![]() It is an entire universe to explore, in constant change and full of possibility!" -Diogo "***** The only downside is that it can be very addicting!" -Tim McDonald Such a variety of things in this world to do, including things like player-made 'roller coasters' that take you for a ride!" -Joshua C "***** A WONDERFUL game, so fun to explore, build, interact, and create ART. "The most exciting game I've played so far mainly because of its freedom to shape your world." -Cosmin "Exploring the world is a blast" -Massively Welcome to the Manyland Wiki The go-to place for any Manyzen to find out more about Manyland Manyland is an MMO-Sandbox style game where players (Manyzens) create their own objects, while also being able to build and share what others have made In Manyland, you can explore player-created areas, play mini-games, make friends and much more. In an infinite, shared world of abundance, we create new things by drawing them, build new places of any kind, hang out and chat, throw around stuff, shape our own appearances, collect what we like and provide what's needed, make music, party, go swim, enjoy, jump n' run, take care of the world, do sports, come up with puzzles, explore. ![]() and have a lot of fun together in ways none of us can predict. if you pick up a weapon you can only harm people who friended you (if your friends disagree with being killed, they can unfriend, and unfriended people aren't affected by one's bullets) - but if you find anything that harms others even when not friended, please give us some time to fix it and disclose it privately to: (we do have server-side checks for such things, so if something is not working there, we'd really appreciate the tip) We aren't perfect and private disclosure is very much appreciated.Manyland is a massive multicitizen world so will require a good internet connection. Now as far as tweaking things which are harmful to others go, we try to base it on friendship - so e.g. (If people find someone doing something which somehow ruins things for them, they may flag report a person though.) At rank 2, try creating an Interacting block to see some of the things you can do. When you have a need, we try if possible to make it a feature, by integrating it in the Interacting language. We also added flying mountables, triple jump wearables, parachutes, insta-teleporting, a 100% invincibility armor, and everything one might want to do. Thanks for these details! We added a client-side scripting option to specifically increase your jumps, so if you want you can create an Interacting for that. Just wanted to bring the issue up to you guys after finding it. To go further on it, I would have it produce the obfuscated names randomly on each load of the game script so they're not easily referred to. Second I would try obfuscating all variable names that you can, especially the class definitions like EntityPlayer. Even if you left all your code in plain text, any modification someone tried to make from the client would be seen, verified, and handled accordingly by the server. I would suggest first and foremost to do the server side checks. The second thing I see is just obfuscating the code more. ![]() Now the player can super jump and the server is fine with it (verified by numerous 'holy sh !' and 'wtf!?' comments from other players). To change player jump height for example, all it would take is this piece of JavaScript: It was also easy, for the most part, to identify what certain variables did as they were in plain text. Once the player object was found, it's easy to modify the variables and the world (server side) accepts it. This name for this player object is also static for every game instance, so it's easily referred to every time. I only tested this out on the player object as a PoC, but it only takes changing a variable within the player object to modify things like player speed, mountable craft speed, etc.įor instance, while you obfuscated the name of the player object within the ig.game object, it was easily found by checking for modifications to the health variable, where another function listed it as ig.game.O1376. Probably the biggest issue I see is the lack of server side checks against changes coming from the client. I wanted to notify you guys though of some security flaws within the game. ![]() Saw this posted over on PH and checked it out, extremely impressive game and I'm sure there's a ton of dev time on this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |