The Hacker's Guide to the Kingdom - The Book of Xenophobe

Author: Xenophobe

Table Of Contents

  1. Introduction and Basic Tools

 

notes:

#################################

 

Xenophobe
Posted: Wed Jun 30, 2004 11:06 am Post subject:

--------------------------------------------------------------------------------

BoozerBear wrote:
go for it. The BoozerBear Foundation for Finding Shit Out gives meat grants to fund research into KOL Sciences, Arts and Automation.

Would 10 million meat get you started? With more on successful beta release and further grants to fund improvements on the code. Try to make it load an external flat-file or SQL "keyphrase >> response" db for ease of programming and potential for keyphrase/response libraries targeting specific areas of interest.

BBFFSO encourages Open Source Programming.

Payment isn't necessary. I've got all the meat I need just from simple mall manipulation.

I have a rudimentary version working right now. The bot is in Perl, and right now it can do the following:

* Log in.
* Search the mall.
* Join chat, and watch chat.
* Read messages.

More is forthcoming, and my current work is turning all the bits I've hacked out into a Perl Module. Userfriendliness is pretty far away at this point, but one who knows a little Perl could easily take my work and build a simple message-and-response bot.

 

From: BoozerBear
To: Xenophobe
Posted: Wed Jun 30, 2004 1:02 pm
Subject: Re: consider yourself PM'd
Xenophobe wrote:

Also, I've got this bot, but I'm not sure what I want to do with it. Some ideas that I had:
* Stat Booster vending machine. What with your recent Casbah of Values offering, this isn't as lucrative as it used to be, but it would be a nice proof-of-concept type of application.
* Mall monitor. This would likely be more bandwidth-consuming than one would normally like, but the idea of being able to graph the mall on a minute-by-minute basis is very exciting.
* Bank & Escrow service. This would require some sort of database backend, likely.


heh, I just pointed this thread out to Jick, so i bet he's tearing his hair out right now (:

the range of possible applications are boggling, really. Maybe jick should re-write the whole game so it outputs raw XML so that we can write our own interfaces to the data and functions.

I need to get a writeup of Hotstuff's bot too, he has one that datamines showplayer.php and sends out offers to buy Mr. A's from those who have them. This could be bad, but at least he keeps his queries down to a thousand a day at non-peak hours.

Jacka18l has a VBscript chatbot that can /msg bomb a target anonymously (thus it can't be ignored, as you can't /baleet playerid 0) also, only used a couple of times to demonstrate the concept, but potentially a big problem.

regarding the mall monitor, that would prolly choke on it's own lag, but I suggested to Jick about 7-8 months ago that such a thing was possible and that he might consider writing a mall search API to prevent people from brute-forcing the search page. however he nixed any idea of making it easier for coders to gain advantage via special doorways. I suspect on reading this thread, he'll have to either find a way to totally prevent remote scripting (maybe some apache option that checks referrers, but i dunno if it's even possible to totally prevent remote scripting) or take input for new mall tools that he can integrate into his code for everyone to use..

At this point it's all out in the open, and he'll have to consider the consequences of inaction. |: Best we can do is help him come up with viable solutions that are fair to everyone, and try to be nice to his poor servers with our experiments (:


From: BoozerBear
To: Xenophobe
Posted: Wed Jun 30, 2004 1:46 pm
Subject: Re: consider yourself PM'd
Xenophobe wrote:
It IS impossible to completely defeat remote scripting without making a normal browser inable to navigate to the page. As long as I have complete control over the headers that are sent with every query to the server, I can make-believe I am anyone.

... Obviously, mall applications will not be very friendly.


yeah, that's the rub. he *might* be able to stop simple remote forms submissions using Apache's hotlink prevention stuff, but like you say, that wouldn't stop someone who can essentially code up thier own browserbot, using any number of tools widely available... I dunno. It's worth discussing anyway. I hope Jick gets into the thread and participates, cuz this kind of thing could become a monster drain on resources if a lot of people are doing it and some are doing it inefficiently or uncaringly (:

From: Xenophobe
To: BoozerBear
Posted: Wed Jun 30, 2004 1:15 pm
Subject: Re: consider yourself PM'd
BoozerBear wrote:
regarding the mall monitor, that would prolly choke on it's own lag, but I suggested to Jick about 7-8 months ago that such a thing was possible and that he might consider writing a mall search API to prevent people from brute-forcing the search page. however he nixed any idea of making it easier for coders to gain advantage via special doorways. I suspect on reading this thread, he'll have to either find a way to totally prevent remote scripting (maybe some apache option that checks referrers, but i dunno if it's even possible to totally prevent remote scripting) or take input for new mall tools that he can integrate into his code for everyone to use..

At this point it's all out in the open, and he'll have to consider the consequences of inaction. |: Best we can do is help him come up with viable solutions that are fair to everyone, and try to be nice to his poor servers with our experiments (:

It IS impossible to completely defeat remote scripting without making a normal browser inable to navigate to the page. As long as I have complete control over the headers that are sent with every query to the server, I can make-believe I am anyone.

Currently, the message loop I have written is very bandwidth-friendly. My test bot (Xenophile, if you care) sits in his clan channel on chat, and watches the chat for "New message received from Someone." messages. Since no one else is in the clan he is in, the only bandwidth consumed is those "New message" messages, and the keep-alives. (Which is 20 bytes every 8 seconds.) So, basically, anything that relies on messages to drive itself is bandwidth friendly. Obviously, mall applications will not be very friendly.

From: Xenophobe
To: BoozerBear
Posted: Wed Jun 30, 2004 12:38 pm
Subject: Re: consider yourself PM'd

BoozerBear wrote:
nice! Hotstuff couldn't get the Sockets library to work right so I suggested cURL to him, and he says it works great. do you mind if I show him this?

Sure, I suppose. It's less than fully-featured, and I plan to add more functionality to it.

Also, I've got this bot, but I'm not sure what I want to do with it. Some ideas that I had:
* Stat Booster vending machine. What with your recent Casbah of Values offering, this isn't as lucrative as it used to be, but it would be a nice proof-of-concept type of application.
* Mall monitor. This would likely be more bandwidth-consuming than one would normally like, but the idea of being able to graph the mall on a minute-by-minute basis is very exciting.
* Bank & Escrow service. This would require some sort of database backend, likely.

From: Xenophobe
To: BoozerBear
Posted: Wed Jun 30, 2004 12:19 pm
Subject: Re: consider yourself PM'd
BoozerBear wrote:
consider yourself PM'd (:

can I see the code?


Sure.

http://131.151.132.61:8080/~jhaskell/public_uploads/bot.txt

A work in progress.