Legacy world decryption will offer to decrypt pretty much anything that looks remotely like an encrypted file, that is, anything with its protection method byte between 1 and 3 inclusive. This includes anything from otherwise valid worlds with only a few unfortunately-positioned corrupt bytes to completely corrupt worlds to things that aren't even a world at all. It should be fairly simple to decrypt the world in memory up through the palette, global robot offset, and SFX list and check them before even displaying the option since those sections can be fairly good signs of an invalid world.
This isn't particularly urgent though.
Report ID | 776 | Title | Decryption should maybe validate before actually offering the option |
Product | MegaZeux Bugs | Status | Fixed (Severity 3 - Medium) |
Version | 2.91j | Fixed in | 2.93 |
Introduced In Version | 2.80X | Operating System | All platforms |
Page 1 of 1
Report ID #776: Decryption should maybe validate before actually offering the option
#1 Lachesis
Posted 09 July 2019 - 05:34 AM
"Let's just say I'm a GOOD hacker, AND virus maker. I'm sure you wouldn't like to pay for another PC would you?"
xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository
xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository
Page 1 of 1
Replies (1 - 2)
#2 Lachesis
Posted 01 September 2020 - 09:36 PM
Updating status to: Awaiting Feedback
Updating severity to: 3 - Medium
I've implemented a very basic version of this in GIT 67657a2a that only checks the world version (which is never encrypted). This is good enough to prevent MZX from decrypting backup1.mzx from the issue linked above and a test world I made that's valid except for its protection byte being set. This also lets MZX fail when attempting to load an encrypted 1.x world (of which Terryn just recovered two <3), which store the password slightly differently and gets corrupted if modern MZX tries to decrypt it.
I think this is probably good enough but if a world with this issue pops up again and gets through this check more safeties can be added. Adding this requires computing the password during the initial validation pass, which isn't that big of a deal.
Updating severity to: 3 - Medium
I've implemented a very basic version of this in GIT 67657a2a that only checks the world version (which is never encrypted). This is good enough to prevent MZX from decrypting backup1.mzx from the issue linked above and a test world I made that's valid except for its protection byte being set. This also lets MZX fail when attempting to load an encrypted 1.x world (of which Terryn just recovered two <3), which store the password slightly differently and gets corrupted if modern MZX tries to decrypt it.
I think this is probably good enough but if a world with this issue pops up again and gets through this check more safeties can be added. Adding this requires computing the password during the initial validation pass, which isn't that big of a deal.
"Let's just say I'm a GOOD hacker, AND virus maker. I'm sure you wouldn't like to pay for another PC would you?"
xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository
xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository
#3 Lachesis
Posted 16 January 2021 - 04:37 AM
Updating status to: Fixed
Issue fixed in: 2.93
As of GIT 1d5202cf, decryption is automatically performed into a memory buffer or temporary file and thus this is no longer much of a concern.
Issue fixed in: 2.93
As of GIT 1d5202cf, decryption is automatically performed into a memory buffer or temporary file and thus this is no longer much of a concern.
"Let's just say I'm a GOOD hacker, AND virus maker. I'm sure you wouldn't like to pay for another PC would you?"
xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository
xx̊y (OST) - HELLQUEST (OST) - Zeux I: Labyrinth of Zeux (OST) (DOS OST)
w/ Lancer-X and/or asgromo: Pandora's Gate - Thanatos Insignia - no True(n) - For Elise OST
MegaZeux: Online Help File - Keycode Guide - Joystick Guide - Official GIT Repository
Page 1 of 1
2 User(s) are reading this issue
2 Guests and 0 Anonymous Users
Powered by IP.Tracker 1.3.2 © 2025 IPS, Inc.