Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Tue Nov 19, 2024 8:33 pm
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Archive » Archive: MetaCortechs » MetaCortechs: General/Updates
Reverse Engineering
View previous topicView next topic
Page 2 of 2 [16 Posts]   Goto page: Previous 1, 2
Author Message
yeahyeah
Decorated


Joined: 14 Oct 2003
Posts: 282

 		Re: Decompiling - not legit?
BriEnigma wrote:
KnowThySelf wrote:
While we play a game based on their reality, they live in our world, and that means that they play by our rules. Given the apparent intelligence level on this board, I'd say the player have the advantage here. There is no cheating in a reality game ..... Who created the 800#'s, the websites, the graphics, the plot ...... there is always a way to find out these things

yanka wrote:
Destegging/"un-layering" etc. images is perfectly fine, as far as I know. I suspect that a certain where.gif was broken into sprites after it was animated as well. Why can't we do that with flash (it's not a rhetorical question - I am really at a loss about this one)?? LOTS of stuff can be hidden in flash, and I am not sure why it is assumed that "hiding stuff in flash" is definitely not going to be utilized here :?:


I think the original question had more to do with behind-the-curtain technical data--phone listings, DNS registrants, etc--and less to do with decompiling. Decompiling hits a grey area--for both ARGs and RRNGs (Real Reality Non Games--that is "real life"). Except for very special circumstances, it is illegal in the US to decompile because of the DMCA. Of course, everyone ignores the DMCA and reverse engineers things anyway. In ARGs, it seems taboo. In my opinion, it *should* be okay to decompile things like Flash. The web is a client/server system. The server houses the data and performs the calculations. The client (your web browser, with Flash and Java plugins) acts as a monitor and keyboard. If secret calculations need to be performed, everyone in the security industry can tell you it is common sense to perform those calculations server-side. For instance, there are two [main] ways to perform password checks. (1) The client (the Metacortechs Flash file, for instance) downloads a list of usernames, passwords, and destination URLs. It compares what you typed to what it knows, then sends you to the redirect. (2) A similar Flash file can take the username and password you enter (possibly hashed for extra security), query a server with the data, and get a go/no-go response.



I was operating under the assumption that when the game did first begin that there WAS a login/pass/url file available to the flash, and that it was pulled quickly once they realized that it wasn't secure, If this corrolates to their notice regarding recent breakin attempts etc then it could of just been part of the plot. As BrianEnigma states, there are better ways of handling a login, specificly handling it server side, not client side, in fact, in web based 'hacker challenges' there is almost always a java applet that does this exact same thing - to point out the weakness..

I am not a lawyer but....
As far as reversing the flash file being illegal in the USA, it quite simply isn't. Reverse engineering of all forms is allowed under the DMCA for interroperability. The fact that a person can not 'login' without having a flash enabled browser plugin makes it reasonable imho to reverse it (what about the poor people using an Amiga to web surf?). Team that up with the fact that there is no [reasonable] effort to conceal the code, inhibit it from loading it in sothink swf decompiler, or even a notice that reverse engineering it is forbidden, they wouldn't have much of a leg to stand on.
Curcumvention can only be applied if one of those sorts of effort is attempted (rot13, etc is not been found by US courts to be considered strong protection). Not to mention, that similar information on the login swf could easily be sniffed with a program like etheral to see what the program is fetching..

I'm feeling like I'm getting off topic, but the dmca reference bothered me, (even though I am not a lawyer) it seems to me that this would be legal.

almost back on topic now, If the PMs need a security clue, then I'm sure BrianE or myself would be more then happy to give them some alternative ideas for preventing these sorts of issues =)

Finally back on topic, if the PMs feel that peeking into the code is bad, simply putting a bit at the top of the important sections saying 'naughty naughty' in one way or another would answer these issues in a non-inyourface sort of way ;)

Please excuse my ramblings.. :)

PostPosted: Sat Nov 01, 2003 3:19 am
 View user's profile
 Back to top 
Display posts from previous:   Sort by:   
Page 2 of 2 [16 Posts]   Goto page: Previous 1, 2
View previous topicView next topic
 Forum index » Archive » Archive: MetaCortechs » MetaCortechs: General/Updates
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group