More Awesome Than You!
Welcome,
Guest
. Please
login
or
register
.
2024 November 21, 22:30:20
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search:
Advanced search
SUPPORT THE MUNICIPALITY!
Have you destroyed a paysite today?
"Jelenedra" is the new "gay".
All Lythdans are stupid and suck!
DEATH TO ALL STUPID HAIRY-BELLIED NESSES!
All Kewians are stupid and suck! Accept no Kewian-based substitutes!
Clearly, BlueSoup has failed us! You must not! BlueSoup has a fat head!
Hobbsee has a
scrawny pencil neck.
Rohina the Ugly Butted is a Horny Turkey
540287
Posts in
18067
Topics by
6545
Members
Latest Member:
cincinancy
More Awesome Than You!
Serious Business
Secret Desert Headquarters
Spore Discussions
MASSIVE SECURITY HAZARD in Spore!
0 Members and 5 Chinese Bots are viewing this topic.
« previous
next »
Pages:
1
[
2
]
3
4
...
6
Author
Topic: MASSIVE SECURITY HAZARD in Spore! (Read 102696 times)
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #25 on:
2008 June 20, 03:59:52 »
True. I can't imagine anyone other than a troll bothering.
«
Last Edit: 2008 June 20, 04:15:10 by BastDawn
»
Logged
wes_h
Knuckleheaded Knob
Posts: 530
Lady on Rancho Como
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #26 on:
2008 June 20, 04:17:10 »
I have been looking deeply into the very soul of these files.
I do not doubt that the program "phones home" when installed, that was foretold. I will trust others efforts to prove it was SecuRom that did it, that was foretold.
The creature data itself is inserted into .package files, in the new DBPF V2. The decompression code Dizzy wrote for the extract program (in the bowels), with minor modifications to the source, works on the compressed parts, although I have an all new parser for the V2 files. My thanks to Dizzy for the posting the source.
The main part of the creature data itself is an xml 1.0 file, uncompressed about 30K (my example critter). In the packages is/are sections(s) with the username and creature name, in unicode. While one user is hardly proof, the user name in there is the user name part of the account (sans the email domain) I made at the Spore site.
So I believe that when creatures are "published" the data uploaded includes the user name from the account, and the creature name, and that when the small PNG file is dropped onto the application by a different user, the data for the creature is downloaded and inserted into a package file, together with other creatures. That downloaded data includes the user name, compressed with the same 'QFS' method used on The Sims 2.
So I disagree with the "massive security leak" part. The rest of the issues about working with the program online and unblocked by a firewall are certainly valid points for people to watch, especially with installations that were not done with "gen-u-wine EA advantage" materials.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #27 on:
2008 June 20, 04:46:00 »
Quote from: wes_h on 2008 June 20, 04:17:10
The creature data itself is inserted into .package files, in the new DBPF V2.
It looks to me that the creature data is encoded into the PNG, and no .package files are involved. Are you looking at the right thing?
Quote from: wes_h on 2008 June 20, 04:17:10
The main part of the creature data itself is an xml 1.0 file, uncompressed about 30K (my example critter). In the packages is/are sections(s) with the username and creature name, in unicode. While one user is hardly proof, the user name in there is the user name part of the account (sans the email domain) I made at the Spore site.
Where's this information? I scanned the PNG file and it appears to not be there, meaning it has been encrypted to be unrecognizeable.
Quote from: wes_h on 2008 June 20, 04:17:10
So I disagree with the "massive security leak" part. The rest of the issues about working with the program online and unblocked by a firewall are certainly valid points for people to watch, especially with installations that were not done with "gen-u-wine EA advantage" materials.
There's one fundamental flaw with your belief: It is not negative. Because it is not negative, it must be incorrect.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Zazazu
Fuzzy Pumpkin
Whiny Wussy
Posts: 8583
Potiron flou
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #28 on:
2008 June 20, 04:54:24 »
Quote from: BastDawn on 2008 June 20, 03:59:52
True. I can't imagine anyone other than a troll bothering.
Bastdawn, is your account named "Ibis"?
The reason I ask is because I downloaded your .png you shared in the RL thread. That's what comes up in the creator name for me. Now, if that's not your account's name, that's very interesting, and suggests that it's something to do with EA pulling information when you transmit the files to
them
that's adding your name.
Logged
Capitalism, Ho!
"Continue to beat it in masturbatory ecstasy if you like, but only Pescado can make it go away." - Lemmiwinks
My Urinal
wes_h
Knuckleheaded Knob
Posts: 530
Lady on Rancho Como
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #29 on:
2008 June 20, 05:07:14 »
I have seen and accessed creatures from other users, so I know the process and have some of the files. I am of the belief the creature is downloaded separately after the picture is dropped on the application, but the data does compress well, WinRar got it down to 3K from 30K, so it could be incorporated in the PNG file. I don't have anything to parse a PNG file with here to separate the pixel data from any other.
Regardless of what is in the PNG file, after whatever download process the data is placed in .package files in your user directory. This is where I am viewing the data, and where the program accesses it from, after decompressing it.
Anyway, enjoy your morning, old grouchy-grouch.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #30 on:
2008 June 20, 06:03:26 »
Quote from: wes_h on 2008 June 20, 05:07:14
I have seen and accessed creatures from other users, so I know the process and have some of the files. I am of the belief the creature is downloaded separately after the picture is dropped on the application, but the data does compress well, WinRar got it down to 3K from 30K, so it could be incorporated in the PNG file.
This does not match empirical evidence, that it was possible to get BastDawn's stuff simply by rightclicking and save-as'ing her PNG.
Quote from: wes_h on 2008 June 20, 05:07:14
Regardless of what is in the PNG file, after whatever download process the data is placed in .package files in your user directory. This is where I am viewing the data, and where the program accesses it from, after decompressing it.
There are no .package files in my user directory. The only .packages are the CSA packages in the data directory of the main install.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #31 on:
2008 June 20, 07:50:02 »
Yes, my computer is named Ibis. And I do not allow any programs access to the internet without permission from my firewall, including Spore Creature Creator, so the data in the critters I posted did not go to the Spore site at all. I have also successfully downloaded critters from non-Spore sites (like MATY) and placed them in the game, again without allowing SCC to connect. Last night I picked up a few using my other computer, which is a crappy ME box that can't even
run
SCC, and transfered them over my network.
My computer is set up on a home network, where the administrator name is not identical to the nickname the computer is given to identify it to other computers on the network. This means that I can change my computer's name at will, so I'm not as worried about the security breach. That doesn't mean I'm not irritated, of course.
Logged
Emma
Goopy Lover
Dead Member
Posts: 6109
All Pescados Suck.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #32 on:
2008 June 20, 08:00:30 »
Yeah. Do not want Spore. Not sharing creatures either
I'm having great fun making them (and my kids are) but we are just making snapshots and printscreens of our stuff.
Logged
Illusions of Grandeur
|
Laverwinkle Sims
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #33 on:
2008 June 20, 08:13:59 »
Death to EMMA.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Emma
Goopy Lover
Dead Member
Posts: 6109
All Pescados Suck.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #34 on:
2008 June 20, 08:15:54 »
*Emma moons Pescado
Logged
Illusions of Grandeur
|
Laverwinkle Sims
Mirelly
Pinheaded Pissant
Posts: 1037
Pompous Twitter
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #35 on:
2008 June 20, 08:35:58 »
Meh. Not sure how anyone knowing that I am known as Mirelly is dangerous to me, but lacking total awesomeness I bow to those more paranoid that me.
I have tried out the critter maker -- the free one -- and I have to say that it is rather disappointing. It is extremely limited and, a lot like TS2, there is no real scope for making creatures which are genuinely different from each other. The differences (component parts like insectile mandibles versus crocodilian jaws) are insufficiently numerous and versatile to make a toolbox with which one craft one's imagination. A Pierson's Puppeteer has proved to be impossible; I had to put the mouth on the body ... I put it at the back so it could blow raspberries at its enemies as it kicks out their hearts with its hefty hind leg.
I was never sold on the idea of a PacmanPopulousCivilizationMaster_of_Orion chimera, so the critter builder was always going to be the USP for me. It has phail.
Logged
me shit
Wayward Ink now with SMF shiny and no ads
I see the Dome is filled with Lamb Chop conspiracy theories. The only authentic Mirelly sock is "readordead", who will not be posting, for obvious reasons.
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #36 on:
2008 June 20, 08:36:45 »
Well, here's some good news. Once you change your computer name, Spore Creature Creator continues to use the old name. I just changed my computer name to something else, reset, confirmed my old shortcuts to this computer no longer work, and then ran SCC and made a new thing from scratch. The new thing is still using "Ibis".
Here's how to rename your XP computer:
1. Right-click on the My Computer desktop icon, then left-click on Properties.
* If you do not have that icon on the desktop:
a. Left-click on Start > Control Panel
b. Double left-click on the System icon (if you don't see it, select "Switch to Classic View" on the left-hand side of the window first).
2. Select the "Computer name" tab, then type a new name
3. Select the Change button, type the new name again in the "Computer name" field, and select OK. Windows will prompt: "You must restart this computer before these changes will take effect."
4. Shut down and restart your PC normally.
EDIT:
Damn. Pescado's right: changing the computer's name on the network doesn't change the login name; it's merely cosmetic. That means sharing creatures is generally a bad idea.
I
like
sharing. Tell me, Pescado, just how serious a threat is it, if the name is something like "Ibis" that has nothing to do with my real identity or interests?
«
Last Edit: 2008 June 20, 10:43:15 by BastDawn
»
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #37 on:
2008 June 20, 10:31:31 »
That is because it is not using your Computer Name, it is using your computer USERNAME. Do you login as "Ibis"? If so, that's what it's using. Changing your computer name won't fix this.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Emma
Goopy Lover
Dead Member
Posts: 6109
All Pescados Suck.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #38 on:
2008 June 20, 11:36:48 »
I just created 2 creatures, one offline and one online. The offline one shows my pc username (surprisingly, Emma) and the online one shows my Spore login name. So which one is the dangerous one? Both?
Logged
Illusions of Grandeur
|
Laverwinkle Sims
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #39 on:
2008 June 20, 12:14:28 »
In your case? Probably none of them, since we already know you are EMMA. Death to EMMA!
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Emma
Goopy Lover
Dead Member
Posts: 6109
All Pescados Suck.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #40 on:
2008 June 20, 12:32:53 »
Oh, so it is only ninjas who should be worried then
Logged
Illusions of Grandeur
|
Laverwinkle Sims
wes_h
Knuckleheaded Knob
Posts: 530
Lady on Rancho Como
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #41 on:
2008 June 20, 14:07:01 »
Quote from: J. M. Pescado on 2008 June 20, 06:03:26
There are no .package files in my user directory. The only .packages are the CSA packages in the data directory of the main install.
Try looking in C:{username}\AppData\Roaming\Spore Creature Creator\ (that's for Vista). In XP it should be something like Application Data, but I have no install here on XP at this time. By default, the app data folder is hidden in both XP and Vista (Microsoft calls it a system folder, and says you could damage your system).
The other directory in User Data, in Documents\My Spore Creations, just contains pictures and videos you make.
Logged
Obsidian
Asinine Airhead
Posts: 21
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #42 on:
2008 June 20, 17:29:14 »
After the whole SecuROM fiasco, I expected something like this would happen. That's the reason I've not uploaded any creature I've created onto the internet, and also set my firewall to block the Spore Creature Creator from communicating with the internet at all.
Stupid EAxis.
Logged
wes_h
Knuckleheaded Knob
Posts: 530
Lady on Rancho Como
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #43 on:
2008 June 20, 18:52:35 »
I have examined the PNG image files that appear publicly on Sporepedia.
The PNG format allows non-standard chunks to be inserted in a file, but I find only image data in them. Interestingly enough, when you load one into Paint Shop Pro and save it under a different name, the resulting file is actually larger than the one downloaded from Sporepedia. Clearly, there is no room for 3K of creature data in there, unless they have much beter compression than WinRar.
I still think a download of creature data happens after the image is dropped on the CC.
Logged
Insanity Prelude
Juvenile Jackass
Posts: 488
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #44 on:
2008 June 20, 18:54:32 »
I'd been so looking forward to this game... but if this is true, I don't dare.
Bugger EA.
Logged
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #45 on:
2008 June 20, 22:19:44 »
Wes_h, procedural generation doesn't work that way. The code to generate the creature is tiny, small enough to be held in a little 25kb png. When put into the game, the data then creates the polygons and textures from a formula. Check out this article:
http://www.joystiq.com/2006/07/12/procedural-synthesis-gamings-fountain-of-youth/
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #46 on:
2008 June 21, 03:57:11 »
Quote from: BastDawn on 2008 June 20, 22:19:44
Wes_h, procedural generation doesn't work that way. The code to generate the creature is tiny, small enough to be held in a little 25kb png.
That's not what Wes_h is saying. Wes_h is saying that he cannot find any nonstandard data chunks which would represent the tiny creature data.
Quote from: wes_h on 2008 June 20, 18:52:35
The PNG format allows non-standard chunks to be inserted in a file, but I find only image data in them. Interestingly enough, when you load one into Paint Shop Pro and save it under a different name, the resulting file is actually larger than the one downloaded from Sporepedia. Clearly, there is no room for 3K of creature data in there, unless they have much beter compression than WinRar.
There are no data chunks which are not image data? Does a re-saved image function as a critter anymore, or is the critter data destroyed by this process? If you cannot find any custom data chunks inside the file, then it is likely that the creature data is steganographically encoded into the image data rather than using nonstandard PNG chunks.
Quote from: wes_h on 2008 June 20, 18:52:35
I still think a download of creature data happens after the image is dropped on the CC.
Impossible, because otherwise I would not have been able to get BastDawn's flower-creatures by downloading the image from a Botophucket. Downloading could not happen because the Creator is not permitted access to the Internets.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #47 on:
2008 June 21, 05:12:27 »
Quote from: J. M. Pescado on 2008 June 21, 03:57:11
Quote from: BastDawn on 2008 June 20, 22:19:44
Wes_h, procedural generation doesn't work that way. The code to generate the creature is tiny, small enough to be held in a little 25kb png.
That's not what Wes_h is saying. Wes_h is saying that he cannot find any nonstandard data chunks which would represent the tiny creature data.
I acknowledge my misunderstanding. But still: here's what a spore creature png looks like after all the layers are merged and everything pure white (#FFFFFF) is colored hot pink. I enlarged the image by 300% for clarity, using "pixel resize" to prevent blurring the edges.
You can clearly see that the background is not solid white. The merged image is pixelated with the color #FEFEFE. It's binary.
Quote from: wes_h on 2008 June 20, 18:52:35
Interestingly enough, when you load one into Paint Shop Pro and save it under a different name, the resulting file is actually larger than the one downloaded from Sporepedia. Clearly, there is no room for 3K of creature data in there, unless they have much beter compression than WinRar.
You're doing it wrong. What settings are you using? I just tried it and saving the same file under a different name made the image 1kb smaller, not bigger. Then I did it again with a different creature, only I removed all the pixelation in the alpha channel and then saved it without changing the file name. It went from 26kb to 15kb, suggesting that it takes 11kb of data to generate my creature. However, doing that did NOT remove the creature from my game, so the change in the package file you're seeing must be the game storing the data generated from the png. I'm unpleasantly reminded of the errors with the first FreeTime patch -- if it's ever necessary to patch Spore, we'd better have kept all of our png files.
«
Last Edit: 2008 June 21, 05:21:31 by BastDawn
»
Logged
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #48 on:
2008 June 21, 07:01:58 »
Okay,
now
I've managed to changed my computer's login name. It's easy, too. Just go to Start --> Settings --> Control Panel and open up User Accounts. From there I clicked on the profile name and followed the prompts. I log on and off using the new name, and the old name only exists as a file folder in C:\Documents and Settings, which did not create a new folder for the changed name. Then I made a new creature, and it still uses the Ibis name. Pescado, am I doing it right now?
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #49 on:
2008 June 21, 07:07:42 »
Quote from: BastDawn on 2008 June 21, 07:01:58
Then I made a new creature, and it still uses the Ibis name. Pescado, am I doing it right now?
Well, the username change procedure was performed correctly, but evidently Splotch does not recognize it. Did you try rebooting?
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Pages:
1
[
2
]
3
4
...
6
« previous
next »
Jump to:
Please select a destination:
-----------------------------
TS4: The Pee-ening
-----------------------------
=> Insert Amusing Name Here
=> Facts and Strategery
-----------------------------
TS3/TSM: The Pudding
-----------------------------
=> The World Of Pudding
=> Facts & Strategery
=> Pudding Factory
===> World of Puddings
===> Pudding Plots
-----------------------------
TS2: Burnination
-----------------------------
=> The Podium
===> Oops! You Broke It!
=> The War Room
=> Planet K 20X6
===> Building Contest of Awesomeness
=> Peasantry
===> Taster's Choice
-----------------------------
The Bowels of Trogdor
-----------------------------
=> The Small Intestines of Trogdor
=> The Large Intestines of Trogdor
-----------------------------
Awesomeware
-----------------------------
=> TS4 Stuff
=> Armoire of Invincibility
===> AwesomeMod!
=> The Armory
===> Playsets & Toys
===> The Scrapyard
-----------------------------
Darcyland
-----------------------------
=> Lord Darcy Investigates
-----------------------------
Ye Olde Simmes 2 Archives: Dead Creators
-----------------------------
=> Ye Olde Crammyboye Archives
=> Ye Olde Syberspunke Archives
-----------------------------
Serious Business
-----------------------------
===> Spore Discussions
Loading...