Messages

31

Games / Re: RuneScape Megathread - GE Released on OSRS

« on: April 01, 2015, 05:04:50 PM »

So today ronan referred to me as "oh now THAT'S a noob" on the rs twitch channel before spamming tons of easter eggs on top of me
That was interesting

Oh that was actually you? I checked the thread during the stream but you hadn't posted when I looked.

but really you were like level 5 c'mon port

32

Off Topic / Re: I still love port. AMA

« on: March 01, 2015, 01:07:58 PM »

waaah~

33

Drama / Re: Ms. Terra

« on: December 28, 2014, 09:05:40 PM »

picture taken (listed from an exif viewer) says that the image was created today.

Uploading to imgur removes exif data. But I'm pretty sure the time in that picture is the time you checked it anyway.

34

Modification Help / Re: Pokémon Trainer

« on: December 28, 2014, 01:45:45 PM »

Is this the same for all games?

Yes. Here is Showdown's implementation of the rounding for pixels and colors (JS):

Code: [Select]

// In-game accurate pixel health mechanics
var pixels = Math.floor(ratio * 48) || 1;
hpstring = '' + pixels + '/48';
if ((pixels === 9) && (ratio > 0.2)) {
    hpstring += 'y'; // force yellow HP bar
} else if ((pixels === 24) && (ratio > 0.5)) {
    hpstring += 'g'; // force green HP bar
}
Of course you can still see the numeric value of your own hitpoints in addition to this.

35

Modification Help / Re: Pokémon Trainer

« on: December 28, 2014, 12:10:38 AM »

this took way longer than it looks like

If you're going for accuracy, the colored parts of health bars display hitpoints with precision out of 48.
So 2 pixels per 1/48 since your health bars are 96 pixels wide.

And it hadn't even crossed my mind how the sprites would scale but they came out perfectly.

36

Modification Help / Re: Pokémon Trainer

« on: December 22, 2014, 03:41:51 PM »

The main basis for the technological aspects of these systems comes from Generation IV games, however development will start at Generation I Pokémon.

I know absolutely everything about the mechanics of the main-series Pokemon games and have in-depth knowledge of the hardware and software driving the original GB games (mostly applicable to GBC games as well). The latter may not be useful since you mentioned you plan to focus on the DS technology, but I'd be happy to monitor this thread and answer any questions that may arise.

Also, I'm not sure what you use for data files of base stats and such, but Pokemon Showdown and Pokemon Online are two battle simulators that have their data files publicly available for download. These are of course easily readable by script. PS is also entirely open source and written in JS which would be easy to reference if you are wondering about how to implement a certain feature.

37

General Discussion / Re: The Glitchs and Exploits Topic (Report Now)

« on: November 10, 2014, 10:14:10 PM »

Xalos accidently avoided fall damage and I attempted to explain the thing here.

38

Drama / Re: Computermix, Ipquarx, and Cca - CBM being hacked into to steal keys [chat+pics]

« on: November 03, 2014, 04:40:09 PM »

It's incredibly unlikely that the attackers just so happened to have a cbmhost users key on them. There are 2 scenarios that are tens of times more likely:
1. They only had a part of a key, and were not able to recover the rest because they didn't have the rest of the key.
2. They used an alternative method of extracting characters from the keydat, which didn't succeed in extracting all the characters. Not wishing to show that there were characters mising, the attackers only took a picture of the characters they had at the very end.

I started to paste parts of my first post to address each concern of yours and why you are wrong, but I literally ended up pasting the whole post in the end. You should read it, because your disbelief expressed explicitly by "tens of times more likely" was exactly what my post intended to eliminate. Unless you did, and are now feigning ignorance. Additionally, for you to think the bolded is a joke, because I remember you being actively involved in that one big cryptography thread in Coding Help.

39

Drama / Re: Computermix, Ipquarx, and Cca - CBM being hacked into to steal keys [chat+pics]

« on: November 03, 2014, 03:25:20 PM »

The problem with that post is that he makes it seem like having none or all of the key are the only two options, but it isn't. If for example you only had part of one key, then you could only decode part of the other keys.

Conveniently, by owning a copy of Blockland, you know your full key, not only part of it.

As I've said, if they had the full keys they would have done something in the whole month+ they've had, not just let it sit around.

No it won't. If these losers actually had the full keys they would have done something by now, not just sit around with a list of 40 blockland keys and do nothing with it for a month and a half.

If you honestly believe that you have no experience with electronic security breaches.

40

Drama / Re: Computermix, Ipquarx, and Cca - CBM being hacked into to steal keys [chat+pics]

« on: November 03, 2014, 11:30:04 AM »

For those "confused":

Background knowledge required:

Key.dat files are the result of a formula that takes your key and several computer specs (including netwok properties I believe) of the machine it is generated on. This is an intentional security measure implemented by Badspot so a malicious user cannot simply copy and paste your key.dat file into their own Blockland folder to authenticate as you.

It is possible to find out how your computer's specs influenced the formula if you have both a key and its respective key.dat file. This was proven by Trinick and used to aid several users on the Help board in recovering an old key they still had the key.dat file of, as well as a known key and corresponding key.dat file generated on the same computer as the other key.dat file.

The characters ".." (two periods/full stops) represent "up a directory" in file path syntax.

Conclusions you can draw:

The directory traversal attack or whatever mentioned in the quoted post below was most likely a simple use of a relative file path to access other Blockland folders on the single FTP server CBM host uses. Obviously, this is a security flaw, as you should not be able to access other users files, but it is what it is.

My server was hacked and exploited with a directory traversal attack according to my source (which has since been fixed) and they got the key.dat files,

Now, you'll note I only quoted part of his post. He then goes on to say "but they were unable to get the full keys." You can ignore this, because the situation is that they either got none of the key or they got the whole key, and clearly they have a part of it as proven by several users who actually own the keys posting confirmation in this thread.

And, if you made note of the part I bolded earlier in this post, it is entirely possible for them to have the whole key. I mentioned you need three criteria to extract a key from a key.dat file:

1) The target key.dat file -- Obtained through the poor security Cowboy6 mentioned
2) A known key
3) A key.dat generated from the known key on the same machine as the target key.dat file

To fulfill #2 and #3, the malicious user simply signed up for CBM host. Of course, they know their own key. Upon authenticating their Blockland install on CBM, they can also access the key.dat file that was generated in the folder of their server.

  I've said "malicious user" because I haven't read the replies in detail and don't care to, so if you know conclusively who owns the image in the OP then you can just substitute in their name and consider them guilty. It is not by some hacking miracle that this was possible, which apparently a lot of people were having trouble believing. Anyone passing of the event as a non-issue is most likely involved, whether directly or just not wanting their friends who were involved to be punished.

Probable question:

If the criteria to reverse a key.dat file is so easy to fulfill, why hasn't this been exploited before? The big one is #3. You need the same computer as your target. Not same model, same computer. Like they'd have to come to your house and play Blockland, at which point the security of a single file on your computer is the least of your problems. Or, as was shown in this instance, share a (remote) computer without any guaranteed trust between the users.

tl;dr read the line that starts with the

41

Off Topic / Re: ladies & gentlemen, the city of detroit's finest hotel

« on: September 20, 2014, 12:59:48 AM »

Have they ever heard of safety codes

They have, and it passing is what makes it a scary attraction, not the murders!

42

Off Topic / Re: How To: Get a 5 star wanted level IRL

« on: September 20, 2014, 12:56:24 AM »

I wanted a pic of a BattleBot since it looked like them but the first result for "battlebot bulldozer" was this video.

Incredible.

43

Off Topic / Re: whatever happened to niliscro?

« on: September 16, 2014, 09:28:32 AM »

this magnificent guy:
http://forum.blockland.us/index.php?action=profile;u=9487

i remember i used to play w/ him; and he was a great guy
anyone know what happened to him? ):

This is still one of my favorite Blockland screenshots:



Context: In Diggy's MetroRP, he had an autosaver, and since there were so many bricks the server would lag for a few seconds during its saving. Now come v15, for whatever reason, when you were lagging (as in the LAG symbol was active), you would float up into the air slowly. Put 2 and 2 together and you'll realize all the players outside of buildings would get lifted into the sky during the autosaver then dropped to their death when its done.

YayFun was a site that NiXiLL cohosted with Darren. Apparently it's not Darren, and I know it's not NiXiLL, so no idea who YayFun is.

The "YayFun" account is Hephaestus I think?

44

General Discussion / Re: Tutorial Speedruns - Maui69 is current winner

« on: September 14, 2014, 08:30:21 PM »

Do it again (as in you've already clicked the chest, Self Delete and do the run again) and don't click the chest. You'll see that it pops up. Go to the main menu and start it up again and complete it but don't click the chest. you'll see that it doesn't pop up. This proves what he says.

Plus all of the relevant scripts are open-source so you can just look at the code yourself to verify it.

At least we don't have to wade through assembly like in other runs~

45

General Discussion / Re: Tutorial Speedruns - Maui69 is current winner

« on: September 14, 2014, 03:02:15 PM »

I read it but cheating is cheating

Are you really this upset? Taking advantage of build layout is not the same as admin commands.

22.443

https://www.youtube.com/watch?v=jMmnlZ00ZRY

i basically just did the look segment faster

You can still jump a bit later at the end so you're already falling to the chest (minor time save).