I mean, not to be a jerk, but you're developing a game in HTML, which is essentially a parsed text file with zero encryption or obfuscation. Anyone that knows anything about HTML can just open the file and find your "cheats".
Additionally, the variables themselves can be modified through any modern web browsers console, made even easier by the fact you're using SugarCube Twine, which stores all variables quite neatly.
You don't have permission to view the spoiler content.
Log in or register now.
Word of advice, I see you're using hashStr to attempt to obfuscate the cheat string, which is smart and about the only thing you can do. HOWEVER, you're hashing both the required string (what the player needs to enter) , and the user's input (what the player types in) in the same file. If you removed the first part and stored the value after hashing rather than the plaintext string, it would make it marginally more difficult to guess what your cheats are.
For example, and I apologize in advance for exposing this, your "light cheat" (20ER12) hashes to the integer value "1477922508"
So instead of
Code:
set $bathroom to {
bath: hashStr("20ER12"),
Code:
set $bathroom to {
bath: 1477922508,BTW, the hashed passwords are stored in that same SugarCube variable object I mentioned above, but at least they're gibberish numbers and not plaintext strings.
I have to give you credit though, for at least attempting to obfuscate the password. Most Twine developers don't even try, either because they don't know how, or realize that its ultimately a futile endeavor since the variables are exposed.
For example:
"Oh no, I don't know the password, I cant get my +15 Kate corruption..."
*types in console "SugarCube.State.active.variables.kate.corr = 99*
Edit: Just noticed that you're hashing two entirely different strings to the same variable in your HTML. I see both 20ER12 and CD41NJE being hashed to the same variable. Not actually sure which one is being hashed to the value I stated above "1477922508" but one of them is. In any case, thats probably a mistake that you're hashing two seperate strings to the same variable. Get rid of both of those bits of code and just store the hashed value of whatever string you choose as the password.
Edit again: It's 20ER12, just confirmed myself.
Last edited:
hate it when developer make rubbish game and force audience to pay for cheats.
At least I see "HTML game" and it's not transformation. I support those who really like that type of content, but I'd like to see something different from HTML too!
I mean what I think people didn't understand, is that I don't plan on blocking your guys from cheating. What I'm saying is that the codes I make from patrons are sure easy to find and you can obviously cheat using the console. I could block it and believe me there are other games who do that.
What I am saying is that leaking them everywhere would just make it so that the game does not generate any revenue. You can ask any patron I'm publishing monthly post about how I spend their money. I'm not giving myself any salary but instead I'm investing everything into the game.
How do I force audience to pay when I let the console open for everyone and could try a lot of tricks to block you from doing so. I'm just asking to not leak what I made for those who contribute.
I didn't want to start a war. The game got leaked here I didn't complain. When I see a random guy asking for the cheats I keep for patrons I think it's my right to tell him that I could make it more difficult for people to find them.
Anyway, an hotfix will be published on friday. Let's just not fight! the codes are here now and still not forcing you to pay for them.
_________
Obviously
Thx!
Thanks!
- Dec 26, 2018
- 46
- 49
cant send save since my browser would give me error everytime i tried to save.. but since i managed to get several erotic scenes with her in the classroom and the gym, i'm pretty sure the corruption/trust of 30/20 should have been enough to. i'm pretty sure i got all the other scenes, including alice and the park, so i'm not upset or anything. i had fun. just seemed odd to me. i'll start a new game next update to see if i can recreate the issue. if i have time later, i'll try to recreate on this version and send it to you if my browser cooperates
I made an hotfix that is going to be published friday that will also include a few modifications to the class maybe it also fix your problem. It will also add a new way of gaining trust with the teacher and will lead in a threesome with teacher and jade in the future. Will give you more information when I'm done. But replaying the game myself I could access the scene but I was already using the hotfix.
And thanks for the report anyway! Glad to hear you had fun!
- Jan 25, 2019
- 19
- 24
The mechanism for duplicating the bathroom key seems broken. When you attempt to visit the bathroom in the morning when your sister is taking a shower, it instructs you to return to make a copy, yet going back to the bathroom at any other time doesn't seem to offer the choice. Perhaps some flavour text to indicate how and when to get that key would help.
You can go back at any other time to get the key and then go to the strange shop to make the copy. If that doesn't work for you could you send me your save please so I can look why it didn't and maybe be able to fix the bug for everyone?
- May 26, 2017
- 69
- 142
What is the error it's giving you?
SugarCube has one fatal flaw in its save system, and that is, *ALL* game saves are stored in a single array as a type of cookie. One of the hard limitations of most internet browser is that it forces a 5-10mb size limit on the size of this cookies, so if you're like me, and have played a multitude of different HTML games found on this site (and others) and have saves from all of them, eventually you hit that limit, and SugarCube games will just start throwing a size quota error when you try to add to that array.
The only way I know of how to fix this error is to either delete this cookie, which will delete all your HTML game saves for all games you've played in the past, or to go to the individual games and delete the saves manually, which can be difficult as you may have deleted the game itself, as I had done.
If you open a SugarCube game (to force it to access this cookie/namespace) then open your console and type "localStorage", you'll see what I'm talking about. If you're getting a quota error, the array will be full of lots of different entries. Easiest way to clear them is to type "localStorage = {}" to wipe the entire array out, but this will delete all your saves for all HTML games.
Another way to go about this is if you look at your browsers cookies (google how to do this since its different for each browser) you will find a cookie that either has no name, or is name "file://" and delete that cookie, but this will, again, delete all your HTML game saves.
There may be a way to bypass this size quota limit in SugarCube, such as forcing it to save to a seperate cookie, but I'm not overly familiar with SugarCube to know how to go about doing this. There's obviously ways to increase the limit, since many websites store way more than 5mb. Hell, my google cookies is 300mb alone. Sugarcube just doesn't raise the quota by default.
Let me be clear, this is a hard limit to the amount of data SugarCube can store on your computer, imposed by developers of SugarCube Twine. This is not a bug with a particular game, or really a bug at all.
I totally get it, and I respect what you're doing, and attempting to do. Just offering my advice as a fellow coder, and pointing out the fatal flaw in your security measure and the fact that by hashing the passwords and only having the hashed value in the HTML, it would literally be next to impossible to guess the passwords.
Most of the script-kiddies (yes, I'm calling them children) you encounter won't have the tools, time, or desire to try to crack them, and will likely just pay you, THEN share the passwords online, because they have to feel like they're fighting for the people against some kind of capitalist tyranny. At least then you get a buck out of it.
You have every right to offer incentives to your paying patron's, and it's not like you're locking content or key features (such as the ability to save your game like some games) behind a pay wall, just the opportunity to save time.
Last edited:
Yes and I'm not blaming you, I have been using the only encryption method I knew for javascript. One dude advised me to do some sort of 'variable tunnel'. But then I thought what would be the point of fighting the same ennemy over and over. So I just change the codes at each update which takes me 5 minutes and give patreon the opportunity to have the update and the codes immediately and just let people support me if they want. My quite "inappropriate" reaction (which goes against the codes here) is due to the fact that sometimes it's a bit frustrating to see people who are playing your games without giving you anything when you invested money and time into it and asking for features that are supposed to be "premium" when I already allow them to do the same just that they have to type a bit to do it.
But and you can ask the mods I even shared here the leak of the update so you guys can get it sooner and not only gamcore community who got it somehow. So again I'm really not against this community or someone that will block people who are not able to pay or even start making methods to oblige you to pay to access part of the content. (btw I'm talking for everyone not aiming you).
Last edited:
The long version contains the same content but the videos/gifs are way longer the file is around 3gb.
For the cheats they focus on giving you stats that help you getting to content faster without changing variables that could lead to missing a scene or glitching the game.
For your review, could you tell me when you say "any new content" are you sure you went through everything? Because we added around 50 videos (around 10 scenes) since v0.3. Also could you please tell us so we can improve the game what would you like to see in the future? More story? More content? A specific fetish that comes in you mind?
- Jan 25, 2019
- 19
- 24
I did eventually figure this out, but it was entirely accidental. I could see no hint that indicates what the "strange shop" is for, nor is there a reference to tell you that you should go there after visiting the bathroom. I mean, it's good that you can do this, but stumbling across it by accident is probably not the way you want players to figure out features in the game, no?
You're totaly right that's why we are going to write a walkthrough and add hints that's something the writer suggested, I'm sometimes thinking that something is logic but I have to think about your guys who didn't make the game hahaha. Will publish the walkthrough along with a small update here during the week end. Thanks for confirming this wasn't a bug!