Staredit Network

Do you know what glitch allowed running Linux on X-BOX?
And the one allowed a virus to launch at only moving your mouse pointer over
a file with music?

Buffer overflow.

----------------------------------------------------------------------------------------
WHAT THE PROBLEM?
(You should really Skip following part until "----------" if you know what I mean.)

The idea is:
We have a static array.
That array is loaded from a file.
File myfile.txt can contain of up to 12 elements.
How do you load it to memory?
You might suggest something like that

1. create an array named <A> of 12 elements
2. create a varable named <X>
3. set variable <X> to <1>
4. do the following until file <myfile.txt> is exhausted (else go to step 5)
4.1 read next portion from file <myfile.txt> into element# <X> of array <A>
4.2 increase <X> by <1>
4.3 Proceed step 4
5. We're done.

Is it right? Isn't it ?!?!?
No.
It works fine, if we do everything as it should be done.
Maybe for years.

But one day someone eventualy runs this program with file conrtains 13 elements.
Program attempts to write element#13 of 12-element array.
It calculates the address in memory to write to: address of 1st element of A + 13 - 1
So, it writes to memory located directly after the array!

ooooooooooooOOOOOOOOOOPS!!!!!!

If the program detects something going wrong, it crashes.
Bad thing if it doesn't.
It might happen that some of binary data of program's code is overwriten.
Then computer eventually will try to run that part of code.
In the best case, it ends with "Program commited an illegal operation and will be closed" because processor cannot do that.
In a bad case ANYTHING might happen to that computer. From "windows detected new programm installed" to silently formatting your entire hard drive.

In a worst case, if the file was specially prepared by a qualified hacker, your computer will be under his complete control.
You may have your passwords stolen, Hard drive formatted, And emails sent to
all your best friends in which "you" ask them to test that infected map.......

BAD.

VERY BAD.

----------------------------------------------------------------------------------------
HOW DO WE FIX IT?

Well, actually, WE can't fix it.
Even if we do, hardly anyone downloads our patch.
In such cases people usually report to a company that created the program.
Yes, Blizzard.

You will ask: So why don't you just do that?
Because there are not many people working on SC patches,
they simply will disable the whole feature.

I mean, following things are not doable through legal staredit edititng, nor used in official campaigns:
- sprites (ALL)
- disabling non-doodad unit
- units above 227
- 'hidden' units (that crush starcraft)
- placing units for player>12 (2xspeed)

What doesn't need fixing (but does blizz know that it doesn't?):
-illegal building/unit placement
-square terrain
-illegal-sized locations
-placing LEGAL units like mineral chunks on the map
-hyper triggers (that's not actually even a bug, SC just resoves triggers like that...)
-minerals for players1..8, marines for player12, and other such things
-triggers for players 9..12
-AI scripts
-everything else,I think.

--------------------------------------------------------------------------
SO the big question is:
do YOU, yes, YOU want to use sprites?
Or be safe from viruses?

Any ideas?...........

You cannot get a virus from a SC map. It is possable for a SC map to contain a virus but the player would have to willingly extract it from the mpq.

IT CAN!!!!!!!!!!!!!!!!
AND IT CAN BE EXECUTED WHEN A PLAYER TRIES TO PLAY A MAP.
READ MY TOPIC!!!!!!!!!!!!!!
the only thing, noone ever tried to write one.

yet...

Pretty much hit the nail on the head there i think.
Playing a map with a virus in it would probably not do anything harmful to you, (or it would crash SC :F)

Are you just guessing at all of this or did you try it, or did someone else try it? Someone probably thought of doing it but it didnt work. Or it's not worth all the work to ruin a little SC map with a virus.

um my cousin did that. he found a spam virus (it slowly decreases the available hd space every time u reboot.) and converted it to a wav file (hell if i know how he did that). he then played the map with me and nothing happened to my comp. i even ran a search for that exact file and i did virus scans. i didnt even noticed spam virus symptoms. basicaly for a map virus to affect you you'd have to be stupid and extract the file from the map or mpq and have it sitting in your hd. btw he deleted the map. i would have posted it here but this was back on my old comp which is dead now.

How can you get a Virus from an SC Map???? I never gotten an Virus from one of my SC maps never!

this isn't anything new about those things being buffer overflows, that is why I never added them to scmdraft.

and yes if someone wanted to take the time he could may be able to add a virus into a map, in theory there is nothing stopping him.

Honestly, who would have even thought of coding a virus for an SC map until you pointed it out?

I've thought of it before.

I've seen screenshots once of a map with a virus, but it wasn't the kind that infects you comp. It just like totally messed up my firends SC in the game; tons of odd stuff happening.

Did anyone read my 1st topic?
Am I and Suicidal Insanity only programmers in this forum?

Anyway, the question is NOT "is SCM virus possible?".
IT IS POSSIBLE!
And that's GUARANTEED!
(but it's much harder to create that an EXE virus,
AND it might be dependable on what windows version you are running
AND what programs do you have in memory, how are they configured, a.s.o...
But it IS possible anyway!)

|
v

The question is: What we to do?

^
|

-----------------------------------------------------------------------------------------
And now, I'm answering your posts:


I'm not talking about packing an EXE virus into an MPQ.
(SCMs are actually MPQs - that's for avoiding questions from newbies)
I'm about a virus that infects CHKs.


I AM a programmer and I DO know what happens when a buffer overflow error occures. After all, it occurred many times when I tested my programs
(NO, I didn't have any viruses in my programs. I mean it can make a CPU do ANYTING)


That virus (as I know) runs when Windows (not winamp) tries to display information about the author, copyright, a.s.o. Starcraft never does so.

AND IF SOMEONE POSTS A VIRUS HERE...... Well, you better not know what can I do with you and your comp.....


I think NOBODY had ever made one. Yet. But the possibility exists!
DO YOU WANT YOUR HDD FORMATTED TOMORROW? I don't.


A --->SKILLED<--- hacker would notice such an error while YOU,GUYS pointed it out by discussing something that crashes StarCraft, or even making Windows tell a user that he installed internet explorer and smth.


Odd things usually happen when using such bugs.
That's because not everyone have a single version of windows, even if they all are named "windows98 second edition"

SO, if that virus map wasn't fake, then what stops the hacker from just putting any of existing BAD viruses instead of the "funny" one? NOTHING! I DO know that.

---------------------------------------------------------------------------------
THE NEXT PART IS A REPLY TO SI
vvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Thank you very much, Suicidal Insanity, for agreeing with possibility and for
not including those things in SCMdraft.
But you really should make SCMdraft more "open" for user,
allowing them doing nice stuff (like health glow) because
SCMdraft is the ONLY non-abandoned alt. editor, and redoing all the things
you wrote just because it's code not open and it hasn't abilities people need
is very frustrating. I thought about doing that ^^^ thing, but I'm really too lazy.
---------------------------------------------------------------------------------

SO I'm asking you again. What shell we do?

--> Report to blizzard?
--> Report to AntiVirus software makers?
--> Leave as is and prey?
--> Make our own "antiSCMvirus" ?
--> Any better ideas???

And is YOUR computer NOW virus free? Sure? I'll better check.

Nothing, if SC has been around for this long and noone has done it, noone else will do it.

This will be way to much work

Calm Down.

If this was a major issue, Blizz would have acknowledged it already. Until it arises in people's computers this is yet a rumor. Give us definite proof we can SEE not a story that is vague.

I didnt read most of that because i dont understand it
your like:

IF X = M32 AND THE Y ACCES IS ENABLED TO MAKE THE A BUTTON TURN AROUND THEN CONITUNING TO MAKE G PROBIBILTY WILL SUCESSFULLY LAND ON THE Gh2 VARIBLE ENABLING A LAUNCHING ON THE 283 SECTOR OF SC MAPS WHICH WOULD MAKE THE 53k SECTOR FALL APPART AND IN CONCLUSION

IM ON DRUGS

....

STFU
ROFL that big post was so funny.

And also, in SC's buffer overflows, SC reads then wrong memory but does not write it, and if it writes it we cannot control what it writes

There is around 1 possibility between 100000 that a chk virus is possible.

EDIT: I'll try to explain the buffer overflow better than him

The buffer overflow is related to the memory. The memory is like a really big file where the programs can write whatever they want when they want for read it after. Also, when you execute a program the code of the program is saved in the memory, because it is faster than the harddisk, and a program must run fast.
The memory doesnt have any special format, it is like a very long line of bytes (like a big binary file).

When the program saves a value on the memory it saves somewhere else an address, that says where that value is stored, so the program can find it later.

That is pretty easy to understand when the program saves only one value, but what does happen if it saves an array? An array is a group of values. Like the color for player 1 is a value but the color for the 8 players is stored as an array.

When the program saves an array to the memory it saves somewhere else an address, but the address only tells the program where is the first value of that array, so the program can't know the real length of the array.

When the program tries to read/write the 2nd value of an array it just gets the address to the first and pluses 1 to it for get the address where the 2nd value is stored. When it tries to read/write the 3rd value, gets the address and pluses 2, etc.

In normal condition the program is tested so it won't exit the array bounds (like try to read/write the value #51 of an array of 50 values), but when you are using "wrong" values it might exit of the arrays bounds (the program have no information about the array length, remember?)

That is what happens when SC tries to load the color #13, the array of colors that SC saves into the memory have only 12 elements and when SC tries to read the value of color #13 it exits out the bounds of the array and reads data that is not a section of the array, that data might be of the units, the strings, the tileset, ... but it is not of the array, so there are unknown results (you can't know what's in there).

In that example SC just tried to read values, but won't do nothing wrong, just unknown results or crash, but if SC tries to write memory in a buffer overflow?
It will write memory in the wrong area, after the array ended, and that information might be used after (example: if it overwrites bytes of the unit data you can't what might happen when SC tries to display the unit with wrong data). That can have some really bad results.

That would happen if SC overwrited a memory with program data, but the program code is in the memory too (remember?), so what if it overwrites the program code? That code might be executed before or after, and we don't know what windows will do when it executes that code.

When that happen without it being planned windows just says "Illegal operation" and closes SC because it doesnt understand that code. But if someone could modfiy the code that will be saved in the buffer overflow he could write a virus code and let SC write it to the memory and execute it later, doing whatever he wants.

That is really hard to do, you need to find an array that can be overflowed and that you can modify all the code that the array stores. Also, SC must try to write the array and not just read it. Also programming a windows in machine code (that's the code that the exe have and that is copied to the memory) is extremely hard and only a few people can do it.

That's my point of view.

EDIT2: Also this is not a concept. Moved to assistance.

I understand what you are talking about, and yes, i know that a .scm is in fact a compressed MPQ file type. Now to your idea



So you've got a nice Array of 0-11 or 1-12 and it will read from a file contained within the map? (myfile.txt) because it is opened, as maybe a .wav file? It makes a slow increase within your system, and misplaces information/address for the FAT32 to read, or for the new systems to read...right? And that myfile.txt is the evil part that places the information onto your computer, sure it is possible then, isn't it, its just about getting the .chk to take the file as part of it, getting it opened within Starcraft, and starting to follow its rules, so maybe have it replace a certain object?

Whatever makes you happy, i guess a very experienced programmer/hacker could, do it, but why would you want to? Evil gits, just because you can do something doesn't mean you should, i mean you could get a knife go onto the streets attack an innocent women and rape them if you liked, just because you could, but you wouldn't would you! Hacking is the same thing...

Report it? Why, whats the point!

I have seen a proof of concept map virus for an older SC version.....

SI, on a side note, is DW still continuing on the Trigger System for SCMDraft 2 or has it, like MemGraft been given up on?

If it is possible, it likely has been done then, so what, you want to do it, go ahead, its your funeral if you get caught.

Actually i was planning on waiting till the weekend to format my C drive. Besides if a virus in a map causes your hard drive to be formatted they can't really spread the map anymore can they? lol



I think all your accomplishing here is causing people unnecessary paranoia. What is stopping you from reporting it to blizzard? I would assume they already know of this and do not consider it a threat. There would be a lot of easier, and more effective ways to spread virus as opposed to using Starcraft.

I'm debating with myself weather or not i should close this topic.

You left out Clokr_, I don't program, but I do know HTML, some PHP, and other scripting languages.



I don't see the connection between StarCraft and having Internet Explorer and that... and a --->SKILLED<--- hacker should have better things to do than play StarCraft... I would consider that a waste of talent.

bolt is right, this is just an attempt at spreading paranoia, the idea of a virus in an sc map defeats itself far too fast for it to be a real threat.

I have only one thing to say: What the ?


Oh yes... like you can make a virus out of a Starcraft map... haha.

Wow, a buffer overflow, is it a virus? No.

If it isn't a real wav file, then Starcraft won't read it. I'm not goign to go read them long mushy posts of yours just to know how to "make a virus" in a map... oh damn, we just told all the newbies!! Ggogoogogogo make your virus maps now! Whoever has the deadliest virus is the winner!

No, I don't think viruses can execute by using a Starcraft map. Maybe openning it, but whatever.

So name at least 1 dumbass who would put a virus in a map??

Ok, sorry about the paranoia, but the way I write is the way I think.

DOS creators didn't think about security, but unix ones did, so 90% of viruses are for DOS/Windows. In Unix, even if some virus manages to get launched by a user, it usually can only modify or delete that user's files, and cannot modify the system...
I often use Unix (Linux (slackware/RedHat)) and love this OS.

I must say "sorry" to everybody harmed with my posts, people just were answering the wrogn question which made me mad a little.

Thank you, Cloakr_, for the explaination very much.

So you, guys, may close and delete this topic to hell as the discussion goes nowhere.

But first, because of noone said "don't do that" (did they?), I'm reporting that to blizzard as bugs.

I'm sure they'll just make a check of the size of sections/array indexes in the next patch (it's 1000000x easier than making a virus)

The only thing I fear is that they may disable the "disable doodad state" trigger for non-doodad units(I like that one), but they're too lazy
Sprites are nothing really needful and other such things are really too unstable to use them in maps.

Actually, if they just release a new patch everything that has been done on some projects is made useless and out-of-date, so most people don't want another Patch.

Remember they have only one person working on Starcraft anymore, so he is rather busy with other problems!