Second Life Forums Archive - Kelly, thanks but that wasn't quite the question

Ralph Doctorow

Registered User

Join date: 16 Oct 2005

Posts: 560

10-11-2006 07:17

Several people have claimed in another thread that it is possible to directly modify the bytecodes of compiled LSL scripts.

I have no idea if this is true or not, however, I do have some experience microcoding both hardware instructions and the pseudo machine for a similar bytecoded language.

If it is possible to modify the LSL bytecodes, you really should make it impossible immediately by some form of encryption, secure checksum, etc. This kind of direct code manipulation allows someone who knows what they are doing to add amazing capabilities to a program, ones the original designers never contemplated.

In the context of griefing, these may be a bit too amazing!

Fushichou Mfume

Registered User

Join date: 30 Jul 2005

Posts: 182

Re: Are LSL bytecodes hackable?

10-11-2006 07:48

Ralph, yes they are. Quite easily, thanks to the folks over at libsecondlife. See my reply on the other thread that you linked in your post here.

Llauren Mandelbrot

Twenty-Four Weeks Old.

Join date: 26 Apr 2006

Posts: 665

Re: Re: Are LSL bytecodes hackable?

10-11-2006 08:47

In Are LSL bytecodes hackable?, Ralph Doctorow asked about the modification of bytecode in existing scripts. In Re: Are LSL bytecodes hackable?, Fushichou Mfume gave an incorrect answer. While libsecondlife does allow the upload of arbitrary scripting bytecode, it does not allow the modification of bytecode in existing scripts. This is still impossible.

Forum moderator, please link these threads.

Kelly Linden

Linden Developer

Join date: 29 Mar 2004

Posts: 896

10-11-2006 11:02

Currently LSL bytecode is compiled on the client computer and then uploaded. This means that yes, it is possible to muck with the byte code before uploading.

However! This is dangerous (for the future well being of your script) and not recommended. Here is why:

1. At some point in the semi near future LSL byte code will switch to being compiled on the server. This just means this method will not work forever.

2. Sometime after 1. we will be making a conversion to mono from our current virtual machine. The conversion process involves two steps: converting the running 'state' of the script (global variables, which state it is in etc) and recompiling the LSL. This means that when this conversion happens any scripts without matching LSL code, or who's byte code does not match the LSL code will have undefined behavior, and may not be expected to work at all. If the bytecode has been mucked with sufficiently enough that we can not correctly interpret the current 'state' of the script (we are expecting correctly compiled LSL), then very bad things may happen to your script.

It also sounds like there is some concern about being able to create more devastating griefing tools with direct access to the byte code. All access to the Second Life server in LSL happens through a rigidly defined set of library calls. Mucking with the byte code will not allow you to access any 'secret' or 'special' server functions, and passing in incorrect parameters will crash your script. It really is not possible to create any master grief tool or gain extra privledge on the servers by mucking with the LSL.*

* If you believe I am incorrect, and know of a specific way to gain extra privledge or cause extra harm by mucking with LSL byte code please let me know - [email=kelly@lindenlab.com]kelly@lindenlab.com[/email]. Thanks.

_____________________

- Kelly Linden

Ralph Doctorow

Registered User

Join date: 16 Oct 2005

Posts: 560

Kelly, thanks but that wasn't quite the question

10-11-2006 11:40

The question wasn't clearly enough stated I confess, but the issue is if it's possible to somehow change the bytecodes of already compiled code. The notion is that somehow one could "inject" new code into already compiled code written by someone else.

I believe this would require somehow uploading the compiled code back to the client, modifying it then downloading it. I doubt that's possible, but if is, you might want to think about stopping it.

In any event, thanks for the answer, but I still remain very skeptical that allowing uncontrolled bytecode modification is a good idea.

Why have it at all? It's just a potential loophole that griefers will try to crawl through. We've got enough problems with SL without stuff like this IMHO.

Kelly Linden

Linden Developer

Join date: 29 Mar 2004

Posts: 896

10-11-2006 11:54

Ah sorry, I didn't answer that question, though I should have.

Llauren Mandelbrot is correct. It is not possible to 'hack' or modify bytecode for scripts that are already uploaded. The byte code is never sent down to the client, and the lsl code is only sent to the client if you have the correct permissions to edit the script.

Having clients compile the source code offloads a some work load from the simulator to the individual clients. Some structural changes that have been made since SL began and LSL2 (the current version) was introduced now mean that it makes more sense to move it back onto the server - which we will be doing.

_____________________

- Kelly Linden

Kelly, thanks but that wasn't quite the question
Ralph Doctorow Registered User Join date: 16 Oct 2005 Posts: 560	10-11-2006 07:17 Several people have claimed in another thread that it is possible to directly modify the bytecodes of compiled LSL scripts. I have no idea if this is true or not, however, I do have some experience microcoding both hardware instructions and the pseudo machine for a similar bytecoded language. If it is possible to modify the LSL bytecodes, you really should make it impossible immediately by some form of encryption, secure checksum, etc. This kind of direct code manipulation allows someone who knows what they are doing to add amazing capabilities to a program, ones the original designers never contemplated. In the context of griefing, these may be a bit too amazing!
Fushichou Mfume Registered User Join date: 30 Jul 2005 Posts: 182	Re: Are LSL bytecodes hackable? 10-11-2006 07:48 Ralph, yes they are. Quite easily, thanks to the folks over at libsecondlife. See my reply on the other thread that you linked in your post here.
Llauren Mandelbrot Twenty-Four Weeks Old. Join date: 26 Apr 2006 Posts: 665	Re: Re: Are LSL bytecodes hackable? 10-11-2006 08:47 In Are LSL bytecodes hackable?, Ralph Doctorow asked about the modification of bytecode in existing scripts. In Re: Are LSL bytecodes hackable?, Fushichou Mfume gave an incorrect answer. While libsecondlife does allow the upload of arbitrary scripting bytecode, it does not allow the modification of bytecode in existing scripts. This is still impossible. Forum moderator, please link these threads.
Kelly Linden Linden Developer Join date: 29 Mar 2004 Posts: 896	10-11-2006 11:02 Currently LSL bytecode is compiled on the client computer and then uploaded. This means that yes, it is possible to muck with the byte code before uploading. However! This is dangerous (for the future well being of your script) and not recommended. Here is why: 1. At some point in the semi near future LSL byte code will switch to being compiled on the server. This just means this method will not work forever. 2. Sometime after 1. we will be making a conversion to mono from our current virtual machine. The conversion process involves two steps: converting the running 'state' of the script (global variables, which state it is in etc) and recompiling the LSL. This means that when this conversion happens any scripts without matching LSL code, or who's byte code does not match the LSL code will have undefined behavior, and may not be expected to work at all. If the bytecode has been mucked with sufficiently enough that we can not correctly interpret the current 'state' of the script (we are expecting correctly compiled LSL), then very bad things may happen to your script. It also sounds like there is some concern about being able to create more devastating griefing tools with direct access to the byte code. All access to the Second Life server in LSL happens through a rigidly defined set of library calls. Mucking with the byte code will not allow you to access any 'secret' or 'special' server functions, and passing in incorrect parameters will crash your script. It really is not possible to create any master grief tool or gain extra privledge on the servers by mucking with the LSL.* * If you believe I am incorrect, and know of a specific way to gain extra privledge or cause extra harm by mucking with LSL byte code please let me know - [email=kelly@lindenlab.com]kelly@lindenlab.com[/email]. Thanks. _____________________ - Kelly Linden
Ralph Doctorow Registered User Join date: 16 Oct 2005 Posts: 560	Kelly, thanks but that wasn't quite the question 10-11-2006 11:40 The question wasn't clearly enough stated I confess, but the issue is if it's possible to somehow change the bytecodes of already compiled code. The notion is that somehow one could "inject" new code into already compiled code written by someone else. I believe this would require somehow uploading the compiled code back to the client, modifying it then downloading it. I doubt that's possible, but if is, you might want to think about stopping it. In any event, thanks for the answer, but I still remain very skeptical that allowing uncontrolled bytecode modification is a good idea. Why have it at all? It's just a potential loophole that griefers will try to crawl through. We've got enough problems with SL without stuff like this IMHO.
Kelly Linden Linden Developer Join date: 29 Mar 2004 Posts: 896	10-11-2006 11:54 Ah sorry, I didn't answer that question, though I should have. Llauren Mandelbrot is correct. It is not possible to 'hack' or modify bytecode for scripts that are already uploaded. The byte code is never sent down to the client, and the lsl code is only sent to the client if you have the correct permissions to edit the script. Having clients compile the source code offloads a some work load from the simulator to the individual clients. Some structural changes that have been made since SL began and LSL2 (the current version) was introduced now mean that it makes more sense to move it back onto the server - which we will be doing. _____________________ - Kelly Linden

Welcome to the Second Life Forums Archive

Kelly, thanks but that wasn't quite the question