Welcome, Guest. Please login or register. Did you miss your activation email?

Author Topic: Witch Blast (dungeon crawl shooter)  (Read 103493 times)

0 Members and 1 Guest are viewing this topic.

dwarfman78

  • Full Member
  • ***
  • Posts: 228
  • I'm bietzsche, Nietzsche !
    • MSN Messenger - cd4c@hotmail.com
    • View Profile
    • Email
Re: Witch Blast (dungeon crawl shooter)
« Reply #135 on: May 19, 2015, 09:24:55 pm »

About the online scores:
- it's only available on the Windows build - I may have a Linux build soon too,
- they are experimental and can cause latency,
- you won't save a score on line if you're resuming a saved game,
- there are now 3 hi-scores screens: 10 best scores online, 10 best scores of the day, 10 best scores local.

Have fun !

Hi, good job on your game.

Although i don't think there's a definitive and yet simple solution for that topic, i think you should add at least minimum security.

Not providing source code is a disputable way of securing any protocol (after all, aren't all the best cryptographic algorithm public ?).

I am sure the community can provide some good idea on that matter if you are interested.

EDIT :

Ok some simple adds could discourage most of the bad intended people (like myself), for instance, you could check on the server side the http header for sfml-network related stuff (this would make it harder to fake a packet with standard tools i think).

You could also make some "game logic" related tests : is it possible to have this extraordinary score at level 2 with the base equipment ?

it would be wise to add some flood containment mecanism to the server too.

good luck, carry on.

« Last Edit: May 19, 2015, 10:12:39 pm by dwarfman78 »
@dwarfman78
github.com/dwarfman78

Cirrus Minor

  • Full Member
  • ***
  • Posts: 121
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #136 on: May 19, 2015, 10:13:28 pm »
Thanks kiswa! The game is very skill-based, I'm sure you'll reach lvl 5 and more easily soon!

Dwarfman, I don't have any experience in security, and what I plan to do, is to add some key to the data I'm sending and generate some hash-code to validate it.
In this case, I could provide the source code.

Do you or others think it makes sense?

Btw, I've added a Linux build (untested) on GitHub:
https://github.com/Cirrus-Minor/witchblast/releases

dwarfman78

  • Full Member
  • ***
  • Posts: 228
  • I'm bietzsche, Nietzsche !
    • MSN Messenger - cd4c@hotmail.com
    • View Profile
    • Email
Re: Witch Blast (dungeon crawl shooter)
« Reply #137 on: May 19, 2015, 10:20:23 pm »
i don't know if you've read my last edit.

as for the hash thing, well it was my first guest... you could hash the data you send + a password and send it to the server with the clear data to make sure it was not tempered.

Because a hash cannot be reversed (theorically), a non player ignoring the password should not be able to send fake data to your server.

However, the password needs to be on both client and server side in a const value so that any hex editor can read it, it is not perfect but it may be enough in that case.

for the hash i recommend Stephan Brumme's Portable hashing library (http://create.stephan-brumme.com/hash-library/) which is nice and easy.

EDIT : well if you put your password into the source code it is simplier for anyone to get it and make a fake packet with a genuine signature... so the solution is not here i'm afraid.

EDIT2 : i'm some kind of editing freak tonight as i am thinking out loud, sorry guys.
« Last Edit: May 19, 2015, 10:35:02 pm by dwarfman78 »
@dwarfman78
github.com/dwarfman78

Cirrus Minor

  • Full Member
  • ***
  • Posts: 121
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #138 on: May 20, 2015, 09:09:03 am »
No, I haven't noticed the last edit :P
Thanks for your suggestions, Dwarfman, it really helps!

Well, no, the "key" won't be in the source code, and I cannot let anyone build a "full online" client for the following reason: anyone can modify the game, add more damage to weapons, more HP, weaker monsters, increase scoring, etc...
For the "online score" version, the players should play with the same version.

I will have a look at the hash library - or I will use MD5 (it's easy to find implementation for C++ and PHP) - and at the sfml-network header.

For the game-logic-related test, I prefer to do this manually, if some scores are strange.

At the moment, I'm implementing threads to prevent the game to "freeze" while waiting for server response.
I've noticed my compiler does not support C++11 thread, so I've just upgraded it.

dwarfman78

  • Full Member
  • ***
  • Posts: 228
  • I'm bietzsche, Nietzsche !
    • MSN Messenger - cd4c@hotmail.com
    • View Profile
    • Email
Re: Witch Blast (dungeon crawl shooter)
« Reply #139 on: May 20, 2015, 03:37:54 pm »
Yep the hash thing is a good start i think, only if you put a place holder in the source code before you commit it.

I don't know if you do realize (many people mistake hash with cryptographic algorithm) that the hash is only for data authentication as it is not reversible (well nowadays md5 is i recommend SHA-256 or better). You still need to send the clear data with your hash and recalculate it on the server side with the concatenated password to make sure it is genuine.

Anybody can find your clear password on the client side with an hex editor and do a hash from fake data+password, but it should be more difficult to find than the link of the php file to your server ( ;) ).
@dwarfman78
github.com/dwarfman78

Cirrus Minor

  • Full Member
  • ***
  • Posts: 121
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #140 on: May 20, 2015, 10:51:30 pm »
I'm working at it!
But, as I'm doing with a data and a password, the "key" is not the password alone, but how I "build" the data + password string.
I mean, the string can be, for example, something like:
score + "-" + name + "*" + password + (score - level) + equipment.

I 'm now managing all the calls to server within threads now, there is no more "freeze" due to latency problems.

dwarfman78

  • Full Member
  • ***
  • Posts: 228
  • I'm bietzsche, Nietzsche !
    • MSN Messenger - cd4c@hotmail.com
    • View Profile
    • Email
Re: Witch Blast (dungeon crawl shooter)
« Reply #141 on: May 20, 2015, 11:10:43 pm »
I'm working at it!
But, as I'm doing with a data and a password, the "key" is not the password alone, but how I "build" the data + password string.
I mean, the string can be, for example, something like:
score + "-" + name + "*" + password + (score - level) + equipment.

Indeed, the way you make your hash is part of the "key", i see what you mean, this is even harder to find from the binary (i am in no way an expert in decompiling software though) should be enough for this use case. I think the idea here is "as long as it is enough, it is enough"...
@dwarfman78
github.com/dwarfman78

Tank

  • SFML Team
  • Hero Member
  • *****
  • Posts: 1486
    • View Profile
    • Blog
    • Email
Re: Witch Blast (dungeon crawl shooter)
« Reply #142 on: May 21, 2015, 09:30:21 am »
I'd say... Save yourself the time of doing such "security". :P It's very easy to crack.

What would probably work best is recording a gaming session (only game parameters, no video, of course) of some sort and validate it at the server by doing lots of plausibility checks.

Ruckamongus

  • Jr. Member
  • **
  • Posts: 70
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #143 on: August 26, 2015, 07:16:07 am »
How's the progress coming?

Cirrus Minor

  • Full Member
  • ***
  • Posts: 121
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #144 on: August 26, 2015, 07:40:47 pm »
Hi Ruckamongus, I've made a pause in the development of the game from June to August because of some family troubles, but now I can go on.

The next release will feature, so far:
  • destructible tiles, like barrels,
  • secret rooms,
  • potions (unidentified - you have to try it or identify it to know the effect),
  • secret rooms,
  • some new items and monsters,
  • secret rooms,
  • no more freeze when calling the server, and more security (well, sort of :P  )
  • new music (100%) - the old Witch Blast theme will be back!

Cirrus Minor

  • Full Member
  • ***
  • Posts: 121
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #145 on: September 05, 2015, 09:44:49 am »
Hi!
A new gameplay video, today.
In this video, we can see some action, a new spell which can slow down time, a secret room, and we can listen to one of the new music tracks.

Good weekend and enjoy!

http://www.youtube.com/watch?v=c1Ymyfm-P8s

silverweed

  • Newbie
  • *
  • Posts: 24
    • View Profile
    • Email
Re: Witch Blast (dungeon crawl shooter)
« Reply #146 on: September 06, 2015, 02:12:57 pm »
I just tried it and it's really nice! I died quite early, though, so gotta try harder :D

Good job! ;)

AFS

  • Full Member
  • ***
  • Posts: 115
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #147 on: September 07, 2015, 01:41:00 am »
Nice to see that you are still working on this. Awesome job so far ;)

Cirrus Minor

  • Full Member
  • ***
  • Posts: 121
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #148 on: September 24, 2015, 10:38:28 am »
Hi and thanks, silverweed and AFS!

I hope the next version will be available soon, but there is still work to be done.
______
Last development:
  • 8 new achievements (which unlock new items or spells),
  • rats and bats slow down while changing direction,
  • level 8 is the last level (no never ending game anymore),
  • score calculation will now take account of secret rooms found, "perfect" levels (without HP loss) and game time (only if the player wins the game)

______

And here a short video about potions in Witch Blast:

http://www.youtube.com/watch?v=bPU3kihMhp4

- The scroll of revelation identifies the first potion - a speed potion,

- to identify the second potion, I'm drinking it. Damn! Poison...

- identifying one potion type reveal the effect of all the potions of the same type. Drinking the health potion reveals the effect of the same potion on the ground,

- potions and scrolls can be found in chest, monster's loot, shops, etc...

(The players of the old version will recognize the Witch Blast theme new recorded and arranged in this video  ;))

Cirrus Minor

  • Full Member
  • ***
  • Posts: 121
    • View Profile
Re: Witch Blast (dungeon crawl shooter)
« Reply #149 on: October 01, 2015, 03:47:41 pm »
Witch Blast v0.7
Download: https://github.com/Cirrus-Minor/witchblast/releases/tag/v0.7

Hi!
A major release today with new content, the destroyable stuff, improved online scores, potions, etc...

Changelog (from v0.6 to v0.7)
(click to show/hide)

http://www.youtube.com/watch?v=FsHqu0JpP_k

Have fun !