DEF CON: Abusing Scripts in Multiplayer Games

Everyone has at least a few games on their computer, and I would assume most of the Hackaday readership would be among the enlightened PC gamer bretheren. At this year’s DEF CON, [Tamas Szakaly] gave a talk about the data these games leak to the Internet, the data they accept from the Internet, and what you can do with that data.

[Tamas]’ talk was entirely about scripting games, like the many games that are scriptable in Lua, or Valve’s Squirrel. Developers have thought about this before and have implemented sandboxes and many anti-cheat mechanisms. However, because these sandboxes are poorly implemented, it’s easy to get outside the game and do some real damage.

[Tamas]’ first target was Crysis 2 and the CryEngine3. This game uses a Lua scripting engine and has no sandbox whatsoever. That means [Tamas] can call os.execute, and from there the entire game is over. Or it’s just begun. Either way you look at it, it’s pretty bad.

CryTek notwithstanding, [Tamas] can also use games with Lua scripting that have a real sandbox. DOTA2 has a leaky sandbox and can be used to call OS I/O routines and execute base 64 encoded executables right over the main executable.

The most impressive example of script abuse in various multiplayer games is from Garry’s Mod. This game has custom implementation of dangerous functions, restricted file IO, and a proper Lua sandbox. This was a wise decision from the developers, but the library is huge. If you create a map or mode used on a server, you can have a full HTTP proxy to the gamer’s home network. During the talk, [Tamas] used this exploit to display an image from a webcam on a Garry’s Mod server. It was on the podium right next him, but this could have been done on a server on the other side of the planet.

Continue reading “DEF CON: Abusing Scripts in Multiplayer Games”

‘The Martian’: A Landmark Change in How Sci-Fi is Written

Unless you’ve been living under a rock on Mars for the last few hundred “Sols”, you most likely have heard about the book “The Martian” by [Andy Weir]. It’s not often that we here at HAD will give a book recommendation, but there are so many cool little things going on here, that we just had to share it with you fine folks. We’re not going to give anyway any spoilers here. But be warned that the videos at the bottom do, and we would like to encourage the comments to be spoiler-free.

So why did this book catch our attention? Well, first off, it was self-published online, one chapter at a time by a really great writer. And as the people following his work grew, the author started to get more and more feedback about the story and technical details. He would then go back and make revisions to the work based on his audience suggestions/corrections. Does that remind you of something? Maybe a bit like the Open Source movement? Of course writers have worked with their audiences to help maintain continuity from one novel through each of its sequels. But this is fundamentally different, the audience becomes a creative force that can time-travel to rewrite the unfinished story’s… story.

The Second thing that grabbed our attention is that this is a book written by a fellow geek. See, [Andy] is a programmer by trade and in writing this book, rather than just making up dates and flight paths of spaceships, and he actually wrote software to do real orbital mechanics, so that the book is as accurate as possible. If you love reading technical details, while being very entertained by a great story (what Hackaday reader doesn’t?), this is the book for you.

If your hands are too busy with a soldering iron, we can also wholeheartedly suggest the audio book, as the performer does an amazing job. Or if you want, you can just wait until the movie comes out in October. We can’t guarantee Hollywood won’t screw this up, so you’d better hedge and read the book beforehand.

Thar’ be spoilers below. We’re including the movie trailer after the break, as well as a talk [Andy Weir] gave at Google where he shows the software he used while writing the book and several other spoilers and details.

Continue reading “‘The Martian’: A Landmark Change in How Sci-Fi is Written”

Amazon Echo Orders the Roku About

You can add the Roku media player to the list of devices that can be bossed about by the Amazon Echo and its built-in AI: Alexa. [Julian Hartline] has figured out how to use Amazon’s voice-controlled Echo device with a Roku media player. He did this by using the Alexa Skills Kit, the SDK that provides a programmer’s interface into the functions of the device. That allows you to add functions to the Alexa and the AWS Lambda cloud service that processes the voice commands (Amazon calls this an Alexa Skill).

Rather than have the cloud service talk directly to the Roku, though, he decided to have a local node.js server act as an intermediary. The Alexa sends the voice command to the AWS Lambda service, which processes it, sends the command to the node.js service, which finally sends the command to the Roku. It works, but it seems a little slow to respond: see the video after the break. In the example shown, Alexa actually causes the Roku to launch Netflix and input a search string for the requested show. Pretty slick!

Continue reading “Amazon Echo Orders the Roku About”

Talking, Foot-Pedal-Controlled Bench Probes for VirtualBench

Developing new products can be challenging during the debug and test phases, often you have your head down trying to probe the lead of some SOT23 transistor, and just when you get it, you scan your eyes up and find that your multimeter is measuring resistance and not voltage.

[Charles] had this issue compounded on his NI Virtual Instrument. It has an interface totally driven from a PC, which may or may not be in a convenient location to mouse around. Luckily NI just released an API for the 5 in one lab test station and [Charles] quickly whipped up a python wrapper which gives him ultimate control over the instrument.

Tying the script to a USB footpedal and adding some text-to-speech capabilities using google’s API [Charles] is easily able to switch from continuity to voltage to resistance and anything else he pleases with just the tap of a foot and listening to the measurements, making sure he never takes his eyes off the work which is risking a short.

Join us after the break for a quick video demonstration.

Continue reading “Talking, Foot-Pedal-Controlled Bench Probes for VirtualBench”

A Breadboard In A Browser

[Flownez] sent in a tip that a port of the venerable Falstad circuit simulator is now available that doesn’t require Java (it uses HTML 5). This is a welcome port since some modern browsers (particularly Chrome) make it difficult to run Java applets and prevented the Falstad simulator’s execution.

spice2Like the original simulator, this one is great to show a classroom circuits and encourage building or studying circuits in the browser. There’s no extra software to install, which is handy for an impromptu demo. Another cool feature is the visualization of current flow as animated dots. The dots move in the direction of the current flow and the speed of motion is proportional to the amount of current. Watching a capacitor charge with the moving dots is very illustrative. You can also view data in a scope format or hover the mouse over things to read their values.

You can open a blank circuit and add quite a few components (use the right click button on your mouse or the menu to add components and wires). However, you can also pick from a number of predefined circuits ranging from the simple (a voltage divider, for example) to the illustrative (a PLL frequency doubler comes to mind). There’s even an AM radio (see below) that you can tune to find several “stations” by varying the tuning capacitor’s value. Circuit elements include many types of analog and digital components.

Continue reading “A Breadboard In A Browser”

Virtual LCD Using Python

[Prashant Mohta] got hold of a Raspberry Pi, a 16×2 LCD display and got down to writing a simple game in Python. Pretty soon, he realized that it was cumbersome to have the Ras-Pi and LCD connected when all he wanted to do was write the code. So he wrote a simple Python module which renders the LCD on his computer display. A simple, quick, useful hack.

[Prashant]’s code relies on the use of Pygame, a set of Python modules designed for writing games. His code uses just two functions – one to define the LCD (characters and number of lines) while the other draws the characters on the screen by looking up an array. The code is just under 20 lines and available from his Github repo. It will be useful to those who are getting started on Python to help them understand some basics. Python is awesome and writing Python code is pretty simple.

This might draw some flak from the naysayers so if you’re commenting below on the merits, or not, of Python, just keep your comments civil and healthy. In the video below, unrelated to this hack, [Raymond Hettinger] talks about “What makes Python so Awesome”!

Continue reading “Virtual LCD Using Python”

Code So Sneaky You Have To Explain It

Your mission, should you choose to accept it, is to code a program that leaks information to the user but does so in a way that can’t be discovered in a code audit. This was the challenge for the 2014 Underhanded C contest; the seventh time they’ve held the event. [Richard Mitton] took part and wrote a very entertaining entry. He didn’t win, but he did just share the details of his super-sneaky code.

The challenge set out for the Citizen-Four-like coders set up a scenario where they were writing a program for a shady company (or sketchy government entity) which makes completely secret decisions based on publicly posted social media. The twist is they were tasked with getting code past an audit that leaked the decisions made by this program to the users being secretly observed.

Above is the core trick which [Richard] used after taking inspiration from Heartbleed. The struct assignment has an off-by-one error in it which is shown corrected in the lower code block. This, used in conjunction with malloc and free, allows memory to be used under the guise of storage during the encryption process. Secretly, this same bit of memory is accessed later and leaked to the user being targeted.

Have your own Underhanded C that you’re dying to share? We want to hear about it so send us a tip!