Author Topic: I think I resolved the old NORH problem  (Read 6265 times)

Cas

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Dimioca Labs
I think I resolved the old NORH problem
« on: August 15, 2009, 11:40:36 AM »
Guys, I've been lost for so long that I don't know if there's already anything better... there's so much I have to read!  I think you were using videos to verify the NORH races so far and that had some problems, like you could not run Stunts from pure DOS and that you might edit the videos... whatever. Today, I believe, I have found a simple solution to prove that a replay was recorded without RH. The idea came to me several years ago, but it seemed too complicated to accomplish. Now I'm surprised I've solved most of it in four nights. I hope this is still useful.

What I attach is my program Vizcacha (pipsqueak version). I will not publish the tournament administrator version here, but I have e-mailed it to Duplode. You can also e-mail me and ask for it. The program still needs some work, but already does the trick. It inhibits the "Continue Driving" and "Load RPL" options. Please do try it and tell me how it works, report bugs or suggest anything if you're interested. Thank you all for working so hard for Stunts :)  I hope my little contribution is worth it!
Earth is my country. Science is my religion.

zaqrack

  • Administrator
  • Addicted to spam
  • *****
  • Posts: 4527
    • View Profile
    • ZakStunts
Re: I think I resolved the old NORH problem
« Reply #1 on: August 15, 2009, 02:59:55 PM »
this really does sound promising!

As Duplode is on holidays, could you please also send me the admin version? I'll do some tests - and if it works, 2010 will mark the start of a new era in Stunts :)

zaqrack

  • Administrator
  • Addicted to spam
  • *****
  • Posts: 4527
    • View Profile
    • ZakStunts
Re: I think I resolved the old NORH problem
« Reply #2 on: August 15, 2009, 04:16:18 PM »
As Duplode is on holidays, could you please also send me the admin version?

No, Zak is stupid, Dottore is on holidays, Duplode is not. Anyways I would be glad to help testing.

Zak

CTG

  • Spam, egg, spam, spam, bacon and spam
  • *
  • Posts: 20048
  • Psycho
    • View Profile
    • UnskilledStunts Championship
Re: I think I resolved the old NORH problem
« Reply #3 on: August 15, 2009, 07:57:37 PM »
Does that mean no more RH competitions? If yes... well, I'm out forever. And who knows, maybe somebody can hack this method too.

Duplode

  • Considering trying out spam
  • *******
  • Posts: 3409
  • Through the astral door - to soar
    • View Profile
    • The Southern Cross Stunts Trophy
Re: I think I resolved the old NORH problem
« Reply #4 on: August 15, 2009, 08:06:17 PM »
Does that mean no more RH competitions? If yes... well, I'm out forever.

Because you dislike NoRH? But you always took part, even if only sporadically, in NoRH races...
Due to lack of time? But isn't it true that RH optimization can potentially eat much more time than NoRH retries? (even if it is easier to make a listfiller with RH, for obvious reasons)
Anyway, I guess that if this method succeeds it won't take long for someone to make a RH contest out of nostalgia. And I always thought RH racing has some value in itself as a valid modality  :)


Chulk

  • Trying out spam for the first time
  • ********
  • Posts: 3621
  • "Do, or do not. There is no try."
    • View Profile
Re: I think I resolved the old NORH problem
« Reply #5 on: August 15, 2009, 08:25:42 PM »
Nice contribution Cas!

But let me see if I got it right... The program inhibits "Continue Driving" and "Load replay" options.
Does that shows in .rpl file somehow? Else, problem is the same, trusting in a pipsqueak X (not the one in Speed pipsqueak) is using Vizcacha...
There's a General Custer for every urban tribe

Cas

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Dimioca Labs
Re: I think I resolved the old NORH problem
« Reply #6 on: August 16, 2009, 04:16:23 AM »
People. Before anything else, here I'm posting Vizcacha 1.1. I have to return this computer today (I borrowed it) and I won't be able to work or run Stunts for some weeks until I get another computer. I will be able to get in touch through e-mail and the forum, though, from cyber cafés. For this reason, yesterday night I worked hard to correct a problem Vizcacha 1.0 had and now I can say it seems to be perfectly safe. If you find any bug, please let me know. What I'm posting is the rays-R version. Please, both TAs and rays-Rs, test it, test it, test it!

Zak:  I will be glad to send you the TA (tournament administrator) version, but I need your e-mail address. I can't post it right here. I don't know if I can send it with a private message here. I'll try to. Otherwise, my secondary e-mail address in the DOC file included with this package and I will post you my primary e-mail address through private message too.

CTG:  I reckon RH racings will never be over. Personally, I enjoy more racing with RH, because it's the way I first learnt to be in a Stunts competition, with Paleke's WSC, but now there will ALSO be true NORH verified tournaments!  As soon as I can get a computer when I can run Stunts again, I will open a NORH+NOSHCT (No shortcut) competition :D ... but I don't think I'll be good at racing in it... ha, ha

Chulk:  Vizcacha inhibits both Continue Driving and Load Replay options only if you start Stunts from within the Vizcacha system. Only if it succeeds to detect and hook Stunts, any replay saved during the Stunts session will be automatically modified by Vizcacha, adding an encoded signature that can be verified by TAs with an application included in their package. Any further modification on the file will cause the verification to fail. You will notice that, with Vizcacha 1.0, there is a cheat pipsqueaks can do to get RH replays certified, but this is no problem now, since Vizcacha 1.1 uses a different certification encoding and won't accept older certifications on replays!
« Last Edit: August 16, 2009, 06:44:48 AM by Cas »
Earth is my country. Science is my religion.

zaqrack

  • Administrator
  • Addicted to spam
  • *****
  • Posts: 4527
    • View Profile
    • ZakStunts
Re: I think I resolved the old NORH problem
« Reply #7 on: August 16, 2009, 02:46:30 PM »
I might be the one doing something wrong, but vizcacha 1.1 always reports to me, that no replay handling was used, whatever I do with the replay. :(

Also, Vizcacha displays an error when run from Windows XP dos emulation, and no replays are signed. (some pipsqueaks still use this way instead of dosbox). The displayed message (after exiting Stunts) is:

Code: [Select]
Hooking finished successfully

Status reported = 2Fh (main target reached)
In case of any problem, please report the above info to Cas

Illegal function call in line No line number in module VBIG at address 177F:0993

Hit any key to return to system

I have also noticed, that VC appends its data - including the pipsqueak name to the end of the RPL file.
Some questions:

- I understand vizcacha include some kind of verification string/byte. Is this based on the replay data, so that an invalid replay cannot be made valid by simply adding copying the vizcacha code to the end in a hex editor? I guess it does, if not, it is highly required for security.
- is the added vizcacha code fixed in length (I see the pipsqueak name code length is not depending on the name)? That would be very important, as ZakStunts php code calculates the achieved time from the replay file size.

In the logner term some useful developments:
- VCV checking every replay in a directory by one command
- merging rplinfo and viscacha code
- php version of viscacha code, for online validity check


Thanks for the great job you are doing!
zak
« Last Edit: August 16, 2009, 02:51:48 PM by zaqrack »

Cas

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Dimioca Labs
Re: I think I resolved the old NORH problem
« Reply #8 on: August 18, 2009, 02:55:30 AM »
Zak, what you tell me is intriguing. The error you're getting must be based on something that does not happen on the computer I was trying Vizcacha from, since I did try the program under XP's DOS emulation. I will need to send you an auto-debug version so that it reports more details on the error, as I cannot generate it from here. Also, I have had to return the computer I had been lent, so that make take some days. In the meantime, please continue to look for bugs or give ideas.
I also realized of a problem while I was about to fall asleep yesterday night. I protected the menus against keyboard action, but not against the mouse!  Please test both separately and tell me what happens, as I can't test Stunts for now. It is very easy to fix this problem, but I need a computer other than at the cyber café. To begin, I can simply get Vizcacha to disable the mouse completely and then with some little more time, I can make a neat protection against menu selection with that device.
It is true. Vizcacha writes the data at the end of the RPL file. Old VC 1.0 would append 30 bytes. VC 1.1 appends a fixed-length 32 bytes field. You can use this info to calculate the RPL time. I left the pipsqueak name not-encrypted on purpose. VC will know if it is modified and will say it is, but if I encrypted with the same code as the rest of the data, the encoding may be easier to make out. That's why I left it visible. Anyway, even if the pipsqueak changes the name, the rest of the data is the important thing, as you know who you receive the RPL from. Still, I can strengthen the encryption system easily. I haven't learnt PHP, but I guess an implementation of VCV only (the verifier) must be easy to accomplish. It would be very important that the decryption code could not be reached from online. I know that is OK with PHP.
What I'm most concerned about is what you say about it always reporting no replay handling was used. I guess what is happening is this: VC 1.1 is running properly and therefore assumes you were unable to use RH. You use Stunts fully with the mouse so you have not even had a problem with VC to do RH. If you tried to do it with the keyboard, you would see you would not be able to. Please let me konw if I'm right. If that is the case, all I have to do is fix the mouse problem.
Thanks very much for testing :)  I will continue to work on it as soon as I can
Earth is my country. Science is my religion.

Chulk

  • Trying out spam for the first time
  • ********
  • Posts: 3621
  • "Do, or do not. There is no try."
    • View Profile
Re: I think I resolved the old NORH problem
« Reply #9 on: August 18, 2009, 05:54:37 AM »
I still don't get it... I f I send a replay I did with RH, can Vizcacha know that? I know running the game "under" Vizcacha does not allow "Continue Driving" or "Load replay", but what happens if I race the game without using Vizcacha?
There's a General Custer for every urban tribe

BonzaiJoe

  • Spam, egg, spam, spam, bacon and spam
  • *
  • Posts: 5082
    • View Profile
    • Purple
Re: I think I resolved the old NORH problem
« Reply #10 on: August 18, 2009, 09:40:44 AM »
I still don't get it... I f I send a replay I did with RH, can Vizcacha know that? I know running the game "under" Vizcacha does not allow "Continue Driving" or "Load replay", but what happens if I race the game without using Vizcacha?

The replay will not have the encoded signature that renders it valid for the competition. The Competition Manager will be able to check this with the Competition Manager version of the application.
But we can't be quite sure.


Duplode

  • Considering trying out spam
  • *******
  • Posts: 3409
  • Through the astral door - to soar
    • View Profile
    • The Southern Cross Stunts Trophy
Re: I think I resolved the old NORH problem
« Reply #11 on: August 19, 2009, 06:39:43 AM »
Finally I got to test Vizcacha. I did it in a bit of a haste, so hopefully I didn't forget anything important. I'm running DOSBox 0.72 under Fedora 10. I just unpacked Vizcacha into my Stunts folder and booted DOSBox from that folder. Vizcacha boots fine (after exiting Stunts I didn't get the "Illegal function call" Zak reported, so that is likely an issue specific to XP DOS emulator. I got the 2Fh "confirmation" message, though, as I suppose it was meant to be). Vizcacha, however, was not stopping me from using RH - all relevant menu options everywhere remained active. After I exited Stunts (as Vizcacha signs replays on exiting the program, and not when saving RPLs), the replays get properly signed - and, as Zak reported, regardless of RH usage, as Vizcacha isn't preventing that. The issue does not seem to have to do with mouse usage, as I used keyboard for all operations, even "locking" mouse input on DOSBox with Ctrl+F10, and the problem remained. I also tried using the 1.0 version, and the results were the same.

Therefore, it seems the "hooks" aren't behaving properly with emulated DOS systems (I assume you (Cas) developed Vizcacha in (pure) FreeDOS). Debugging that will probably require some beta-helpers... as for me, feel free to keep sending me revisions, Cas, and I'll check them ASAP  ;)

PS.: The discussions on the signature of the replays clear my main initial doubt about the method, as the .RPL signature is clearly the weakest link in terms of accessibility to eventual cheaters.

Cas

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Dimioca Labs
Re: I think I resolved the old NORH problem
« Reply #12 on: August 19, 2009, 07:31:04 AM »
Yeah, the method can be enhanced easily, to make it safer. What I'm most concerned about now is the fact that it allowing even with the keyboard to access the menu options. It is OK that the replays get signed anyway, because of the way it's programmed. I did test Vizcacha under FreeDOS, DOSBox under Windows XP and pure Windows XP window. Vizcacha worked in the three cases. I am not sure about the last one with Vizcacha 1.1, though, but the Illegal Function Call can be fixed. So the problem is not about the environment, but on how Stunts is being loaded in each computer. I will need write write a probe application that will give you instructions such as "Go to the Continue Driving option now and press ENTER" or "Get into the Options menu now and press SPACE". It appears that Stunts not always sorts the code in memory in the same way. Thanks for testing this.

If you guys have the chance to test Vizcacha, just in case, under FreeDOS, with a live CD, I will appreciate your reporting what happens. Now I have to go back to job seeking in Wellington, New Zealand. It's pretty hard and I've been dropping CVs even in like five cafés!  Once I get a job, I can buy a computer and continue to work. I'm running out of savings now.
Earth is my country. Science is my religion.

Cas

  • Stunts Master
  • *
  • Posts: 160
    • View Profile
    • Dimioca Labs
Re: I think I resolved the old NORH problem
« Reply #13 on: September 08, 2009, 05:26:21 PM »
I finally got a job here in New Zealand and I have been able to buy my new computer!   :) Now, I have started to work on Vizcacha again. Also, I had the chance to test it in this other computer and saw with my own eyes what was happening. Vizcacha did exactly what you guys reported, so I analysed the code Stunts loads in memory and I found it has a completely different layout depending on the system. I'm surprised that it worked on two different software environments on the other computer. ::)
I have to say, it's pretty hard to do the trick with this variation  :-\, but I wanted to let you know I'm working on it now again and I have already found the addresses. I will post a new test version as soon as I get it to stop crashing  8)
Earth is my country. Science is my religion.

zaqrack

  • Administrator
  • Addicted to spam
  • *****
  • Posts: 4527
    • View Profile
    • ZakStunts
Re: I think I resolved the old NORH problem
« Reply #14 on: September 09, 2009, 08:32:12 AM »
great!

I'll try to help you testing within the limits my free time allows.

how do you like New Zealand? I always wanted to go there...