High security risk.. Whats the purpose behind this? class GameAccount
wasfer last edited by wasfer
Found out that It's possible to steal accounts rather easily.. and most urgent is the fact that bot client is running listener for every log in attempt and holds user && pass in plain text string format in variables - Why is it made like that? --- Oh well, quite rushed to write here, Found out theres topic - https://forums.rspeer.org/topic/219/how-does-rspeer-know-my-account-info-to-log-back-in-to-the-game
Perhaps crypting the password inside bot client, so that it would be possible to only call method from script to Log in to account. That atleast makes it tricker for getting password out via script.
Start bot client, log in with your account manually. Hell, the account does not need to be saved even in the Account Manager.
Once logged in start the script you made using snippet below to compile your own script.
Look console output. Crazy.
String account = getAccount().getUsername();
String password = getAccount().getPassword();
Pseudo last edited by Pseudo
Rspeer does store the login data, purely for the use of, you guessed it, logging back in to the game. The information is only ever stored locally, though. And SDN scripts are all monitored and verified before being published, to ensure there isn't any form of abuse in said scripts.
The data is taken directly from the game, which already stores it raw. Playing RS through any bot or third party client always has this "high security risk".
That said, all scripts are checked by us so it's not possible that these functions can be used for malicious purposes.
weeb last edited by
@Spencer do you allow usages of java obfuscation with scripts?
@weeb The SDN obfuscates scripts for you
weeb last edited by
@Spencer that is perfect. Thanks. I will be releasing sometime soon then
Di_k He_d last edited by
I'm pretty sure I spotted something that said retrieve login and password when I was logged in, I thought this was odd.
Every bot client out there has this functionality, just don't run untrusted scripts and you'll be fine. Its no different than you running untrusted applications you download from the internet.
Note: All scripts on the SDN are manually verified, so these are safe