|
siggy2021 posted:You can put together an object and then pass it to the script. Bleh, that makes perfect sense. Funny, I can understand System.Reflection and things like that nearly intuitively but something simple like JSON and parameter passing in JavaScript eludes me. Just practice, I know, but still, 
|
#
?
Oct 4, 2016 00:42
|
|
|
|
| # ? Apr 18, 2024 07:46 |
|
|
Ciaphas posted:Bleh, that makes perfect sense. Funny, I can understand System.Reflection and things like that nearly intuitively but something simple like JSON and parameter passing in JavaScript eludes me. Javascript is a hideously permissive language. Dictionaries, classes, and associative arrays are all the same thing and can be used interchangeably. If foo.bar = 3, then foo["bar"] = 3 as well, guaranteed. It's psycho - but handy. Ciaphas posted:By the way, has anyone figured out yet what the different security levels of scripts represent? Hit up dtr.man.
|
|
#
?
Oct 4, 2016 01:39
|
|
|
LordSaturn posted:Javascript is a hideously permissive language. Dictionaries, classes, and associative arrays are all the same thing and can be used interchangeably. If foo.bar = 3, then foo["bar"] = 3 as well, guaranteed. It's psycho - but handy. Yeah, Lua does the same thing where Everything Is A Table, and I used to work with that so I'll adapt quickly now that I see what's going on. Looking forward to writing some stuff tonight.
|
|
#
?
Oct 4, 2016 01:53
|
|
|
Writing a QR code decoder is both fun and frustrating, but I'm feeling like I'm close. Just have to figure out how to traverse the data matrix to actually extract the data properly. This game is definitely testing my programming prowess.
|
|
#
?
Oct 4, 2016 03:51
|
|
|
please knock Mom! posted:i made thing. if you do t1s, read this and do t2s Thanks for this. It got me working on t2s and they're way more fun to work on. Except it seems like 80% of them are glock->CON_SPEC->acct_nt which, as has been said, seems impossible.
|
|
#
?
Oct 4, 2016 04:58
|
|
|
I wrote a t1 scraper. Basically, a billion regexes. The event log and mission statement links are always the only two words on the homepage separated by " | ". You can get the nav keyword and employee directory link by calling with empty arguments and looking for x:y where y doesn't have < or > in it. In the mission statement, the pw is always the word following "strategy ". In the event log, project names follow one of about five distinct phrases. Lost a lot of character count listing them out, but false positives are a bummer. Now you can iterate through project names, fetching the employee list for each, filtering out any entries with < or > in them. But! You're likely to time out maybe 25 projects in. I solved THIS problem with a database. Knowing that the project list is stable and cheap to compute, all I keep in my db are the next loop index to run, and a running table of every single NPC I find. I updated my attack script to read-and-delete one target off that table rather than hit up a public NPC scraper. My first full run took about five hits to cover all of nuutec, about 1650 targets. I doubt I'll get them all before they reset, but every single one I tried attacking was a hit. I suppose I should load up a public slot, figure out escrow, and start letting newbies buy targets for their hard-earned pennies...
|
|
#
?
Oct 4, 2016 05:36
|
|
|
I'm still in the tutorial, but is that a real db? Or is there a provided in-game one? Please don't tell me you can hook your scripts up to an external program.
|
|
#
?
Oct 4, 2016 05:54
|
|
|
Argue posted:I'm still in the tutorial, but is that a real db? Or is there a provided in-game one? Please don't tell me you can hook your scripts up to an external program. You get your own little mongodb instance for all your data needs Edit: technically, each user gets one
|
|
#
?
Oct 4, 2016 05:56
|
|
|
Section 9 posted:Thanks for this. It got me working on t2s and they're way more fun to work on. Except it seems like 80% of them are glock->CON_SPEC->acct_nt which, as has been said, seems impossible. not impossible. nobody wants them so you have plenty of time how to do glock->acct_nts decently quick w/o scripts: bounce the glock's amount between your bank and your cracker 10 times. hardline, connect, it'll take the glock's amount. now the acct-nt will most likely ask for net transactions or w/e (since large withdrawal/deposit would be trivial) which gives you 50% odds. either it's 0 (since it took an even amount of transactions) or it's -[glockamount] why is doing glocks worth it at all? every gc lost to a glock is added to the loot. glock-acct_nts are the npcs that give you 20, 30m
|
|
#
?
Oct 4, 2016 05:58
|
|
|
please knock Mom! posted:not impossible. nobody wants them so you have plenty of time Ok, that sort of makes sense. I'll have to give that a try. I wondered if some of the locks that took money might gather loot for the one that cracks it, and that is really cool. This game is cool.
|
|
#
?
Oct 4, 2016 06:10
|
|
|
I still skip those locks usually though, mostly cause they'll still be up later anyway
|
|
#
?
Oct 4, 2016 06:12
|
|
|
And then there's the Gibson, apparently a nullsec npc by the dev that is very tough to get into and holds an impressive amount of GC. Since it's nullsec I don't trust it one bit who knows what that thing does if you fail. It could easily eat your upgrades or something.
|
|
#
?
Oct 4, 2016 06:54
|
|
|
MUD 2.0 just isn't what it used to be.
|
|
#
?
Oct 4, 2016 08:34
|
|
|
I spent an unreasonably long time in the tutorial trying to decipher the meaning of the long string I got, not realizing that long string was already the final answer and I was just supposed to just message it to the tutorial character 
|
|
#
?
Oct 4, 2016 12:44
|
|
|
I've been monitoring my activity log, and it looks like npcs are connecting to me a couple times a day. When I hardlined into the most recent one and compromised it, the exposed log showed it had alternated connecting between myself and my alt user a couple dozen times. The older entries in the exposed log showed only the username for my alt user, but the more recent ones showed the full loc for both users. What is up with this? Is this an npc bank or something? I didn't think there was a way to easily link one user to another without directly trying to connect to a loc.
|
|
#
?
Oct 4, 2016 15:56
|
|
|
I don't know what the deal is there but I'm interested to know, did their access logs show only connections to your two users, or other locs as well?
|
|
#
?
Oct 4, 2016 16:14
|
|
|
CountingWizard posted:I've been monitoring my activity log, and it looks like npcs are connecting to me a couple times a day. When I hardlined into the most recent one and compromised it, the exposed log showed it had alternated connecting between myself and my alt user a couple dozen times. The older entries in the exposed log showed only the username for my alt user, but the more recent ones showed the full loc for both users. They actually don't have any locks, they breached when you connected. You can see this if you expose their access logs afterwards. Do NOT share this NPC loc. The loc will actually change but if you look at their access log you will notice they are accessing just your accounts both of them. The name of the AI accessing you will change, but the log will carry over. They are only T1 so you can't steal anything. If someone figures out more let me know, but right now my guess is they will go to T2 if you go to T3 and let you in on something else. That or it's part of the universe lore or just something to panic you into buying locks.
|
|
#
?
Oct 4, 2016 16:23
|
|
|
CountingWizard posted:I've been monitoring my activity log, and it looks like npcs are connecting to me a couple times a day. When I hardlined into the most recent one and compromised it, the exposed log showed it had alternated connecting between myself and my alt user a couple dozen times. The older entries in the exposed log showed only the username for my alt user, but the more recent ones showed the full loc for both users. Im probably wrong but just to exclude the possibility: you didn't stumble upon your own system.loc?
|
|
#
?
Oct 4, 2016 16:55
|
|
|
pixaal posted:They actually don't have any locks, they breached when you connected. You can see this if you expose their access logs afterwards. Do NOT share this NPC loc. The loc will actually change but if you look at their access log you will notice they are accessing just your accounts both of them. The name of the AI accessing you will change, but the log will carry over. This showed only connections to my two users. It was definitely an npc loc. I breached them on connect, and it does change regularly. It was t1, and I couldn't run xfer scripts on it. I'm starting to think maybe this is how you get to a banking alt if you can breach a player's primary username.
|
|
#
?
Oct 4, 2016 18:33
|
|
|
CountingWizard posted:This showed only connections to my two users. It was definitely an npc loc. I breached them on connect, and it does change regularly. It was t1, and I couldn't run xfer scripts on it. I'm starting to think maybe this is how you get to a banking alt if you can breach a player's primary username. It's the .loc of your account, linking your users via logs. It just looks like a rando NPC, 'cause it's reset every 11-13 minutes.
|
|
#
?
Oct 4, 2016 18:46
|
|
|
I decided not to open locks up manually even with having my system uninitialized and a 500 char limit. So I made a scrapper script that takes just the project name and fills up a db with proper locs. Then a script that just probes 'em and adds a field with the lock type for each. Then the crack scripts for the ez locks (EZ_40 ended up on 499/500 chars with my coding skills  ). Now, for the life of me I could not figure out how to make the locs callable again (and from some reading I did it seems an intentional restriction that you can not turn just any string into a callable) so I made a script that will query the db , filter and format the data and stdout it in nice numerated groups for easy and quick pasting into sets of arguments for all the other scripts. Made over a mil in under half an hour, got init, boosted char space and had a bunch of fun while at it. Now I can actually do some coding and not worry about each char I type  .poo poo, should we get some kind of corp going or something? I would be down for that. Tolstojevski fucked around with this message at 19:28 on Oct 4, 2016 |
|
#
?
Oct 4, 2016 18:59
|
|
|
Tolstojevski posted:I decided not to open locks up manually even with having my system uninitialized and a 500 char limit. So I made a scrapper script that takes just the project name and fills up a db with proper locs. Then a script that just probes 'em and adds a field with the lock type for each. Then the crack scripts for the ez locks (EZ_40 ended up on 499/500 chars with my coding skills Get in the discord in the OP, we need to get you crackalackin on an automated t2 script for us.
|
|
#
?
Oct 4, 2016 20:31
|
|
|
Hello fellow codefriends. I'm dumping all my semi-useful information in this thread now. I wrote an endpoint ej.is_goon that will return true if the calling user is in the in-game goon chat (eventually this will read from the gooncorp when we get one). If someone joins/leaves the chat someone that the script recognizes as a goon will need to run ej.is_goon{c:#s.chats.users}. Call this fullsec script from within your own script to give your fellow goons some handouts, it returns true or false provided there isn't an error. Source: is_goon.js Here's a mongo script that I use from the CLI that really speeds up loving around in your database mongo.js. Warning: Any keys with dollar signs in them will fail to parse in the CLI making filters and such basically useless until the client's CLI parser is fixed. Same goes for the trashed autosuggest. When it does work it means you can just run mongo{doctype:"w_request"} to make sure you didn't screw up the script you just wrote. I also wrote an endpoint named ej.w that you can use in your scripts to allocate script execution time you're not using in your public facing scripts to doing some work. Whenever your script does work you can specify a username to attribute the work done to (manager) as demonstrated here: work_implementation. The way this works is that work to be done is added to my database and then whenever a client connects, it calculates the time left and the amount of work a client could do, then it runs a pre-defined work function for the type of work selected from the database by the scheduler (right now it is not smart at all). Currently the only implemented unit of work available is to brute-force attack user locs. It is a little bit impractical with 9 unique prefixes and 36^6 combinations of suffixes, but it's exactly the use case for this sort of thing. Especially if locs aren't meant to change. The endpoint is meant to remain fullsec for maximum work distribution but I may write differently-sec'd versions to include in inherently lower-sec work.
|
|
#
?
Oct 4, 2016 21:08
|
|
|
Turns out that selecting some text in game, and then right clicking, instantly pastes the selection into the command line.
|
|
#
?
Oct 5, 2016 03:23
|
|
|
40 million in two locs? Why yes thank you. Except now I'm t2 and have no quality locks to guard myself so I invested by getting one if the locks part of the super annoying lock combo. Bye 40 mill! How do you assure your lock combos are loaded in the right order? Order of loading, order in your upgrade list?
|
|
#
?
Oct 5, 2016 06:51
|
|
|
I think it changes randomly each lock reset. Also, apparenly, you can stall a great deal with T2 locks, as the second you get memo'd your glock brought you some cash, you can keeep sending small sums of GC to the attacker to gently caress with his balance sheet.
|
|
#
?
Oct 5, 2016 07:20
|
|
|
I just escaped the tutorial. Explain something: why would I ever want to PvP hack? My understanding is that hacking another player gives away your loc in the access logs, so aren't you just screwing yourself over? And if I keep my money on my alt account, can't they find the loc of that anyway by breaching the PvP account and exposing the transaction logs?
|
|
#
?
Oct 5, 2016 10:00
|
|
|
Mindblast posted:40 million in two locs? Why yes thank you. Except now I'm t2 and have no quality locks to guard myself so I invested by getting one if the locks part of the super annoying lock combo. Bye 40 mill! Index number. Lower procs first.
|
|
#
?
Oct 5, 2016 11:34
|
|
|
Oh, so you can ensure glock into acct_nt?
|
|
#
?
Oct 5, 2016 11:36
|
|
|
Yes, i load my glock into slot 0
|
|
#
?
Oct 5, 2016 11:37
|
|
|
Response times on the server seem to go down the drain at times. I thought the issue was with me but everything else is fine internet wise. Maybe the dev is live tinkering with the server.
|
|
#
?
Oct 6, 2016 06:52
|
|
|
I finally got hacked... but I don't know how. Here's what went down. I hacked through one t2 system and nabbed a transfer_v1 script. I was interested in seeing if I could use it on my alt account to speed up the process of dealing with glocks (by pulling from my bank instead of swapping over and pushing from my bank mid-hack) but you have to hardline breach your own account. So I did just that and tried to use the script only to find that it was saying I had no money. Swap back over to my breached bank and fbi had stolen all 110M of my GC. No big deal, I thankfully didn't acquire all of that over a long amount of time and I knew I was bound to fumble somewhere. However, I simply must know... how did he grab it? Being in a breached state doesn't suddenly mean everyone knows my .loc, right? I've been paranoid enough to never run anything that wasn't NPC, ada, or dtr. I've even checked systems I've breached to ensure they weren't still around in a breached state after I hacked them, that includes the t2 system I hacked tonight. So how did fbi manage to take my whole bank the second I breached myself? What am I missing? Oh yeah, important information that I failed to explain: I don't hack with my bank account, so my bank account's .loc shouldn't be anywhere, as it doesn't run scripts. Reading though my logs I still can't figure out how fbi broke my bank. I'd understand if they managed to hack my hacking account, looked at the xfer logs, and saw me using the transfer_v1 script on myself, except the transactions never worked because the breached system was already empty and the hacking account hasn't been breached. This is a mystery to me. Edit: fbi replied to my hmail. Turns out expose_access_log doesn't require a .loc, only a breached name. fbi crawls a nice long list of 0000 chatters and waits for them to get breached, reads the logs to find the locs, and takes your poo poo. So while the game doesn't provide any virtualized environment to test attack scripts, you're effectively going to go broke in under a minute by a crawler. Enjoy. DaveKap fucked around with this message at 10:36 on Oct 6, 2016 |
|
#
?
Oct 6, 2016 09:19
|
|
|
What are the risks of hacking NPCs that are not fullsec? I'm guessing I'll show up in the access logs for the next person to breach it? Doesn't this mean that everyone's loc eventually gets out even if all they do is hack NPCs?
|
|
#
?
Oct 6, 2016 16:45
|
|
|
Never Breach Your Bank
|
|
#
?
Oct 6, 2016 17:03
|
|
|
Also, apparently, never chat in an in game channel.
|
|
#
?
Oct 6, 2016 17:45
|
|
|
Argue posted:What are the risks of hacking NPCs that are not fullsec? I'm guessing I'll show up in the access logs for the next person to breach it? Doesn't this mean that everyone's loc eventually gets out even if all they do is hack NPCs? Not all npcs stick around once breached, but if they do and someone else exposes their log, you can get a player's loc from it. Then once the player account is breached you can look at the log to get an npc loc that probably contains a log with the banks loc in it.
|
|
#
?
Oct 6, 2016 19:06
|
|
|
CountingWizard posted:Not all npcs stick around once breached, but if they do and someone else exposes their log, you can get a player's loc from it. Then once the player account is breached you can look at the log to get an npc loc that probably contains a log with the banks loc in it. I'm unclear about the logistics of this. So a breached NPC that sticks around will have the locs of players who accessed it in their logs. If that player is breached... it would have an NPC loc, you say? What NPC loc is that, and why would that NPC have my bank (I assume that's slang for my alt that never engages in hacking) loc?
|
|
#
?
Oct 7, 2016 00:27
|
|
|
please knock Mom! posted:Never Butt Discussin posted:Also, apparently, never chat in an in game channel. Edit: In fact someone has a bot scanning for new users this way and messages you a welcome. First proof that crawling and scanning is easy to do in this game. DaveKap fucked around with this message at 03:17 on Oct 7, 2016 |
|
#
?
Oct 7, 2016 02:50
|
|
|
DaveKap posted:Actually it would be perfectly fine to do so if 1: There wasn't someone crawling the active user list they built just to check for breaches and 2: expose_logs actually required a .loc to work or 3: The game had a virtualization option to let you test out attack scripts without worrying about said crawler. I was hacked by a perfect storm of excessively active enemy, inadequate knowledge, and pure inability to safely perform a test. I don't mind the hack, I just wish one of these 3 things was "fixed." Preferably #3 since I don't so much mind #1 or #2. Yeah, and the crawling and scanning stuff seems to be both tolerated and require out of game scripting and output scanning. Or is it technically bannable?
|
|
#
?
Oct 7, 2016 03:34
|
|
|
|
| # ? Apr 18, 2024 07:46 |
|
|
It doesn't require anything out of game to work but the time from user breach to getting your system.loc hacked is suspiciously low. I'd almost burn a few users just to see how fast his system is. Beyond a certain point would definitely hint at augmentation beyond what the game permits. The dev should be able to notice this and I'm pretty sure external poo poo is bannable. When it gets late on my end the server always becomes slower and now I'm wondering why.
|
|
#
?
Oct 7, 2016 07:00
|
|