run as eval, regardless what happens to the server chat.

    What are some examples of code that I could run?
+%hit.addVelocity("0 0 200");    Sends whatever you're looking at flying upwards!
+%obj.setPlayerScale(5);    Makes your player really large!

    Media from the Depths of Hell
The Soundscape of Open Code
Open Code: The Movie
Open Code - Spinning Around


Come make craziness and insanity happen!

Credits to Ipqarx for having no life finding probably all the default functions which expose eval in an exploitable manner!

If you have a line of code that you'd like me to add to the example list, feel free to post it!

5
General Discussion / Re: older blockland user check-in.
« on: November 17, 2017, 11:56:34 AM »
I'm still alive.  After spending entirely too much time looking through my earliest mods (earliest one I could find was made on Sep 19th, 2010), looking at my forum registration date (May 31st, 2010), and finally looking at the forum registration dates of people with BL_IDs close to mine (various accounts from early 2009 to late 2009), I'm fairly confident I (read: my parents) bought my key in mid-2009.

If anyone else has a better estimate for when BL_ID 11239 might have been bought, feel free to correct me.  I don't have the original e-mail receipt available for dating, so estimates are as close as I can (be bothered to) get.

6
Game Modes / Blender
« on: July 04, 2017, 12:55:24 PM »
Blender, as seen in this thread.

If you want to use this in part or in whole for your server, add-on, video, or whatever, or edit it and make your own version, feel free.

7
General Discussion / Re: help we're trapped in blender
« on: June 12, 2017, 05:06:14 PM »
- this isn't revolutionary or even that complicated. Its just a bunch of static shapes being moved around.

hasn't been done before

I posted an add-on that involves moving static shapes around four and a half years ago.  People were doing it long before that.  In v0002, all bricks were static shapes, and you could even scale them freely.

It's been done before.

8
General Discussion / Re: help we're trapped in blender
« on: June 11, 2017, 01:46:35 PM »
oh its real alright. its not terribly difficult either - the only thing im not sure how they did was detecting the direction one drags the arrows/scaler

That wasn't terribly difficult either, nor was detecting the direction one is dragging the rotate tool.  But it's still a fun thing to play around in.

9
General Discussion / Re: help we're trapped in blender
« on: June 11, 2017, 01:32:43 PM »
The server is now open, but I'm likely to be restarting the server or clearing the world without any warning. Anything you make here is transitory at best.

I'm also likely to be AFK working a lot of the time and will be unable to explain anything. If you're familiar with Blender, the controls shouldn't be too unintuitive - the main thing is that crouching acts as a modifier key most of the time; for selecting it acts like shift and for transform tools it acts like control.

These are the server commands, with brackets notating optional components:
To change tools: /t[ranslate] /r[otate] /s[cale]
To add primitives: /cube /cylinder /cone /sphere /plane
To change your selection's color: /c[olor] r g b [a]
To smooth-shade: /shade 1 (0 to flat-shade)

10
General Discussion / Re: help we're trapped in blender
« on: June 11, 2017, 10:31:16 AM »
Make it so you can export .dts and .blb from blockland with this lol

.blb would be possible, but .dts isn't.  TorqueScript has no way to write binary files that contain a 0x00 byte, because TorqueScript only supports writing text to files.  Since Torque uses C-style null-terminated strings, it's impossible for the text you write to a file to contain a 0x00 byte, because that would be the end of the string rather than part of it.  The .dts file format contains 0x00 bytes, and indeed the second byte is almost always a 0x00 byte, so there's absolutely no way to create a valid .dts file from native TorqueScript.

11
General Discussion / Re: help we're trapped in blender
« on: June 10, 2017, 10:38:12 AM »
WHAT DARK MAGIC IS THIS

The darkest of dark magics!

12
Modification Help / [Library] SHA-256
« on: March 19, 2017, 09:33:52 AM »
In light of a SHA-1 collision being found in practice, Blockland no longer has any default functions capable of providing even the slightest glimmer of cryptographic security.  So I decided to write SHA-256 in TorqueScript.

This library was written using pseudocode from the Wikipedia page on SHA-2, an addition function by Port, and test vectors for several SHA variants from DI Management.

The function in this library operates much in the same way as the default sha1 function, taking a string and returning the hash of that string in hexadecimal.  It should work on any string that does not overflow the TorqueScript string buffer, but as it is written in TorqueScript it may hang Blockland for noticeable periods of time for very long strings.

Please note that unless you are writing code where the cryptographic properties of SHA-256 are important, you should probably stick to using the default sha1 function, which is much faster than any hashing function written in TorqueScript.


Benchmark comparisons:
Running sha1("") 999999 times: 2400 ms, or ~2.4 s per call
Running sha256("") 9999 times: 124736 ms, or ~12.5 ms per call

13
Add-Ons / Re: Xalos Add-On Rerelease Pack
« on: November 05, 2016, 08:52:16 PM »
How do I start up realistic space? I just spawn with invisible ground and regular gravity.

The server must be a dedicated server - there's a glitch with the client that I have tried and failed to fix something like twenty times that causes severe client-sided lag under certain conditions, so if you're hosting a non-dedicated server it has a bad habit of everyone timing out and thinking the server has crashed.

14
Add-Ons / Re: Xalos Add-On Rerelease Pack
« on: November 03, 2016, 08:28:26 AM »
Realistic Space Mod?
I don't think that it's in the pack, at least I didn't see it.

It's named Gamemode_SpaceMod, and yes, it's in there.

15
Add-Ons / Re: Xalos Add-On Rerelease Pack
« on: November 02, 2016, 05:14:18 PM »
EDIT: What does dimensions do?

It's a mod that allows players to place dimension doors down that take them to a dark region where they can build.  It also breaks saving and I never got around to fixing that.  So not something I'd recommend for long-term servers.

Pages: [1] 2 3 4 5 6 ... 203