« previous next »
Pages: 1 [2]

Author Topic: What are backdoors in addons?  (Read 1665 times)

Goth77

February 05, 2016, 04:05:15 PM
Quote from: Tendon on February 05, 2016, 12:19:57 PM
This is why I refuse to use the Auto-Updater that comes with most add-ons.  Version 1 might have been ok.  But version 2, that could be anything.

The add-ons are not checked, do not come from a trusted platform, and literally any add-on can use the system.
Yeah, I don't trust the auto-updater either and more specifically I refuse to download any add-on that does use it. If people are too lazy to update their mods then they deserve to use the stuffty version of whatever it is they downloaded. I could understand if a mod was pushing out daily updates, but most of the time this isn't the case.

Ad Bot

Advertisement

Foxscotch

February 05, 2016, 04:46:50 PM
Quote from: Dannu on February 02, 2016, 01:16:35 AM
You can download binary files, but you can't upload them.
this is kinda going on a tangent, but since the question here has already been answered...
why not? I guess this is really a two-part question: why aren't there facilities for it in the game already? and two, what's stopping you from working around that?
like, why not just send it as regular form data (assuming you can make POST requests. if not, that raises even more questions)? you may run into trouble with larger files, but I'm sure that something small, for instance, a 300x300 save thumbnail, would be fine

Zeblote

February 05, 2016, 05:05:44 PM
Quote from: Foxscotch on February 05, 2016, 04:46:50 PM
this is kinda going on a tangent, but since the question here has already been answered...
why not? I guess this is really a two-part question: why aren't there facilities for it in the game already? and two, what's stopping you from working around that?
like, why not just send it as regular form data (assuming you can make POST requests. if not, that raises even more questions)? you may run into trouble with larger files, but I'm sure that something small, for instance, a 300x300 save thumbnail, would be fine

Torkscript uses null terminated strings so you can't handle a binary file that contains 0x00 which almost every format does. It would need to be an engine method like TCPObject::transmitFile(path) which does it all on engine level. If blockland was open source, we could write this in a matter of minutes. Too bad it isn't.

Tendon

February 05, 2016, 05:30:15 PM
Quote from: The Resonte! on February 05, 2016, 12:23:33 PM
master plan:

1. create amazing add-on that everyone uses with auto-updater
2. make an update that also sneaks in a back door
3. ???
4. get revoked
Steal keys.  Delete files.  Put ads on the main menu.  Etc.
There's not much opportunity to make money through it.
But there's plenty of opportunity to cause mayhem.

Foxscotch

February 05, 2016, 05:49:30 PM
Quote from: Zeblote on February 05, 2016, 05:05:44 PM
Torkscript uses null terminated strings so you can't handle a binary file that contains 0x00 which almost every format does. It would need to be an engine method like TCPObject::transmitFile(path) which does it all on engine level. If blockland was open source, we could write this in a matter of minutes. Too bad it isn't.
there's no possible way to handle that?
is there another data type you could use before converting it to a string, to replace null bytes with some sequence that is unlikely/impossible to occur normally in the format?
for example, the PNG format ends with 73 69 78 68, so you could reasonably use that to replace any null bytes, and on the server side, convert all occurrences of that except the last one back to a null byte before saving it
obviously the ideal solution would be badspot adding a real way to do it, but...

Zeblote

February 05, 2016, 06:31:07 PM
Quote from: Foxscotch on February 05, 2016, 05:49:30 PM
there's no possible way to handle that?
is there another data type you could use before converting it to a string, to replace null bytes with some sequence that is unlikely/impossible to occur normally in the format?
for example, the PNG format ends with 73 69 78 68, so you could reasonably use that to replace any null bytes, and on the server side, convert all occurrences of that except the last one back to a null byte before saving it
obviously the ideal solution would be badspot adding a real way to do it, but...

No, there's no way to handle it. 00 simply ends the string. You have no idea whether it's in the middle, at the end, how many of them you missed, etc...

Foxscotch

February 05, 2016, 06:40:38 PM
Quote from: Zeblote on February 05, 2016, 06:31:07 PM
No, there's no way to handle it. 00 simply ends the string. You have no idea whether it's in the middle, at the end, how many of them you missed, etc...
is there not some data type in TS that would allow you to manipulate binary files, whether they have null bytes or not?

Zeblote

February 05, 2016, 07:37:27 PM
Quote from: Foxscotch on February 05, 2016, 06:40:38 PM
is there not some data type in TS that would allow you to manipulate binary files, whether they have null bytes or not?

Nope. There's no such thing as data types in ts, everything is converted to char* and back for passing between functions.

They've successfully created the slowest possible scripting language with this method

Foxscotch

February 05, 2016, 07:38:46 PM
jesus
Pages: 1 [2]
« previous next »