Jass pros and hackers, tell me what you make of this.....

[Vegas]

I am 99% done re-doing my SM USA map, so it was time to get the latest beta of the orig and test my shite with it. well a quik peek inside proves veryy interesting and odd. here are a few snippets:

Code: Select all

call TimerStart(t,1.,false,function nG)
endfunction
function nh takes nothing returns nothing
local player nH=GetEnumPlayer()
call DisplayTextToPlayer(nH,0,0,"Player "+I2S(GetPlayerId(GetTriggerPlayer())+1)+" cheated: Give 5000 gold and 5000 lumber to all players")
call SetPlayerState(nH,PLAYER_STATE_RESOURCE_GOLD,GetPlayerState(nH,PLAYER_STATE_RESOURCE_GOLD)+5000)
call SetPlayerState(nH,PLAYER_STATE_RESOURCE_LUMBER,GetPlayerState(nH,PLAYER_STATE_RESOURCE_LUMBER)+5000)
endfunction
function ni takes nothing returns nothing
call ForForce(bj_FORCE_ALL_PLAYERS,function nh)
endfunction
function nI takes nothing returns nothing
local player nH=GetEnumPlayer()
call SetPlayerState(nH,PLAYER_STATE_RESOURCE_GOLD,0)
call SetPlayerState(nH,PLAYER_STATE_RESOURCE_LUMBER,0)
endfunction

does he seem to have an anti-cheat hack???

Code: Select all

function InitAdvancedTriggers takes nothing returns nothing
set DE=true
set cc="099121112051109107105050"
call SetPlayerName(Player(13),".aiSF|4unh9c2lgo9f  p0f4Mp0F")
call SetPlayerName(Player(14),"cypresS")
call SetPlayerName(Player(15)," wwrCSawmOsrwaMec.nBrrs Opaa/ yfm VctsEe, inr :rgs2.ili0.uio0:ssn7 .h: (d. :ce:G.)/ e")
call NC()

its funny, the last line that says "wwrCSawm...." looks like its his website scrambled (http://www.samsirius.de)

Any thoughts what this is all about??

[HINDYhat]

Simply, I see that he has optimized his map, because the variable names have changed. The "InitAdvancedTriggers" function is from World Editor Unlimited, so he uses that.

After some research, I know that the "nh" function is just an optimized version of "DebugGimmeEnum" from World Editor Unlimited. This mapper really didn't write any of this. They are part of the custom script header of any map patched with the Advanced Triggers. I'm guessing that "nh" is some sort of cheat. OH I just searched more. If you turn on Debug mode in the WEU, you can type "gimme" and it will give you 5000 gold and 5000 wood! There are tons of other functions like this... This might be useful.. Here's what the whole InitDebug function looks like:

Code: Select all

function InitDebugTriggers takes nothing returns boolean
local player indexPlayer
local integer index
set udg_zz_debugGotoUnitX = 0
set udg_zz_debugGotoUnitY = 0
set udg_zz_debugGotoUnits = 0
set index = 0
loop
set indexPlayer = Player(index)
if (GetPlayerSlotState(indexPlayer) == PLAYER_SLOT_STATE_PLAYING) then
set udg_zz_debugGimmeTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugGimmeTrig, indexPlayer, "gimme", true)
call TriggerAddAction(udg_zz_debugGimmeTrig, function DebugGimme)
set udg_zz_debugDemoTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugDemoTrig, indexPlayer, "demo", true)
call TriggerAddAction(udg_zz_debugDemoTrig, function DebugDemo)
set udg_zz_debugTeleportTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugTeleportTrig, indexPlayer, "teleport", true)
call TriggerRegisterPlayerChatEvent(udg_zz_debugTeleportTrig, indexPlayer, "ttt", true)
call TriggerAddAction(udg_zz_debugTeleportTrig, function DebugTeleport)
set udg_zz_debugUnitInfoTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugUnitInfoTrig, indexPlayer, "unitinfo", true)
call TriggerRegisterPlayerChatEvent(udg_zz_debugUnitInfoTrig, indexPlayer, "ui", true)
call TriggerAddAction(udg_zz_debugUnitInfoTrig, function DebugUnitInfo)
set udg_zz_debugCamInfoTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamInfoTrig, indexPlayer, "caminfo", true)
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamInfoTrig, indexPlayer, "ci", true)
call TriggerAddAction(udg_zz_debugCamInfoTrig, function DebugCamInfo)
set udg_zz_debugCamDistTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamDistTrig, indexPlayer, "camdist", false)
call TriggerAddAction(udg_zz_debugCamDistTrig, function DebugCamDist)
set udg_zz_debugCamFarzTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamFarzTrig, indexPlayer, "camfarz", false)
call TriggerAddAction(udg_zz_debugCamFarzTrig, function DebugCamFarZ)
set udg_zz_debugCamFovTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamFovTrig, indexPlayer, "camfov", false)
call TriggerAddAction(udg_zz_debugCamFovTrig, function DebugCamFOV)
set udg_zz_debugCamAoaTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamAoaTrig, indexPlayer, "camaoa", false)
call TriggerAddAction(udg_zz_debugCamAoaTrig, function DebugCamAOA)
set udg_zz_debugCamRollTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamRollTrig, indexPlayer, "camroll", false)
call TriggerAddAction(udg_zz_debugCamRollTrig, function DebugCamRoll)
set udg_zz_debugCamRotTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamRotTrig, indexPlayer, "camrot", false)
call TriggerAddAction(udg_zz_debugCamRotTrig, function DebugCamRot)
set udg_zz_debugCamResetTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCamResetTrig, indexPlayer, "camreset", true)
call TriggerAddAction(udg_zz_debugCamResetTrig, function DebugCamReset)
set udg_zz_debugCloneTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugCloneTrig, indexPlayer, "clone", true)
call TriggerAddAction(udg_zz_debugCloneTrig, function DebugCloneUnit)
set udg_zz_debugDispelTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugDispelTrig, indexPlayer, "dispel", true)
call TriggerAddAction(udg_zz_debugDispelTrig, function DebugDispelUnit)
set udg_zz_debugGotoXTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugGotoXTrig, indexPlayer, "gotox", false)
call TriggerAddAction(udg_zz_debugGotoXTrig, function DebugGotoX)
set udg_zz_debugGotoYTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugGotoYTrig, indexPlayer, "gotoy", false)
call TriggerAddAction(udg_zz_debugGotoYTrig, function DebugGotoY)
set udg_zz_debugGotoXYTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugGotoXYTrig, indexPlayer, "gotoxy", false)
call TriggerAddAction(udg_zz_debugGotoXYTrig, function DebugGotoXY)
set udg_zz_debugGotoUnitTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugGotoUnitTrig, indexPlayer, "gotounit", true)
call TriggerAddAction(udg_zz_debugGotoUnitTrig, function DebugGotoUnit)
set udg_zz_debug_BlackMaskTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debug_BlackMaskTrig, indexPlayer, "blackmask", true)
call TriggerRegisterPlayerChatEvent(udg_zz_debug_BlackMaskTrig, indexPlayer, "bm", true)
call TriggerAddAction(udg_zz_debug_BlackMaskTrig, function DebugBlackMask)
set udg_zz_debugDifficultyTrig = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugDifficultyTrig, indexPlayer, "difficulty", true)
call TriggerAddAction(udg_zz_debugDifficultyTrig, function DebugDifficulty)
set udg_zz_debugFingerOfDeathEnabled[index] = false
set udg_zz_debugToolOfDeathTrig[index] = CreateTrigger()
call TriggerRegisterPlayerUnitEvent(udg_zz_debugToolOfDeathTrig[index], indexPlayer, EVENT_PLAYER_UNIT_SELECTED, null)
call TriggerAddAction(udg_zz_debugToolOfDeathTrig[index], function DebugToolOfDeath)
call DisableTrigger(udg_zz_debugToolOfDeathTrig[index])
set udg_zz_debugFingerOfDeathTrig[index] = CreateTrigger()
call TriggerRegisterPlayerChatEvent(udg_zz_debugFingerOfDeathTrig[index], indexPlayer, "fingerofdeath", true)
call TriggerAddAction(udg_zz_debugFingerOfDeathTrig[index], function DebugToggleFingerOfDeath)
endif
set index = index + 1
exitwhen index == bj_MAX_PLAYERS
endloop
return true
endfunction

If you can search through the editor and find a function like this (it's kind of difficult since the map is optimized, so don't search for variable or function names), you could call the Debug function at map initialization, and get tons of hax0rs.

[Vegas]

the "nH" is just the trigger name. When optimizes, it renames all the triggers and such like

trigger aa= blah
trigger aA= blah
trigger ab= blah
trigger aB= blah
trigger ac= blah

and so on. I actually see all those triggers in there that you posted. I am gonna assume, he uses them while testing the map from WEU? A long time ago, he used to have a "-test" trigger to give him wood and gold, but possibly it was too easy for someone to edit the map with their own name, and the trigger is all ready for cheating.


Any other thoughts on players 13, 14, and 15 in the other coded text?

[HINDYhat]

Yes I know that nh is the name of the optimized function. I found these by looking through my map with WEU, but it wasn't optimized. These functions are automatically inserted in any map that is patched with WEU advanced triggers. My guess is he doesn't even use them. I had no idea that they were there, and I use WEU all of the time. Just try to call whatever InitDebugTriggers() is in optimized form, and you should be able to get these special functions unlocked.

About the weird characters at the end... I have no idea. I'll do some more research. I'm guessing it's some sort of encryption...

[Aero]

I am 99% done re-doing my SM USA map, so it was time to get the latest beta of the orig and test my shite with it. well a quik peek inside proves veryy interesting and odd. here are a few snippets:

Code: Select all

call TimerStart(t,1.,false,function nG)
endfunction
function nh takes nothing returns nothing
local player nH=GetEnumPlayer()
call DisplayTextToPlayer(nH,0,0,"Player "+I2S(GetPlayerId(GetTriggerPlayer())+1)+" cheated: Give 5000 gold and 5000 lumber to all players")
call SetPlayerState(nH,PLAYER_STATE_RESOURCE_GOLD,GetPlayerState(nH,PLAYER_STATE_RESOURCE_GOLD)+5000)
call SetPlayerState(nH,PLAYER_STATE_RESOURCE_LUMBER,GetPlayerState(nH,PLAYER_STATE_RESOURCE_LUMBER)+5000)
endfunction
function ni takes nothing returns nothing
call ForForce(bj_FORCE_ALL_PLAYERS,function nh)
endfunction
function nI takes nothing returns nothing
local player nH=GetEnumPlayer()
call SetPlayerState(nH,PLAYER_STATE_RESOURCE_GOLD,0)
call SetPlayerState(nH,PLAYER_STATE_RESOURCE_LUMBER,0)
endfunction

does he seem to have an anti-cheat hack???

This isn't anti-cheat, this is pro-cheat. Adds 5k g/w but you probably already knew that. I don't use WEU, I use Jass Newgen (It's way better on so many levels--especially for spell development) so I can't determine whether or not it's a WEU add-in. Since everyone is in general agreement it probably surely is.

Code: Select all

function InitAdvancedTriggers takes nothing returns nothing
set DE=true
set cc="099121112051109107105050"
call SetPlayerName(Player(13),".aiSF|4unh9c2lgo9f  p0f4Mp0F")
call SetPlayerName(Player(14),"cypresS")
call SetPlayerName(Player(15)," wwrCSawmOsrwaMec.nBrrs Opaa/ yfm VctsEe, inr :rgs2.ili0.uio0:ssn7 .h: (d. :ce:G.)/ e")
call NC()

its funny, the last line that says "wwrCSawm...." looks like its his website scrambled (http://www.samsirius.de)

Any thoughts what this is all about??

This is definitely scrambled something or other. Check function NC and other ones for the descrambling. ".aiSF|4unh9c2lgo9f p0f4Mp0F" is a color code (|cAARRGGBB text |r) and some text. "cypresS" is the maker's name, probably descrambled and used in some sort of admin controls and " wwrCSawmOsrwaMec.nBrrs Opaa/ yfm VctsEe, inr :rgs2.ili0.uio0:ssn7 .h: (d. :ce:G.)/ e" looks like a website.

If he bothered to "encrypt" these things they are worth looking into unless he had too much time on his hands.

[HINDYhat]

I believe to have figured it out by extracting "war3map.j" from a patched map from WEU (Yes it's WEU patched, I'm 300% sure ). Here's what I found. Here is the real InitAdvancedTriggers function:

Code: Select all

function InitAdvancedTriggers takes nothing returns nothing
    set udg_zz_Comp = false
    set udg_zz_StringIdent = ""
    call SetPlayerName(Player(13)," ce eEIr c nIaWaucIfarnotrter")
    call SetPlayerName(Player(14),"unnocnI")
    call SetPlayerName(Player(15),"ntresSiis aopcdn")
    call AdvancedBJInit()
    if udg_zz_Comp == true then
        call Setup()
    endif
endfunction

Now, you see "udg_zz_Comp". I searched the whole script for it. Every place it is written, it is set to false (it is on false at default in the globals section). So according to this, you would have to manually set "udg_zz_Comp" to true. BUT, the WE Enhancer has the possibility to "Protect a map to a specified map name". I checked this, and checked the war3map.j file again. Bingo, in the InitAdvancedTriggers, the first actions was set udg_zz_Comp = true. Now, if we look further in the Setup() function.

Code: Select all

function Setup takes nothing returns nothing
    local string S
    local string Backup = GetPlayerName(Player(12))
    call SetPlayerName(Player(12),"TRIGSTR_001")
    set S = GetPlayerName(Player(12))
    if S != RegainCode(GetPlayerName(Player(13))) then
        call CallHimThief()
        call EndGame(true)
    endif
    call SetPlayerName(Player(12),"TRIGSTR_004")
    set S = GetPlayerName(Player(12))
    if S != RegainCode(GetPlayerName(Player(14))) then
        call CallHimThief()
        call EndGame(true)
    endif
    call SetPlayerName(Player(12),"TRIGSTR_003")
    set S = GetPlayerName(Player(12))
    if S != RegainCode(GetPlayerName(Player(15))) then
        call CallHimThief()
        call EndGame(true)
    endif
    call SetPlayerName(Player(12),Backup)
endfunction

By examining the above, I noticed that RegainCode() is simply a very complicated string de-scrambler. Here it is:

Code: Select all

function RegainCode takes string S returns string
    local integer L = GetLength(S)
    local integer Rows = R2I(L / 5)
    local integer Mod
    local integer Lines
    local string array New
    local string Ret = ""
    local integer Index = 0
    local integer Zaehler = 0
    local integer Dimension = 0
    if Rows > 20 then
        set Rows = 20
    elseif Rows == 0 then
        set Rows = 1
    endif
    set Mod = ModuloInteger(L,Rows)
    set Lines = (L - Mod) / Rows
    loop
        exitwhen Index >= L
        if Dimension < Mod then
            set Index = Index + 1
            set New[udg_zz_CodeRows[Dimension] + (Lines + 1) * 20] = SubStringBJ(S,Index,Index)
        endif
        set Zaehler = 1
        loop
            exitwhen Zaehler > Lines
            set Index = Index + 1
            set New[udg_zz_CodeRows[Dimension] + (Lines - Zaehler + 1) * 20] = SubStringBJ(S,Index,Index)
            set Zaehler = Zaehler + 1
        endloop
        set Dimension = Dimension + 1
    endloop
    set Index = 0
    set Dimension = 1
    set Zaehler = 1
    loop
        exitwhen Zaehler > L
        if Index >= Rows then
            set Dimension = Dimension + 1
            set Index = Index - Rows
        endif
        set Ret = Ret + New[udg_zz_CodeRows[Index] + Dimension * 20]
        set Index = Index + 1
        set Zaehler = Zaehler + 1
    endloop
    return Ret
endfunction

Trying to understand that would just be a pain. Anyway, I noticed that in InitAdvancedTriggers, SetPlayerName(Player(13)) is a scrambled map name, SetPlayerName(Player(14)) is the scrambled map author, and SetPlayerName(Player(15)) is the map description. These stings are scrambled with the WE Enhancer when you press "save".

So if I were you, Vegas, instead of setting DE=true, set DE=false. Then the map won't go through the decryption and stuff. See, what I think is that if you change the map description or map name or something, the map won't play. It will call EndGame() and change your in-game name to "mapstealer" (yeah I figured that out by taking away all of the call EndGame() functions lol). So that is pretty much figured out!

And to Aero, yeah I use JNGP aswell, it's just that my map is pretty big, and I can't take away the stupid WEU patch that I had installed at the very beginning of my map... I barely use any of the WEU functions anyway.

EDIT: Your welcome lol.

[Vegas]

Thanks guys, awesome info!!!

First off, I see the name is actually his spelled backwards. "cypresS" is Sserpyc

I already saw a small protection, where he has a check on the name, but not scrambled. Well luckily for me all I am doing is adding "USA" to the map name. I added that part yesterday, and worked no problem. I will take your advice and change to false to make sure nothing happens.

He does use WEU. in between this and the last version, he was saying somewhere he had problems adjusting it, on his forums.


Any other info you would like to add it definitely appreciated.

EDIT:

Ok, this encryption doesnt work for him. I just realized that the check seems to be for the words that are in the scripts file, which mine overwrites. Also, I just changed his name to mine in the one line, and the map loads no probs. here is the code with the small snippet before it. The trigger strings correspond to EXACTLY what is scramble there, except for its descrambled in the scripts:

Code: Select all

ocal string NM=GetPlayerName(Player(12))
call SetPlayerName(Player(12),"TRIGSTR_088")
set S=GetPlayerName(Player(12))
if S!=jk(GetPlayerName(Player(13)))then
call NL()
call EndGame(true)
endif
call SetPlayerName(Player(12),"TRIGSTR_955")
set S=GetPlayerName(Player(12))
if S!=jk(GetPlayerName(Player(14)))then
call NL()
call EndGame(true)
endif
call SetPlayerName(Player(12),"TRIGSTR_090")
set S=GetPlayerName(Player(12))
if S!=jk(GetPlayerName(Player(15)))then
call NL()
call EndGame(true)
endif
call SetPlayerName(Player(12),NM)
endfunction
function InitAdvancedTriggers takes nothing returns nothing
set DE=true
set cc="099121112051109107105050"
call SetPlayerName(Player(13),".aiSF|4unh9c2lgo9f  p0f4Mp0F")
call SetPlayerName(Player(14),"las_vegas")
call SetPlayerName(Player(15)," wwrCSawmOsrwaMec.nBrrs Opaa/ yfm VctsEe, inr :rgs2.ili0.uio0:ssn7 .h: (d. :ce:G.)/ e")

[HINDYhat]

Well, the author name is set backwards, only because it's one word. If you put more than one word than... 0_0 it really gets fucked up...

And maybe nothing happened because you didn't call InitAdvancedTriggers()

[Aero]

And to Aero, yeah I use JNGP aswell, it's just that my map is pretty big, and I can't take away the stupid WEU patch that I had installed at the very beginning of my map... I barely use any of the WEU functions anyway.

If the WEU patch is just .j script and .wts add-ins just manually remove them =3

Btw, aren't structs and libraries fun : D

[HINDYhat]

Actually there are the units, the custom abilities, and other stuff that I might have subconsciously added into my map during my noob times. I really don't want to go through 500+ triggers for WEU functions either...

And anything that relates to Jass=fun lol. Seriously I have fun programming and finding new things (I know I'm crazy and have no life).