1715 posts
Location
ACDC Town
Posted 12 April 2015 - 04:37 PM
Because no one has done it before (I'm sure [Nah, of course not]),I made an ID spoofer. Install:pastebin get 2y2yQM02 spUsage:sp <newid>sp reset
1852 posts
Location
Sweden
Posted 12 April 2015 - 08:00 PM
I'm not entirely sure, but moderators may be against this type of program( I'm not sure ).
355 posts
Location
Germany
Posted 12 April 2015 - 08:04 PM
Just call it emulator for communication manipulation to be on the safe side xD
673 posts
Posted 12 April 2015 - 09:21 PM
Cool, but could be bypassed because the variable "realID" can be accessed by every program
355 posts
Location
Germany
Posted 12 April 2015 - 09:31 PM
Cool, but could be bypassed because the variable "realID" can be accessed by every program
Well, I think it's designed to be able to be bypassed. If not, why would you want to bypass a spoof?
I don't know whether you know what spoofing is, but in short you changing your identity from your interface.
mostly used to flood working tables of network switches to fall down to a hub-mode, which enables you to read all messages on every medium in the network, since the hub treats them as one.
In his case, you could broadcast a message in the name of other computers, even fictive ones.
So normally, the computer running the spoof is always the computer the hacker/(or pen tester) is operating, so he won't bypass his own tool, cause then he wouldn't have run his tool, if that makes any sense
Edited on 12 April 2015 - 07:35 PM
355 posts
Location
Germany
Posted 12 April 2015 - 09:53 PM
But since this could potentially become a problem, here is my argument against rating this post as "publication of malicous script":
Firstly, script kiddies would have to do a lot more work to be able to do anything malicious. And skilled people would easily write those 5 lines themselves.
Secondly, you can use the code non-maliciously for emulating other computers within one computer over different periods of time, which is a nice thing.
Just if noticed by one of the moderators, maybe this could potentially change your opinion on that post, since the term/procedure "spoofing" is known to many as being used only for malicious purpose.
227 posts
Location
Germany
Posted 12 April 2015 - 10:44 PM
I'm not entirely sure, but moderators may be against this type of program( I'm not sure ).
Mh - don't think so. It'd probably even be practical in older versions of ComputerCraft where that whole hostname thing is not implemented yet, but you still want to receive a message via rednet with multiple computers at once.
As rednet works on channels and in no way is safe at all, this would not create any non-existant security flaws anyways.
As for example sending a message to computer 5 via rednet is the equivalent to broadcasting a message on channel 5 whereas computer 5 is listening on that exact channel, you could just also use the plain modem API and open channel 5.
So I wouldn't consider this as 'malicious'. :)/>
7 posts
Posted 13 April 2015 - 08:01 AM
Nice program… Add: "This is for educational purpose only. Don't do anything stupid" to be on the safest side.
3790 posts
Location
Lincoln, Nebraska
Posted 13 April 2015 - 04:40 PM
Well actually, ID spoofing has been discussed before with moderators and developers in the past. Since os.getComputerID() can be overwritten, it's easy enough for anyone to spoof the computer ID. It's actually a feature, not an exploit! :D/>
1583 posts
Location
Germany
Posted 13 April 2015 - 04:46 PM
Well actually, ID spoofing has been discussed before with moderators and developers in the past. Since os.getComputerID() can be overwritten, it's easy enough for anyone to spoof the computer ID. It's actually a feature, not an exploit! :D/>
So, everything I write, which just "exploits" this "free" usage of variables, is allowed if it is not malicious? Could I even "reimplement" all the APIs?
8543 posts
Posted 13 April 2015 - 04:52 PM
That's not the criteria. It's more about a combination of apparent intent and what the code actually does. We're not going to get in to the nitty gritty of what exactly is or isn't going to be considered malicious, it's more of an "I know it when I see it" kind of thing.
3790 posts
Location
Lincoln, Nebraska
Posted 13 April 2015 - 05:11 PM
That's not the criteria. It's more about a combination of apparent intent and what the code actually does. We're not going to get in to the nitty gritty of what exactly is or isn't going to be considered malicious, it's more of an "I know it when I see it" kind of thing.
That's a good point, Lyqyd. Determining what is and is not malicious is like walking a razors edge. On one side, certain code can be perfectly fine, and even useful such as the Top Level Coroutine Override. On the other side, however, the same code can be used for evil as it were, the only difference being the intent of the code as a whole.
2427 posts
Location
UK
Posted 13 April 2015 - 05:23 PM
Is this a good rule of thumb of classifying malicious? "If a given set of code deletes files in an uncontrolled way, bricks the computer, or otherwise causes data loss, then the code almost certainly is malicious."
1583 posts
Location
Germany
Posted 13 April 2015 - 05:27 PM
Is this a good rule of thumb of classifying malicious? "If a given set of code deletes files in an uncontrolled way, bricks the computer, or otherwise causes data loss, then the code almost certainly is malicious."
I don't want to destroy your "dreams", but you (unfortunately/luckily) can't completely brick a computer.
8543 posts
Posted 13 April 2015 - 05:39 PM
It's not just about data loss, there are a variety of other ways code could be considered malicious. This is starting to veer off topic though, so let's steer this back to the subject at hand, please.
7 posts
Posted 15 April 2015 - 10:11 AM
Just wanted to react anyways @Cranium :
Well actually, ID spoofing has been discussed before with moderators and developers in the past. Since os.getComputerID() can be overwritten, it's easy enough for anyone to spoof the computer ID. It's actually a feature, not an exploit! :D/>
Ur wrong!
It's a vulnerability that can be exploited, so what he made is an exploit.
Edited on 15 April 2015 - 08:13 AM
1847 posts
Location
/home/dannysmc95
Posted 15 April 2015 - 10:19 AM
Just wanted to react anyways @Cranium :
Well actually, ID spoofing has been discussed before with moderators and developers in the past. Since os.getComputerID() can be overwritten, it's easy enough for anyone to spoof the computer ID. It's actually a feature, not an exploit! :D/>/>
Ur wrong!
It's a vulnerability that can be exploited, so what he made is an exploit.
*You're
Stop complaining.
3790 posts
Location
Lincoln, Nebraska
Posted 15 April 2015 - 05:04 PM
Again. Back on topic. If you wish to discuss the minutiae of what is and is not considered malicious, I'd suggest you start a topic elsewhere, rather than hijacking this one.
673 posts
Posted 16 April 2015 - 12:12 AM
Cool, but could be bypassed because the variable "realID" can be accessed by every program
Well, I think it's designed to be able to be bypassed. If not, why would you want to bypass a spoof?
I don't know whether you know what spoofing is, but in short you changing your identity from your interface.
mostly used to flood working tables of network switches to fall down to a hub-mode, which enables you to read all messages on every medium in the network, since the hub treats them as one.
In his case, you could broadcast a message in the name of other computers, even fictive ones.
So normally, the computer running the spoof is always the computer the hacker/(or pen tester) is operating, so he won't bypass his own tool, cause then he wouldn't have run his tool, if that makes any sense
Yes, I know what spoofing is.
Yes, I know that you could pretend to be another computer with it.
A program would bypass the spoof to get the real ID; I'm not talking about the computer operating bypassing it.
Edited on 15 April 2015 - 10:14 PM
1715 posts
Location
ACDC Town
Posted 30 April 2015 - 10:05 PM
My god, with my comment, there are now an equal amount of comments as there are line numbers in the program you are talking about. Never thought it could happen.
EDIT: Oh, and before I forget…
This program does have the realID variable for a good purpose. It does expose the actual ID (which isn't a big deal as rednet (unless also modified) will still communicate over the spoofed port), but by doing so you can reset your ID to what it was originally without memorizing it.
Wait a minute. Just realized something. I wonder what rednet.broadcast would do if you inputted a string…I'll test that.
Oh wait, just refreshed my look at the code. Checks if it's a string or not. It's all good.
Edited on 30 April 2015 - 08:08 PM
1715 posts
Location
ACDC Town
Posted 09 November 2015 - 03:23 AM
After the amount of time between this post and now, I have applied my massive intellect to bumming down the code to 4 lines. Woo.
Edited on 11 November 2015 - 09:25 PM
374 posts
Posted 09 November 2015 - 11:37 AM
Ive done something like this before. Rednet is super insecure :P/>. Also, you can theoretically overwrite os.getComputerID() to return a string, but doing so bricks rednet :P/>
2679 posts
Location
You will never find me, muhahahahahaha
Posted 09 November 2015 - 03:49 PM
Well, this program being so complex, what you did is a real accomplishment. On a side note, before I saw you program 7 line of code, I had never thought fooling RedNet would be so easy.
374 posts
Posted 10 November 2015 - 01:17 AM
Well, this program being so complex, what you did is a real accomplishment. On a side note, before I saw you program 7 line of code, I had never thought fooling RedNet would be so easy.
Its even easier
function os.getComputerID()
return #
end
will make rednet send using whatever ID you gave it :P/>
29 posts
Posted 31 March 2016 - 01:13 AM
I'm sorry to ask this so long after this post died, but may I use this in my OS?
756 posts
Posted 31 March 2016 - 02:14 AM
I'm sorry to ask this so long after this post died, but may I use this in my OS?
This thing is so trivial to make, I don't think you need his permission :P/>
374 posts
Posted 31 March 2016 - 01:57 PM
I'm sorry to ask this so long after this post died, but may I use this in my OS?
This thing is so trivial to make, I don't think you need his permission :P/>
If for some reason you need something for your OS and he wont let you use this (and you cant make your own) i have something similar, look through my posts for libpcap/libspoofer
756 posts
Posted 31 March 2016 - 07:28 PM
os.getComputerID = function() return someid end
Is all you need, he's not the only one to come up with that, nor does he have some kind of licence/patent on it, you won't need permission for something this trivial.
374 posts
Posted 31 March 2016 - 08:28 PM
os.getComputerID = function() return someid end
Is all you need, he's not the only one to come up with that, nor does he have some kind of licence/patent on it, you won't need permission for something this trivial.
Yea, its pretty much the way when a name becomes a generic name (I.E google, Kleenex, etc) it doesnt matter what happens, you can use that name/program pretty much without a license
1715 posts
Location
ACDC Town
Posted 31 March 2016 - 11:33 PM
I'm sorry to ask this so long after this post died, but may I use this in my OS?
No, I forbid it! Closed source code! Proprietary! You are hereby sentenced to one
million years in the dungeon!!!!But seriously, if you don't know how to replicate this simple script, then you should learn a bit more before making an OS.
29 posts
Posted 01 April 2016 - 05:36 AM
But seriously, if you don't know how to replicate this simple script, then you should learn a bit more before making an OS.
It seems easy enough (I'm still pretty new to this though, I won't deny it). I'm mostly just too lazy to make my own.
9 posts
Posted 01 April 2016 - 11:52 PM
when communicating over rednet it is important to use verification codes that are encoded to stop shit like this from totally screwing people over…
does this really have any aplication on a server world. even with this code could you hack a comunications network in game with it fast enough before a varification code is changed out…? i doubt it man… it takes vary little code to protect against this kind of thing. Im more worried about decryption…
453 posts
Location
Holland
Posted 03 April 2016 - 01:03 AM
Does this trick rednet too? or does rednet take note of the computer id startup?
756 posts
Posted 03 April 2016 - 02:00 AM
Does this trick rednet too? or does rednet take note of the computer id startup?
It does trick rednet, assuming the spoofing is done before rednet.open.
Rednet is easily spoofable without this trick, by using the modem api directly.
29 posts
Location
Glasglow, England
Posted 08 April 2016 - 03:42 PM
Handy exploit, perfect for injecting code via Rednet on Tekkit. Do you mind if I implement this into the beta OS we are developing?
—
We are Anonymous
We are Legion
We never Forgive
We never Forget
Expect Us
—
If not though, it is to be understood. The purpose of implementation is to attribute to the rise of such a user as you.
686 posts
Posted 09 April 2016 - 05:22 PM
Handy exploit, perfect for injecting code via Rednet on Tekkit. Do you mind if I implement this into the beta OS we are developing?
I find it extremely hard to believe that somebody who couldn't have figured out how to spoof a rednet ID has found a means of injecting code via rednet.
598 posts
Location
The United States
Posted 09 April 2016 - 07:16 PM
Handy exploit, perfect for injecting code via Rednet on Tekkit. Do you mind if I implement this into the beta OS we are developing?
I hope you realize that injecting code over rednet is nearly impossible, right?
1715 posts
Location
ACDC Town
Posted 09 April 2016 - 09:00 PM
Handy exploit, perfect for injecting code via Rednet on Tekkit. Do you mind if I implement this into the beta OS we are developing?
—
We are Anonymous
We are Legion
We never Forgive
We never Forget
Expect Us
—
If not though, it is to be understood. The purpose of implementation is to attribute to the rise of such a user as you.
Handy exploit!
Beta operating system! Rise of a user like myself!!BWAHAHAHAHAHAHAHA!I've seen the whole
one other post you've made, and it's just as stupid. A one line program for a minecraft mod that
isn't malicious in the first place isn't even worth the attention of the few people who commented. I made this when learning Lua, not trying to plan a hostile takeover of minecraft cyberspace.
And what's with the whole Anonymous thing? It's pretty stupid for an anonymous person to name themselves 'Anonymous' (an identifyable name), have a Guy Fawkes mask as their icon, and put that stupid "we are anonymous we are legion" thing on your post.
756 posts
Posted 09 April 2016 - 10:35 PM
…
My my, it looks like you want to allow malicious code on the forums so you get all the "exploits" spoon-fed to you, for your own use.
Why don't you do like everybody else and do your own research for exploit by yourself.
22 posts
Location
Secret meeting of the South African Internet Users club
Posted 10 April 2016 - 02:42 PM
even with this code could you hack a comunications network in game with it fast enough before a varification code is changed out…?
No, modem_message events reach all modems listening on a particular channel at the same time. If you switch the MAC immediately it cannot be attacked, except by length extension attacks, which you can combat by using an HMAC
29 posts
Location
Glasglow, England
Posted 15 April 2016 - 02:03 PM
Handy exploit, perfect for injecting code via Rednet on Tekkit. Do you mind if I implement this into the beta OS we are developing?
—
We are Anonymous
We are Legion
We never Forgive
We never Forget
Expect Us
—
If not though, it is to be understood. The purpose of implementation is to attribute to the rise of such a user as you.
Handy exploit!
Beta operating system! Rise of a user like myself!!BWAHAHAHAHAHAHAHA!I've seen the whole
one other post you've made, and it's just as stupid. A one line program for a minecraft mod that
isn't malicious in the first place isn't even worth the attention of the few people who commented. I made this when learning Lua, not trying to plan a hostile takeover of minecraft cyberspace.
And what's with the whole Anonymous thing? It's pretty stupid for an anonymous person to name themselves 'Anonymous' (an identifyable name), have a Guy Fawkes mask as their icon, and put that stupid "we are anonymous we are legion" thing on your post.
Not ridiculous. Anons such as myself, always identify as "anonymous"
598 posts
Location
The United States
Posted 15 April 2016 - 03:14 PM
Not ridiculous. Anons such as myself, always identify as "anonymous"
So I guess all Anons such as yourself also spend your time trolling (poorly at that) on forums for fake computers in a fake world?
1715 posts
Location
ACDC Town
Posted 15 April 2016 - 06:58 PM
Christ guys, this is a one-line program that has forty-two (including this one) replies. It has three pages. It just changes your computer ID, which can be circumvented with _G.os.getComputerID(). I don't have this many replies on more useful programs (*cough* STD minimap sinelock ports *cough*)
29 posts
Location
Glasglow, England
Posted 16 April 2016 - 11:15 PM
Not ridiculous. Anons such as myself, always identify as "anonymous"
You must have nothing better to do than sit and keep replying useless junk. I'm not attempting to provoke you, but hey, your asking for it.
And no, I'm no troll. I hate those bastards as well.
So I guess all Anons such as yourself also spend your time trolling (poorly at that) on forums for fake computers in a fake world?
Sorry posted the comment wrong.
8543 posts
Posted 18 April 2016 - 06:08 AM
This has gotten rather off-topic and the OP has requested (the wrong way, use the report button!) that it be locked.
Closed.