Change Lock System with more intelligent one

We know…
Even though Facepunch has done some changes in the game, we honest players are getting pissed of because of lammers using Brute Force method to crack code lock doors.
You guys are trying to fix a broken system with broken ideas.

Really? You guys just thought: “Ok, let’s add damage system, in each new attempt the user take damage”.** OHHHH! COME ON!!! **Be smarter. This is NOT the solution. People will just program a new script to wait a few seconds or even eat to heal it’s own life. THIS IS NOT THE FIX.

Do you want a brillant idea? Ok, take this one as a example:

Make a Access Control Panel in the Lock, the owner select in the list the users able to open the door.
Yes, it’s simple as 1-2-3. Similar to the “give sleeping bag to a friend”, but an actual control panel with “Non-Authorized Users” section and “Authorized Users”.

Do the owner/authorized users wanna remove someone from being able to access the door? Open the Access Control Panel and REMOVE THE USER NAME.
Now tell me: How a macro/autohotkey - ahk will be able to crack a non-password door with script? It’s not possible. And this my friend is the easiest and smartest solution for this scenario.

In the last 2 days I got all my items robbed 4 times. This is not cool. This game should be balanced, everyone has the opportunity to improve their own houses, it’s totally unfair a fu**ing 10 years old kid crack your password door and take everything inside of it with no efforts.

CAN YOU PLEASE FIX THIS?
Thanks.

EXAMPLE (I have just found this image searching on Google. Ignore emails and so on. Just picture what the system could be, adapting to our reality).

https://blogdotsuitabletechdotcom.files.wordpress.com/2014/09/5-3-choose-users-form.jpg

The simple fix for this problem is for you to make a bigger base, with honey combing, airlock and lots of doors you have to go through, throughout your base. Then ensure that all or atleast by building story level those code locks have different codes thus rendering bruteforcing non-profitable. Definitely make sure the airlock code locks have different codes then make different sections and your main loot/storage room a different code as well. Problem solved. If need be, when your friends come on and they need the code just write it down, make a system of doors that have different codes and have it on a piece of paper next to you.
Hope this helped.

Dude, this is not a solution.
Do you know how OCR work?
They take print screen from the section you click and analyse the number.

If they just mixed the numbers, crackers would make a comparative system to know each button before you even click them.

Password locks are easily crackable. Any of them.
Make a Security System based on authorization is the best alternative here.

Also, for many doors, Facepunch add a button to “Add Previously Users” to auto add all users from others doors you have already authorized. Maybe even a Pre-set to add friends list, like:

Friend List 1: Mike, Adam and Crusader…
Friend List 2: Bob, Mike, Jack…

So even if the user be off, if the users have already set one time, he could add to Friend List to later time add with one click only.
Let’s suppose I always play with Bob, so in this door I add him. He is online and can join my house.
Now let’s suppose I add a new door or even the server get wiped or I move to another server, there should be a section to add previously users so I could add even Bob although he is not online in that time.
So you don’t have to be online next time to authorize him.

The safest and easiest method as I’ve already said before.

Well, folks, nothing to see here. Diegoweb has already figured it all out. Move along.

Why to be sarcastic? Don’t you want to have this issue fixed?

Even though this is not a good solution.

Wait a few days until these people think in a better solution to crack password.
They will add even medkits to heal health and keep trying.
In custom servers for example with instant craft, this case can be even worse.

I think the idea of a user authenticated listed is good, ideally shared across all your locks for ease of use. I wonder if this could be done as a mod, i cant see the lock system getting changed anytime soon to be honest.

You can’t really get rid of the idea that people want to keep guessing over and over. Nothing wrong with that, really. People do that often in real life, too.
As long as the devs make sure that you can’t exploit this by spamming guesses at a really high rate or something like that, then i’d be fine with the way it is now.

You are given the bread, the basics of what you need to survive. It’s up to you to make as best use of them as possible. The game shouldn’t spoonfeed you easy solutions.
Obviously there is still room for improvement, but simplifying things is not the way to go. You’ll need your wits, if you want to survive.

But that’s just my opinion on the matter.

In real life you can’t script that easy to crack a password.
Can you go to a bank and easily crack a password account? No you can’t.

For virtual stuff we need to get ride of anything that can be exploitable.
Even a captcha would work, but this is impracticable because this would take a lot of resources and with good programming skills this would be bypassed.

The better system is the safest one with simple solution.
We know that easy passwords on internet are easily crackable, this would not be different in a game.

Sure. Like I said, there’s still room for improvement.

I don’t think anyone would make their own program just to be able to crack the door passwords. Doing this is much, much harder than you’d think, and I don’t think anyone would waste their time on this. Pretty sure you’d need access to the server too. And if someone manages to get that far, then your idea of using a name list won’t be safe either.

As for the keylogger you mentioned, that means that you would need the virus/keylogger on your own PC. If that happens, your rust keycodes should be the least of your worries!

And for vital things, why not use something else instead of keycodes? I know locks are currently the only alternative for door protection, but it’s still there. There’s also some other things you could do

I just told Keylogger in order to tell you how a program work to “understand” the clicks.

There are many softwares to compare images. The programmer could take a screenshot, rezise it to minimum keyboard scale and then slice each button. Now he has each button separed, and can compare to its own database to see if the button 5 is 5 or 9. Got it?

Thanks! :wink:

The point is they still probably want to have it possible to gain access to someone’s door through either luck, guessing or some finding out the code some other way. Doing this isn’t an exploit, it’s a legit gameplay mechanic that can lead to some interesting situations and it’d be sad to patch it up. The ‘cant do it in real life’ argument doesn’t fly here as well because the game isn’t aiming to be hyper realistic

The shock damage increase makes it much less viable even to use medkits which many people were doing already and again is a legit tactic, but more importantly it makes automating the process much harder.

The most important part of the update was fixing various holes that allowed people to get around the requirement to manually input codes in the UI as well as avoid the damage caused, which is what allowed the whole flooding the door with thousands of requests in the space of a few minutes.

Also the point Onii was posting is that it is silly to go as far as trying to protect door codes even from people infected with spyware or keyloggers or something else. Hell, if someone was able to get software into your PC, they could probably just pick out the individual packets sent containing the unlock request.

Probably I shouldn’t have said Keyloggers because now you guys are still pressing the same key.
I just mentioned keyloggers because in the past Ardamax could take screenshots when the user click in some place.

I just wanted to say that it’s possible for a programmer get a pre-programmed script to take a screenshot, resize it to the desired scale and then slice the buttons, just like Slice Tool in Fireworks.
With that, the programmer set a folder called buttons and named:
1.gif
2.gif
[…]

And then compare the actual screen with the gif he already has, so after comparing the software could return if true or false for each button. This is easily achived with some common script available on internet.
[EDITED-> Now I remember the correct name, it’s not keylogger, it’s OCR - Optical Character Recognition, so the script could understand if it’s written 3 or 5 in the button, or maybe use comparative system like mentioned above]

I’m just saying that: Pin Password are insecure and can open backdoors for other malicious users.
Even though facepunch has figured out a way to “protect” agaisn’t bruteforce for now, we just can’t say this will be secure for ever. Maybe in a few months a new cheater will be available with a new bypass for this dmg system. Maybe godmode? Maybe null the dmg value? Maybe fake password try in order to the game do not activate dmg system?
There are many things that can happen in a few days.

I was just considering that maybe Facepunch could add a improved system to prevent ANY malicious user to be able to get authority to someone’s door.

Yesterday for example I lost all my items, my house and even the cupboard. Some random guy took advantage of this exploit and spoiled my house, making a new room for cupboard and closing it with walls. Now I just can’t fix that.

I’m not saying that my idea is “exploit-safe”. I’m saying there is a better way to prevent this and code-lock should be banned or maybe used as a alternative to the Door Key. Maybe add a new security system, more expensive? Who knows?

Like I’ve said earlier. If there was a way to get rid of this being exploited, and I wouldn’t really know what would be a good idea, then there wouldn’t be an issue with pin locks.
Stuff like nulling damage value are impossible, provided things related to damage are done on the server. But lets not go into an endless discussion of what’s and how’s.

You’re saying someone took advantage of an exploit. I don’t really want to be that guy, but are you sure he used an exploit? Giving an example, I’ve had quite a few times where I just guessed the pin code. As a result, I get called of a cheater (apparently it’s impossible to guess a code).
The reason I’m disagreeing with your specific suggestion is, like i’ve said before, that it would make security too easy.

For example, you could make two doors behind each other. Secure the outer one with a pin lock, and the one on the inside with a door key. Even if someone manages to get in through an exploit or sheer luck, they would still need a key to get through the second door.

That’s something I like about this game. There’s no fool-proof ways, at least not yet. You’ll have to use your brain to think of a proper solution for the issues at hand. You’ve said it yourself. Someone’s gone through your pin code multiple times, why don’t you think of another solution?

Also, pretty sure OCR is used to get text out of images. Not for what you are describing.

But you are saying that the breach should be fixed by the user and not by the dev team?
I mean, you’re just doing the traditional marketing from car manufacturers.
They make a car with a security breach and then come in public and say it’s users fault because they should install an alarm system, even though their product come with one already installed?

Sorry but that doesn’t make sense.
If the dev team can work and provide a better solution, the user who spend money in the game to enjoy the gameplay should not worry about “ways” to fix a common breach that dev team are already know.

I’m not saying the exploit should be fixed by the user. That’d be a pretty stupid thing to suggest.
I’m just saying that if your original plan keeps failing, why not try something else? Who knows, it might at least keep you safe from people using the exploit until the dev team has released a fix for it.

That’s the name of the game. Literally, let’s change it from Rust to this whole quote.

Too many games go down this path.
I think the fix was reasonable. The new animation is cute too (;

[editline]12th February 2016[/editline]

The idea is charming OP Really but rather than updating the code lock I would rather see a third lock be added. Cost HQM/Targeting computer/Camera.

Nonsense. Keylocks are fine and how many neighbours do you have IRL that utilize biometric authentication on their home security… so why should it be suitable for the world of Rust.
Besides… there are always the not bruteforcable Keylocks, but I bet you think that’s even less secure even though that is the real life default.

The real problem is that the lockscript gets bypassed and that there is no dmg and no delay, and not with autohotkey either, I think easy anticheat wont even allow you to start it.

The solution is thus to prevent this bypassing, instead of finding a different kind of lock. And even if you wanted to add more security, then adding a number or two would already be a great boost, or adding a bigger delay between attempts, or a much longer master password that is required after a few wrong codes (although the latter could result in some serious griefing if not implemented wisely:P)

Right…
Even Valve, a big company, can’t ban all cheaters you think a smaller company like Facepunch will do?

Ok ok…