Saturday, 7 February 2015

Almost a Game

So a lot of time has past since my last update. But this time I'm not going to blame being busy at work, or Christmas, because I've in fact been working very hard on HTP. Every day for the past 98 days according to Github in fact. Look, I've got proof!

I've been carrying on implementing the tutorial, with a few interesting detours along the way. I've added so much in fact I don't know where to start. Maybe a quick run down on what the tutorial contains will help, so here it is so far:

- Intro
- Give the player their computer
- Port scan a neighbouring computer
- Identify the neighbouring computer
- Hack the neighbouring computer with the provided OS exploit
- Install the provided spam bot
- Go to a neighbouring home network
- Port scan and identify the router
- Reveal vulnerability database on the map
- Download a remote admin vulnerability for the router
- Start developing their own exploit from the vulnerability
- Speed up time until the development is complete
- Return to the neighbouring network and hack the router
- Scan the network to reveal computer and wifi access point
- Identify the switch and wifi access point
- Hack the switch
- Scan the network behind the switch
- Find the computer with the target user behind the switch
- Hack the computer using the OS exploit
- Reveal a software vendor on the map
- Purchase a key logger from the software vendor
- Install a key logger on the computer
- Identify the target phone
- Download a sensitive target file from the mobile using the provided OS remote copy file exploit
- Reveal a data exchange on the map
- Sell the sensitive file on the data exchange

Not yet implemented:
- Return to the keylogged computer and download the newly placed cryptocoin wallet
- Return to the home computer and open the wallet using the keylogged password
- Profit!

There will of course be much more to the gameplay then what is included here, but these will make up the basics, with more advanced gameplay being introduced throughout the storyline.

I've added externally accessible device content, or in other words, websites. These are device's contents that can be accessed without hacking into a network first, and are currently visible as cubes jutting out of the surface of networks.

There are 3 types of websites at the moment. Software vendors, where there player can purchase software. Data exchanges, where the player can buy and sell files (this includes all kinds of files at the moment, including illegally obtained files, but this will be replaced with blackmarket websites in the darknet eventually), and vulnerability databases, where the player can find publicly available vulnerabilities and develop them into usable exploits.

This brings me to the next feature, players can now create exploits from vulnerabilities. These exploits take some time to develop (time acceleration has also been added) and target specific versions of software. Different vulnerabilities have different effects on the target device, some will allow you to remotely copy a file, some will disable the device entirely, and some will grant you full access to the machine, or 'root' access as it's called.

I also completely rewrote the UI system to be totally data-driven, I did this over the Christmas holidays, it was quite boring, but needed to happen, and the sooner the better, as now adding now UI is as simple as whipping up a new JSON file along the lines of this:

"Name": "Divider",
"Layout": "=================================="
"Name": "Cheats",
"Items": ["Complete All Missions", "Lotsa Money", "Complete All Development", "Toggle Instant Processes", "Skip Tutorial", "Unhack Target"],
"Layout": "{ITEM}",
"MenuNavigation": true,

"Action": "RunCheat",
"Parameter": "{SELECTION}"
"Action": "GoBack"

"Layout": "Cheats\n{Divider}\n{Cheats}",

"Keys": ["Escape", "Backspace"],
"Action": "GoBack"

I've also moved to Unity 5 pro, courtesy of a 90 day beta license gifted to me at a Unity 5 workshop that happened here in Vancouver in December, thanks guys!

Most of the first half of January was spent totally refactoring how software works. Before each type of program had its own source file which defined its behaviour. It worked but wasn't that flexible, now everything is, you guessed it, data-driven. The behaviours and development lifespan of a software product line are all defined in JSON files which look like the following:

"Name": "ScanX",
"Category": "Scanner",
"Description": "Brute force port scanner, not very stealthy but gets the job done.",
"Architecture": "x86",
"Tags": ["PortScanner"],

"StartingVersion": 1.0,
"VersionStep": 0.5,
"StartingLevel": 0,
"StartingCost": 50,
"LevelStep": 10,
"MaxReleases": 20,
"CostStep": 5,
"FormatString": "{NUMERIC:F1}",

"Action": "ScanPorts",
"MinSpeed": 5, "MaxSpeed": 2.5,
"MinNoise": 10, "MaxNoise": 10,
"MinRequiredLevel": 0, "MaxRequiredLevel": 5

You'll notice mention of 'level' a couple times in there. The game now has a global tech level which slowly increases over time, when the level increases enough, a software's developer will release a new version of it to the public, which can then be purchased (or otherwise 'aquired') and installed, reverse engineered, cracked, etc. I want to make the release and acquisition of things as dynamic as possible. There should be nothing to stop a hacker breaking into a software developer or vendor's network and stealing their latest, possibly even unreleased, software and selling it on the black market. Hackers don't sign NDAs right? Alternatively, if you could get your hands on an unreleased operating system and find a vulnerability in it, you could be sitting on a pretty juicy zero day exploit. But why stop there, maybe if you can create a stealthy enough virus, you could infect said unreleased OS and find yourself will a botnet of thousands created for you. It's that kind of lateral thinking and emergent gameplay I want to make possible and encourage. I want to provide the tools and let the players create their own fun.

My initial goal was to complete the tutorial and get HTP to the stage I can honestly call it a game by my birthday later this month. I'm actually a little ahead of schedule on the tutorial and it should be finished in the next couple days. But HTP doesn't quite feel like a game yet, it's still quite stagnent and static, so I think I'm going to keep myself on my toes and revise that goal to include added some AI to the game. I want to see freelance whitehat hackers aquiring software, finding vulnerabilities in it, and releases those vulnerabilities to the public in vulnerability databases. I want to see blackhat hackers hacking into networks and devices in search of cryptocoin wallets, installing spam and keyloggers, and generally causing mischief. I also want to see average users just going about their life, spending their day at work, and their evenings at home, playing games, shopping online, downloading porn, etc.

I'll leave you with a random image to add a bit of colour. I'll try to update this more frequently so I don't have to pour though my github commit logs to remember what I've actually done in the past 2 months!

Hack the Planet!