Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Display warning if watchdog is missing #72

Open
Chronial opened this issue May 17, 2016 · 18 comments
Open

Display warning if watchdog is missing #72

Chronial opened this issue May 17, 2016 · 18 comments

Comments

@Chronial
Copy link
Collaborator

My understanding is that due to namecrash nobody should run DS without PVP watchdog, right?

We detect whether watchdog is installed – should we display a warning message if it's missing?

@Wulf2k
Copy link
Owner

Wulf2k commented May 17, 2016

Yeah, we should do something low-key for it.

Nothing too annoying, but just to alert people of being vulnerable to the namecrash.

@Chronial
Copy link
Collaborator Author

I don't think low-key is the right idea. As I myself did before, people attribute these crashes to DSCM. And in a certain way they are right – without nodes, you can't get namecrash :).

http://steamcommunity.com/app/211420/discussions/0/364042262886578469/

But I understand why you want that warning to be low-key. I think it would be better DSCM could fix the namecrash, too. I will see whether I can get in touch with eur0pa about this.

@Chronial
Copy link
Collaborator Author

The other question is: Should we do something about users of DSCM who have a crashing name themselves? I mean they are using DSCM to crash many more unsuspecting DS players then they ever would without, so I think we kind of have a responsibility ^^.

@Jellybaby34
Copy link
Contributor

There are several causes of the name crash so to patch it yourself you'd have to patch multiple areas. Summon sign crashes are due to the length above 16 characters exceeding the buffer on the stack and the # crash is due to how the game is supposed to handle colour. (#c[FFFFFF]text#c).

You could edit their name to reduce its length and remove any invalid characters using name pointers but i'm not entirely sure whether a different pointer is used for summon signs.

@Wulf2k
Copy link
Owner

Wulf2k commented May 24, 2016

There's one main location where the name is stored. I've edited it in memory in the past and it's appeared as the edited version in every interaction.

It would be simple to check that location on attach and put a 0x00 in the 16th character location, and overwrite any #s with _.

@Chronial Chronial changed the title Display warning if watchdog is missing? Display warning if watchdog is missing Jun 5, 2016
@Chronial
Copy link
Collaborator Author

Chronial commented Jun 5, 2016

I am a little bit unsure as to how to display a watchdog missing warning. We will only learn about this once the game starts, and by that time it is probably to late to display the warning. I think a warning popup after the game closes is probably best? It would pop up as soon as DS is closed, explain the situation and have a "don't show again checkbox". @Wulf2k what do you think?

@gpotter2
Copy link

gpotter2 commented Jun 5, 2016

Or you may use the in game popups... As we talked about it in a past closed issue.

@Chronial
Copy link
Collaborator Author

Chronial commented Jun 6, 2016

As mentioned before, the ingame popups have some issues in themselves, and also in-game is not the right time to tell the user about this – at that point in time they can't do anything about the issue anyways.

@gpotter2
Copy link

gpotter2 commented Jun 9, 2016

Then there should be a way to detect it without starting dark souls...

@Wulf2k
Copy link
Owner

Wulf2k commented Jun 9, 2016

With the namecrash fix getting rolled into DSCM I don't think we really care about Watchdog any more.

I mean, it's nice if people don't fall victim to the simple hacks, but Watchdog isn't 100% so they're kind of on their own for hack detection anyway.

@gpotter2
Copy link

gpotter2 commented Jun 9, 2016

I don't think we really care about Watchdog any more.

That's true

@Chronial
Copy link
Collaborator Author

Chronial commented Jun 9, 2016

With the namecrash fix getting rolled into DSCM I don't think we really care about Watchdog any more.

I mean, it's nice if people don't fall victim to the simple hacks, but Watchdog isn't 100% so they're kind of on their own for hack detection anyway.

I told eur0pa that we would add a notice about watchdog when he gave me the namecrash data. So unless he comes forward saying that he doesn't care about it, I would like to add some kind of notice.

@Wulf2k
Copy link
Owner

Wulf2k commented Jun 9, 2016

K, then that's back on the agenda.

What do you think, instead of a green "connected" status we just switch to a yellow "connected, no WD" status?

@Wulf2k
Copy link
Owner

Wulf2k commented Jun 9, 2016

A popup after closing would be appropriate as well, explaining what it does and where to get it.

@Wulf2k
Copy link
Owner

Wulf2k commented Jun 9, 2016

As a future note, I'd also like to get the update check looking for a digital signature at some point in the next few versions.

Right now a targeted DNS hijack could have the update check running any code somebody wanted.

We're not popular enough for it to be a high priority, but we "did" implement a "run whatever code is at this address" button.

@metal-crow
Copy link

metal-crow commented May 7, 2017

Not to necro this thread, but what about offering the ability to auto-install watchdog if the user is missing it? I disagree that DSCM shouldn't care about watchdog, since a VAST majority of users runs DSCM (since it's basically needed for online play), but much fewer have watchdog installed (harder to install than just running the DSCM exe).
If we just added the ability to pull the watchdog dlls from nexus or wherever, then copy them into the dark souls install, we could dramatically lower the number of people who are susceptible to hacking.

@Wulf2k
Copy link
Owner

Wulf2k commented Aug 24, 2017

I somehow missed this. It's not a bad idea, but would require admin rights to place a DLL in the Dark Souls folder.

I'm also hesitant to hardcode an external URL into DSCM as I'm then dependent on that address staying valid.

@Chronial
Copy link
Collaborator Author

I somehow missed this. It's not a bad idea, but would require admin rights to place a DLL in the Dark Souls folder.

IMHO, DSCM should ask for admin privileges when the button is pressed.

I'm also hesitant to hardcode an external URL into DSCM as I'm then dependent on that address staying valid.

I agree – you should host a copy of the watchdog dll on your server. The url beeing valid is only one of the concerns – an external URL could also be replaced with malicious code. That is an unneeded extension of trust. People running DSCM already trust you to run your code, you should also host the watchdog dll.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants