Author Topic: [1.0.3] New Keypad events (Read 8281 times)

SWAT One · October 15, 2016, 02:30:03 PM

Adaptation for a combination lock where you scroll up and down through amounts on a horizontal line of digits, where it scrambles every time a lock event is applied.

Ad Bot · Advertisement

RTBARCHIVE · October 20, 2016, 11:09:45 AM

Version 1.0.2:

Code: [Select]

+ Added combination lock as requested by SWAT One. It scrambles the code upon opening it. The user can choose to use either the combo lock, or the regular keypad lock via the event.

Marios · October 20, 2016, 11:19:35 AM

Really you are underestimating your own addon by adding just .0.2 for a new lock type.

RTBARCHIVE · October 20, 2016, 11:49:05 AM

Whoops, left a big bug in the last version.
Version 1.0.3:

Code: [Select]

+ Number keys and enter key is no longer disabled upon game startup

glados · October 21, 2016, 02:09:25 AM

WHAT IS THIS loving CODE

Insert Name Here� · October 21, 2016, 02:28:21 AM

Pecon · October 21, 2016, 05:04:08 AM

I skimmed through the code but can't really tell. Is the password protected with sha1 in the event stored on the brick?

Metario · October 21, 2016, 07:30:18 AM

Quote from: Pecon on October 21, 2016, 05:04:08 AM

I skimmed through the code but can't really tell. Is the password protected with sha1 in the event stored on the brick?

Looks like it's just done via client receive hash (for a clientCmd, since no salt you could easily break into this, not that secure), after that it's stored as a client var being compared against (%cl.code)
not bad but you never transmit the code (again, even while hashed, without salts you forget yourself over) to clients because you've basically ruined your security right there

Metario · October 21, 2016, 07:33:50 AM

Quote from: Metario on October 21, 2016, 07:30:18 AM

Looks like it's just done via client receive hash (for a clientCmd, since no salt you could easily break into this, not that secure), after that it's stored as a client var being compared against (%cl.code)
not bad but you never transmit the code (again, even while hashed, without salts you forget yourself over) to clients because you've basically ruined your security right there

Fix that issue, but until then you've lost my recommendation just for the lack of security. I could masquerade my client as having the add-on, intercept the C
clientCmd to get the hash, send a API request to a hash-cracking site and bam. Got through your door/etc ez pz.

Zeblote · October 21, 2016, 07:46:35 AM

Quote from: Metario on October 21, 2016, 07:30:18 AM

Looks like it's just done via client receive hash (for a clientCmd, since no salt you could easily break into this, not that secure), after that it's stored as a client var being compared against (%cl.code)
not bad but you never transmit the code (again, even while hashed, without salts you forget yourself over) to clients because you've basically ruined your security right there

That's not the point. If the password is stored in plain text in the event (which a client can obtain by saving bricks) then it's all useless.

Metario · October 21, 2016, 07:53:00 AM

Quote from: Zeblote on October 21, 2016, 07:46:35 AM

That's not the point. If the password is stored in plain text in the event (which a client can obtain by saving bricks) then it's all useless.

I mean, I'm just saying as well. Why have this much pseudo-security. Didn't read the post thoroughly. Password seems to be stored in plain-text for events.

RTBARCHIVE · October 21, 2016, 09:25:27 AM

theres not really anything i can do about codes being stored in plain text on the brick's event, and sha1 is the only hash on blockland.
I could make it so it doesn't send it to the client, but that would mean it would have to interact with the server every time you try a code, instead of simply comparing it on the client

Shift Kitty · October 21, 2016, 11:32:05 AM

Quote from: RTBARCHIVE on October 21, 2016, 09:25:27 AM

I could make it so it doesn't send it to the client, but that would mean it would have to interact with the server every time you try a code, instead of simply comparing it on the client

This is trivial.

BlocklandBlockoCity · December 06, 2016, 06:08:25 PM

~~i dont know how to use this.~~
nevermind.
but how do i use centerprint version

RTBARCHIVE · December 06, 2016, 06:14:00 PM

Quote from: BlocklandBlockoCity on December 06, 2016, 06:08:25 PM

~~i dont know how to use this.~~
nevermind.
but how do i use centerprint version

The centerprint version is there to compensate for users who don't have the add-on installed