We’re getting close to the first Alpha release of The Peacenet (January 2019!). So, gameplay needs to be sorted out. Specifically, hacking. Well, I’ve got a neat idea. It’s called a Rainbow Table.
In computer security, a Rainbow Table is a database of passwords and their hashes. It trades off storage space for CPU time, making password cracking extremely easy. If you’re trying to scrape a database for user credentials, and you know each user’s hash (and it isn’t salted), why bother brute forcing? Instead, just use your Rainbow Table and look up the hash! Way quicker. This concept gave me a very neat idea for Peacenet’s core hacking mechanic.
Growing your own Rainbow Table
As you progress through The Peacenet, you’ll end up growing your own Rainbow Table that you can use during hacking.
As you crack/discover passwords in Peacenet, whether it be through chat logs, brute force, whatnot, the passwords you discover will be hashed and added to your own Rainbow Table. Then, you can use this table as a way to speed up cracking other systems/users and their passwords.
Collecting rainbow tables
When you hack into some systems, you’ll be able to find rainbow tables on their filesystems. They spawn more often on maliciously-used computers since they’re more likely to do this kind of hacking. You can download these rainbow tables and merge them with your own, making yours more effective at scraping passwords.
What does this add to the gameplay?
Rainbow tables add a sense of progression, and a set of collectibles to the game’s world.
They add a sense of progression in the sense that they’re extremely quick at finding passwords, but only if the hashes/passwords you want to search are in the rainbow table. Therefore, it’ll become more of an effective tool as you progress through the game, making hacking easier.
The collectible asset comes from the fact that rainbow tables spawn in NPC computers and can be collected to grow your own. If you can find them, you can increase your password-cracking speed even more.
What can it be used for?
There are many scenarios where you’d use your Rainbow Table.
- You want to scrape a database for credentials - you know the hashes, why not look them up?
- You know a hash of a password, but not the password itself.
- You don’t know the length of the password you want to crack (or it’s too long), so a brute force won’t work.
- You can’t use a buffer overflow attack to scrape a password out of memory, but you DO get a hash.
- You want to be extremely fast. Brute-forcing with a list of known passwords is a lot faster than brute-forcing by trying every single combination of every single character.
But what if the rainbow table doesn’t work?
You’ll need to resort to another password-cracking attack. This attack only works if you already know a hash and you can look it up.
Can I manually add passwords to my Rainbow Table?
Yes. However, the game will add passwords automatically when a successful authentication with a given password is detected. You can also scrape emails and chat logs for words that look like passwords, and they’ll be added.
How do I view/use my rainbow table?
Using it in a hack will be the same as any other attack, which means I can’t tell you yet. Haven’t gotten that programmed/planned yet.
Viewing it as a file is as easy as opening
/etc/rainbow_table.db in Database Viewer. However, this file is NOT directly writable to a player system context, only the game’s backend can write to this file. So
echo "" >> /etc/rainbow_table.db,
rm /etc/rainbow_table.db, etc., won’t work.
This is a very important part of the gameplay in Peacenet, so, a lot of work will be put into it. However it’s not the only part of hacking coming in the alpha, so be on the lookout for more info related to hacking gameplay