Jump to content

Authenticated API == No Room Stealing


BlackVelvet
 Share

Recommended Posts

Hello,

I read a lot of things about what happened recently and yes, i'm talking about room stealing.

People continues asserting that the only solution to avoid this should be avoiding publishing your things... if you don't want someone else .. etc etc etc..

 

oh well, it sounds a bit strange to me, I mean, this is an answer I could expect from an game player, someone who's desperate enough to say "oh wth i don't understand a thing about those tech things... pfff i'll not upload my rooms anymore .. i hate you T-T etc etc etc..."

 

BUT, I just spent 15 mins of my lunch break to draw a Mindmap that I would like to share with you to understand WHY something like this couldn't be done:

 

3_DXChat_-_Authenticated_API.png

 

I'll try to explain it to you in an easy way:

 

Sara

Haaa I'm finally at home ^^

I wanna play a bit! So, let's start 3DXChat.exe!

hmm ok i have to login.. 

*types email and password*

 

3DXChat

Ohh Sara! this is you! Welcome back hun! take this cute token and take care of him! ^^

You'll need it to do amazing things :) so don't lose it!

 

Sara

Ah great! I'll put it here..in a secure place! ok, now, let me choose my avi! I wanna play!!

*throws her token on 3DXChat face!*

 

3DXChat

>.< Sara... choose what? you've only one avi... there you go, BlackVelvet again, ok?

 

BlackVelvet

Yesss she's my favourite ^^

... ^^"

Ok ok.. hmmm I wanna add some glass tables to my room (lol) .. 3DXXXXX give me my EDITABLE world pleeease!!

*throws her token on 3DXChat face again!*

:3

 

3DXChat

... -___-" hi.. this is you again... ah your room.. wait silly girl!

*encrypts the world file cause wants to be sure nobody else could edit and/or load it into the editor*

BlackVelvet!! Take this if you can handle it!! U.U

 

BlackVelvet

AH! my lovely room ^^ ahaha you encrypted it!? pfff who cares, I'll use my fingerprint (UUID) to decrypt :P

Ohh yes! I can edit and share my location with other players now ^^ YESSS

 

....... IN THE MEANWHILE ....

 

ARandomUser (just another user)

Oh great! BV's room is open! I really want to see how many glass tables she put into it this time xD

3DXChat! Let me join! This is my token!!!1!11!

 

3DXChat

Hi random...user :facepalm:

yes... take this clean version of her room .. and enjoy her tables -.-"

 

ARandomUser

AHHH BUT... BUT.. I LLLOVE IT! I want a room like this!! I want it all for me!!

>.>

<.<

*grins*

ah!!! but i have a clean version of the room!

and i'm a badass! I'll try to lad it now inside the world editor! i'll change some things and i'll open it with MY NAME! MUAHAHAHHA

*tries to load BlackVelvet's room*

 

WorldEditor

......hi ... wtf are you doing? go playing on the railroads and wait for a big big train to pass.

 

ARandomUser

T-T nobody wanna play with me 

 

 

THE END.

 

 

 

Oook .. well .. mine was just a suggestion... a draft.. a hint.. a lot of bullshits idk.

I just want to share my ideas with you and know what you think about it. Ofc in order to apply those changes, devs should refactor the game code.. but i think that all this worths the effort spent.. and 3DXChat users would be very happy to know that this would means:

- NO MORE PANDORA

- NO MORE ROOM STEALING

 

Thx for reading

<3

Link to comment
Share on other sites

see Velvet, i explained what you meant in a simpler way  lol

 

:) Honey, applying what i wrote would end all this.

Because pandora would need user credentials in order to obtain a secure token and then steal personal user data.

Same as for room stealing. Without an Universally Unique Identifier people would not be able to load other players rooms inside their editors.

What you posted above is the actual situation.

What I wrote is something that could be done as a solution in the future.

 

I send you a big hug and can't wait to see the original White Palace Brothel again :)

Kisses :*

Link to comment
Share on other sites

You are correct Blackvelvet,

 

But this require time/work/developpement.

The DEV have a limited capacity of work (this is a fact).

They say this is not in their priority and will remain like this. (will next evolution be more pose or something else, I do not know but it will not be more security on data)

 

So we know how it is.

Pandora will continue. (a shame)

Creating something (room, music, copy) can be copied.

 

We know the rule. We can heavily disagree with them. (and I do for some of them).

 

So we all have to find a way to accept them and/or deal with them while keeping a pleasant experience and time coming in 3dx or we have to go somewhere else.

 

But let's not dream of a secure place about that, it will not happen.

 

My attitude personnal will be to always enjoy the creation of the orignal "artist" as much as possible and never go in a place that I know is just copied.

 

We have forum to communicate so we have possible action. The last days are a good exemple that with communication we know the situation (in this specific case for the while palace brothel but it could be for something else) and so can make our choice.

I think the red palace brothel will disappear forever as a consequence. This is good !

Link to comment
Share on other sites

In any case, when a random player enters your world, the client receives information about your world. Even if the world data is encrypted or the player uses authentication, world data will need to be decrypted in order to build and show the world in the game. World data can be copied after it is decrypted. Do you understand what I mean?

Link to comment
Share on other sites

In any case, when a random player enters your world, the client receives information about your world. Even if the world data is encrypted or the player uses authentication, world data will need to be decrypted in order to build and show the world in the game. World data can be copied after it is decrypted. Do you understand what I mean?

 

So how come other games can do it, but it can't be done on 3DX?

Link to comment
Share on other sites

Nope, when a random player enters your room, he download a not encrypted version of that room that can be used only to build and enter the world.

The world editor shouldn’t be able to load not encrypted worlds but only those previously encrypted using a hash and a salt composed by something unique and related only by the room owner. In this way even if I’ll try to load someone else encrypted world , the world editor will be unable to decrypt it because my fingerprint is not the one used to encrypt it.

Do you understand what I mean?

Link to comment
Share on other sites

you only need to google to see it in fact does happen in other games. Just for fun i just googled second life and stealing house designs. pages of results showed up and im sure its not the only other game. 

Okay sure it does happen in some games, but I know there are games where it doesn't happen. Perhaps it depends on how much the devs can invest into protection?

Link to comment
Share on other sites

In any case, when a random player enters your world, the client receives information about your world. Even if the world data is encrypted or the player uses authentication, world data will need to be decrypted in order to build and show the world in the game. World data can be copied after it is decrypted. Do you understand what I mean?

Right, but why it is something g you can just open in the editor again? What about a more low level format, without objects just texture and vertex info... In a binary format. Will be hard for any thief to modify it. I mean just for room visitors. The editor itself should work like now and I think it should be easy to protect the editor files from public Access, right? So two versions for two different purposes. Editing protected and for visitors public but in a raw and engine near format.

Link to comment
Share on other sites

BlackVelvet, what you're suggesting is nice, but knowing the game's code, I'd think it would be easier to just rewrite most of it from scratch than to try and modify it in a way that would be compatible with this solution. Starting with the server code.

Actually, there is a little bit of security in there which requires unique user's credentials for certain stuff, mostly it is used for uploading so that other users won't be able to "inject" stuff into other players' accounts.

But the downloading of any data that needs to be read by random people for the most part lacks any security.

 

What you're suggesting for the world editor in particular would require to invent a couple of completely different incompatible editor/play mode world file formats that need to be so different it won't be possible to figure out how to convert between them in a manageable amount of reversing time (and since all the game's code is client-sided, it is always prone to reversing).

 

 

Right, but why it is something g you can just open in the editor again? What about a more low level format, without objects just texture and vertex info... In a binary format. Will be hard for any thief to modify it. I mean just for room visitors. The editor itself should work like now and I think it should be easy to protect the editor files from public Access, right? So two versions for two different purposes. Editing protected and for visitors public but in a raw and engine near format.

That is pretty much back to "rewriting most of the game from scratch", or at least the World editor part. Which is an Asset store item by the way :)

Also, apart from the ridiculous amount of traffic that approach would generate, it's not how Unity normally works. Usually it has a number of predefined resources or assets it can load simply using an asset name, and then you just need to set object parameters like position, scale, etc — stuff that you see in the .world file.

Working with raw meshes is possible, but complicates things by a number of magnitudes (also prone to performance props), so we would probably wait for a new secure 3dxChat 3.0 till 2050 or something :)

 

There is probably a way to make the server and client exchange a new pair of security keys every time a data package is received, but still not much point in it since the client side executable is not secure.

Link to comment
Share on other sites

BlackVelvet, what you're suggesting is nice, but knowing the game's code, I'd think it would be easier to just rewrite most of it from scratch than to try and modify it in a way that would be compatible with this solution. Starting with the server code.

Actually, there is a little bit of security in there which requires unique user's credentials for certain stuff, mostly it is used for uploading so that other users won't be able to "inject" stuff into other players' accounts.

But the downloading of any data that needs to be read by random people for the most part lacks any security.

 

What you're suggesting for the world editor in particular would require to invent a couple of completely different incompatible editor/play mode world file formats that need to be so different it won't be possible to figure out how to convert between them in a manageable amount of reversing time (and since all the game's code is client-sided, it is always prone to reversing).

 

 

 

That is pretty much back to "rewriting most of the game from scratch", or at least the World editor part. Which is an Asset store item by the way :)

Also, apart from the ridiculous amount of traffic that approach would generate, it's not how Unity normally works. Usually it has a number of predefined resources or assets it can load simply using an asset name, and then you just need to set object parameters like position, scale, etc — stuff that you see in the .world file.

Working with raw meshes is possible, but complicates things by a number of magnitudes (also prone to performance props), so we would probably wait for a new secure 3dxChat 3.0 till 2050 or something :)

 

There is probably a way to make the server and client exchange a new pair of security keys every time a data package is received, but still not much point in it since the client side executable is not secure.

I see, so we have to live with it. To bad that unity isn't able to work better with meshes. I mean, not everything has to be a mesh in the client delivered file, just those new primitives which have one texture reference plus color. Resolving the transformation matrix of those primitives and getting the raw mesh is really that hard? Hmm okay. BTW the editor would stay as it is, only loading and saving would need to be changed. What needs to be changed again is loading a room. And of cause the editor file needs to be protected so only the owner can load it into the editor.

Link to comment
Share on other sites

In Second Life there is legal recourse. It’s a process. As someone who created there, I saw other creators have their work stolen. A person would buy merchandise then clone it to make a knock off. Or see a pic then copy the design. I’ve seen stores shut down until all stolen designs were removed. I just searched for stolen houses I didn’t find much outside of illegal fraud and someone setting their properties to allow anyone to copy or take which is foolish. Point is, most things are hackable in SL, there are safe guards in place. Some viewers offer better safe guards than the actual SL viewer. Hell I remember when the PS4 came out it was hacked. However, Sony did something about it. SL does something about it. Most games do.

 

I’m here because I want to build in this editor for now. When I get bored with it, I’ll ghost again. I’m not on SL because its only good for modeling and creating to make money. Neither of which I have time for. My clothes were kind of ass anyway.

 

But let’s not pretend Gizmo’s answer isn’t somewhat irritating. Just be honest about the fact that they would have to rework the code and have no intentions on it, ever.

 

I think it’s possible but not likely. You’ve been around five years now. It’s time to keep up with the times.

Link to comment
Share on other sites

Of where does the external room files of users come? They are there at everyone pc's or is it needed to load them external?

Could it be a temporary solution to add a server own Firewall who blocks all external access with exceptions of 3DXChat own API/Clients/SSH?

 

I'm not very familiar with unity and the stuff around but I know a bit about server management and I know too the first step about security and defence about hackings is a well configured Firewall and to close all unneeded ports and the possibles of external access :)

Link to comment
Share on other sites

... And even if you block any room stealing from a file - someone can just build the same room in Editor by stealing your room design or room plan or anything else. It will just make stealing more difficult.

 

And don't call it "stealing" - your room does not disappear after steal. And it is not your private property. All public rooms is a "common property" and all copyrighting belongs to SexGameDevils. Developers can just copy your room too without your permision.

Link to comment
Share on other sites

I see, so we have to live with it. To bad that unity isn't able to work better with meshes. I mean, not everything has to be a mesh in the client delivered file, just those new primitives which have one texture reference plus color. Resolving the transformation matrix of those primitives and getting the raw mesh is really that hard? Hmm okay. BTW the editor would stay as it is, only loading and saving would need to be changed. What needs to be changed again is loading a room. And of cause the editor file needs to be protected so only the owner can load it into the editor.

Unity can do that, but the whole point of Unity is mostly to free the developer from dealing with all that low level stuff and just use the user-friendly editors and API ;)

It's possible to just read the triangle and vertex data and store it as an array or something, plus add object properties, colliders, materials, etc., etc... Instead, it would be easier to just serialize the object using Unity's internal system, but you should be ready to send and receive 500...1500 Mb data packs every time you save or load a user room then ;)

 

In Second Life there is legal recourse. It’s a process. As someone who created there, I saw other creators have their work stolen. A person would buy merchandise then clone it to make a knock off. Or see a pic then copy the design. I’ve seen stores shut down until all stolen designs were removed. I just searched for stolen houses I didn’t find much outside of illegal fraud and someone setting their properties to allow anyone to copy or take which is foolish. Point is, most things are hackable in SL, there are safe guards in place. Some viewers offer better safe guards than the actual SL viewer. Hell I remember when the PS4 came out it was hacked. However, Sony did something about it. SL does something about it. Most games do.

Point is, most of those safeguards rely more on bans and legal prosecution rather than trying to make an unhackable security system.

 

Could it be a temporary solution to add a server own Firewall who blocks all external access with exceptions of 3DXChat own API/Clients/SSH?

This can be easily simulated, or one can just use the vanilla client to manage this stuff.

Link to comment
Share on other sites

... And even if you block any room stealing from a file - someone can just build the same room in Editor by stealing your room design or room plan or anything else. It will just make stealing more difficult.

 

And don't call it "stealing" - your room does not disappear after steal. And it is not your private property. All public rooms is a "common property" and all copyrighting belongs to SexGameDevils. Developers can just copy your room too without your permision.

 

Imitation is the sincerest form of flattery... If someone thinks your creation is so cool they want to spend several hours or days to create something similar, that's great.

It'll also likely have a twist or a few of their own, because if you can imitate perfectly, you can likely also adapt that skill to improve on some things.

 

If someone thinks your work is so cool that they want to spend 15 seconds to take a copy of your hard work and use it as their own, that's not flattery.

That's just taking someone else's effort, showing off with it, making sure the right person doesn't even get recognition of their work, and all this without giving anything back to the community.

 

That's the problem, not that the creators would be literally losing things.

But I understand that it's really hard to understand if you don't create anything worth mentioning yourself.

Link to comment
Share on other sites

this is 100 percent correct. i know you guys want to think you own it, but the reality is you dont. The only game like this that does give ownership to the creators is second life and thats just because they transferred over ownership of digital items made  a few years back

 

Don't think anyone has any illusions about anything made in world editor belong to Sexygamedevils and 3Dxchat, but thought whole discussion was about potential re-precautions things may have if people can just copy everything others make. It may cause some to say if I will be spending so much time building something, only for some community popular person ending taking it and opening room. Why would I care making room in first place instead of just using my time in a better fashion, that may kill hopes of going visiting really impressive user rooms and enjoy what user try to do with the room. 

 

Just to take example some user spend countless hours making big beautiful ballroom and want to make masquerade type theme party, maybe has few naughty furniture here and there for those who feel frisky. But then room get copied by another person they open popular type sex room adding more sex furniture and event of original creator get completely over shadowed. Will that person really care to build great room and try to do something special with it again another time? 

Link to comment
Share on other sites

So to get this perfectly straight, someone can download your .world file then open eet in their own World Editor and then delete props add props change colors etc? They can modify your .world file and then save eet as their own?

 

This is all ah want ta know right now, ty ty :))))

Link to comment
Share on other sites

Unity can do that, but the whole point of Unity is mostly to free the developer from dealing with all that low level stuff and just use the user-friendly editors and API ;)

It's possible to just read the triangle and vertex data and store it as an array or something, plus add object properties, colliders, materials, etc., etc... Instead, it would be easier to just serialize the object using Unity's internal system, but you should be ready to send and receive 500...1500 Mb data packs every time you save or load a user room then ;)

 

 

Point is, most of those safeguards rely more on bans and legal prosecution rather than trying to make an unhackable security system.

 

 

This can be easily simulated, or one can just use the vanilla client to manage this stuff.

True, the point is, Linden doesn’t really want the DMCA investigating them so they take those claims seriously. Most recently was an issue with copybotted skins. The person accused had to remove all similarities from his store which I thought was crazy as the similarities were really minimal and most rip shit from the web anyway. His were better, people got jealous. However, Linden didn’t say, hey you upload it and it’s fair game. Many systems are hackable. Unless, you are in the business of preventing it. I’m currently in that business but am learning, slowly how that tech works. I just manage implementing it. However, I do know that we have to stay up to date to keep our systems as such because it means milllions in fines for us. Even then there is a risk. It’s our job to minimize it.
Link to comment
Share on other sites

So to get this perfectly straight, someone can download your .world file then open eet in their own World Editor and then delete props add props change colors etc? They can modify your .world file and then save eet as their own?

 

This is all ah want ta know right now, ty ty :))))

 

It's exactly like you said ...

And it's nothing news, it was there long before the World Editor was released :wacko:

Link to comment
Share on other sites

Ok Tanx Chilles for confirmings that :)

 

Hmm we screwed LOL

 

Would there be a way to lock the .world file. After creating ya room would eet be possible to lock eet, or add a pw or anyting that would prevent that file from being modified, to a read only file?, ah dunno I'm no Captin Computer but id like ta tink someone hoos a techy might get an idea from some body elses randon idea. Perhaps.

 

Even if we could just stop tha files from being modified then builders could come up with ways , tags, signs etc who built eet etc and eet could become a standard fo building that couldn't be removed, a sig if ya like.

 

Ah Weels ah hope someone tinks of something coz being told owell if ya don't like ya stuff stolen don't make eet is like da worst excuse ah eva heard. I'm sure if Frez (Fresco) was copied and modified that user would be burned alive bah tha Devs but our creations , meh wotevs, serves ya right fo makin them now stop botherin us...........yay team!  

 giphy.gif

Link to comment
Share on other sites

Ok Tanx Chilles for confirmings that :)

 

Hmm we screwed LOL

 

Would there be a way to lock the .world file. After creating ya room would eet be possible to lock eet, or add a pw or anyting that would prevent that file from being modified, to a read only file?, ah dunno I'm no Captin Computer but id like ta tink someone hoos a techy might get an idea from some body elses randon idea. Perhaps.

 

Even if we could just stop tha files from being modified then builders could come up with ways , tags, signs etc who built eet etc and eet could become a standard fo building that couldn't be removed, a sig if ya like.

 

Ah Weels ah hope someone tinks of something coz being told owell if ya don't like ya stuff stolen don't make eet is like da worst excuse ah eva heard. I'm sure if Frez (Fresco) was copied and modified that user would be burned alive bah tha Devs but our creations , meh wotevs, serves ya right fo makin them now stop botherin us...........yay team!  

 giphy.gif

 

 

No chance... but I did it anyway... signed the room I did for someone else... it's easy... we have a contract that he is not allowed to remove it. If he would do it, what he will not, he has to face the consequences, like receiving an iggy ^^ but... since we are friends this will never happen. That's why I share things only with friends I trust, especially bigger things, like a whole room.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...