Thread: [Essentials script] Password Gift
View Single Post
  #8    
Old March 4th, 2012 (09:04 AM).
Awkward Squirtle
,@,e .ºoO
 
Join Date: Jul 2011
Gender: Male
FlipelyFlip: Nice script. Tip: you can use the chomp method to remove possible whitespace from the end of a string (instead of your current slice shenanigans). I like the way you've set up the switches - you could make a set of mutually exclusive passwords by giving them the same switch ID (such as a choice between Bulbasaur, Charmander and Squirtle)!

help-14: Deflate isn't an encryption algorithm, it's a data compression algorithm. Adding a 'secret key' on the end won't make it secure. You're not even checking the secret key after decompression - I can just make a message with an empty 'secret key' and your code will decrypt it as normal (try it). And even if you do check the secret key, I can find the game's actual secret key by decompressing the code and taking the bit off the end - then, I can fake a message and append the key before compressing, and the game will be none the wiser. Pack/unpack similarly doesn't do any encryption - it just converts an array into a string and vice-versa using a predefined format.

As an easier alternative, try the Marshal module - it provides data serialisation, meaning you can pack an actual Pokémon's data into a string with a single line of code. The default implementation is pretty inefficient, but I think there's a method you can override if you want to pack the data into a shorter string.

Pokémon Raptor uses deflate and a conversion to base-64 in its system - it's not encrypted in any way whatsoever. It's easy to fake a Mystery Gift/team code. But the Mystery Gift code there is loaded from a URL defined in the scripts, so you'd have to modify and redistribute the scripts file to change the loaded gift (as I did). And team codes don't really do anything in-game, so faking them doesn't really matter.

You should still have some sort of validation to prevent game crashes from malformed codes - for example, this guy's code is invalid, but the game handles it gracefully (when constructing the team's Pokémon, an invalid species exception is thrown; the script catches it, and displays a message to the screen saying so). FlipelyFlip's code doesn't really need this (as long as the game creator doesn't mess up); however, any code which constructs Pokémon from a user-supplied string should have this sort of error handling. You could also include a checksum, to spot any errors that could have been made when copying the code (rather than immediately trying to load an invalid code).
Reply With Quote