Hex editing - what's the worst that could happen?
Moderators: ~xpr'd~, tyteen4a03, Stinky, Emerald141, Qloof234, jdl
- cloudrac3r
- Rainbow Master
- Posts: 561
- Joined: Fri Nov 13, 2015 7:03 am
- Location: New Zealand
- Contact:
Hex editing - what's the worst that could happen?
IMPORTANT: This post was written while considering RTW only! Please say in a reply if you are talking about WA!
I read the 2006 walking on walls topic, and everyone in there speaks of hex editing as if it is some kind of sacred god which, if tampered with, will awaken in a rage and destroy us all!
Okay, that's obviously a big exaggeration. What's the worst thing that could happen to your computer while:
(a) Playing a hex edited level which was uploaded by another user
(b) Creating a hex edited level, following instructions or using tiles that you know are safe
(c) Messing about with random hex codes to see what happens
Here's what I guess would happen for each of the above scenarios:
(a) Nothing. If something bad happened, they wouldn't have uploaded the level. Hopefully.
(b) Either it will work as expected, or something strange will happen and the game will crash (but all files will be left unharmed)
(c) The game will crash (but all files will be left unharmed)
If any of you have some past experience with hex edited levels, I'd like to know all about it, as well as any predictions or opinions on the subject.
EDIT 1 (18/12/16 22:27) Fixed spelling, changed bullets to letters for clarity, added important first sentence.
			
													I read the 2006 walking on walls topic, and everyone in there speaks of hex editing as if it is some kind of sacred god which, if tampered with, will awaken in a rage and destroy us all!
Okay, that's obviously a big exaggeration. What's the worst thing that could happen to your computer while:
(a) Playing a hex edited level which was uploaded by another user
(b) Creating a hex edited level, following instructions or using tiles that you know are safe
(c) Messing about with random hex codes to see what happens
Here's what I guess would happen for each of the above scenarios:
(a) Nothing. If something bad happened, they wouldn't have uploaded the level. Hopefully.
(b) Either it will work as expected, or something strange will happen and the game will crash (but all files will be left unharmed)
(c) The game will crash (but all files will be left unharmed)
If any of you have some past experience with hex edited levels, I'd like to know all about it, as well as any predictions or opinions on the subject.
EDIT 1 (18/12/16 22:27) Fixed spelling, changed bullets to letters for clarity, added important first sentence.
					Last edited by cloudrac3r on Sun Dec 18, 2016 9:30 am, edited 1 time in total.
									
			
									You can call me Cadence.
I made the RTW level archive.
I made the WA1 tier list.
https://cadence.moe/contact
						I made the RTW level archive.
I made the WA1 tier list.
https://cadence.moe/contact
Severity of Hex Editing
I agree with you. As someone who's been a modder and programmer for quite a while, I can assure that any hex editing would only affect the Wonderland EXE whilst in runtime (and even then you could change it back if it causes a crash) and the file that has been tampered with. If you edit the files too much, again, easy fix. Just make a copy of your save file and your levels and then re-install Wonderland. Put the copied files back in and it's as good as new.
			
									
									
						- cloudrac3r
- Rainbow Master
- Posts: 561
- Joined: Fri Nov 13, 2015 7:03 am
- Location: New Zealand
- Contact:
Are you saying that file damage/corruption could occur, but that it would only damage/corrupt files within RTW's installation directory? (i.e. "C:\Program Files\Midnight Synergy\Return to Wonderland")
Or are you saying that the Wonderland EXE would act differently while it remains running, but next time it is opened it will load the clean, unmodified executable again? Which one? Or something else?
			
									
									Or are you saying that the Wonderland EXE would act differently while it remains running, but next time it is opened it will load the clean, unmodified executable again? Which one? Or something else?
You can call me Cadence.
I made the RTW level archive.
I made the WA1 tier list.
https://cadence.moe/contact
						I made the RTW level archive.
I made the WA1 tier list.
https://cadence.moe/contact
I'm saying that heavy hex editing could corrupt the edited file, but you could just reinstall wonderland to fix it. However, I've only used hex a few times before as most IDEs don't require knowledge of hex nowadays to program things, so maybe it isn't as severe as I imagine. Anyway, no permanent damage, and absolutely no chance of PC harm.
			
									
									
						- tyteen4a03
- Rainbow AllStar
- Posts: 4389
- Joined: Wed Jul 12, 2006 7:16 am
- Contact:
I suppose this would be possible if someone was able to exploit a bug in Wonderland.exe that would cause the program to modify unintended areas of memory, including its own code or more likely, its memory stack, by accessing array-elements outside the array's boundaries.
The question is, whether such a bug exists - such bugs are not unheard of and though they are pretty hard to find just from the binaries, if I had access to the Wonderland source-code then I could probably detect such bugs.
			
									
									
						The question is, whether such a bug exists - such bugs are not unheard of and though they are pretty hard to find just from the binaries, if I had access to the Wonderland source-code then I could probably detect such bugs.
- cloudrac3r
- Rainbow Master
- Posts: 561
- Joined: Fri Nov 13, 2015 7:03 am
- Location: New Zealand
- Contact:
Programmers do not normally check for this condition of array-index out of bounds because it makes the programming and the code too tedious.    Some compilers have the option to do so automatically and it may be used while debugging - but it is expensive and slows down the programs, so I don't think that it would be used in a production-version of RTW.
There may be an explicit check of the array-indexes in 2 or 3 places where it is reasonably suspected due to a faulty level-file - but did the programmer find ALL the places where it could happen?
If writing on memory is possible, then an experienced hacker could either:
1. Change the program-code itself, so it runs code to take control over the computer.
Or
2. Hex-edit part of the board so that instead of valid Wonderland elements there is a malicious program there, then modify the stack so that when the careless subroutine/function ends, rather than return to its caller, it instead jumps to that board-area.
In both cases, crashing the program afterwards could help to cover the tracks. The player would think that the Hex-level is faulty, but in fact playing it once was enough and the damage is done.
If a hacker is allowed to access and modify the Wonderland code, then likely they wouldn't introduce code that does anything right away, but instead await a level with certain properties first. As players play 1000's of levels and nothing happens, which they can check for themselves, once the hacker publishes the triggering hex-level, the players would suspect the level rather than the program.
			
									
									
						There may be an explicit check of the array-indexes in 2 or 3 places where it is reasonably suspected due to a faulty level-file - but did the programmer find ALL the places where it could happen?
If writing on memory is possible, then an experienced hacker could either:
1. Change the program-code itself, so it runs code to take control over the computer.
Or
2. Hex-edit part of the board so that instead of valid Wonderland elements there is a malicious program there, then modify the stack so that when the careless subroutine/function ends, rather than return to its caller, it instead jumps to that board-area.
In both cases, crashing the program afterwards could help to cover the tracks. The player would think that the Hex-level is faulty, but in fact playing it once was enough and the damage is done.
If a hacker is allowed to access and modify the Wonderland code, then likely they wouldn't introduce code that does anything right away, but instead await a level with certain properties first. As players play 1000's of levels and nothing happens, which they can check for themselves, once the hacker publishes the triggering hex-level, the players would suspect the level rather than the program.





