Hidden activators
Moderator: Cheaters
Hidden activators
Where is the activator hidden? What should i look for/pay attention to in the future when I will be looking for the activator?
You do not have the required permissions to view the files attached to this post.
- nuzamacuxe
- Also Not an Admin, but closer than devoltz
- Posts: 1655
- Joined: February 14th, 2018, 5:35 am
- Title: Just Another S.Mod
- Been thanked: 5 times
Re: Hidden activators
Code: Select all
if StringHash(GrimS)==836025351 and NBAC[ii]==true and not IsPlayerInForce(p2p,CHEATER) then
Re: Hidden activators
what does the stringhash mean lol. does that mean it just takes you on a journeey of looking through code?
- nuzamacuxe
- Also Not an Admin, but closer than devoltz
- Posts: 1655
- Joined: February 14th, 2018, 5:35 am
- Title: Just Another S.Mod
- Been thanked: 5 times
Re: Hidden activators
To clarify: it is hashed (not encrypted). Hashing is a one-way method that turns a value into a different representation of that value. It's easy to compare another value to the first one because you just apply the same hash function to it and then compare the output values, but it is not possible to take a hash and turn it back into the original value in constant time since it's a one-way function. It being one-way and having a limited output space means that collisions are possible (two different values resulting in the same hash).
Hashes are often used to store user passwords (plus additional security) so that if the database is broken in to, the hacker can't discover people's passwords.
Hashes are not necessarily unbreakable. What you can do is "brute force" it, meaning you try hashing a ton of different values until you find one that results in the hash you're looking for. The simplest way of doing this is building a massive loop that builds random strings and then hashes them and finds if the hash matches. Whether this will work depends on the complexity of the original activator they used. If it's a 25-character activator, it'll take you a few billion years to find it. If it's maybe a 6 character activator then you can find it pretty easily by brute force. You can also try common dictionary words or things you might suspect that they would use for an activator.
Hashes are often used to store user passwords (plus additional security) so that if the database is broken in to, the hacker can't discover people's passwords.
Hashes are not necessarily unbreakable. What you can do is "brute force" it, meaning you try hashing a ton of different values until you find one that results in the hash you're looking for. The simplest way of doing this is building a massive loop that builds random strings and then hashes them and finds if the hash matches. Whether this will work depends on the complexity of the original activator they used. If it's a 25-character activator, it'll take you a few billion years to find it. If it's maybe a 6 character activator then you can find it pretty easily by brute force. You can also try common dictionary words or things you might suspect that they would use for an activator.
- Vegas
- Shopping Maul USA Creator
- Posts: 1745
- Joined: January 18th, 2007, 11:07 am
- Title: No Comment
- Location: Calgary Canada
- Been thanked: 2 times
Re: Hidden activators
owner123 wrote:... it'll take you a few billion years to find it.
Double Savage.
Re: Hidden activators
StringHash only produce 32bit integer and it not aim to protection purpose, so it weak and easy to get a collision string instead of real string. Just make a bruteforce with any language code you know (not jass because it very slow and have limit execute time for 1 function). I'm sure you will get a collision string within 4 to 8 character length (charset for bruteforce just A-Z0-9). I'm strongly advice you make code run on GPU (faster than CPU x10 time), you will get collision string within 15s.
Re: Hidden activators
Interesting, didn't know that.
Is the source code available for the StringHash function so that we can replicate it? If it's 32bit then brute forcing in Java or something would be trivial but we'd need to write code to replicate the StringHash JASS function. For that reason I was thinking of just writing one in JASS, there are ways around function execution limit, though it's true it'd be pretty slow
(edit) Yeah someone did reverse engineer the code for it: https://www.hiveworkshop.com/threads/bi ... st.213272/
Maybe someone can write a little script to break stringhashes. I might do it if I get the time.
(edit2) After coding up a script to break SStrHash2, I realized the C++ code provided is wrong.
It doesn't match what's in WC3 at all.
Is the source code available for the StringHash function so that we can replicate it? If it's 32bit then brute forcing in Java or something would be trivial but we'd need to write code to replicate the StringHash JASS function. For that reason I was thinking of just writing one in JASS, there are ways around function execution limit, though it's true it'd be pretty slow
(edit) Yeah someone did reverse engineer the code for it: https://www.hiveworkshop.com/threads/bi ... st.213272/
Maybe someone can write a little script to break stringhashes. I might do it if I get the time.
(edit2) After coding up a script to break SStrHash2, I realized the C++ code provided is wrong.
It doesn't match what's in WC3 at all.