Sign in to follow this  
SmashManiac

Executing arbitrary code

Recommended Posts

So, with what's currently implemented in the game, here's what's possible:

- Hacking of public variables from instantiated objects (sword, boomerang)

- Hacking of global variables (artifacts, magic lamp)

- Partial hacking of instructions from any function (bombs, book), excluding when it causes the decompiler to crash

With this set of abilities, what I'd like to try to do is force the virtual machine to execute arbitrary code. It appears to be based on Lua 5.1 and using the Moai SDK as a framework.

Anybody knows of any existing documented exploits for Lua/Moai that could be a good starting point?

Share this post


Link to post
Share on other sites

The DF version of Moai has some pretty heavy modification done to it. It uses a custom SDL2 backend and loads data from a custom format (Moai normally uses zip, theirs loads some custom data blob). At times their functions look a lot like the source, and at other times you are looking at totally different branching. Can you get "os.execute" to run? Considering these games have yet to be multiplayer or read user created/downloaded content, I bet they have some unchecked input in their Moai calls.

If you do find something unchecked, please forward it in a responsible disclosure way up to DF. They might want to fix it should they ever release something which reads untrusted content from the net.

Share this post


Link to post
Share on other sites

That's a very good point this field blank, and I should have been clearer about that. My objective is to cause the virtual machine to execute arbitrary code within itself, not outside of it, otherwise I believe it would be a security exploit that could be maliciously used and spread through Steam Workshop. (By the way, I haven't found a way to access the "os" library from within the game so far.)

Share this post


Link to post
Share on other sites

Given the lack of responses so far, and given that the decompiler in the Early Access version can't handle most of the files without throwing an exception, I'm going to wait for a more stable build before going back to this problem.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this