Stunts Forum

Stunts - the Game => Stunts Reverse Engineering => Topic started by: Cas on August 15, 2009, 11:40:36 AM

Title: I think I resolved the old NORH problem
Post by: Cas on August 15, 2009, 11:40:36 AM
Guys, I've been lost for so long that I don't know if there's already anything better... there's so much I have to read!  I think you were using videos to verify the NORH races so far and that had some problems, like you could not run Stunts from pure DOS and that you might edit the videos... whatever. Today, I believe, I have found a simple solution to prove that a replay was recorded without RH. The idea came to me several years ago, but it seemed too complicated to accomplish. Now I'm surprised I've solved most of it in four nights. I hope this is still useful.

What I attach is my program Vizcacha (pipsqueak version). I will not publish the tournament administrator version here, but I have e-mailed it to Duplode. You can also e-mail me and ask for it. The program still needs some work, but already does the trick. It inhibits the "Continue Driving" and "Load RPL" options. Please do try it and tell me how it works, report bugs or suggest anything if you're interested. Thank you all for working so hard for Stunts :)  I hope my little contribution is worth it!
Title: Re: I think I resolved the old NORH problem
Post by: zaqrack on August 15, 2009, 02:59:55 PM
this really does sound promising!

As Duplode is on holidays, could you please also send me the admin version? I'll do some tests - and if it works, 2010 will mark the start of a new era in Stunts :)
Title: Re: I think I resolved the old NORH problem
Post by: zaqrack on August 15, 2009, 04:16:18 PM
As Duplode is on holidays, could you please also send me the admin version?

No, Zak is stupid, Dottore is on holidays, Duplode is not. Anyways I would be glad to help testing.

Zak
Title: Re: I think I resolved the old NORH problem
Post by: CTG on August 15, 2009, 07:57:37 PM
Does that mean no more RH competitions? If yes... well, I'm out forever. And who knows, maybe somebody can hack this method too.
Title: Re: I think I resolved the old NORH problem
Post by: Duplode on August 15, 2009, 08:06:17 PM
Does that mean no more RH competitions? If yes... well, I'm out forever.

Because you dislike NoRH? But you always took part, even if only sporadically, in NoRH races...
Due to lack of time? But isn't it true that RH optimization can potentially eat much more time than NoRH retries? (even if it is easier to make a listfiller with RH, for obvious reasons)
Anyway, I guess that if this method succeeds it won't take long for someone to make a RH contest out of nostalgia. And I always thought RH racing has some value in itself as a valid modality  :)

Title: Re: I think I resolved the old NORH problem
Post by: Chulk on August 15, 2009, 08:25:42 PM
Nice contribution Cas!

But let me see if I got it right... The program inhibits "Continue Driving" and "Load replay" options.
Does that shows in .rpl file somehow? Else, problem is the same, trusting in a pipsqueak X (not the one in Speed pipsqueak) is using Vizcacha...
Title: Re: I think I resolved the old NORH problem
Post by: Cas on August 16, 2009, 04:16:23 AM
People. Before anything else, here I'm posting Vizcacha 1.1. I have to return this computer today (I borrowed it) and I won't be able to work or run Stunts for some weeks until I get another computer. I will be able to get in touch through e-mail and the forum, though, from cyber cafés. For this reason, yesterday night I worked hard to correct a problem Vizcacha 1.0 had and now I can say it seems to be perfectly safe. If you find any bug, please let me know. What I'm posting is the rays-R version. Please, both TAs and rays-Rs, test it, test it, test it!

Zak:  I will be glad to send you the TA (tournament administrator) version, but I need your e-mail address. I can't post it right here. I don't know if I can send it with a private message here. I'll try to. Otherwise, my secondary e-mail address in the DOC file included with this package and I will post you my primary e-mail address through private message too.

CTG:  I reckon RH racings will never be over. Personally, I enjoy more racing with RH, because it's the way I first learnt to be in a Stunts competition, with Paleke's WSC, but now there will ALSO be true NORH verified tournaments!  As soon as I can get a computer when I can run Stunts again, I will open a NORH+NOSHCT (No shortcut) competition :D ... but I don't think I'll be good at racing in it... ha, ha

Chulk:  Vizcacha inhibits both Continue Driving and Load Replay options only if you start Stunts from within the Vizcacha system. Only if it succeeds to detect and hook Stunts, any replay saved during the Stunts session will be automatically modified by Vizcacha, adding an encoded signature that can be verified by TAs with an application included in their package. Any further modification on the file will cause the verification to fail. You will notice that, with Vizcacha 1.0, there is a cheat pipsqueaks can do to get RH replays certified, but this is no problem now, since Vizcacha 1.1 uses a different certification encoding and won't accept older certifications on replays!
Title: Re: I think I resolved the old NORH problem
Post by: zaqrack on August 16, 2009, 02:46:30 PM
I might be the one doing something wrong, but vizcacha 1.1 always reports to me, that no replay handling was used, whatever I do with the replay. :(

Also, Vizcacha displays an error when run from Windows XP dos emulation, and no replays are signed. (some pipsqueaks still use this way instead of dosbox). The displayed message (after exiting Stunts) is:

Code: [Select]
Hooking finished successfully

Status reported = 2Fh (main target reached)
In case of any problem, please report the above info to Cas

Illegal function call in line No line number in module VBIG at address 177F:0993

Hit any key to return to system

I have also noticed, that VC appends its data - including the pipsqueak name to the end of the RPL file.
Some questions:

- I understand vizcacha include some kind of verification string/byte. Is this based on the replay data, so that an invalid replay cannot be made valid by simply adding copying the vizcacha code to the end in a hex editor? I guess it does, if not, it is highly required for security.
- is the added vizcacha code fixed in length (I see the pipsqueak name code length is not depending on the name)? That would be very important, as ZakStunts php code calculates the achieved time from the replay file size.

In the logner term some useful developments:
- VCV checking every replay in a directory by one command
- merging rplinfo and viscacha code
- php version of viscacha code, for online validity check


Thanks for the great job you are doing!
zak
Title: Re: I think I resolved the old NORH problem
Post by: Cas on August 18, 2009, 02:55:30 AM
Zak, what you tell me is intriguing. The error you're getting must be based on something that does not happen on the computer I was trying Vizcacha from, since I did try the program under XP's DOS emulation. I will need to send you an auto-debug version so that it reports more details on the error, as I cannot generate it from here. Also, I have had to return the computer I had been lent, so that make take some days. In the meantime, please continue to look for bugs or give ideas.
I also realized of a problem while I was about to fall asleep yesterday night. I protected the menus against keyboard action, but not against the mouse!  Please test both separately and tell me what happens, as I can't test Stunts for now. It is very easy to fix this problem, but I need a computer other than at the cyber café. To begin, I can simply get Vizcacha to disable the mouse completely and then with some little more time, I can make a neat protection against menu selection with that device.
It is true. Vizcacha writes the data at the end of the RPL file. Old VC 1.0 would append 30 bytes. VC 1.1 appends a fixed-length 32 bytes field. You can use this info to calculate the RPL time. I left the pipsqueak name not-encrypted on purpose. VC will know if it is modified and will say it is, but if I encrypted with the same code as the rest of the data, the encoding may be easier to make out. That's why I left it visible. Anyway, even if the pipsqueak changes the name, the rest of the data is the important thing, as you know who you receive the RPL from. Still, I can strengthen the encryption system easily. I haven't learnt PHP, but I guess an implementation of VCV only (the verifier) must be easy to accomplish. It would be very important that the decryption code could not be reached from online. I know that is OK with PHP.
What I'm most concerned about is what you say about it always reporting no replay handling was used. I guess what is happening is this: VC 1.1 is running properly and therefore assumes you were unable to use RH. You use Stunts fully with the mouse so you have not even had a problem with VC to do RH. If you tried to do it with the keyboard, you would see you would not be able to. Please let me konw if I'm right. If that is the case, all I have to do is fix the mouse problem.
Thanks very much for testing :)  I will continue to work on it as soon as I can
Title: Re: I think I resolved the old NORH problem
Post by: Chulk on August 18, 2009, 05:54:37 AM
I still don't get it... I f I send a replay I did with RH, can Vizcacha know that? I know running the game "under" Vizcacha does not allow "Continue Driving" or "Load replay", but what happens if I race the game without using Vizcacha?
Title: Re: I think I resolved the old NORH problem
Post by: BonzaiJoe on August 18, 2009, 09:40:44 AM
I still don't get it... I f I send a replay I did with RH, can Vizcacha know that? I know running the game "under" Vizcacha does not allow "Continue Driving" or "Load replay", but what happens if I race the game without using Vizcacha?

The replay will not have the encoded signature that renders it valid for the competition. The Competition Manager will be able to check this with the Competition Manager version of the application.
Title: Re: I think I resolved the old NORH problem
Post by: Duplode on August 19, 2009, 06:39:43 AM
Finally I got to test Vizcacha. I did it in a bit of a haste, so hopefully I didn't forget anything important. I'm running DOSBox 0.72 under Fedora 10. I just unpacked Vizcacha into my Stunts folder and booted DOSBox from that folder. Vizcacha boots fine (after exiting Stunts I didn't get the "Illegal function call" Zak reported, so that is likely an issue specific to XP DOS emulator. I got the 2Fh "confirmation" message, though, as I suppose it was meant to be). Vizcacha, however, was not stopping me from using RH - all relevant menu options everywhere remained active. After I exited Stunts (as Vizcacha signs replays on exiting the program, and not when saving RPLs), the replays get properly signed - and, as Zak reported, regardless of RH usage, as Vizcacha isn't preventing that. The issue does not seem to have to do with mouse usage, as I used keyboard for all operations, even "locking" mouse input on DOSBox with Ctrl+F10, and the problem remained. I also tried using the 1.0 version, and the results were the same.

Therefore, it seems the "hooks" aren't behaving properly with emulated DOS systems (I assume you (Cas) developed Vizcacha in (pure) FreeDOS). Debugging that will probably require some beta-helpers... as for me, feel free to keep sending me revisions, Cas, and I'll check them ASAP  ;)

PS.: The discussions on the signature of the replays clear my main initial doubt about the method, as the .RPL signature is clearly the weakest link in terms of accessibility to eventual cheaters.
Title: Re: I think I resolved the old NORH problem
Post by: Cas on August 19, 2009, 07:31:04 AM
Yeah, the method can be enhanced easily, to make it safer. What I'm most concerned about now is the fact that it allowing even with the keyboard to access the menu options. It is OK that the replays get signed anyway, because of the way it's programmed. I did test Vizcacha under FreeDOS, DOSBox under Windows XP and pure Windows XP window. Vizcacha worked in the three cases. I am not sure about the last one with Vizcacha 1.1, though, but the Illegal Function Call can be fixed. So the problem is not about the environment, but on how Stunts is being loaded in each computer. I will need write write a probe application that will give you instructions such as "Go to the Continue Driving option now and press ENTER" or "Get into the Options menu now and press SPACE". It appears that Stunts not always sorts the code in memory in the same way. Thanks for testing this.

If you guys have the chance to test Vizcacha, just in case, under FreeDOS, with a live CD, I will appreciate your reporting what happens. Now I have to go back to job seeking in Wellington, New Zealand. It's pretty hard and I've been dropping CVs even in like five cafés!  Once I get a job, I can buy a computer and continue to work. I'm running out of savings now.
Title: Re: I think I resolved the old NORH problem
Post by: Cas on September 08, 2009, 05:26:21 PM
I finally got a job here in New Zealand and I have been able to buy my new computer!   :) Now, I have started to work on Vizcacha again. Also, I had the chance to test it in this other computer and saw with my own eyes what was happening. Vizcacha did exactly what you guys reported, so I analysed the code Stunts loads in memory and I found it has a completely different layout depending on the system. I'm surprised that it worked on two different software environments on the other computer. ::)
I have to say, it's pretty hard to do the trick with this variation  :-\, but I wanted to let you know I'm working on it now again and I have already found the addresses. I will post a new test version as soon as I get it to stop crashing  8)
Title: Re: I think I resolved the old NORH problem
Post by: zaqrack on September 09, 2009, 08:32:12 AM
great!

I'll try to help you testing within the limits my free time allows.

how do you like New Zealand? I always wanted to go there...
Title: Re: I think I resolved the old NORH problem
Post by: Cas on September 17, 2009, 05:02:18 AM
Phew... finally, I got Vizcacha working again. I had to rewrite it and now there are so difficulties, but I just sent a beta version to be tested. I'll post the pipsqueak version here probably tonight or tomorrow... it's just I'm not sure it will always work.
I have some things in mind to change completely the way it works, ensuring it will be easy for every system to support Vizcacha. But that takes some time, so I hope this version will do the basic job. If it does work, with a couple of touches, I can turn it into a new full version until I develop the other method.
New Zealand is a nice place. It is very safe!  I'm used to so much insecurity in my country and now I feel much better. There are some problems, though, like everywhere. Most activities are closed quite early in the day, for example. But it is really a very enjoyable thing to be here, as I get to know people from everywhere. NZ is certainly worth a visit! :)
Title: Re: I think I resolved the old NORH problem
Post by: Duplode on September 17, 2009, 06:00:40 AM
Hello again Cas!

I did a quick test on my system (Fedora 11, DOSBox 0.73), and Vizcacha reports "no driver activity"/"1Fh (Stunts not found in memory)". In-game, the RH menu commands work normally and the replays aren't signed. I retried a couple times to see whether it wasn't some transitory issue, but results were always the same. Most likely you already expected that, as you mentioned on the e-mail having trouble making it work under Ubuntu. Right now I can't check a Windows system; I attempted, however, to launch Vizcacha from a Win32 DOSBox instalation running on Wine. Surprisingly enough (or not, as I don't know enough to evaluate the results), it fails to work exactly like the Linux version. I will report further if I get to test it under WinXP eventually...
Title: Re: I think I resolved the old NORH problem
Post by: Cas on September 17, 2009, 02:09:01 PM
Yeah, I expected DOSBox to fail. Of course, this does not mean I'm going to be OK with Vizcacha only working under pure DOS and windows, but it would be useful if you had a live CD of FreeDOS to boot with and try it as well, because with FreeDOS it works on my computer. If it also does in yours, I will know that it's the system only and not the computer which causes the incompatibility.
I have been thinking of changing entirely the way Vizcacha loads the driver. There is a problem with a variable, that sometimes is there and sometimes is not. It's no easy task to hack Stunts. Also, I am concerned with the stunts_k program. I fear it may interfere with Vizcacha, because it does a similar job. In the future, once I get the Vizcacha working, I may try to embed stunts_k into it, to make it more stable.
Another thing: when I run Stunts under DOSBox in Ubuntu, I can't use the arrow keys. I have to activate number-lock and use the letter keys instead. Does this same thing happen to you under Fedora?  Do you know how to solve it?  ???
Title: Re: I think I resolved the old NORH problem
Post by: CTG on May 11, 2012, 05:43:18 PM
Does it already work?
Title: Re: I think I resolved the old NORH problem
Post by: CTG on October 21, 2014, 08:35:03 AM
Well, I'm afraid you did not resolve the old noRH problem. ::) :D
Title: Re: I think I resolved the old NORH problem
Post by: Vector on March 05, 2015, 01:56:19 PM
Well- i am always noRH, it is terrible.
Title: Re: I think I resolved the old NORH problem
Post by: Marco on March 05, 2015, 04:57:50 PM
Hey what has happen here? ... I red 2009 posts thinking that they were from 2015 ... Ohh noooo.
Title: Re: I think I resolved the old NORH problem
Post by: Cas on March 07, 2015, 10:36:07 PM
Ha, ha... yes... sadly, this project didn't work as expected at that time. I'll probably try facing it a different way in the near future. I really thought I had resolved it back then :(