I tested several of the earliest files I had in my archives and had the following results.

Using a turn said to be 2102 from the original cut of the game, I was unable to open our game file with the alternate password.

Using a turn said to be 2102 from the restarted version of the game, I was able to open the turn with the alternate password.

I'm not sure what this proves, as the restarted version of the game had different passwords and being a restart could also have created different backdoor hardwired passwords if the game has something like that already built in by Firaxis. So if it needed the file to be altered for the hack to work, it happened in the first turn, before it got to us.

Since we are one of the last factions in turn order, about all I think I can say for sure is that Buster and the Drones are definitely innocent of altering the file, as they had not yet had a chance to touch it. I know that I didn't insert any funny stuff into the save file, but it would take a save file from earlier in turn to show that - certainly if Googlie still has the original file he sent out, that could be very revealing.

Hmm...That leaves the Hive as the most likely to have someone whom altered it, with the next being possible and the next being highly unlikely.

I just tested the alternative password on both the 2105 and 2130 save. It works indeed.

I really don't get it how this is possible.
The "generic password theory is proved invalid. The "recently added password theory" is impossible too (unless they were added before 2104 ). And as the official and alternative passwords bear no resemblance, I don't see how the "combination password theory" can be true (though I don't really understand what buster means with that theory).

Wise decision to edit your post.

We have an original password, don't we?

I don't see how anyone else besides the turn player could have made any modifications. For the Hive that would be Voltaire at that time. I find it hard to believe he would be related.

Well, at least this all gives us something to ponder.

Edit my post! Whatever do you mean?



I've never seen a password with such...implied meaning!!!

Hmm....I have a hard time believing Voltaire could do this. But he didnt play all the turns though....

AARRRGGGHHH!!!!!

Interesting development.

I have some old PBEMs that I CMN'd on file on my laptop, including a couple that feature Buster.

The "hacked" password for the ACDG Drones also opens his turns - in one game as the Drones again, but in the other as the Hive

So there has not been a "tamper" with the gamesave files, but Buster's theory of a number of applicable passwords holds water. Razor Blade simply found appropriate alternates

G.

If you're still wondering about this mechanism, consider this simplistic version:

Say the password is "hack', that is represented in memory as some string of bits, recognizible as "hack" if considered to be a string of letters. At the same time, it could be considered also as a string of bits representing a number and operated on mathematically, say by multiplying it by 37. The computer saves your password as whatever that string of bits would be ("hack" * 37), or perhaps only selected bits of that result, like the rightmost 8 bits.

Most likely it would no longer be translatable into regular alphabetic characters anymore and would be difficult for anyone to locate in a dump of the file and recognize as a password. Even if someone did, they would not necessarily know how to work backwards to the original "hack". Thus, you have reasonably decent security without needing a PhD.

Given a simple enough algorithm and/or especially if you save only a portion of the result, it is entirely possible for another input, like "wild card" to also generate the same internal representation ("wild card" and "hack" are just an example and in all likelihood do not generate the same result when multiplied by 37 and stripping selected bits).

Anyway, if the hacker read the code and discovered the 37 multiplier, the bit selection and the storage location for the encrypted version of the passwords, they could conceivably work backwards to figure a string which would generate that encrypted result. In all likelihood, it would be gibberish-crap, but with the right software and a dictionary-like file, it would be possible to locate any real words or phrases that fit the bill, if any exist, and they could then take their pick and email them to Tass, who has demonstrated a willingness to go public with such info. (If they had mailed them to the Pirates, maybe the Cuspidore would suddenly act like he knew what he was doing (as well as what everyone else was doing) instead of acting like a normal boorish lout!)

So what we need to ask in this witch hunt is: Who is playing like they know what they are doing .

Right.

Who has the tech lead in 2130?

Why, Cap'n Hook, of course

There you have it.

That string of bits wasn't "hack" * 37 at all, but "hook" * 37 - a simple juxtapositioning.



G.

of course this is serious...but still, also amusing. This is the most activity we've had in a while. My energy credits say that is what the perpetrator was aiming for, being able to watch our reactions in amusement.

So, if our saves are compomised, and no longer safe, and if this "hacker" is still among us, and playing on one of the teams, how can we stop one team getting masses of info on the other factions, very probably without their other faction members even guessing what is happening?

We must immediately change to e-mailing the turns between teams, and stop posting them in the public forum. We have no alternative.

-Jam

Thanks for the explanation johndmuller.

Jamski:

If the hacker is member of one of the factions, then not posting the turns in the public forum won't help. And in the beginning of the ACDG, we already discussed the option of neither posting turns in the private forum. Most of us decided against it as it would severely reduce the possibility for non-turn players to participate. Besides, even this wouldn't help if the hacker was the turn player himself...

If the hacker is on one of the teams & has influence on game decisions said person will of course get a copy of the file in any case so mailing rather than posting changes nothing.

In any case the fact that moves are discussed in the team and that players usually give reasons for why they want to do what they want to do that makes sense with what is known from the info available to all is your best guideline.

Being able to open the file only gives access to knowing what the others are doing. The same could be obtained by having a member of a team feeding info to a member of another team. At least plans are not contained in the savegame.

There are more devastating cheats out there than that - so in general the teams should impose discipline on their members and ensure the game is played honest by coming down on members who suggest some sort of cheat be applied.

On this particular problem I believe the best measure would be that the teams pay notice if one of their members seems knowledgeable about what goes on outside his own faction to a degree where it cannot be explained by "clever conjecture" or " well educated guesses". Present writer excluded of course as I am inordinarily sharp.

Joking aside - I don't think we currently have a problem - Tassador after all came forward and to the best of what we know the passwords were not leaked on to other than Googlie & Tassador now resigned from Hive.

As said if the teams pay notice if someone appears to know too much and check him out if it happens I think we should be quite safe. After all as said "someone knowing things he shouldn't" could come from various sources - cracked/leaked passwords, secretly being member of more than one faction, getting info from a member/ spy in another faction etc. The problem is not new and neither are the signs to watch for.

To put in perspective at least SMAC does provide a decent level of security & I imagine only a person with the software needed and a decent measure of programming skill can find a match for a password and would need to do it for each seperate game. Civ III by comparison is pbem'ed pretty much on the hope the others won't cheat as the security is not really present at all. There anyone who desires can see opponent moves, there is no reload warning, there is variety of "savegame editors" readily available - you name it. At least with SMAC someone won't cheat much or little for long without it being evident and if team members are watching and decisions actually democratically made there is not much you can do in the way of cheating at all.

In the end the only real guarantee is that teams do not tolerate elements within them that do not play by the rules. If this is kept in - there will not be any problems - if some team is dishonest we have a mess anyway and already had from the start.

Ok I'm very naive at computer technology so this may sound very ignorant. But I was wondering if it is at all possible that for each turn posted people who downloaded it could be recorded by the administors. If there is this one person who has this knowledge I would be quite sure that he would want to use it. So if somebody has downloaded multiple times of multiple factions turns, we might be able to isolate him. (Of course I know that some people may have done the same thing in the earlier stage for the word file in game communication cheat. But this behavior should have stopped long ago since presumely all factions are communicating through other channels now.)

The admins of this site should be able to find the username & ips of people who downloaded files.

However the person need only have downloaded the file once in that once you have cracked the password of one faction you can simply end the turn, save & crack the next.

Well I was thinking that if he is one of the ACDGers, then after he has got all the passwords working, he perhaps would want to get other factions' turns and check how they are doing. If he is one of the players who plays turns, then he'll have access to the next faction without having to download. But for all the other factions, he still has to download the turns if he wants to use that knowledge of passwords to gain actual benefit in the game right?

Of course to keep up he will need to regularly download the file