Wulf2k
commented
8 years ago Yeah, we should do something low-key for it.
Nothing too annoying, but just to alert people of being vulnerable to the namecrash.
Open Chronial opened 8 years ago
Wulf2k
commented
8 years ago Yeah, we should do something low-key for it.
Nothing too annoying, but just to alert people of being vulnerable to the namecrash.
Chronial
commented
8 years ago I don't think low-key is the right idea. As I myself did before, people attribute these crashes to DSCM. And in a certain way they are right – without nodes, you can't get namecrash :).
http://steamcommunity.com/app/211420/discussions/0/364042262886578469/
But I understand why you want that warning to be low-key. I think it would be better DSCM could fix the namecrash, too. I will see whether I can get in touch with eur0pa about this.
Chronial
commented
8 years ago The other question is: Should we do something about users of DSCM who have a crashing name themselves? I mean they are using DSCM to crash many more unsuspecting DS players then they ever would without, so I think we kind of have a responsibility ^^.
Jellybaby34
commented
8 years ago There are several causes of the name crash so to patch it yourself you'd have to patch multiple areas. Summon sign crashes are due to the length above 16 characters exceeding the buffer on the stack and the # crash is due to how the game is supposed to handle colour. (#c[FFFFFF]text#c).
You could edit their name to reduce its length and remove any invalid characters using name pointers but i'm not entirely sure whether a different pointer is used for summon signs.
Wulf2k
commented
8 years ago There's one main location where the name is stored. I've edited it in memory in the past and it's appeared as the edited version in every interaction.
It would be simple to check that location on attach and put a 0x00 in the 16th character location, and overwrite any #s with _.
Chronial
commented
8 years ago I am a little bit unsure as to how to display a watchdog missing warning. We will only learn about this once the game starts, and by that time it is probably to late to display the warning. I think a warning popup after the game closes is probably best? It would pop up as soon as DS is closed, explain the situation and have a "don't show again checkbox". @Wulf2k what do you think?
gpotter2
commented
8 years ago Or you may use the in game popups... As we talked about it in a past closed issue.
Chronial
commented
8 years ago As mentioned before, the ingame popups have some issues in themselves, and also in-game is not the right time to tell the user about this – at that point in time they can't do anything about the issue anyways.
gpotter2
commented
8 years ago Then there should be a way to detect it without starting dark souls...
Wulf2k
commented
8 years ago With the namecrash fix getting rolled into DSCM I don't think we really care about Watchdog any more.
I mean, it's nice if people don't fall victim to the simple hacks, but Watchdog isn't 100% so they're kind of on their own for hack detection anyway.
gpotter2
commented
8 years ago I don't think we really care about Watchdog any more.
That's true
Chronial
commented
8 years ago With the namecrash fix getting rolled into DSCM I don't think we really care about Watchdog any more.
I mean, it's nice if people don't fall victim to the simple hacks, but Watchdog isn't 100% so they're kind of on their own for hack detection anyway.
I told eur0pa that we would add a notice about watchdog when he gave me the namecrash data. So unless he comes forward saying that he doesn't care about it, I would like to add some kind of notice.
Wulf2k
commented
8 years ago K, then that's back on the agenda.
What do you think, instead of a green "connected" status we just switch to a yellow "connected, no WD" status?
Wulf2k
commented
8 years ago A popup after closing would be appropriate as well, explaining what it does and where to get it.
Wulf2k
commented
8 years ago As a future note, I'd also like to get the update check looking for a digital signature at some point in the next few versions.
Right now a targeted DNS hijack could have the update check running any code somebody wanted.
We're not popular enough for it to be a high priority, but we "did" implement a "run whatever code is at this address" button.
metal-crow
commented
7 years ago Not to necro this thread, but what about offering the ability to auto-install watchdog if the user is missing it? I disagree that DSCM shouldn't care about watchdog, since a VAST majority of users runs DSCM (since it's basically needed for online play), but much fewer have watchdog installed (harder to install than just running the DSCM exe). If we just added the ability to pull the watchdog dlls from nexus or wherever, then copy them into the dark souls install, we could dramatically lower the number of people who are susceptible to hacking.
Wulf2k
commented
7 years ago I somehow missed this. It's not a bad idea, but would require admin rights to place a DLL in the Dark Souls folder.
I'm also hesitant to hardcode an external URL into DSCM as I'm then dependent on that address staying valid.
Chronial
commented
7 years ago I somehow missed this. It's not a bad idea, but would require admin rights to place a DLL in the Dark Souls folder.
IMHO, DSCM should ask for admin privileges when the button is pressed.
I'm also hesitant to hardcode an external URL into DSCM as I'm then dependent on that address staying valid.
I agree – you should host a copy of the watchdog dll on your server. The url beeing valid is only one of the concerns – an external URL could also be replaced with malicious code. That is an unneeded extension of trust. People running DSCM already trust you to run your code, you should also host the watchdog dll.
My understanding is that due to namecrash nobody should run DS without PVP watchdog, right?
We detect whether watchdog is installed – should we display a warning message if it's missing?