NETPANZER 0.8.7 - 'The Revenant'
Yep, we are restarting netpanzer development after a hyatus of 3 years.
The last dev team dissolved long time ago, even before the old BerliOS repository closed. We tried to save what we could. Lohengrin (Guido Ueffing) took care of the web domains and all the server side stuff. The game had already been afflicted by severe bugs and vulnerabilities which, for some reason, at the time it seemed impossible to fix. Latest release dates back to early 2012 and - at the time of writing these notes - it is the binary we're still using.
Well, I just couldn't stand seeing netpanzer slowly die - Eric and Gilmar from Brasil couldn't accept this either and started summoning the old BR players who have always been the main community around the game. Somewhat they showed me the way, it was time to react!
Though I am not a programmer, I started to read the source code and learn the basics of the black art of compiling. Like Young Frankenstein I finally realized that, yes, 'it could work!', but please be mild with me and my poor coding skills. My hope is that some new (or old) friend will join us and help us in this task.
I am very grateful to krom (Aaron Perez), the last developer, for leaving so many notes, scripts and tools which made possible to reboot the whole thing.
Technically speaking this is a fork from old (BerliOS) svn1341 - that is netpanzer-0.8.5-test-1.exe binary.
The main goal was to fix the security holes, some long known bug and in general everything than wasn't working, so to have a solid base on which starting to build the cool stuff.
Not being able to write extensive code, what I did are mainly 'tweaks' and patches. I decided to fork from the current binary source (actually the last dev team went a bit further but that effort never produced a working version - some of those ideas are still valid though), so to make testing the changes easier - by maintaining the compatibility.
The main problems were due to the chat interface - and its being active very early in the connection process - which could be easily exploited by sending specific opcodes, longer chat strings or brute-forcing. Crashing the gameserver without leaving any trace was a piece of cake. An issue that the introduction of Lua commands only made easier to exploit but that probably was there since the beginning.
Another big issue was due to a tipical NetPanzer problem, the poor separation of server and client in the code and their sharing (dangerously) the same classes and functions. It appears, in fact that the hijacking of scores, nicks and tanks (messing up the player IDs table) that so much trouble caused to NetPanzer community years ago and nearly killed this game was just a data packet that normally the server sends to the client to sync the players status. Unfortunately if it was the gameserver to receive that very packet (sent maliciously by a connected client) it then reacted 'as a client' updating its 'status' and giving the chance to an attacker to mess up things and take control of the game! I must thank Lucas V. for pointing me in the right direction.
So probably the situation is not as bad as it once appeared to be.
It's not necessary IMHO a big code refactoring. A wabi-sabi approach (perfection in imperfection), applying some chirurgical fixes and writing new code only when really necessary could allow this game to last a few more years - adding new funny features...
The perfect job for an absolute beginner! :D
Uh why netpanzer 0.8.7? Well I thought it should have been '0.8.5 Final' (which was never released), while Lohengrin explained me (quoting the manuals) that it had to be named '0.8.9'. A guy I knew always said that 'the truth is in the middle' (I guess he was a sexual maniac! :D), so here it is the 0.8.7!
Starting from now, each new release will have its codename. As for this one, it could only have been 'The Revenant'.
I dedicate it to all those who, in the years, have loved this little game (developers, players, supporters). I can't name everybody, you guys know who you are.
Perhaps we are few and scattered around the globe, but it's not a problem. We're doing it for the lulz!
April, 8, 2016 - Somewhere on the Interwebs
Fulvio Testi aka 'fu'
The following is a list of the main FIXES/NEW FEATURES in this Release:
- Ally chat bug fixed. The new key to open it is now 't', instead of CTRL+a - press enter to send msg etc. just like the normal chat.
- Crash of dedicated server on restart (generally after 3rd round) fixed.
- Nicknames are now cropped at 24 chars (no more long ugly nicks)
- Fixed server crash on receiving long chat strings (this was a serious vunerability easy to exploit in lua).
- Fixed game (score,nicks,tanks control) hijacking by sending packets normally not destined to gameserver (there might be other similar issues regarding netpackets - but at least we now know where to look).
- I noticed a TCP Nodelay issue in Windows systems newer than XP (not tested much, but I read that tcp nodelay must be set in an earlier stage in recent Win - not an issue in Posix systems), so I added an ifdef in the source targeting Win32 to make that call before in the socket initialization process.
- Several Anti-Spam controls:
- chat messages rate limited - abusers get brutally disconnected hehe.
- high rate ally requests messages limited - abuser gets disconnected.
- anti cheat (autoclick) - players with excessive click rate are kicked and a message appears on server. Can be tuned in server.cfg (values from 1 [strict] to 5 [very permissive], default is 3 - note: a very bad connection, and usually a wireless one, may cause to be wrongly identified as 'cheaters', though this appears to be not frequent).
- no easy frags - players with a score (points) less than -25 get kicked (value can be set in server.cfg [from -15 to -100]), a warning appears in chat to remind this rule.
- A remix of visuals and starting panels graphics (finally coordinated with the main website).
- Added tips for newbies in JoinView (random on each restart).
- The welcome msg in dedicated server is now repeated every 10 mins - can be used as reminder...
- A set of ASCII Art messages have been added in usercommands.lua - usage '/say war' (you can add your own) - max 7 lines or servers disconnect you!
- Partially reactivated bots (they just connect, get an ugly gray flag and sit there LOL).
- Temporarily disabled unit powerups as they never worked (only unit self-destruct is still active) and replaced by bonus units and radar powerups - I'd like to make a major rewrite of bonuses in next release to make the unit powerups actually work and add new ones.
And this is a basic Roadmap (todo list):
- Adding the alternative unit skins made by Nessie long time ago (possibly with some new features about units: making possible for single tanks to get different profile values, activated by special powerups or map areas etc).
- Still about units... what about adding fuel or ammonition? Or the chance to drop mines hehe.
- A better interaction of binary with main website, like automatic downloads, news updates etc.
- And finally, the mother of all features: the long awaited in-game authentication.
- And any wild idea or input we can get from players - provided it's funny and possible to realize.