Analysis of Gemini Cybernetics CDS
March 24, 2010 by pcl · 57 Comments
There have been some rumors going around about a new third-party system for Second Life. The system attempts to detect avatars using third-party clients capable of duplicating objects without the creator’s permission, and the rumors are that it uses some kind of QuickTime exploit or other nefarious means to actually examine the contents of your hard drive or otherwise invade your privacy without permission. I decided to take a quick look to see what it’s all about.
The system in question is called GEMINI CDS Ban Relay and is advertised as a simple object which detects avatars entering your sim, and uses “a team of bots with special abilities” to determine if the avatar is “harmful.” If they are, it adds them to an external database, and can optionally ban or teleport them home. Entries in the database are permanent, so if an avatar has been considered harmful once, they are always considered harmful in the future. It claims to use several frequently updated methods to detect “illegitimate” clients.
The most obvious detection method, and the only one I discovered, is a script that triggers as soon as you enter a protected sim and tells your client to load up a special media URL. Using a tool like Wireshark or ngrep, it is trivial to watch the HTTP request.
Word Games and Slot Machines
I have this thing with games.
For many simple games, especially word games, there is a pretty straightforward strategy to follow to play a “perfect” game. Scrabble is a particularly good example. The simplest strategy is to play the best word you can, which is easily quantifiable by points. Refinements are obvious: try to save high scoring letters for bonus squares, try to make the board worse for your opponent.
Once you’ve figured the basics out, the most effective way to improve your game is to expand your vocabulary. At first, this seems like a pretty “human” endeavor. However, anyone who’s played Scrabble online or competitively is probably familiar with the nonsense Scrabble words you have to memorize to play effectively. Especially important are the ones that help you use Q, X, and Z, and 2 letter words that let you attach to another word: qi, za, qats, mbaqanga. Your spell-checker doesn’t have those words, and your dictionary probably doesn’t either. You will never use them in a sentence, and you probably won’t ever encounter anyone else using them either – unless you’re playing or talking about Scrabble.
Memorizing and searching through lists of arbitrary, otherwise meaningless items isn’t something humans are very good at. Performing precise calculations isn’t something humans are very good at either. They are, however, tasks that computers are particularly good at.
This drives me crazy.
I’ve been programming for most of my life, so for many games, coding something that can play is more interesting than actually playing myself. I’ve written bots for Scrabble, Boggle, Sudoku, Poker, and all manner of word/card/number games – many for money.
Lexis
Lexis game machine
Recently, a friend introduced me to a word game on Second Life called Lexis. Lexis is basically 10 rounds of single-word Scrabble. You get 7 letters, and 7 spots to place them in, with the familiar bonus tiles: double word, triple word, double letter, triple letter. Your word must start in the left-most spot, so there is no strategy in how you place the word. The only thing to do is choose the highest-scoring word, taking into account the bonus squares, and input it as fast as possible.
Definitely a game for computers.
With a cash prize.
On one machine, the jackpot was over L$10,000 – which is about USD$35.
SQL Injection and You
A few months ago, I was approached by Pixeleen Mistral, managing editor for The Alphaville Herald (NWS). She had gotten a reputable tip about a security problem on the website of a popular third-party service for Second Life, and asked if I knew anything about it. The service in question was BanLink, which provides a way for groups in Second Life to share their ban lists. Since the whole point of the service is ostensibly to hinder griefers, it seemed like a pretty hot target for exploitation, and a security vulnerability was potentially big news.
The problem ended up being SQL injection: the ability to modify the queries the website makes to the back-end database. SQL injection is among the most prevalent and most dangerous security problems in web applications. OWASP‘s top ten list placed injection flaws at 6th place in 2004, 2nd place in 2007, and they’re going to be 1st place in 2010. This particular application was vulnerable to injection in pretty much every single parameter on every single page, and any errors from the database were reported in full. As far as these things go, it was a gold mine.