Secure Facility 7: TeH h4x0rs

Okay so the final thing that I built most specifically for SF7 was the interface for funky movie style hacking that occurred in the game, this was basically … a sort of a bodge in a way, it was one of those things that I knew wasn’t going to have to stand up to a lot of traffic, but was going to have to look the part in terms of being a sharp contrast to the corporate smoothness of the rest of the site, and also was going to have to give the players some sort of delay and some sort of challenge to make them work for their information.What I settled on was essentially a series of pages that chained together giving various special effects almost, for those of you playing along at home what you’ll see is:

  1. index.php: This uses a little bit of silly javascript to slowly print out some messages, then pop up a box asking for the user account that the players want to break into, its got a little technobabble and a nod to the cDc.
  2. prepare.php: This is just a little fluff which also gives the player a chance to notice if they’ve typo’d their chosen username, again, the slow display thing to give it a classic h4x0rly look.  It is purportedly faking authentication as that user.
  3. firewall.php: This is a straight up delaying tactic about “breaking through the firewall”, it is in fact just a version of the excellent Hacker-Typer with a custom bit of text with some packet dumps in. One cool thing it does is generates a random number between 8-900 and waits for that many keypresses before bouncing the user to…
  4. decrypting.html: This is the real delaying and challenge tactic, purportedly decrypting the password returned by previous attempts, what it really is is forcing someone to beat a sudoku randomly generated by the generator written by David J. Rager, if a valid solution is entered and checks out then this redirects people too…
  5. solution.php: A very simple PHP script that searches the username in question and pulls their password out of a file, doing a slow display of technobabble to the user before showing USERNAME => PASSWORD in a big green box in the screen.

Now technically there’s nothing stopping someone from hopping right to the end of the process (and also yes I know its an awful plan to have something that can dish out passwords for your website and yes I turned it right back off after the game) but as was made clear on the instruction sheet handed out the purpose of the process was not necessarily to stop someone from getting access, it was to give them a feeling of being challenged for the information they wanted, to feel like they accomplished something, and also to give enough bells and whistles to give them a prop to use for generating roleplaying with other characters, which is how I saw it used in the game when it was up on the big screens, and even when someone (a military statistician) was recruited to help the hacker solve some of the problems (which gave them a bonding over learning a skill and doing the thing! bit of roleplaying).

So yeah, a simple but effective little tool, it got a positive response from the users and I’m quite happy with how it turned out :)

Leave a Reply