HTML The Monastery [v0.9.0.1] [Alcahest]

4.50 star(s) 61 Votes
Discussion Reviews (61)
gingisep

gingisep

Newbie
Aug 6, 2020
60
140
Kikinaak said:
Fair, but as an example, if I was going to write a game in a cleartext language that I didnt want people snooping through, I would remove all author comments and documentation, and change function and variable names to generic nondescriptive things, at least for the public release. "Function23", that I internally know the purpose of, is of a lot less help to a would be cracker than "CodeVerification". n_47 is a lot less descriptive than var_codeHash, especially when n_40-n_50 are similar length numbers. This can be done with a simple text replacement script, and raises the cost in time and skill to trace through the actual code to the point where most would find it easier to buy the code. I personally wouldnt have been able to crack this code without such clues and the commented debug function left in by the dev.
Click to expand...
I see your point, yet its "Security by Obscurity" and it has very little effectiveness:
made me remember about this article
You must be registered to see the links
.
 
  • Like
Reactions: docx
Alcahest

Alcahest

Engaged Member
Donor
Game Developer
Jul 28, 2017
3,452
4,301
Kikinaak said:
Fair, but as an example, if I was going to write a game in a cleartext language that I didnt want people snooping through, I would remove all author comments and documentation, and change function and variable names to generic nondescriptive things, at least for the public release. "Function23", that I internally know the purpose of, is of a lot less help to a would be cracker than "CodeVerification". n_47 is a lot less descriptive than var_codeHash, especially when n_40-n_50 are similar length numbers. This can be done with a simple text replacement script, and raises the cost in time and skill to trace through the actual code to the point where most would find it easier to buy the code. I personally wouldnt have been able to crack this code without such clues and the commented debug function left in by the dev.
Click to expand...
Any such obfuscation is futile since all you have to do is look where the code is entered and trace everything from there. It's all visible since it's plaintext.
 
  • Like
Reactions: docx, luvsabunch86 and Rafster
K

Kikinaak

Newbie
Apr 26, 2020
26
27
gingisep said:
I see your point, yet its "Security by Obscurity" and it has very little effectiveness:
made me remember about this article
You must be registered to see the links
.
Click to expand...
Interesting argument, since according to that article, even with a foot in the door of booting custom code, it still took a hacking team stealing a dev kit to break, and another several years to fully reverse engineer. From the linked article that mentions the theft, "Had that Katana SDK never been stolen, the entire Dreamcast piracy and homebrew scenes would likely never have materialized." Clearly, "security through obscurity" was working just fine until that point.
Alcahest said:
Any such obfuscation is futile since all you have to do is look where the code is entered and trace everything from there. It's all visible since it's plaintext.
Click to expand...
Its always all or nothing with those who make this argument. When I "look where the code is entered" by rightclicking and viewing source on that frame, I get over 12.5K lines of html. Saying obfuscation is futile or that security through obscurity has low effectiveness, are logical fallacies known as a hasty generalization, or jumping to a conclusion without having or considering all the details. Echo chambering "So much this" does not make a logical fallacy any less fallacious.

Sure, the code can be traced, assuming the attacker has the skill and dedication to put in the time and effort required. The crowd playing these games, as demonstrated by the ones still asking for the code in this thread after I've already dropped 2 clues in my posts that spell it out clearly, dont have that. They are after instant gratification. Human readable naming conventions, comments and documenting your code are there to help the dev, because reading those is always easier than having to retrace code. This is programming 101. Removing those with a simple script before releasing a build denies that help to the attacker. So like the stolen Katana SDK in the Dreamcast example, the lesson is the same. Stop handing dev tools to attackers.

I'm hardly some master hacker, and I have a life. As I've already said, I relied on that help by searching the source for terms like "key", "code", and "password". Such clear signposts pointing the way trivialize the task of cracking the code. Uncommenting that debug alert made it an enjoyable guessing game. If I'd seen even basic obfuscation it would have turned the job into a code slog I would not have bothered with. I still wouldnt have bought a code, but I wouldnt have the benefits of it either.
 
mememeandmyself

mememeandmyself

Member
Mar 29, 2018
368
397
Alcahest said:
Okay, so when trying, I found it hard to speed up the title music to sound like the original except when using Media Player Classic (which is the media player I normally use), so I'm attaching the title track with its original speed. Many of you should recognize it.
Click to expand...
Ah this was driving me crazy. Al approves off this, just a little hint.
 
  • Yay, new update!
Reactions: Alcahest
gingisep

gingisep

Newbie
Aug 6, 2020
60
140
Kikinaak said:
Clearly, "security through obscurity" was working just fine until that point.
Click to expand...
It probably served for enough time in that case, I concur.
In this specific case: the game has the full content in clear.
You can just skip the game and see the media ‍♂

For any other technique:
secret codes get leaked, files get pirated.
I have more respect for authors that invest into having a good game, instead of a protected game.
This make me want to fund them.

My position would have been completely opposite for online services, and even in that case obscurity is not a security pattern (given that automated spoofing tool exists - you can run a test on your own product).
 
  • Like
Reactions: ShadedWilderness, DeMarcus16 and Rafster
deppenjaeger

deppenjaeger

Member
May 23, 2017
348
164
ok i am stuck with 3 quests (that dont have a "thats all for this version flag")
one is
"Investigate sister dana"
You don't have permission to view the spoiler content. Log in or register now.

the other is Julia: The troubled student
You don't have permission to view the spoiler content. Log in or register now.

the lustful nun is the last non flagged quest i have
You don't have permission to view the spoiler content. Log in or register now.

are those quests over and done with in this release and are just missing the "thats all folks" tag... or did i miss something
 
Alcahest

Alcahest

Engaged Member
Donor
Game Developer
Jul 28, 2017
3,452
4,301
scarfer said:
Does this extend any of the quests that ended as open quests from the previous version? Or does it add content that would have been seen before that point? If it's supposed to extend content from the previous version's " This is the end of this quest in this version of the game. " , then it's going to require a restart.
Click to expand...
It continues one quest and starts a new. Why would it require a restart? Not unless you've found a bug.

Deadpool76 said:
Stuck like this, is there a way to return to the room?
Click to expand...
You shouldn't have that much corruption without cheating. Like scarfer said, if you read the second chapter already, you're stuck. If you didn't cheat, it's a bug.
 
  • Like
Reactions: luvsabunch86
Alcahest

Alcahest

Engaged Member
Donor
Game Developer
Jul 28, 2017
3,452
4,301
deppenjaeger said:
ok i am stuck with 3 quests (that dont have a "thats all for this version flag")
one is
"Investigate sister dana"
You don't have permission to view the spoiler content. Log in or register now.

the other is Julia: The troubled student
You don't have permission to view the spoiler content. Log in or register now.

the lustful nun is the last non flagged quest i have
You don't have permission to view the spoiler content. Log in or register now.

are those quests over and done with in this release and are just missing the "thats all folks" tag... or did i miss something
Click to expand...
Can you send me a save please?
 
  • Like
Reactions: luvsabunch86
S

scarfer

Active Member
Nov 4, 2017
697
343
You probably need to revisit locations for the 'end' messages. As for the last one, you were asked by the Mother Superior if you could minister to the sisterhood while you were there. Maybe you should try asking her about that?
 
  • Like
Reactions: luvsabunch86
Alcahest

Alcahest

Engaged Member
Donor
Game Developer
Jul 28, 2017
3,452
4,301
deppenjaeger said:
here you go ;)
Click to expand...
That save doesn't work. Only 2kb, like you haven't started the game. But I have found the bug. You played from the start right? Or at least before reaching the end of the last version. I thought I didn't need to update the quest checks for older saves but apparently I must.

You must be registered to see the links
 
  • Like
Reactions: t727 and luvsabunch86
Alcahest

Alcahest

Engaged Member
Donor
Game Developer
Jul 28, 2017
3,452
4,301
scarfer said:
The quest it continued still showed it was at the end for the current version. I found the new one after I posted this, so it's good.
Click to expand...
Damn, I thought I had figured out a way to avoid having to update quest info manually on all quests to avoid having the same reporting problem I had with Paradise Found where it often said 99% completed when it really was 100%. But I didn't test it well enough. :/
 
  • Like
Reactions: HotPotLovers, t727 and luvsabunch86
You must log in or register to reply here.
Top Bottom
4.50 star(s) 61 Votes