Unknown

Announce new projects or updates of Irrlicht Engine related tools, games, and applications.
Also check the Wiki

Unknown

Postby LunaRebirth » Thu Jul 21, 2016 4:55 pm

Hello!
My project, Unknown, is very close to being released publically for Windows and Android devices!

Basically the concept of the game is to play worlds created by other players; the entire game is online MMO.
Players are able to create their own "worlds" where they can upload 3D objects, 2D images, sounds, and other files to their world to use with LUA scripting and create their own MMO with any storyline theyd like to create.

Here are a few gifs using the LUA script for weapons/magic:

Here is using LUA to update scripts for everyone through my server:


I've made it so players have access to these GUI scripts on their server and can use LUA to get all scripts and edit them, in case they want a different method of opening and updating scripts.

Of course there is a login page and account registration for players to log in

and it's cross-platform between Windows and Android players (sorry for the bad pic)

Players on the Android version get the same gameplay and features that the Windows version does, so although it can be very difficult to do, even Android mobile players can create new scripts and edit them.

And of course, character customization is a thing too.
I have chat commands like sethead, setcoat, setshoes, sethat, etc.. and the attributes save in my server, so when the player logs in, their file loads and their appearance updates to what it was before, much like save progress.

I do have other things to do before I can release the project to the Android Play Store, like I need to set up transactions for in-game purchases.
I'm also not 100% sure how to set up an online server to run my .exe server online for anyone to play -- Right now I'm portforwarding the server which is obviously not a good method.

Questions.. feel free to hit me up :-)

EDIT:
Early development world editor YouTube video:
Last edited by LunaRebirth on Tue Jul 11, 2017 4:54 pm, edited 5 times in total.
LunaRebirth
 
Posts: 298
Joined: Sun May 11, 2014 12:13 am

Unknown

Postby LunaRebirth » Thu Jul 21, 2016 4:59 pm

Here's a pic from early development when I had friends helping me test for bugs
Last edited by LunaRebirth on Tue Jul 11, 2017 4:56 pm, edited 2 times in total.
LunaRebirth
 
Posts: 298
Joined: Sun May 11, 2014 12:13 am

Re: Graal3D

Postby CuteAlien » Thu Jul 21, 2016 5:16 pm

So... you just wrote your own Second-Life? Wow :-)
IRC: #irrlicht on irc.freenode.net
Code snippets, patches&stuff: http://www.michaelzeilfelder.de/irrlicht.htm
Free racer created with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
User avatar
CuteAlien
Admin
 
Posts: 8319
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany

Re: Graal3D

Postby LunaRebirth » Thu Jul 21, 2016 5:48 pm

CuteAlien wrote:So... you just wrote your own Second-Life? Wow :-)


I suppose so, but this one will be on mobile devices too :-)
LunaRebirth
 
Posts: 298
Joined: Sun May 11, 2014 12:13 am

Re: Graal3D

Postby LunaRebirth » Thu Jul 21, 2016 6:10 pm

Another link from early development -- the world editor
Last edited by LunaRebirth on Tue Jul 11, 2017 4:56 pm, edited 1 time in total.
LunaRebirth
 
Posts: 298
Joined: Sun May 11, 2014 12:13 am

Re: Graal3D

Postby Sudi » Sat Jul 23, 2016 5:34 pm

LunaRebirth wrote:Players are able to create their own "worlds" where they can upload 3D objects, 2D images, sounds, and other files to their world to use with LUA scripting and create their own MMO with any storyline theyd like to create.


How are you dealing with the security issues that come from allowing third party code to run on basicly any players device?
We're programmers. Programmers are, in their hearts, architects, and the first thing they want to do when they get to a site is to bulldoze the place flat and build something grand. We're not excited by renovation:tinkering,improving,planting flower beds.
User avatar
Sudi
 
Posts: 1685
Joined: Fri Aug 26, 2005 8:38 pm

Re: Graal3D

Postby Vectrotek » Sat Jul 23, 2016 9:45 pm

Looks cool! :D
User avatar
Vectrotek
Competition winner
 
Posts: 1056
Joined: Sat May 02, 2015 5:05 pm
Location: South Africa

Re: Graal3D

Postby LunaRebirth » Sun Jul 24, 2016 9:04 pm

Sudi wrote:
LunaRebirth wrote:Players are able to create their own "worlds" where they can upload 3D objects, 2D images, sounds, and other files to their world to use with LUA scripting and create their own MMO with any storyline theyd like to create.


How are you dealing with the security issues that come from allowing third party code to run on basicly any players device?


I could be wrong in thinking that there isn't much a player can do with Lua to compromise security?
The server deals with everything login-wise, and no scripts will run on the login/register screen.
The most I can see someone doing with the Lua code is to get account names (which is a feature I added if you want to find a specific client with a specific account name)
LunaRebirth
 
Posts: 298
Joined: Sun May 11, 2014 12:13 am

Re: Graal3D

Postby LunaRebirth » Thu Jul 28, 2016 7:40 pm

If you want to help me achieve my goals to get the game started and running, that would be AMAZING!
Last edited by LunaRebirth on Tue Jul 11, 2017 4:57 pm, edited 1 time in total.
LunaRebirth
 
Posts: 298
Joined: Sun May 11, 2014 12:13 am

Re: Graal3D

Postby Cube_ » Fri Aug 19, 2016 4:32 am

LunaRebirth wrote:
Sudi wrote:
LunaRebirth wrote:Players are able to create their own "worlds" where they can upload 3D objects, 2D images, sounds, and other files to their world to use with LUA scripting and create their own MMO with any storyline theyd like to create.


How are you dealing with the security issues that come from allowing third party code to run on basicly any players device?


I could be wrong in thinking that there isn't much a player can do with Lua to compromise security?
The server deals with everything login-wise, and no scripts will run on the login/register screen.
The most I can see someone doing with the Lua code is to get account names (which is a feature I added if you want to find a specific client with a specific account name)


Pretty much anything if the coder is clever enough, LUA is turing complete and even the strongest sandbox can be escaped - it's a neat idea but a security nightmare, I wouldn't want to figure out how to solve it :P
"this is not the bottleneck you are looking for"
User avatar
Cube_
 
Posts: 1011
Joined: Mon Oct 24, 2011 10:03 pm
Location: 0x45 61 72 74 68 2c 20 69 6e 20 74 68 65 20 73 6f 6c 20 73 79 73 74 65 6d

Re: World of Hello

Postby LunaRebirth » Fri Sep 09, 2016 8:54 pm

aaammmsterdddam wrote:Pretty much anything if the coder is clever enough, LUA is turing complete and even the strongest sandbox can be escaped - it's a neat idea but a security nightmare, I wouldn't want to figure out how to solve it :P


Well, although that may be true, I'm making all of the C++ Lua functions myself. Not using irrlua or anything. So I should be able to easily see where vulnerabilities can come into play
LunaRebirth
 
Posts: 298
Joined: Sun May 11, 2014 12:13 am

Re: World of Hello

Postby REDDemon » Mon Sep 12, 2016 1:02 pm

If the lua VM has a vulnerability, users can write malicious code to overflow the C++ app and run any code with the same permissions of the APP. Lua continuosly fix those vulnerabilities at each major update but it is likely there are still some (un)known of them around. It all depends on lua VM and functions you do expose. Your best bet is to use a old lua release with all possible security Patches already applied. Newer versions are more likely to be exploited.

Basically:
- If users know VM vulnerability => they can do anything that is allowed to do to your application (internet access, file deletion/reading to particular folders etc.)
- If users know also a Operative System vulnerability to => once they gained application control they could scale up to get root privileges
- If you do not carefully expose C++ function => apart from incurring the risk to expose application, it is likely users can cause nasty side effects (like crashing application to other users)

I'm not saying that's easy to hack, just it is possible.

The only way to work around it is to create "trusted maps" that you carefully check, but you could miss anyway to see important malicious code, also if those maps have no direct malicious code but rather vulnerabilities in their code, it is hard to see it.

You can however be very social. If users can invite only friends, if they get hacked the will know the hacker is their friend, and you can Always let your team create maps so that one can Always have maps in addition to map of their friends (note that there is a lot of scum in social networks, those scums would work anyway with your game)..
Well come in turing-complete wolrd!), maybe you create just 100 maps and then selectively show only of them based on a hash of usernames and gradually show more maps over time to give impression of evolution. Also if network communication happens only through your C++ layer, you could even be able to record that traffic in order to create a sandbox (a user creating a map just see more players playing but those in reality are just recorded instances), not saying that will be ethical, but users will be happy to see playing more players (and believe me, most MMOs already do that, but maybe in your case since maps are custom it is hard to create bots)
Junior Irrlicht Developer.
Real value in social networks is not about "increasing" number of followers, but about getting in touch with Amazing people.
- by Me
User avatar
REDDemon
Developer
 
Posts: 1044
Joined: Tue Aug 31, 2010 8:06 pm
Location: Genova (Italy)

Re: World of Hello

Postby REDDemon » Wed Dec 07, 2016 3:37 pm

However, if you be carefull to not have a turing complete scripting language (in example, on each event you can only play a list of actions, so no loops and no dynamic allocation), or if turing completeness is emergent (redstone in minecraft), then there are good chances that you can prevent most (not all) exploits.
Junior Irrlicht Developer.
Real value in social networks is not about "increasing" number of followers, but about getting in touch with Amazing people.
- by Me
User avatar
REDDemon
Developer
 
Posts: 1044
Joined: Tue Aug 31, 2010 8:06 pm
Location: Genova (Italy)


Return to Project Announcements

Who is online

Users browsing this forum: No registered users and 1 guest