dMZX Forums: Decryption should maybe validate before actually offering the option -> Archived MegaZeux Bugs -> Tracker

Jump to content

Report ID 776 Title Decryption should maybe validate before actually offering the option
Product Archived MegaZeux Bugs Status Fixed (Severity 3 - Medium)
Version 2.91j Fixed in 2.93
Introduced In Version 2.80XOperating System All platforms

Page 1 of 1
  • Cannot start a new Issue
  • Closed Issue This issue is locked

Report ID #776: Decryption should maybe validate before actually offering the option

#1 User is online  
Lachesis 

  • the pinnacle of human emotion
  • Group: DigiStaff
  • Posts: 3,904
  • Joined: 17-July 04
  • Gender:Female
  • Location:Sealand

Posted 09 July 2019 - 05:34 AM

Legacy world decryption will offer to decrypt pretty much anything that looks remotely like an encrypted file, that is, anything with its protection method byte between 1 and 3 inclusive. This includes anything from otherwise valid worlds with only a few unfortunately-positioned corrupt bytes to completely corrupt worlds to things that aren't even a world at all. It should be fairly simple to decrypt the world in memory up through the palette, global robot offset, and SFX list and check them before even displaying the option since those sections can be fairly good signs of an invalid world.

This isn't particularly urgent though.
"Let's just say I'm a GOOD hacker, AND virus maker. I'm sure you wouldn't like to pay for another PC would you?"

xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository


Page 1 of 1  
  • Cannot start a new Issue
  • Closed Issue This issue is locked

Replies (1 - 3)

#2 User is online  
Lachesis 

  • the pinnacle of human emotion
  • Group: DigiStaff
  • Posts: 3,904
  • Joined: 17-July 04
  • Gender:Female
  • Location:Sealand

Posted 01 September 2020 - 09:36 PM

Updating status to: Awaiting Feedback
Updating severity to: 3 - Medium

I've implemented a very basic version of this in GIT 67657a2a that only checks the world version (which is never encrypted). This is good enough to prevent MZX from decrypting backup1.mzx from the issue linked above and a test world I made that's valid except for its protection byte being set. This also lets MZX fail when attempting to load an encrypted 1.x world (of which Terryn just recovered two <3), which store the password slightly differently and gets corrupted if modern MZX tries to decrypt it.

I think this is probably good enough but if a world with this issue pops up again and gets through this check more safeties can be added. Adding this requires computing the password during the initial validation pass, which isn't that big of a deal.
"Let's just say I'm a GOOD hacker, AND virus maker. I'm sure you wouldn't like to pay for another PC would you?"

xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository

#3 User is online  
Lachesis 

  • the pinnacle of human emotion
  • Group: DigiStaff
  • Posts: 3,904
  • Joined: 17-July 04
  • Gender:Female
  • Location:Sealand

Posted 16 January 2021 - 04:37 AM

Updating status to: Fixed
Issue fixed in: 2.93

As of GIT 1d5202cf, decryption is automatically performed into a memory buffer or temporary file and thus this is no longer much of a concern.
"Let's just say I'm a GOOD hacker, AND virus maker. I'm sure you wouldn't like to pay for another PC would you?"

xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository

#4 User is offline  
Terryn 

  • ******
  • Group: DigiStaff
  • Posts: 2,961
  • Joined: 12-October 00
  • Gender:Male

Posted 01 January 2024 - 02:59 PM

Moving to: Archived MegaZeux Bugs


Page 1 of 1
  • Cannot start a new Issue
  • Closed Issue This issue is locked

1 User(s) are reading this issue
1 Guests and 0 Anonymous Users


Powered by IP.Tracker 1.3.2 © 2024  IPS, Inc.