Wolfmame feature req. - custom encryption key entry

Martoon · Post by **Martoon** » Tue Dec 13, 2005 10:21 am

Just a feature that I think would be nice. Before you record your input, you could enter a key (a plain ASCII string). This would be used as an encryption key in the recording (on top of the usual super-secret Wolfmame encryption). When the recording is played back, the encryption key used would be displayed.

This key could act as a signature. If a particular user always used the same key (for example, their MARP user name), when playing back a recording, you'd know for sure it had been recorded by them.

Also, when a tournament or contest is held, the administrator could publish a specific key when the tournament starts. Everyone would have to use that particular key (or maybe that key + their user name). This would prevent anyone from submitting recordings they had done before the tourney started (before they knew the tournament key).

Of course, entering a key would be entirely optional. You could still record with no key like you do now.

Anyway, just a thought.

Chad · Post by **Chad** » Tue Dec 13, 2005 1:21 pm

this is a good idea but it's not as secure as you think. You can make a recording now and then re-record the pre done INP with the key after the tourney starts if you had the wolfmame source. The only method for securing the tournament games is not knowing the games before the tourney (or bonus game) starts.

The signature (public-private) key would be is beneficial for proving identity and identiy alone if you had a strong enough key. Unfortunatley, Proving identity is the least of our concerns. If you upload as you at marp, that's a pretty reasonable identity proof (as long as you've uploaded before the inp thief does.) There's probably been only one instance i can recall where someone's used another persons recording, and even that's hard to remember.

I really don't want to dis any ideas about security because there's definitley a problem there and we need all the ideas possible to make mame more secure; but so far there just isn't a perfect way yet. (Or we mighta done it already :)

Martoon · Post by **Martoon** » Tue Dec 13, 2005 2:24 pm

Chad wrote:this is a good idea but it's not as secure as you think. You can make a recording now and then re-record the pre done INP with the key after the tourney starts if you had the wolfmame source. The only method for securing the tournament games is not knowing the games before the tourney (or bonus game) starts.

I thought that was the whole point with Wolfmame - the source (or at least the timestamp/encryption part) isn't available, is it?

The signature (public-private) key would be is beneficial for proving identity and identiy alone if you had a strong enough key. Unfortunatley, Proving identity is the least of our concerns. If you upload as you at marp, that's a pretty reasonable identity proof (as long as you've uploaded before the inp thief does.) There's probably been only one instance i can recall where someone's used another persons recording, and even that's hard to remember.

Actually, I wasn't even thinking of a private key, just a public signature. This wouldn't stop someone from making a recording and signing it as someone else, but I can't really think of why anyone would want to do that. But it would stop someone from taking an existing recording (with someone else's signature, or no signature), and adding their own signature (assuming that can't crack the encryption, or hack the Wolfmame source).

In any case, I think it would be a nice way to sign recordings and say, "Yes, I really did make this recording." I'm also thinking outside of just MARP here.

Chad · Post by **Chad** » Tue Dec 13, 2005 4:50 pm

You're right it would be beneficial to have a signature in wolfmame. and wolfmame is close to the securest thing we can do (having the open source requirement in there doesn't help). Though there's another con against the signature: there's not a whole lot of room in the mame header. So we'd have to change the design of the inp, making any new wolfmame recordings that have signatures incompatible with any other wolfmame before it; which happens anyway with mame changing the signatures and you really should have the same wolfmame.exe for playback for each inp that you record that wolfmame version from. It would be up to barry, wolfmame's author.

Sorry to be a devil's advocate... I'm really hunting for a perfect security mame strategy where you can truly garuantee someone played the game from start to finish with out any form of cheating. Wolfmame does encode speeds and has other tricks to disuade this, but it's still possible if you were devious enough and had the source which we must provide. The only possible way to secure this is to have a mame server, where the mame program is run on a trusted site the client player is on another site and the games must have timed random seeds so the server can choose the seed not the player's mame code. This is not even possible with mamenet i think, plus all the headaches that go along with networking games.

Martoon · Post by **Martoon** » Tue Dec 13, 2005 5:33 pm

Chad wrote:You're right it would be beneficial to have a signature in wolfmame. and wolfmame is close to the securest thing we can do (having the open source requirement in there doesn't help). Though there's another con against the signature: there's not a whole lot of room in the mame header. So we'd have to change the design of the inp, making any new wolfmame recordings that have signatures incompatible with any other wolfmame before it; which happens anyway with mame changing the signatures and you really should have the same wolfmame.exe for playback for each inp that you record that wolfmame version from. It would be up to barry, wolfmame's author.

Yes, putting the signature stuff in there would definitely make new recordings incompatible with old wolfmame versions. Even if the signature could fit in the header, the whole point would be to use the signature string as part of the hash for the encryption of the entire file, so it definitely couldn't play back in a wolfmame version that didn't know about custom signature encryption.

Sorry to be a devil's advocate...

No apology necessary. Every point you've made is very reasonable, and the reason I put the idea out on a public forum is so it could be discussed and edified.

I'm really hunting for a perfect security mame strategy where you can truly garuantee someone played the game from start to finish with out any form of cheating. Wolfmame does encode speeds and has other tricks to disuade this, but it's still possible if you were devious enough and had the source which we must provide.

So the full source for wolfmame (including all of the encryption/timestamp stuff) is public? I didn't realize that. I know there's some restrictions due to the mame license, but I had the understanding that wolfmame circumvented some of that via some dll hijinks or something.

Chad · Post by **Chad** » Tue Dec 13, 2005 5:47 pm

well in the pre woflmame days, we (barry) tried to make some of it private; then some "outsider" people got mad and hacked the assembly code and posted the source publically anyway :) so now it's pretty much open on the site where you can download wolfmame.

Martoon · Post by **Martoon** » Tue Dec 13, 2005 5:53 pm

Chad wrote:well in the pre woflmame days, we (barry) tried to make some of it private; then some "outsider" people got mad and hacked the assembly code and posted the source publically anyway so now it's pretty much open on the site where you can download wolfmame.

Sorry to hear that.

I'm a big proponent of opensource (I use it and contribute to it extensively on the job), but for certain things like this, there's good reason for parts of it to be private. Oh well.