Apple In-App purchasing hack? Naughty naughty ZonD80. (But good reveal!)

I'm too lazy to make a 'these are not the servers you are looking for ' pic :p

So i was introduced to an >Article< about how a Russian hacker has managed to perform man-in-the-middle attack methods to trick Apples servers used for handling transactions between users and the apps that they are performing in-game purchases within.

This >Article< from ItWire explains quite well how it came to be, though I have some additional thoughts on the matter. I thought where else better to air them than this here blog? ^.^

What the article touches on but does not explain in detail is the 'layers of security' that some app developers use. I'm not sure if this is the only form of protection against this, other than implementing extra steps in the process of making in-app purchases to verify the user and the transaction, but the area I am going to (briefly) discuss is that of where data is stored... Client side data storage, or server side data storage.

Whats the difference?

As best as I understand it (Correct me in the comments please if I am wrong!): Client side data storage is where chunks of user data are stored on the users device, and when the user uses the app and connects up to the internet with it. The client side storage could hold information of transactions performed, user scores, personal information, etc etc.

Server side storage is where this information is stored within the database server of the app making company or some 3rd party company.

When an app using client side storage connects up to the App database, only as much information as is required to reveal the identity of the device/account connecting is needed, and any data that is to be updated is done in the one chunk, not at regular intervals as with server side storage. This makes for a quick and simple set of communications. As you can imagine, with server side storage, the servers could be hammered if there is a large user base making regular updates to their account information.

The issue here arises when someone performs this Man-in-the-middle attack... The clients device attempts to connect to the servers database to perform a series of data transactions that are required to make the purchase, but instead meet the man-in-the-middle that appears to the clients device to be the servers they are looking for. It then completes the transaction. As the information is stored on the client side, many of the devices will then have the data they need to perform the in-game-update of gold, upgrades, whatever it is the user was wanting as the calculations are all done at their end.

So what can we learn from this?

Server side data storage is SLOWER but is MORE SECURE. I suppose you could think of it as a good old asset(?) triangle, or pyramid:

As they say - pick two of three. If you want fast and secure, it costs a lot. If you want secure and cheap, it will be slower and if you want fast and cheap (the standard I suppose if the data is not deemed a critical security asset) - then you lapse in security.

In conclusion:

So what can be done about this security issue?

Two things that I can think of. Either the app developers need to change the structure of their games - which may be difficult, if not impossible, or Apple needs to patch the system to prevent these security attacks from working.

I am not sure if ZonD80 - the Russian Hacker that got this working was looking to make a buck, show off, or was trying to point out the security flaws so that they can be patched. Kudos if he was making the reveal so it could be repaired, but I think from what i have read, he put tutorials up for others to use, he may have been being a little bit naughty naughty ^.^

-V

Warhammer 40k 6th edition Battles: Upcoming battle

If all goes according to plan - I should be taking my Marines back to the battle field this coming Thursday with an imperial guard Vanguard at my back... charging into the fight against the nemesis of the Ultramarine. The Tyranids.

Expect a detailed battle report by the weekend with many delicious photos of my Marines being dissected by Xenos claw, maw and psychic strike, whilst guardsmen pound the ground.  and a detailed battle report by the weekend!

-V

New Steam purchases! Deus Ex collection pack

So, steam is having a sale... I just bought the Deus Ex collection pack... Ten quid for all the Deus Ex games and downloadable content.

Let's Play fodder you say? damn straight!

Facebook V Google advertising

A task cropped up at work today... We are looking into the best Ad providers to use for advertising our products via Facebook.

I stumbled across this website, which is an analysis of performance between Facebook and Google Ad Sense. Can't be good for Facebook's business... but I cant help but think that many people would be interested in seeing this! Take a looksie!

http://www.wordstream.com/articles/facebook-vs-google-display-network

I find it particularly interesting that Facebook charge more, yet get 1/10th of the click through rate (That means people seeing the advert and the clicking on it to learn more about it) - and this HALVES in two days?! Part of me thinks this is all a hoax, but... well... Im not sure what to think. The produce we would be advertising is FOR Facebook, so it makes sense to advertise it there... *shrugs*

If the adverts can be targeted, then I think it might be worth investing a little to test it out...

I use Google Ad Sense on this blog, and I have no complaints about it. I cant help but wonder if i will end up seeing the product-in-question advertised via my blog :D

-V

Blacklight Retribution

Blacklight: Retribution is a freemium team FPS game that is available on steam. (By freemium I mean it is free to download and play, but to get access to the good upgrades, you need to be willing to part with a few bucks, but that said - you still have pretty much unlimited play time and access to the game.)

For a free to play game, I admit. I am impressed. It is akin to counterstrike, but with various objectives and the purchase screen is accessed between missions or before you connect to a server.

There are 3 types of currency. CPs, GPs and Zen.

CP's are Championship(?) Points. These are earned through the course of a battle and can be spent at the various terminals scattered about the map to buy some upgrades, or even the Hard Suit which makes you akin to a 40k dreadnought, and night on unkillable except by other dreadnoughts, flamethrowers, or really really brave troops who use the VR helmet to spot the weak armour plate and get stuck in. (I know, I outmaneuvered one last night and killed it with a pistol!!)

GP's are experience points that can be spent to buy more lasting upgrades. Between missions or when you are not connected to a server you can view your equipment layout and buy new items such as armour, weapons or even part-upgrades for stuff you have. The upgrades tend to be temporary, for example - I bought an assault rifle for 200gp (about 1 good match worth of GP) and I own it for 24 hours. If I wanted it for a week it would be about 1000gp, and permanent it would be 5000gp.

Zen is bought currency. I think it can be used in place of other currency (e.g. buy the Assault Rifle for 24 hours for 20 Zen), but it is also used to buy specialist items. Good upgrades tend to use this, or at least require a chunk of their cost to be paid in Zen restricting them to paying players. An example of this is buying a 'loadout option' - which is basically a quick access weapons loadout which you can change to with the F keys between missions or at terminals (I think)

Anyway, the game plays very smooth, looks awesome and contrary to most FPS games I have seen out there, it seems to be relatively free of Ass Hattery. (Joys of Steam maybe?) Saying that, you find yourself cursing at the screen on many an occasion as Bobby the Bawbag with his Uber gun rounds a corner and takes off your head again... but that's what strategy is for, no? :p

I think one of the greatest appeals to me about this game aside from the online team play aspect (I spent near a decade playing counter strike! I still love it, just cant be bothered installing it!) is the roleplay aspect. You are essentially earning XP (Oh, you also have actual XP and combat levels that unlock weaponry) and using it to buy upgrades to enhance your gaming experience. Do yourself a favour and if you start playing, endure a couple of matches then get rid of the crappy starter SMG! At the very least you should be looting a replacement through as the map progresses ^.^

I spent some time last night attempting to create a Let's Play of the game that records me first entering the game, doing the tutorial and then taking to the field, but bugs with the windowing meant I had naught but a static image and audio. After about 90 minutes of play I came out and resolved this, so here is a couple of matches I played last night :-) >>Linky<< (Note... I had an awesome few rounds - none are caught on cam :p partially cos when I video it forces me into full-screen-windowed mode at the same resolution as before which means the image is distorted to me... but it is still fun :D )

-V

Oh my! Angry Birds Trilogy revealed for PS3, 360 and 3DS

I'm sure die hard Angry Birds fans will like this fact... I think?

Angry Birds was one of those games that hit a couple of years ago that was an awesome time-killer game on the mobile / tab. I know I was dying to get my hands on it, and missed the free download when it first came out. When I eventually got it, it amused me for a little while, but I got bored of it pretty fast (In no small part because I had a crappy HTC Hero). I think that it was basically not my kind of game aswell. I tend to find other things to do when I want to kill a few minutes, I need to sit down with at least a half hour set aside to play a game to get into it. I did play it though. I still sometimes fire it up now if I have the wifes tab in my hands and nothing else to do.

Now, I have no doubt that this release is going to be a success... but I cant help but think who they are going to attract to spend another wad of cash on the release... That is unless they have some good new features implemented...

The new features mentioned seem to all be graphical in nature. New backgrounds, lighting and reactive backgrounds (Im going to guess that you might have some thing like an underwater level and as you launch said Chaffinch at the hunkered down piggywinks, they will leave a trail / current in the water as they fly. Funky, but no game changer.)

I think the demographic that will most likely adopt the new game are the younger generation. Those that don't have a smart phone or tab to play on, and might not be allowed on their parents PC's. Here they get a version accessible from console. Aside from that you are looking at die-hard fans, or those that had not previously been interested.

Time will tell, but it sure is not going to hit 100M+ buyers like the App version, in fact I'm betting 10M will be about its Cap. I hope I am proven wrong though, I like seeing gaming companies be successful :)

Also... I am keen to check it out, I admit :p it is still a sexy game so the new changes pique my Geektrest.

http://www.computerandvideogames.com/357353/angry-birds-trilogy-revealed-for-ps3-360-and-3ds/#

Oh, and since you are here, I guess you have an  interest in Angry Birds... Did you know they are making a cartoon?

Aye, thats right. Check this out:

http://www.neoseeker.com/news/18726-angry-birds-cartoon-in-the-works-spans-52-short-episodes/

I cant help but think it is going to be awesome... or DIRE. (With very irritating high pitched voices to boot!)

-V

Star Trek: The Next Generation - 25 year anniversary!

I admit it! I am shame! I am ashamed! I did not realise that soon, it will be the 25^th anniversary of Star Trek: The Next Generation! (According to Wikipedia – Sept 28 1987 – May 23, 1994)

I can read the credits of the start screen out before they even flash the names up but I did not realise this!

To make amends, here is an array of interesting Trek-links – do yourself (or me) justice and go check them out! :p

Star Trek official store. Some awesome artwork here! Souvenir? I think so!

Star Trek convention – Calgary 2012: A few videos that are well worth watching… Beware – possible tear jerk moments may reside inside…

Wil Wheaton’s blog. Cos you know  you’re a geek and you know you wanna!

Star Trek: The Next Generation  funfacts and information.

To the crew and special guests...

Patric Stewart

Jonathan Frakes

Levar Burton

Michael Dorn

Marina Sirtis

Brent Spiner

Gates McFadden

Wil Wheaton

And…

Whoopi Goldberg

Denise Crosby

Colm Meaney

John De Lancie

Majell Barrett (RIP)

And more…

-We salute you all J

Walkthrough / guides: Making a YouTube video

Since I have been doing a lot of video recording/editing/uploading lately for my Let's play videos I thought that a step by step guide might be useful. It does not take long to properly prep and upload a video to YouTube once you know what is required, and hopefully this guide will help clarify things for you. Disclaimer: I do not claim to be an expert and there may be better guides, but I aim to keep this simple and with as small amount of 'additional software' being recommended as possible.

Primary steps:
1. Record the video
2. Edit the video 
3. Upload the video
4. Annotations & info
5. Publish video

1 – Recording the video.

There are many methods of video recording, what one you use is up to yourself, and the medium you are recording.

1.1   Recording real life events: A webcam, mobile phone, camera or video camera should suit your needs. The videos from these can simply be uploaded to your PC for viewing and editing.

1.2   Recording activity on a PC: The easiest method for this would be to use recording software. Software I have played around with most is FRAPS and Bandicam. I find myself having performance issues with Fraps – but bandicam (as long as you are not setting an FPS lock) seems to run very smoothly. Additionally, it’s about 50mb a minute (with voice recordings) as opposed to 1gb+ per minute with Fraps. Note: An unconfirmed YouTube account has a maximum clip length of 15 minutes, so make sure you cut the video off with time to add in any opening / closing clips/credits. Video length timers can usually be set in the recording settings. If you don't have openings/closings for each video and it is a series you are doing then you can use the video editor to  dissect the the video into up loadable chunks.

1.3   Recording from games console: Some opt to use the same methods as recording real life events, but the quality on these tends to be so poor, people (or at least in my case) leave quite quickly rather than watch. There is software however designed to cap data from consoles. I will edit in information later if I can, but I have no experience in this area. Some say you need a capture card, some say it’s possible without. Heres some YouTube videos that might help.

http://www.youtube.com/watch?v=boh7-LyqNbg – with capture card.

http://www.youtube.com/watch?v=lb8vQDiKq4M – without capture card.

2 – Edit the video

Again, there are multiple methods for doing this step. Personally I use Windows Movie Maker as it is free and comes with Windows. I hear it is easier to perform such actions using a Mac as they tend to have better software for such things, but I don’t have access to one to test.

In Windows movie maker you can add backing tracks, or voice overs, intro credits / outro credits or clips, edit the movie to cut any bits you don’t want out (often in a let’s play type video it’s not a bad idea to cut out monotonous/repetitive steps. An example of this could be my minecraft let’s play videos… Theres a lot of times I have a video that is 10 minutes of mining… nothing too exciting, this can be cut down so that the user doesn’t feel their time is being wasted.

3 - Upload the video
This step is simple enough. Simply go to YouTube, login and click the 'Upload' button. Make sure you give it a good title and description. Tags are useful, but the YouTube search uses the words in the Title, then Description first - so if the title is relatively unrelated, your video might never get found amongst the stream of other videos.

4 - Annotations
In video manager - once a video has been uploaded - you can click 'Edit' on the video and select 'Annotations'
From here you can add a selection of tags on the screen. You can set these up to be links according to the type from the drop down, e.g link to video, link to your channel, etc etc. Make sure you dont litter the screen in annotations, lest people are just liable to disable them. Discrete links to other videos in your series, or of interest can help users find them without specifically searching for them (this is especially useful if you have a series of videos, but they are not numbered... but you wont be silly enough to do that now will you... Will you? *Stern look*

5 - Publish
And finally, once the annotations are in place - click publish to update the video and you are done.

I hope this has been of use. If you have any questions, or your own additions you would like to see, fire it into the comments and Ill check it out.

-V

Sunday Sessions: Star Wars Roleplay - Introduction

As I have done in the past (to an extent, for my D&D campaign) - I intend to bring my Sunday night gaming groups gaming sessions to life on paper (pixel!). Assuming everything is cool with the Game's Master of the Star Wars game my mate Chris (yes, the same one I play Warhammer 40k with) then I should be able to bring the epic tales of the journey of the groups characters to life.

The Game: Star Wars
Time Setting: Around the same time as the original Star Wars games (Second galactic empire?)

The rules set for this game is a hybrid between the new star wars games, and the old D6 system. The game will run using the D6 system for determining the results of actions, and the character sheet I think is from the newer version of the game.

Who is in the party? As the game progresses players are introduced, or disappear, but here is a list of characters to date:

Velk (myself, naturally) - A human bounty hunter. Specialist skills include finding things, and killing things. Force Sensitive. Formerly working for the empire, eventually switched allegiances and is now attempting to gain entry to the Rebellion.

Padme (the Mrs) - A human smuggler, good with roguey type things and fighter ship piloting. She is basically a cross between Han solo and Mal from FireFly. Not Force Sensitive. She is brought to the fold with the rest of the group in an attempt to gain entry to the Rebellion

Evic - A human techy type. Very good with the technical skills and specialises in Capital ship Piloting. Force Sensitive.

Spikes McGee - Human explosives expert. Very good at blowing things up. Force Sensitive.


Amme - Human Jedi Force Sensitive (duh). Amme is a Jedi that has not undergone complete training. Her master was slain before it was possible to complete her training, and as such, she only knows a limited amount about being a Jedi, she is however a very good swordsman and brandishes her defeated masters faulty light sabre in the defence of those around her, and those that she can assist. She seeks access to the rebellion in hopes of gaining their protection, and continuing her training with or without a Jedi Master.

And so the journey begins... at a Hyperspace gateway into the Cardonir sector...

A luxury cruise liner hyperspaces into the system, laying claims to the Imperial Star Destroyer at this outpost that it is returning rich dignitaries to their home worlds. Issuing some aged pass codes, it is allowed to pass. the cruise liner alters its course to hyperspace deeper into the system and re-enters hyperspace.

A couple of hours into the jump, the ship rocks violently to a halt, its primary Hyper Drives tortured screams echoing through the ship as it is ripped from hyperspace by a large gravity well directly in its path.

Aboard the bridge, Evic and the ship commander look out upon a large asteroid, and a Marauder Corvette that looms overhead that latches on a tractor beam and haules the cruise liner into its hold for the inhabitants to claim the ships booty...

More to come
-V

Warhammer 40k 6th edition resources / recommended sites.

With the arrival of 6th edition - many many people are out hunting for information to try to keep up with their A-game. You aint going to find a whole lot of useful information directly from me... I will post what I can when it comes to me, or I find it - but what I would like to do is provide a little list of links to sources and other blogs that I think are really on the Ball and useful :-) I'm fairly sure that most people that happen to stumble upon this page already know of most - but in case you don't. check them out!

The Bolter and Chainsword - A forum that many avid gamers use to air their problems and seek advice. Primarily aimed towards Marine players, but it has info useful for all :-)

Warseer - Another forum packed with useful information.

DakkaDakka - Yet another forum! (Hey, your best resource is the rest of the gaming community...)

The Beasts of War - YouTube channel that covers quite a lot on 40k and other Tabletop gaming.

Way of saim hann
Fritz was always a good resource for me, providing strategies and tactics, battle reports and fun information for various armies. The information I followed most was the Space Marine and Eldar stuff, but he also is a big player of Necrons, Tyranids and Grey Knights. At this point in time he has YouTube videos up on Necrons, Eldar and Tyranids - and how the game changes effect them, and how units can be adapted to work in 6th ed, or if they should just be dropped. Check it out!
Necrons: http://www.youtube.com/watch?feature=endscreen&NR=1&v=bNqm0AcmnsY
Tyranids: http://www.youtube.com/watch?feature=endscreen&NR=1&v=BLqLWaaK9bw
Eldar: http://www.youtube.com/watch?feature=endscreen&NR=1&v=BLqLWaaK9bw
Fritz's YouTube channel: http://www.youtube.com/user/WayOfSaimHann

I have a few more that I may add in later, they dont seem to be active at the minute...

I hope this helps, if you know of any other good resources, fire them into the comments - Ill be happy to check them out and add them in.