Aww come on man, that's bordering on slander.. =) But I suppose I could say something to calm your nerves a bit.
This is not a sandbox break. Rather, the problem is with the Windows implementation of 'jar'. Whoever coded this particular version of jar forgot to check for negative paths ("..\..\", etc). That's pretty much all there is to it.
The keyword here is 'implementation'. You could design the strongest, most unbreakable lock in the world, but if the builder forgets to put hinges on the door... well..
For those who have the time to understand this break, you will see that there should be no danger to your system whatsoever. Both the modified Robocode.jar and my Robot are still forced to live entirely within the sandbox, and as such should be prevented from accessing your system by Java itself. The only things that lives outside the sandbox are the windows batch files. These COULD do some nasty things, but if you take the time to look, you will see that they do not.
On the other hand, some people are not as kind as myself. I therefore urge ANY person using JAR for Windows - if only for your own security - to check EACH AND EVERY jar file, BEFORE un-jar'ing, to see that there are no negative paths contained within it. -- Troy
Ummm, I see. Then I'm safe since I'm not using Windows. But don't you think that Robocode itself should check the jar file so that nothing outside the robots own directory gets overwritten? Will your bot beat SandboxDT without the modified Robocode jar? (I still hesitate to try your HackBot out ...). I think it's good that you are exposing this security hole anyway. The lesson it teaches is valuable like few! -- PEZ
Thanks mate.. nice of you to say that. And I think you're right there.. (as in I think it's windows-only). As for robocode checking it: I'd agree with you except that Robocode is very nicely platform independant at the moment. I'd hate to see it messed up with Windows-specific code. What do you think? Anyway, I submitted a bug-report to sun prior to releasing this bot. It's my hope that they will fix it as soon as possible.
To answer your other question: No, it won't beat Sandbox. It won't beat any other of the other serious bots, and for that matter, it probably wouldn't even beat the sample bots. But that was never my intention. I might work on something serious in the future, but it depends on how much time I have. (I don't know how you guys do it!) -- Troy
Would it really be a platform dependent check? Just checking the jar file so that it includes only local files wouldn't hurt on any platform. I wouldn't be surprised if other jar-extractors have the same security glitches. -- PEZ
How would you determine whether a file has a negative path or not? With windows, for example, you would have to check to see whether it contains ".." or whether "\" is the first character. This check would likely be different on other platforms. You do make a good point about other jar-extractors having similar problems.. but we should also be careful.. platform-specific code is like the thin end of a wedge. Once you allow a little in, it's hard to stop the rest following. -- Troy
Very clever. So now that I've gone and made all the robocode files read-only, do you have any plans to write a real bot? --David Alves
By the way, for those people such as PEZ who might like to try this bot but who have reservations (or indeed, an OS other than windows) here is a safer solution:
How exactly did you make this patch for robocode? Doesn't this involve decompiling and reverse-engineering robocode? -- Dummy
Yes it did, as he explains on the HackBot page. This happened once before (though the previous one wasn't as clever), with the "M1" bot. That one exploited a bug in Robocode to create "special weapons". When the bug was fixed, the author distributed a modified version of robocode that would still allow the M1 to do its magic. You can read Mat Nelson's email to the author of the M1 bot here: http://www.solin.net/code/email.txt As for my above question, I wasn't being sarcastic or anything, I'm honestly curious: are you going to write any normal bots now? --David Alves
Having read Mat's e-mail to the M1 creator I have to say this. I don't know how M1 was distributed, but HackBot is covered by all due disclaimers you could ever ask for. It uncovers a serious security shortcoming and has the good with it that it raises the healthy care we must apply when executing other peoples code. How long will it take before someone uses this exploit to install a custom notepad.exe or some such? Someone without the good intentions Troy has. -- PEZ
Thanks for the vote of confidence PEZ. I realise it's often difficult to accept people's word in good faith, particularly on the net.. but it's nice to know there's still some humanity left in us. :-) Well, in any case it's not really in my hands at the moment. I've spoken with the maintainer of the 'Cryptopia' site and he's stated that, although he has not received any complaint thus far from sun or ibm, if he does, he will immediately remove the bot. Thanks for the info David. -- Troy
David, as for writing normal bots: 'KissMyClass?' has a fair bit of good code hidden within it. Movement is 100% complete; all that would need to be done is to remove the 'special' inputs, and replace them with estimations of bullet positions. These would probably be based on when the other bots fire, as well as the estimated direction of fire (one might increase the accuracy of the latter by taking note whenever you're hit, and doing the math). I've no idea how well it would do, but it'd sure be fun to try.
Unfortunately, the major issue for me is not strategy.. it's finding time to work on a robot. Unless I've been grossly misinformed, I can still get neither paid nor laid from this.. :-) -- Troy