about reverse engineering and hacking LSL scripts

i would like to know scripters and lindens point if possible on the script reverse engineering and the activity of hacking scripts communicationg with others objects made by other scripters.

Is it forbitten?
Is it dangerous?
Is it agains TOS?
or is it just not liked by the hacked one?

It's not forbidden, it's not dangerous, it's not against the TOS, and one of these days it's finally going to happen to something like Darklife, and THEN the Lindens might sit up and take notice about the gigantic security flaw they have in their scripting system.

Until then... *shrug* Rip away. You'll just manage to piss a bunch of people off.

Given scripts are not patentable (so far), I would say copying the function of a script is okay, if it's done at the raw code level without stealing someone else's code clippings. Sure, the question of ethics comes up, but in general, I find myself taking the "can you make a script that works like this but with this feature" requests often.

Thing is, I don't take those ideas to market - these are private orders.


Now, moving next to command hacking, I will say flatly - it depends on the size and scope of the hack. Hacking, say, the "swing" feature on someone's weapon is probably meaningless - whereas hacking into the XP system for Darklife is a huge deal.

Honestly, I think that if the hack is so detrimental as to screw over or inhibit a net 24 hours of work by the creators or same enjoyment by a third party it should be punishable as a Scripted Assault.

Finally, code stealing without credit is plagiarism. Pure and simple. As with reality, common sense takes hold on this - and, sorry folks, but plopping a "copyright" on your code doesn't mean it can't be emulated, either. That's pretty much the game in a patentless world system.

As such, one thing I enjoy doing is making code that is based on such a complex system, that it would require more than the standard Greenhorn Newbie to emulate it - both because I enjoy pushing the envelope as it makes these things hard to "copy and steal," which is why I have no qualms about putting them up in the Script Library for free (easily identifiable code and method).

In general though, and for the chronically lazy:

- Code emulation is generally okay, though competing with the original market for it is a very gray area that is frowned upon.
- "Command hacks" are relative, but in general, the 24 hour of lost "time" rule would work as a punishable test for Scripted Attacks.
- Code copying is plagiarism, period, without proper credit rendered.

If you use an expliot in the SL permissions or other system to do the hacking, that's against TOS and is a potentialy banable offence.

Simple reverse engeneiring is much more of a fuzzy area and is probably up to the individual scripter, similar in the way that much RL software has its own EULA and terms of use. My personal take on the subject: I probably won't come after someone who manages to reverse engeneer something I wrote, even if they go on to sell it or otherwise benifit. They did at least do work on it, and you can't really hold IP rights over all the ideas that go into a script...just the source code. (The debate over certian rediculous software pattents norwithstanding). Anyone these days who can rub a few functions togeather can make poseballs, for instance.

Well its an evil thing i am asking advice ^_^

its the purpose to point a flaw in a system script, braking it so i can sell mine ^_^

well i know itsnot ethically correct its why i am asking

If you know it's not ethical, why are you even considering it?

If yours is really better, then you will eventually overtake your competition on the strength of product. Don't shortcut by breaching ethics.

I personally think that if someone would be so clever to figureout howto reverse someones script, then i think that person only do it for testing his skills.

I think its more a serious problem to have someone buy your product and then just drag the scripts out of the object and use it for their own objects to sell.
Or by some failure in the permissions, allows them to mod your scripts or other things.
I think that the permissionsystem in general is really not stable for the business to work correctly.
I feel that Modify,Copy,Transfer selections for your objects are not looked at with deep interrest from the Lindens part.

I dont think we have to worry about hackers scanning your codes, they allready know howtodo mostly anything in coding.

However, because there is a real businessworld in SL.. the security of ones digital objects needs to be looked at deeply.

So, i suggest we look more into the permissionsystem than trying to hunt down people that are trying to learn a new codingskill.

Guys LL doesn't really give a *$%^ if you hack as long as it doesn't expose any of thier trade secrets. As long as your not stealing money, content or private information it's game.

Dark Life has been hacked before. Mark changes the comms when it happens and finds a work around. It's not a big deal. It is close to impossible to get a fast and secure distributed game in SL that is complex. You can stack the deck in your favor but you can't cover all the bases.

what i am asking roughly is what would hurt me the most, a concurent product or the bad reputation of killing someone's product by building a script allowing to hack it?

If your really worried about your reputation get an alt account and recycle linden scripts.

---

This sort of thing happens in the real world. It's anti-competitive to explicitly lock out your compitition. The only thing in the RW that keeps reverse engineering at bay are patents.

no code patent in france i think, but well i am just puzzled i worked during 3 months on a script, it looks ok to me but i am not sure at all buyers will like it :/

scripters criteria and end user criteria arent always the same, i think about security but they think about Plug and play mostly and these two are diametraly opposed

its why i was thinking about killing concurence.
maybe i should keep my hack for my own use

The EU has been having alot of trouble getting software patents past. IMHO this is a good thing. Abuse of software patents here in the states is pretty bad. They stifle innovation; when you have to hire a patent lawyer to do background searches your production costs have gone up.

If you want to chat ingame about your new product and give my opinion just IM.

-----

Also depends on your intentions. If your out to hack the system thats one thing but if your out to provide new functionality thats another.

I do realize this. Hence the example rendered - I'd heard someone did precisely this. Hence, I think a marginal "timeframe" of lost work would be a decent litmus for Scripted Attack, such as flat-out attacking a major database. Darklife is just a scope example that's convenient.

Furthermore, software patents are a mixed bag, as Strife put it. It means the difference between rights to ideas and pure competition. In the real world, it cuts both ways in favor of larger entities with power to obtain legal expertise, but in a virtual world, where there is no real power to file suit by a good percentage of the population, things are a touch different.

In general, though, software patents in that scope would lead to a whole new string of "junk mail" Abuse Reports on grounds of conjecture. Not a good thing. On the other hand, "stealing someone's idea" is frowned upon.

So in general, I'd say that either scenario is better to avoid - but then, who listens to me? And Strife is (almost) correct on what was said concerning enforcability. You'd need to lay a pretty strong case to the Lindens that a "hack" was attacking in nature or have prior leverage.

And Kyrah, given I've dealt with your prowess in scripting before, I would say, out of general principle, don't do it. There's enough cloak-and-dagger antics going on in Second Life without another to add to the pot, particularly if it went to market. The purpose of a Scripting Forum is so folk can learn how a system is created and build their own empire, not so they can leverage someone else's capital for top dollar. And I'm more than happy to help with any honest scripting questions to further that.

Unfortunately, the method of hacking scripts that is readily available to all users is considered a "feature" by LL, and not an exploit in the permissions system. I'm trying to point the inherent flaws in this thinking to LL, but it's slow going.

It's that whole "Fair Use" thing. I say "They shouldn't be able to remove my scripts from a no-mod object" and they say "But it's Fair Use!"

Piss on that and call it apple juice. If that is fair use, I should be able to change textures, shape, size, color, and anything else on a no-mod object, because doing so is considered "destroying" the object. Hell, just remove the whole "no-mod" protection entirely.

I'm not sure you can easily assess the answer to this without more detail, to be fair. All I really got so far is that she's talking about a script to hack someone elses script in some way, related to comms, and a bit that seems to essentially hint at knocking out competition.

So if Kyrah is talking about making a device you can take to a certain class of vendor to get free goods, or to a gambling game to get it to pay out, because she's found it's commands and channels or something, then no - of course she shouldnt.

If, however, you're talking about some kind of 'plug in' or 'add on' that might add functionality to an existing device, well, I've seen that done before, and don't much see anything wrong with it, excepting that if it were me I think I'd approach the person first - an 'official' deal is better than working against them. They just might be willing to disclose info that would help you further if they like your idea. Not that you really have to ask of course.

If it's a case of wanting to essentially duplicate what someone else has done, lock stock and barrel, well, meh. I don't think it's right, but it goes on all the time and there really isnt a lot you can do about it. If you are trying to knock out competition, surely the best way to do it is to innovate, enhance, improve. Then you don't have to resort to nasty tactics to gouge someone elses business... you just have the better product.

Or I could be misunderstanding the situation completely, in which case I'll STFU!

well i think that about the product i am at same level of the person if not above, unfortunately i havent this person's "fame"

When I see something that I like in concept, like a dancebracelet, but doesnt have the features I want or just doesnt work as I expect, and I develop a similar object from scratch that does what I want and then even sell it, what is wrong with that? After all I am not stealing anyones scripts nor their knowledge ... Its different when I use code not developed by me and take credit for it. THAT is stealing. It is not stealing to develop something from scratch, even if it uses the idea somebody else has ...

In my eyes its something like having different brands ... Some people like to have one brand others another. Even if the brands are doing similar things.

Till Stirling

This is so ridiculous. Please allow me to throw down some "hacking"ethics.

1. If you're even slightly concerned its unethical, it is.
2. If you're hacking for malice, (i.e. pointing out a flaw and releasing a new product to ruin them) its unethical.
3. If YOU, YOURSELF, can script something to hack and sniff the script in question, *usually* you should realize the effort gone into scripting a complex system and be cool.
4. If you DONT have the skill for number 3, and you're using someone elses script meant to hack into other scripts just to be a 1337 haX0r, you are what is known as a script kiddie or a cookbook kid, and this means (in most cases) you suck.
5. Reverse engineering code by examining the product and attempting to duplicate a similar feature or function is called LEARNING. If you don't plagiarise the code, but instead work to learn, on your own, how a system works. Thats fine.

In conclusion, whatever you're planning on cracking, hacking, breaking into, sniffing or whatever.... you're not doing it for the right reasons. If you want to show someone why their script is flawed WRITE A BETTER SCRIPT. If you want to learn a particular coding skill there are other ways of learning then breaking into someone elses script. Show some intelligence and innovation and do some actual work.

If I understand this correctly, you want to expose a flaw in a competitor's product, for financial gain.

While I can't speak for anyone else, I would find this to be distasteful. Responsibility is an important part of your reputation.

A gentleman would inform the creator/distributer, and give them ample time to correct the flaw before discussing it publically. You don't get ahead by putting down others. You get ahead by being better.

I couldn't have put it better my self.

----

Pure conjecture:
The only trouble is what if your competitor is a buissness man willing to go to what ever extent possible to protect his market share with the least amount of work. Meaning smearing your name in the mud. What then?

----

Side note: I have the greatest respect for those who give away thier works.

Hacking scripts like DarkLife's isn't easy. As long as the creator knows what he/she is doing, a script can be created that is nearly impossible to hack. Basically, the way to hack something would be to find the channel it is communicating on, and what the messages it's sending are, and then copy those. but finding the channel is very difficult. A script can only listen to around 50 channels at a time, out of 3 billion. As long as the channel to hack is a large number, and not an easy one to figure out, this makes things difficult. Then there's the possiblility of making the script change its channel based on time of day. Now it's practically impossible to hack.

wow even fran wanna give me a gentle spanking ^_^

Depending on your game you can also do 'channel hopping'. Give your game piece the initial random channel # via the start_param of llRezObject. Then after each turn, pick a new channel, send it to the piece on the current channel, then the piece drops the old listen and begins listening on the new channel. Might be overkill for some applications. But it is a bit more secure.

You could/should actually make the next channel equation based so that the next channel is not passed on the game channel. Like increase the channel by 5 each hop.

And another thing, specifically about hacking games made in SL.

So, lets just assume you've collected the scrpits you need to hack someone elses script. Let us also assume youve managed to get hrough... you know the channels you know the messages etc. etc.

what are you going to do with this information? are you going to learn from it and use it to become a better scripter? Or are you just going to write a llKillAllMonsters() and a llMakeMyselfGodlike() or an llInstaWinTringo function? You know, no matter how much work you put into hacking the scripts listens, I guarantee you haven't put in a 10th of the effort and dedication that someone put in to write the script in the first place.

There are a lot of people out there, paying money, paying L$, working their butts off for what amounts to far more than a full time job to bring people games and content in SL, many of them do it for free or no profit, simply to make SL a better place. If you're 'hacking' these peoples scripts to benefit yourself and hurt their game by manipulating it:
NEWSFLASH: YOU, ARE A JERK.
People ask why we dont have better content, people ask why there's not more "to do", people ask why there's not more games to be had in SL?

Well, with people running around trying to destroy that concept at its core by manipulating and exploiting people who've put blood sweat and tears into providing it, I think you have your answer.

One other objective for people who try to hack game systems, Spider, is in order to ensure their security. How better to make a game completely secure than to try everything to you can to breach it?

As you said Al, random channels are better, but the problem is in communicating the new channel. Obviously, the system would be almost useless if the old channel were used to send the new one. I'm no expert in XML-RPC (I know almost nothing about it), but perhaps the new channel could be sent using that, rather than Second Life. This would ensure almost complete security, unless the hacking was expanded outside of Second Life.