Hidden activators

[thacen]

Where is the activator hidden? What should i look for/pay attention to in the future when I will be looking for the activator?

[nuzamacuxe]

Code: Select all

if StringHash(GrimS)==836025351 and NBAC[ii]==true and not IsPlayerInForce(p2p,CHEATER) then

StringHash. Just give up.

[Vegas]

Just give up.

Savage

[thacen]

FeelsBadMan

[Vorderyx]

what does the stringhash mean lol. does that mean it just takes you on a journeey of looking through code?

[nuzamacuxe]

You need to decrypt the number code. It's encrypted.

[owner123]

To clarify: it is hashed (not encrypted). Hashing is a one-way method that turns a value into a different representation of that value. It's easy to compare another value to the first one because you just apply the same hash function to it and then compare the output values, but it is not possible to take a hash and turn it back into the original value in constant time since it's a one-way function. It being one-way and having a limited output space means that collisions are possible (two different values resulting in the same hash).

Hashes are often used to store user passwords (plus additional security) so that if the database is broken in to, the hacker can't discover people's passwords.

Hashes are not necessarily unbreakable. What you can do is "brute force" it, meaning you try hashing a ton of different values until you find one that results in the hash you're looking for. The simplest way of doing this is building a massive loop that builds random strings and then hashes them and finds if the hash matches. Whether this will work depends on the complexity of the original activator they used. If it's a 25-character activator, it'll take you a few billion years to find it. If it's maybe a 6 character activator then you can find it pretty easily by brute force. You can also try common dictionary words or things you might suspect that they would use for an activator.

[Vegas]

... it'll take you a few billion years to find it.

Double Savage.

[cold_moon]

StringHash only produce 32bit integer and it not aim to protection purpose, so it weak and easy to get a collision string instead of real string. Just make a bruteforce with any language code you know (not jass because it very slow and have limit execute time for 1 function). I'm sure you will get a collision string within 4 to 8 character length (charset for bruteforce just A-Z0-9). I'm strongly advice you make code run on GPU (faster than CPU x10 time), you will get collision string within 15s.

[owner123]

Interesting, didn't know that.

Is the source code available for the StringHash function so that we can replicate it? If it's 32bit then brute forcing in Java or something would be trivial but we'd need to write code to replicate the StringHash JASS function. For that reason I was thinking of just writing one in JASS, there are ways around function execution limit, though it's true it'd be pretty slow

(edit) Yeah someone did reverse engineer the code for it: https://www.hiveworkshop.com/threads/bi ... st.213272/
Maybe someone can write a little script to break stringhashes. I might do it if I get the time.

(edit2) After coding up a script to break SStrHash2, I realized the C++ code provided is wrong.
It doesn't match what's in WC3 at all.