(If people find someone doing something which somehow ruins things for them, they may flag report a person though.) At rank 2, try creating an Interacting block to see some of the things you can do. When you have a need, we try if possible to make it a feature, by integrating it in the Interacting language. We also added flying mountables, triple jump wearables, parachutes, insta-teleporting, a 100% invincibility armor, and everything one might want to do. Thanks for these details! We added a client-side scripting option to specifically increase your jumps, so if you want you can create an Interacting for that. Just wanted to bring the issue up to you guys after finding it. To go further on it, I would have it produce the obfuscated names randomly on each load of the game script so they're not easily referred to. Second I would try obfuscating all variable names that you can, especially the class definitions like EntityPlayer.
MANYLAND WIKI CODE
Even if you left all your code in plain text, any modification someone tried to make from the client would be seen, verified, and handled accordingly by the server. I would suggest first and foremost to do the server side checks. The second thing I see is just obfuscating the code more. Now the player can super jump and the server is fine with it (verified by numerous 'holy sh !' and 'wtf!?' comments from other players). To change player jump height for example, all it would take is this piece of JavaScript: It was also easy, for the most part, to identify what certain variables did as they were in plain text.
Once the player object was found, it's easy to modify the variables and the world (server side) accepts it. This name for this player object is also static for every game instance, so it's easily referred to every time. I only tested this out on the player object as a PoC, but it only takes changing a variable within the player object to modify things like player speed, mountable craft speed, etc.įor instance, while you obfuscated the name of the player object within the ig.game object, it was easily found by checking for modifications to the health variable, where another function listed it as ig.game.O1376. Probably the biggest issue I see is the lack of server side checks against changes coming from the client. I wanted to notify you guys though of some security flaws within the game. Saw this posted over on PH and checked it out, extremely impressive game and I'm sure there's a ton of dev time on this.
0 kommentar(er)
