Zade43 wrote:
So Jeffrey, know your facts before you accuse anyone ok?

For all we know YOU could be the maker of this, thing.

that is so hypocritical its not even funny.
It needs a password?
It wasn`t ment to be funny. You got one wierd sense of humor.
Zade43 wrote:
It wasn`t ment to be funny. You got one wierd sense of humor.

thats why i said it wasn't funny, dumbass.
Pretty hard to verify the safety of this file if it's stored in a password-encrypted RAR file.
Perpetr8r wins the internet if this proves a DM exploit <_<
Jtgibson wrote:
Pretty hard to verify the safety of this file if it's stored in a password-encrypted RAR file.

thats probaly because Perpetu8r cant trust anyone else other than his friends on here to test it, because other people on here could lie.
Its a DOS file. Password is illegal...
Zade43 wrote:
Jtgibson wrote:
Pretty hard to verify the safety of this file if it's stored in a password-encrypted RAR file.

thats probaly because Sirus cant trust anyone else other than his friends on here to test it, because other people on here could lie.


or it could be password encrypted so he can get attention and get his friends to back him up on this so called "exploit"

if hes trying to prove something, why does he need to password it?
The main post was edited. Feel free to read.
Jeffrey S wrote:
Zade43 wrote:
Jtgibson wrote:
Pretty hard to verify the safety of this file if it's stored in a password-encrypted RAR file.

thats probaly because Sirus cant trust anyone else other than his friends on here to test it, because other people on here could lie.


or it could be password encrypted so he can get attention and get his friends to back him up on this so called "exploit"

if hes trying to prove something, why does he need to password it?

I suggest you reread my main post now, I edited it. And if you don't believe me I can simply release the password to you and you can try it for yourself, though I never intended to in the first place (thus the password). In actuality, I'm trying to HELP BYOND, not hinder it, and I got pissed off because they blew me off all high-and-mighty-like, though we now have proof it's capable of exploiting the DM file. The file's real name is 'artmoney', anyone with any knowledge in this area will know immediately I'm not joking.
ArtMoney? People already use that. In fact, I sometimes use that when I have nothing better to do.
Squeegy wrote:
ArtMoney? People already use that. In fact, I sometimes use that when I have nothing better to do.

Not on BYOND games I hope
Perpetr8r the Perpetu8r wrote:
Jeffrey S wrote:
Zade43 wrote:
Jtgibson wrote:
Pretty hard to verify the safety of this file if it's stored in a password-encrypted RAR file.

thats probaly because Sirus cant trust anyone else other than his friends on here to test it, because other people on here could lie.


or it could be password encrypted so he can get attention and get his friends to back him up on this so called "exploit"

if hes trying to prove something, why does he need to password it?

I suggest you reread my main post now, I edited it. And if you don't believe me I can simply release the password to you and you can try it for yourself, though I never intended to in the first place (thus the password). In actuality, I'm trying to HELP BYOND, not hinder it, and I got pissed off because they blew me off all high-and-mighty-like, though we now have proof it's capable of exploiting the DM file. The file's real name is 'artmoney', anyone with any knowledge in this area will know immediately I'm not joking.

a hex editor? hm. well, if this is the case, then I apologize for jumping all over you. while this does sound like BYOND staff, apparently they thought this was one of their common cases of "hackers" on byond. hopefully they can rectify this situation soon.
Im not backing him up I just tested it an wanted to see what it was I knew what program it was within seconds of seeing the icon as many of you would as well. The password is just to keep noobs from getting there hands on a program that in fact does work. However its only host side that it would work.

Its a simple value editor he isnt allowing anyone to get the file because some people might know nothing on the topic. Some people know a few programs but the fact that a good amount of them dont work would be another reason its a good idea to password because the simple fact it does work he wants to keep it so people cant get to the file that way he isnt supplying users the right to download a tool that can edit values on byond.

<.< Why dont you all stop being little kids an grow the hell up this isnt a flame war act your age you people shouldnt be running around jumping the gun trying to prove your side of the fact that its just a virus when you cant even confirm such bs. So until you got some proof just shut up about the virus part of it.

The tool is well known among byond however a few people still dont know what it is an its best to not supply them with it. DUH... God people now a days they fight on something just because they dont know anything about it...

Edit: Seems everyone knows what it is now so with that being said case ended.. Everyone knows it works so yah.. o.O
Jeffrey S wrote:
Perpetr8r the Perpetu8r wrote:
Jeffrey S wrote:
Zade43 wrote:
Jtgibson wrote:
Pretty hard to verify the safety of this file if it's stored in a password-encrypted RAR file.

thats probaly because Sirus cant trust anyone else other than his friends on here to test it, because other people on here could lie.


or it could be password encrypted so he can get attention and get his friends to back him up on this so called "exploit"

if hes trying to prove something, why does he need to password it?

I suggest you reread my main post now, I edited it. And if you don't believe me I can simply release the password to you and you can try it for yourself, though I never intended to in the first place (thus the password). In actuality, I'm trying to HELP BYOND, not hinder it, and I got pissed off because they blew me off all high-and-mighty-like, though we now have proof it's capable of exploiting the DM file. The file's real name is 'artmoney', anyone with any knowledge in this area will know immediately I'm not joking.

a hex editor? hm. well, if this is the case, then I apologize for jumping all over you. while this does sound like BYOND staff, apparently they thought this was one of their common cases of "hackers" on byond. hopefully they can rectify this situation soon.

Oh, slight clarification, I mean it exploits the EXE file, not the DM file. (Thanks for reminding me Nova). Anyway, I expected people to get angry at me for posting like this, after all, I was trying to stir up trouble so people would realize it's not a simple matter. The editor was abused a few days ago, and BYOND ingored my attempts to alert them about it... so I used a more underhanded strategy. Anyway, no hard feelings, you were just doing what you thought was right, I assume.
seriously, though. Artmoney has been around for a very long time. It can only be used to edit values host side, and even then it's hard as hell to navigate -_-
I don't know if you're acutely aware, but memory editors exist everywhere. BYOND is indeed immune to any significant wrongdoing and your DMB files are perfectly safe. =)

In fact, many people use memory editors client-side to play around with their string tables. For instance, someone (Crashed) posted a screenshot of Chatters where everyone with Oldbie status was referred to instead with a rather unflattering title...
BigBoiD wrote:
seriously, though. Artmoney has been around for a very long time. It can only be used to edit values host side, and even then it's hard as hell to navigate -_-

ac19189 says:
they could code it to make the hex an values are random so artmoney cant work

Artmoney was used the other day to spoof a player's key and IP. Oh sure, if one isolated incident happens they can turn a blind eye, but what if lots of people start doing it? What if a Dantom key logs onto a game and demands everyone's password? These are all possiblities and very easy to make happen given the abilities of this program, and right there Nova just gave us an answer on how to fix it. So what do YOU think the right thing to do is?
Artmoney was used the other day to spoof a player's key and IP. Oh sure, if one isolated incident happens they can turn a blind eye, but what if lots of people start doing it? What if a Dantom key logs onto a game and demands everyone's password?

You found a memory editor. We appreciate the report, but as Jeremy said, memory editors are everywhere, and they only impact the host computer, by something running on the host computer. Since the host could spoof IPs or keys in various ways anyway, that is no additional security risk.

As it is, a game creator can easily create a game where someone could pretend to be Dantom and ask for passwords, without using a memory editor. Heck, people do this now just by creating AIM accounts and asking for passwords in the instant messenger.

Memory editors/readers are a well-understood problem (the Economist magazine ran an article on memory sniffers and games several years ago, it's so well-known), and as we progress we'll consider some of the ways that can slow it down a bit.

But it's not really a security risk for BYOND games any more than it's a security risk for running Excel on your machine (it can change your Excel spreadsheet values too!).

I realize this isn't going to change your opinion any. I only ask that you realize we understand what it is and what it can do, and more importantly what it can't do -- it can't impact other computers and it has nothing to do with your .dmb file. We regularly review security reports, and we respond quickly to any report that points out a valid exploit (just look back a few months to when we did an instant BYOND update when there was a security exploit, and we requested that everyone immediately update).

Clearly we take security seriously, and I'm sorry if you view the severity of this differently than we do, but it's not an uninformed decision on our part.
Page: 1 2 3