If you aren’t going to ever get WC3 Reforged up to a tolerable state, at least give us the non-destroyed version back.
We bought it nearly two decades ago - it shouldn’t be that hard to re-release the client from 2019 and then just leave it alone. Forever.
Keep tinkering with this if you want, but give us back the polished version from old Blizzard we already paid for.
It’s actually not possible to give you that version. Because backdooring a virus into a map is so easy on older versions, you could sue them for even just making the old version available to you. Because all it takes is joining a game on the old version and then the game host has administrator level access to your computer in a way that bypasses any virus protection you have installed.
So maybe just fix this and release?^^
You make it sound so easy… Have you ever used a version control system like git and been told to revert 4 years of changes?
Or maybe you think they’re going to purchase another license of VC++6 or whatever to gain legal permission to compile the old code repo backup again one last time, only to have Windows 10 players complain that it doesnt work right and only allows 4:3 resolution and requires port forwarding in order for them to host a game?
If they could even host games. As there would be no servers to host on.
Where did you even take such rumours from? This has never happened to anyone playing Original before, or those playing it now.
If you are going to try and defend this joke of a remaster, at least provide actual arguments, rather than this.
Hey dude, good job keep fearmongering people for a false sense of safety when in reality nobody ever really tried to exploit this. not denying they could have. but its such a niche method you would think people with real intentions to spread viruses would have 10000000000 better ways to do it.
But sure. keep fearmongering people asking for older versions.
Which exact backdoor are you talking about?
The typecasting exploit or is there something more that happened in these years that I have missed?^^
(The port forwarding and the bot hosts were the standard back then, now, missing the possibility to host on your machine is a lot worse)
Absolutely none of what you just said had any merit whatsoever.
Stop defending crap, with crap.
I am talking about a copy of the DotA map that when you play it on the old game version it finds all Warcraft 3 maps on your hard drive and deletes them. I am talking about when I played a map that opened Windows Command Prompt as administrator with a popup that said, “Exploit successful.” This technology is called the memhack by Warcraft 3 people who use it frequently.
Edit: And the methodologies of achieving this kind of hack in Warcraft 3 have been known for at least 11 years. It had a lot of time to mature.
I have played until 2011, but the official maps, not the random ones. Never had any problem. There is no official report for a CWE (just checked) related to wc3, but I agree people like to mess around. I guess if you have the possibility to delete maps “on your hard drive”, you can potentially do more interesting things.
I have read an article by DrSuperGood talking about buffer overflow in textures.
I have never witnessed what you say, but, are you sure that what you saw was directly linked to the map you were using? Can you provide any direct evidence?
What kind of exploit was successful? I’m not saying you are lying, I’d like to know more about that.
That I’m sure too… as I’m sure Reforged is another security black hole…
Now, back to this wonderful new version of the game:
Don’t want to talk about the current Dota version that is basically more or less left to rot.
This new wonderful way of storing the maps is really ill-conceived, like the rest of the user interface after all.
So, I download maps and I end up with a list of different files showing the exact same name. Impressive…
So now for example I got like 30 different files, let’s say DotaBlaBlaBla_v14c all having a different real file on my hard disk. You may say: well what if 2 people create 2 different custom maps with the same name? Perfect. Now, the sick person who did this interface, could even think that while hosting or connecting to a game I would be glad to know which file am I reading from?
Well, in the end you cannot even know who you are playing with thanks to the player account not matching the game account…
ridiculous…
Anyway, if a security weakness has been carried on for 11 years, I guess it is not a problem to resume a 4 years old git^^
Yes so, the way it went was this:
I downloaded a map that was named i2c.w3x because of the function named I2C. Similar to I2S in the game scripting that converts integer to string, the idea behind I2C is “integer to code”. Essentially converting integers into function pointers. But it’s been shown you could accomplish the same thing even after the 2009 patch cycle killed off most custom maps by removing typecasting, since there are other systems and mechanics that can behave as C unions. So I don’t like to think of it as a typecasting issue because that seems rather naive given that people kept doing it into late 2018.
Anyway, this map contained a gigantic array filled with hexadecimal intstructions that I did not know how to read back at the time. They tried to obscure the code array from the understanding of anyone who looked in the World Editor by importing replacement files for Scripts\Blizzard.j and Scripts\common.j in the Import Manager instead of using the trigger editor. I opened this strange map in the World Editor and pressed test. The game opened and then after the map launched, the Warcraft III game lost Windows focus as the active program and over top of it there was a popup on the screen, and this popup was the new Windows Command Prompt process which was launched as a direct result of the Warcraft III game playing the I2C map. Inside that popup was the text, “Exploit successful.” That is directly what happened. I have never before nor since seen a black command prompt popup with those specific words appear on my computer. It only happened when I downloaded the virus map, which was labelled, “this is a virus map,” and then specifically it only happened when I played that map using an out of date version of the Warcraft III game.
Using the newer version stops it and there is not a command prompt popup on that version.
So it was like obfuscated code + some possible kind of overflow.
The exploit message is funny anyway^^
As for the loss of focus of WC3 window, it happened me twice already with reforged after the previous patch. Just while in game, not clicking anything. Only WC3 and bnet open. Mah…
EDIT
found it in the CVE
there is no other reference to WC3 or jass. Mah… really mah…
Sure. They call it an unspecified vulnerability but I’m saying I literally had the map that contained what they’re talking about, downloaded from some WC3 site years ago. I don’t get what you mean when you say you’ve already had Reforged lose focus as well. It’s like you want to discredit what I’m telling you I experienced by deciding it never happened. You’re certainly allowed to do that, but I think it’s important to be honest with yourself. So it would be more clear to say, “I don’t care if you downloaded a virus map because I don’t trust that anything you say you experienced ever happened.” Just say it to me how it is, no need to beat around the bush.
If you think that Reforged has virus maps, that would be critically important to Blizzard Entertainment. If so, you should post about it in the bug report section immediately.
No no, I’m saying you are right. I believe you.
Just telling that it also happened to me in Reforged to get pushed back to Desktop.
So maybe there are also other problems now.
“Mah” is for blizzard, not for you…
And the “^^” is for someone this stupid to actually write a confirmation message of an attack^^
To clarify what was being mentioned in this thread. Older versions of Warcraft III, specifically those that existed before classic team started working on Reforging it, were prone to arbitrary code execution exploits. One of these was patched a long time ago, around the time hashtable was added, which was so serious that it could literally delete all your data or install whatever malware the hacker wanted. Even after that there were still likely undiscovered ways for hackers to exploit.
Due to the severity of some such exploits I do not think it is morally sound for Blizzard to support a legacy version where these are not fixed. It also makes no sense from a development perspective for them to try maintaining a legacy version and legacy service as all that achieves is to split development effort away from fixing and improving the current version.
If you want to play a legacy version then that can still be done by using the original RoC and TFT CDs to install from and then installing the stand alone patches, which include NO-CD support. However if you do this, do not expect support running such a version.
It’s not but they don’t want to.
Yeah, divide the player base even further, genius…
Currently the player base is being lost.
And it is much more difficult to recover clients than to get new ones.
As if players aren’t already leaving. I can bet that if they returned original game, and original BNET, most of the people would flock to the original.