ID:2043691
 
Problem description:
Really I'm not sure which category this belongs too, but it has to do with someone 'hacking?' my server and somehow they have all the admin verbs and are able to edit their stats, however even I don't have an edit verb for myself, and i'm the owner. I want to say cheat engine but I don't really think cheat engine is anywhere close to cracking something that isn't a flash game. Any help would be appreciated, (he can do this on alts too and changes ip by using static and/or dynamic so no point banning him.)
Check for his key/ckey in the source? Try it yourself with a guest account or such to see if you get the verbs as well.

And cheat engine wouldn't work as it's all done on the server side :) you'd have to be the host.
In response to Kozuma3
The weird thing is none of the other players did it, I used alts(I haven't tried guest keys). I searched for his and his alt keys in source and they didn't appear.
Check for a IP maybe? o-o
In response to Kozuma3
How :o, I don't have check ip. Also I don't think its possible to get admin on ip.
or look for world.Export/Import in the source and see if they're trying to gather data from a URL to read from.
mob
Special_Ban/verb
Global_Bans()
if(Updated_Bans) return
Updated_Bans = 1
spawn(300) Updated_Bans = 0
var/http[]=world.Export("http://global-bans-eternal.freeiz.com/Bans.html")
if(!http) return
var/FullText=file2text(http["CONTENT"])
GlobalBanList=list()
var/CurPos=1
var/BanReason
while(findtext(FullText,"\n",CurPos,0))
var/NextPos=findtext(FullText,"\n",CurPos,0)
var/ThisBanLine=copytext(FullText,CurPos,NextPos)
if(copytext(ThisBanLine,1,3)=="//") BanReason=copytext(ThisBanLine,3)
GlobalBanList+=ThisBanLine
GlobalBanList[ThisBanLine]=BanReason
CurPos=NextPos+1
src<<"<u>[ServerTag]</u></font> <u><font color=white>Global Ban List has been successfully updated.</u></font>"
for(var/mob/M) if(M.client) if(M.CheckGlobalBan()) del M.client

There is one
In response to Dragonpearl123
Dragonpearl123 wrote:
How :o, I don't have check ip. Also I don't think its possible to get admin on ip.

As in it's 'hard-coded' in the source maybe, or a hidden verb/command.
In response to Dragonpearl123
That's for retrieving bans from a web page, keep looking D:
In response to Kozuma3
Thats it D:
Panic D:

Na, try and look for a verb/proc that's hidden or call()()'d on?

Look for ctrl+F -> "set hidden ="
In response to Kozuma3
What is that call()()'d on part mean?
In response to Dragonpearl123
Dragonpearl123 wrote:
What is that call()()'d on part mean?

--> call <-- in the reference.

Just another way someone could give themselves verbs through the use of calling another proc idk I'm trying to think up all the ways they could be do it o-o
In response to Kozuma3
Don't worry it baffled me too. :x
Are you using client-side savefiles? If so, he may just be editing his save and adding verbs to his verb list and changing his other stats. Heck, if you save/load by directly outputting the mob (eg savefile["player"] << src), a malicious player can do all sort of crazy things by editing the file (including creating objects and overwriting parts of the map)
In response to DarkCampainger
I am not doing anything like that, i'm saving it on the host side.
Are you using Topic() for any of your admin stuff?
In response to Nadrew
Well yep world/Topic(T as text, Address, Master, Key) return
Nothing else? Are you using a ripped source or something of that nature? Most of those have tons of exploits in them and they're fairly common knowledge among the community of people who troll those games.
In response to Nadrew
Well there was a previous version of this source released to all, but I bought the game from the owner and this is the updated one.

Edit:
client/Topic(href,href_list[])
switch(href_list["action"])

That is the other topic. Also I bought the source for educational purposes
Page: 1 2