Using Batlib and a cable, two calculators are connected to each other. Both have a similar program which is the security program. This program gets a String from the other calculator (as specified by the opponent) which is then run as a Hybrid BASIC program, if, and only if, it passes through the conditions that the defender sets. The condition can't be a blanket statement such as blocking all programs, or blocking all dim( commands, but blocking specific dim commands from being executed is okay. Neither opponent knows anything about each other's programs except that each user must execute prgmSECURE which gets the string from the other calc, checks it, and runs it as a program. You win when you successfully read the data from the AppVar READ, and successfully write to an AppVar called WRITE. Thus your objective is two-fold. First, find the data and conditions and programSECURE so you know how to bypass them, then two, read and write to those AppVars using a spect constructed payload of executable data. Anything else goes, the defender just has to make sure that AppVar is never written to or read, and the attacker has to circumvent the defenses to attack the other calculator.
This is obviously a multiplayer game, and while cable connection shouldn't be hard, it would be cool if I could do this over calc net, but that might be a question for Kerm.
What do you guys think?
this sounds a little similar to a game i am working on, but go right ahead. 2 player games like this can be an ultimant test for 2 coders, besides being great fun. if you finish, i wonder who would win: Kerm, or TiFreak.
Haha yeah that would be fun;
Out-of-the-box thinking is really key here, and thinking of a way to attack the calculator that the opponent hasn't thought of. Generating just the right payload to accomplish the task is going to take a lot of thinking, especially if your opponent has really shut the thing down.
also, building your own program that May:
-)try to destroy the "virus" program by few methods
-)sustain calculator functionality
-)save current calc settings
but may Not:
-)block access to the link port
-)completely dissolve the virus by a simple DelVar StrN.
Right exactly, that kind of stuff is cheating and are blanket statements. Basically, no existing code from prgmSECURE can be deleted or edited, but you can add code to check the data to make sure it's safe basically. Basically, if a totally harmless program would trip the conditions, it's probably too much of a blanket statement.
That's a nice hard line actually. I might use that in my rules.
If it doesn't trip the conditions though, then the virus gets to run and do whatever it wants. For example, the virus could modify prgmSECURE if it wanted. A nice piece of code injection that causes the calculator to skip unwanted conditions
This would obviously be a precursor to another, more dangerous exploit that had been originally blocked by prgmSECURE that will now pass inspection.
also, i thought that the use of Hybrid basic may be a bit too strong and not all people will directly follow the rules. your ideas on this?
Well my only other option is assembly without Hybrid TI-BASIC, because there's no way to execute malignant code from a string which is currently the most efficient way to transfer prgm data from one calculator to another. The expr( function will never be powerful enough, not to mention that the only variable you can write to from expr( is Ans, which just isn't enough, so Pure BASIC is out of the question. Assembly is probably just as dangerous as Hybrid BASIC so I wouldn't consider a big difference between the two except that doing it in Hybrid will allow a greater quantity of people to understand and play the game. Not to mention that I can't code assembly, and I want people to be able to modify prgmSECURE anyway. No, I think Hybrid is our best option here.
And not quite following the rules is the entire purpose of hacking anyway XD
Pure basic isnt out of the question if you are making a new, super watered down code. its what i did, but mine is code versus code destroyer, yours may need something a tiny bit filled out.
given that you could just InString( and Sub( to interpret strings, and then use the data to run something in hybrid, you could easily lock out the use of some libraries.
That's true, but I think I will leave that kind of lockout to the defender. It is their job to defend their calculator after all. The game wasn't really designed to be played fairly, and the job of the hacker is to cheat his way to the win, not to play nice
that's the job of the defender, is to see how long he can hold out. Keep in mind that both people will be playing both positions in any one round, so both have equal power over each other, if they can figure out how to wield it.
It really comes down to being able to run "unsigned" code on your opponents calculator, and the conditions are just a way to make sure that was achieved.
ahh, that seems legit enough. but then, supposing you are using the DCS provided libraries (DCS7), then all someone would have to do is use the execHex lib and run an assembly program that instantly destroys the calc/program. or makes a ram clear. might be an issue.
even so, start coding, id love to see what this looks like when finished.
I'll actually plan on using BatLib which I find very powerful and easy to use. And making sure your code doesn't crash the calculator is an issue when it comes to pure assembly but it's less of a problem in Hybrid BASIC.
UPDATE:
Well, I wrote out hopefully all the code I need. Since the user is generating much of the code, I just needed to create a multiplayer engine and framework for the user to work with and then I should be set. Now all that's left is debugging and testing. That wouldn't be a big deal...except that I don't have another calculator to work with. Suppose I'm gonna need to do some looking.
I finished one half of the program. The rest of it is a more complicated mode in which both people are running both black and white hat at the same time, rather than a defender and attacker. This'll require some pretty legit code to make this work.
also, you may want to add a VERY basic form of a defender and attacker, for the newer users, so they have something to twiddle with.
as for calc testing, i can do that. i have 2, and the teacher knows me enough that i can borrow another easily.
i am quite curious how you are going to allow it to go simutaneously back and forth. ive never used calculator linking in my programs.
Yes, making an automated attacker and defender is an idea I've been toying with. Making a defender that learns from your attacks probably wouldn't be too hard, but making an attacker that could construct its own attacks is a lot harder.
I will give you the source code as soon as I upload it. You'll need to have the latest version of Batlib as well. I'll put that in the zip file too, I'm not quite sure where Zeda released it...or we could ask him.
Zeda, hey Zeda! Yeah you! What's the link to the newest version of Batlib? The one with all the bugs we fixed awhile back?