zurC: 2020

Zurc

Reiner Knizia is one of the biggest names in game design around the world. The German game designer is a mathematician and has his name associated to more than 700 games launched in many different countries. I had the honor to talk personally to Knizia in 2011, at DIGRA's conference in Hilversun (Netherlands) and I watched a great keynote about the game designing process in the same event.

On that occasion, I gave Knizia my board game, YN, and had the opportunity to talk a little bit with him (a great achievement for my game designer career).

I follow Knizia in social media and I'm always taking notes about the knowledge on game design he shares on those platforms. In this post, I will reproduce 10 ideas Knizia showed recently on Twitter about playtesting (one of the most fundamental topics in the game designing process). Below, I listed the 10 points. Follow him by clicking here.

Playtesting 1. Those who do not play do not live. Those who do not playtest do not design.

Playtesting 2. Designs always work perfectly in your mind. The first playtest is the (often cruel) moment of truth.

Playtesting 3. Regardless of how much experience you have, you cannot develop a game on the drawing board – only at the playing table.

Playtesting 4. Game design is a classic iterative process of playing and improving – nowadays popularised as "design thinking".

Playtesting 5. When your playtesters do not like your design, (usually) your design is to blame – not your playtesters.

Playtesting 6. I recognise good playtesters by my (frequent) urge to strangle them.

Playtesting 7. For your design to appeal to one group, test with one group. For your design to have broad appeal, test with many groups.

Playtesting 8. You can make (most) designs interesting through your play-talk - but when published, your design needs to speak for itself.

Playtesting 9. Blind playtesting, without you taking part, is as useful as other people going on a rollercoaster and reporting their experience.

Playtesting 10. When you have playtested your design to perfection, let it rest some time, then play again. – Expect to be surprised!

#GoGamers

Zurc

Back in 2018 I wrote about rewriting my hexagonal grid page. I had said "I'm generally not a fan of rewrites that have no end-user benefits". I had started that rewrite because the code was making it hard to make diagram improvements that I wanted to make. As a side effect of the rewrite, I also made some performance improvements.

I've been wanting to make some diagram improvements to my A* page. While looking through the code I realized I was in the same situation as with the hex page. It was hard to make the changes I wanted to make because of the abstractions I had chosen. I decided to rewrite the most problematic abstraction, the Diagram class.

As a side effect of rewriting the Diagram class, I've improved page speed:

Before: speed score 83/100; After: speed score 97/100 — Before and after page load speed

It only took a day to rewrite the Diagram class, but it took 5 weeks to get here. Why?!

I had already been comparing different web frameworks to see which one best fit my style of interactive diagrams. Instead of starting with the A* page, which has a lot of diagrams, I decided I'd experiment with a smaller page, "distance to any". It has only four diagrams.

I generally like Vue, which I had used for the hexagon page rewrite. It has automatic redraw, it works nicely with SVG, it has great documentation, and it has a nice community. However, I wanted to try lit-html too, so I first rewrote the Diagram class in lit-html. It reminded me of all the nice things I had in Vue — automatic redraw, components, documentation, community, html templates. So I also rewrote the Diagram class in Vue. But after the lit-html experience, it made me realize how much of a mismatch Vue is for this project and how many nice things lit-html gave me. It turns out neither one was a great fit for this project.

I decided I should try React, and I also tried Preact+htm. There were pros and cons of each of these but none of them were a great match. None of them made me happy but I eventually decided on Preact+htm. But I was still unhappy, so I put it aside for a week.

When I returned to the project I remembered that there were things avoid implementing because I use SVG. I really like SVG. It's great for shapes and lines and arrows. But there are times I'd like to use sprite art like Kenney's, and it's not a great fit for SVG. It is a great fit for Canvas. So that raised the question: why not Canvas for the pathfinding page?

SVG gives me many things that Canvas does not:

mouseover effects (you get an event for the whole canvas instead of on each individual svg object)
dragging an object around, or other changes (have to redraw everything in canvas of only moving that one thing around)
arrowheads (svg "markers")
drop shadows (svg "filters")
change mouse pointer when pointing at a specific object (using css "cursor")
automatically adjusting for screen density ("hidpi" or "retina")

It's more work to use Canvas. But it'd also let me do more. So I decided to rewrite the Diagram class yet again, using Canvas this time. Even though I had to implement the features that SVG gave me for free, I was pretty happy with the result. The page loads significantly faster, and animations run 2-3 times as fast as before.

I'm finally ready to work on the diagram improvements that I blogged about back in May.

Could I have gone through this process faster? I don't know. Sometimes it just takes time for me to ponder. Sometimes I have to read a lot. Sometimes it takes me writing the wrong code before I can discover the right code. So I don't consider it a complete waste to have read so much and rewritten the page four times. I think part of that was necessary to get to where I wanted to be.

Zurc

Greetings and welcome to my hopefully new feature, interview episodes! First up is Jeff Ronne, who was the programmer for Tron Deadly Discs from M Network. I really enjoyed talking with him and I am grateful to him for his time. He's an interesting guy and also one of the few programmers at that time who programmed games for multiple systems. If you have any comments, you can email them to me at 2600gamebygame@comcast.net, or leave them on the Facebook or Twitter pages. Thanks so much for listening!

Jeff Ronne on Quora
Takeover on Intellivision Lives
Tron Deadly Discs on Intellivision Lives
Tron Deadly Discs episode

Zurc

You know it's real when everyone else is in armor and you're naked.

I've been dying to write this piece. Beknownst to some, while Tywin is my favorite character of all time, I also really like Roose Bolton. I think of him as the Tywin of the North because they're so alike in a lot of ways. In fact, when you dig down a little deeper into the origins of House Bolton, you will find many disturbing and interesting things about them. Mechanically, I think they play very close to their book representation and that means a lot of death and terror. For now, I think Boltons' are the strongest when paired with House Lannister because of a lot of their tactics cards and toolkits synergizes with Lannister control elements.

Let's jump straight into a list that I've been messing with lately. Since I'm going to turn this into a 2-part show, let me start with something that I've had quite a bit of success with. To say it's pretty freaking brutal is an understatement.

I mean, lol, look at this guy.

Faction: House Lannister
Commander: Ramsay Snow – The Bastard of Bolton
Points: 40 (20 Neutral)

Combat Units:
• House Clegane Mountain Men (6)
with Ramsay Snow – The Bastard of Bolton (0)
and Theon Greyjoy – Reek (0)
• House Clegane Mountain Men (6)
with Dreadfort Captain (1)
• Bolton Cutthroats (5)
with Assault Veteran (1)
• The Flayed Men (10)
with Gregor Clegane – Mounted Behemoth (3)

Non-Combat Units:
• Tywin Lannister – The Great Lion (4)
• Lord Varys – The Spider (4)

Made with ASOIAFBuilder.com

Just so you guys know, I absolutely hated Ramsay in the show. I still can't decide who I actually hated more, him or Joffrey, and that's an achievement in itself. To make things short and sweet, Ramsay's a battlefield commander through and through. He likes to get in there and chop people to bits to spread fear directly. When he pops his Order to Flay Them All! after a unit fails a Panic test, another unit within Long Range has to take a Panic test. This is a great mechanic to have in a unit of MM because of the Vicious inflicting a -2 modifier. The affiliation to House Bolton is something we will talk about once we take a look at his Tactics Cards. Before we forget, let's talk about poor Theon who Ramsay brings along with him. Having Theon dragged around with you basically allows Ramsay to auto-panic an opponents' unit every turn, but the downside there is that if you roll a 5+, Theon dies. Boohoo, I guess.

Everything is made for killing.

The biggest weakness to this list is the low activations and deploys, but outwitting the opponent isn't something I'm going after. I'm looking to get in there and murder the enemy in every way possible. When you look at cards like Our Blades are Sharp, you will see that's one of the most damaging tactics cards in the entire game. If you attack a Panicked enemy, your attack gains +1 to hit and +2 dice on the attack. If you're a House Bolton unit, the defender also becomes Vulnerable. This is why I have 2 real House Bolton units in the game and a MM with the House Bolton affiliation. Make no mistake: This one card absolutely sky-rockets your units ability to deal damage. With a plentiful amount of Critical Blows, Vicious, and 3s to hit across the entire army, you will have plenty of chances to inflict maximum hurt on the enemy. Cruel Methods is activation cheating, simple as that. You play this card at the start of the round, regardless of whose turn it is and you get an out-of-turn free attack action. Sure, there are downsides to this card if you don't manage to destroy the enemy unit, but with 3 House Bolton units on the field using max dice and re-rolling misses, you better do some work. An amazing target for this is your Bolton Cutthroats with Assault Veteran. If you pop this on them and that unit is already engaged with something, you will be rolling 10 dice, hitting on 2s with re-rolls, making the Vulnerable, and they have to test Panic with Vicious. If it's going to be your unit activation, you can just cap the Combat zone with Varys and go again if that unit is somehow still alive and your guys are still around. I'm telling you, it's bananas. Lastly, we have Sadistic Games, where at the start of a friendly turn, your opponent has to pick either to have 2 of his units to be Panicked or suffer D3+2 automatic hits. If he understands Ramsay at all, he'll go for the extra hits because at least he has a chance to save them. Having 2 units being Panicked just sets them up to be abused later by Our Blades are Sharp.

Madness. Madness and Stupidity.

Let's talk about the unit selection super quick: Mountain's Men should be pretty straight forward. You have Critical Blows and Vicious who works great with Ramsay's tactics cards. Bolton Cutthroats with Assault Veteran is a match made in heaven, and having a Dreadfort Captain on the MMs help spread Panic whenever the opponent fails their Panic test (which should be often due to Vicious). The giant elephant in the room is the fat-stack of The Mountain + Flayed Men. Let's get one thing straight here: This is 32.5% of your army and in most cases, can be considered a deathstar. Now, I normally don't like to do this kind of thing, but I think Ser G + Flayed Men are one of the strongest units in the entire game by far, especially when you have them in damage amplifying list like this one. For me, the best way to get value out of these guys is to take them in a list that will almost guarantee they make their points back. If you think about in terms of points: A 13-point unit better kill at least 13+ points to break even or be considered a unit well-spent. This is, after all, 2 more units of Mountain's Men or even close to 3 units of Cutthroats or Lannister Guardsman. It's a huge investment and I need people to realize that they do have weaknesses, that you can play around them quite easily, that mission objectives do matter, and there are plenty of tactics cards and combos out there that can stifle their damage or end them entirely. I do not consider them over-performing at all, but they are nasty.

So why did I bring them? Well, for one, Gregor applies free Panic that unlocks Our Blades are Sharp automatically and also automatically deal D3 wounds. The fact that you can play Our Blades are Sharp on this unit is something out of this world, because now, on the charge you have 10 attack dice, hitting on 2s and re-rolling, Critical Blows + Vicious, Panic + Spread Fear, you make the unit Vulnerable, and you deal D3 extra wounds from The Mountain just because you can. If that doesn't roll over many people, it will reduce them to almost combat ineffectiveness status and they will then try to retaliate against a unit with 2+ save. If you wipe them out or start the round with Cruel Methods, you can then Overrun into another unit with a free Charge action to start the chaos all over again. I don't know what to say, this unit with Ramsay is absolutely absurd considering how many extra, free combat rounds you can get from it, all the while spreading Panic tokens around because of Spread Fear and Vicious.

Yes, the unit above is ridiculously strong and I would say almost designed for Ramsay to take advantage of. However, it's hugely expensive and that's why a unit like that doesn't perform well in objective-based game modes. With only 4 combat units, one of which is a 13-point unit from hell, you can't possibly dedicate it to capturing points. What you need to do if you're piloting this list is to use that unit to smash everything in its way to smithereens. However, this will require you to have the right cards in hand which is something you should never build your strategy around. Before I forget, that unit, as mighty as it is, has one giant flaw that needs to be called out: It is hugely weak against anything that can blunt the initial assault. A lot of the damage comes from the Abilities that the unit has attached to it so if you take those abilities *cough, Martial Supremacy, cough*, it's pretty much a declawed cat. You can then trap the unit by engaging it from multiple sides (such as Grey Wind) and apply Greataxes to face.

Finally, I'd like to mention that Tywin as an NCU is still amazing. In fact, I think he has one of the best once-a-game abilities in the game because it completely makes an enemy unit worthless for a round. Funny enough, Tywin is also probably one of the best counters to something like the Gregor Flayed Train of Death.

Zurc

Before I return to the 16thC.

Places everyone!

One Hour Wargame Scenario #5 Bridgehead. Rather oddly, until I reread it, I didn't recognize or remember that this OHW scenario was based on a well worn CS Grant scenario that I played using brigades of 1/72 ACW troops last spring. It was played with companies of 54mm 1870's troops today.

Report and discussion for Saturday morning.

Zurc

Wordpress Hash Cracker.

Installation

git clone https://github.com/MrSqar-Ye/wpCrack.git

Video

Download wpCrack

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.

We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.

See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.

You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:

$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]

In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:

14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true

In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).

More articles

Zurc

The name sounds exciting but really does it jam WiFi networks? Yes, it is able to do the thing which it's name suggests. So today I'm going to show you how to annoy your friend by cutting him/her short of the WiFi service.

Requirements:

A computer/laptop with WiFi capable of monitoring (monitor mode).
A Linux OS (I'm using Arch Linux with BlackArch Repos)
And the most obvious thing wifijammer (If you're having BlackArch then you already have it).

How does it work? You maybe thinking!, it's quite simple it sends the deauth packets from the client to the AP (Access Point) after spoofing its (client's) mac-address which makes AP think that it's the connected client who wants to disconnect and Voila!

Well to jam all WiFi networks in your range its quite easy just type:

sudo wifijammer

but wait a minute this may not be a good idea. You may jam all the networks around you, is it really what you want to do? I don't think so and I guess it's illegal.

We just want to play a prank on our friend isn't it? So we want to attack just his/her AP. To do that just type:

sudo wifijammer -a <<AP-MAC-ADDRESS>>

here -a flag specifies that we want to jam a particular AP and after it we must provide the MAC-ADDRESS of that particular AP that we want to jam.

Now how in the world am I going to know what is the MAC-ADDRESS of my friend's AP without disturbing the other people around me?

It's easy just use the Hackers all time favorite tool airodump-ng. Type in the following commands:

sudo airmon-ng

sudo airodump-ng

airmon-ng will put your device in monitor mode and airodump-ng will list all the wifi networks around you with their BSSID, MAC-ADDRESS, and CHANNELS. Now look for your friend's BSSID and grab his/her MAC-ADDRESS and plug that in the above mentioned command. Wooohooo! now you are jamming just your friend's wifi network.

Maybe that's not what you want, maybe you want to jam all the people on a particular channel well wifijammer can help you even with that just type:

sudo wifijammer -c <<CHANNEL-NUMBER>>

with -c we specify to wifijammer that we only want to deauth clients on a specified channel. Again you can see with airodump-ng who is on which channel.

wifijammer has got many other flags you can check out all flags using this command that you always knew:

sudo wifijammer -h

Hope you enjoyed it, good bye and have fun :)

Continue reading

Zurc

Continue reading

23 de set. de 2020

Ten Ideas From Reiner Knizia About Playtesting

22 de set. de 2020

Reimplementing My Pathfinding Pages

12 de set. de 2020

Interview: Jeff Ronne, Tron Deadly Discs

ASOIAF: 40Pt Boltons With Ramsay

4 de set. de 2020

One More Quick Game

31 de ago. de 2020

wpCrack - Wordpress Hash Cracker

More articles

30 de ago. de 2020

TLS-Attacker V2.2 And The ROBOT Attack

Bleichenbacher's attack from 1998

OK, so what is new in our research?

Release of TLS-Attacker 2.2

WiFiJammer: Amazing Wi-Fi Tool

Requirements:

UserRecon Tool | Find Usernames | OSINT Tool

ZURC - Cultura Pop

Histórico