Posted March 8, 2022 I've updated invader to 0.47. For Invader, this fixes a potentially serious vulnerability, namely with tag referencing files outside of the tags directory. Basically, absolute paths and paths with '..' directory components would allow you to escape the tags directory and cause all sorts of havoc in your filesystem without requiring symlinks. There aren't any known tagsets or cache files exploit this, but these are the details: Basically, this is a vulnerability that nearly every set of tools has, including official toolkits (e.g. Halo Custom Edition's HEK) as well as most community-made toolkits such as the MEK and, of course, Invader (formerly). The severity of the issue varies depending on the use case, ranging from just reading some files it shouldn't to creating and/or deleting files not in the tags directory. For example, with tag extraction, you can exploit this with a hand-crafted tag path in a cache file, resulting in tags being extracted to locations well outside of the tags directory. Something like "C:\mytag" for example could extract to the C: drive on Windows, where "/mytag" may extract to the root directory on a Unix-like operating system. Or, a simple path such as "characters\..\..\cyborg\cyborg" will extract to the "cyborg" folder outside of your tags directory. You do not need to hex edit a cache file to do that second one. Tool seems to happily compile malformed paths with '..' components into cache files, meaning you can technically reference tags outside of the tags directory without any apparent issue, and these tag paths will be included in your cache file with the technically invalid path intact (that is, intact as far as invalid paths go). When resolving a tag path into a file path, Invader will now instead throw an exception error if it detects that a tag path is either an absolute path for the target system (e.g. "C:\Users\Bob" on Windows, "/home/bob" on Linux, "/Users/Bob" on macOS, etc.). It will also throw an exception if the path tries to use '.' or '..' instead of a real directory. In other news, invader-script has a number of fixes. Tag paths are now validated (so if you use a sound that doesn't exist, it will let you know before you go and build the map). Also, path separators are now validated, references are now populated, and the vehicle type can be resolved into a unit type. invader-build and invader-extract also have a few fixes and improvements, too. Also, VT100 colors are now used on Win32 builds just as on Linux builds. This will fix a few error messages being formatted weirdly, and it has also demonstrated some performance improvements. Note that VT100 colors only work on Windows 10 or newer as of an update. Therefore, if you're on Windows 8 or older, you will no longer see any colors in Invader's output. This unfortunately marks the end of full support for Windows 7 and Windows 8(.1), as I can no longer guarantee these tools to work with full or even any functionality moving forward when running on a deprecated operating system. While I definitely wish I could continue supporting Windows 7 as may consider it to be one of Windows's best versions (including myself), unfortunately it is pretty impractical to support it now that it's been out of support for two years and has been explicitly unsupported on newer hardware for over five years, starting with the release of Intel's Kaby Lake in 2016. I also can't test or debug Windows 7 functionality since I don't have a Windows 7 machine, so... yeah. Invader's intention is to take full advantage of modern systems to provide the best possible experience, and that doesn't just include taking advantage of greater hardware resources such as more RAM and CPU cores. This also includes software systems, and dependencies such as Qt do not support Windows 7 on newer versions. And since I'll be upgrading invader-edit-qt and Six Shooter to Qt 6 which only supports Windows 10 or newer on Windows, this means that parts of Invader will cease functioning on older versions of Windows. VT100 colors also now render in Six Shooter: Lastly, I fixed a few issues with invader-script and invader-extract. object_definitions should now work properly in scripts. Sunstriker7, ST34MF0X, Chalwk and 1 other like this Share this post Link to post Share on other sites
Posted March 8, 2022 Wow, I never realized how easy it would be for someone to trojan horse almost any payload they wanted. Kavawuvi likes this Share this post Link to post Share on other sites
Posted March 11, 2022 I've implemented a couple "experimental" features into Invader. You can now explicitly specify tag groups in tag paths in scripts by including the extension, and you can now use "none" as a tag path to indicate no tag. These are features implemented in later versions of the engine (e.g. Halo 3) which I have basically backported to CE. This means the following script now technically works: (global object_definition my_unit "none") (script continuous meme (sleep 60) (objects_delete_by_definition my_unit) (if (= my_unit "none") (set my_unit "vehicles\warthog\mp_warthog.vehicle") (set my_unit "none") ) ) While this will technically work in the stock game due to the simple fact of how cache files work, these features are not supported by any current official tools, nor are they guaranteed to exist in all versions of Invader like this moving forward. Chalwk, Takka, Sunstriker7 and 1 other like this Share this post Link to post Share on other sites
Posted April 1, 2022 As of today, Invader has been renamed to HEK Plus Plus (or HEK++ for short). People have complained that HEK++ (formerly Invader) is not as user friendly as Halo Custom Edition's HEK. So, I'm going to right this wrong and make the following changes in all future builds of HEK++. All error messages will be replaced with register dumps and assertions to source files you don't have access to. Which one will you get? Who knows! If there are any problematic tags that prevent a cache file from building, HEK++ will not print the paths of the problematic tags. Instead, you must use trial and error. This is way more fun! Most of the error checking will be removed in HEK++. This means you can now build maps with tags that would've otherwise been rejected by Invader. Maps that will probably crash the game. If a map crashes the game, it's even more trial and error. Map creation hasn't been this exciting since 2004! HEK++'s argument parsing system has been removed overhauled for most tools, thus you now only have to specify paths for everything. Gone are the days where you make bitmap tags by specifying the type of bitmap you want. Now HEK++ makes DXT1 bitmaps by default, and if you want to change it, you have to open the tag editor! All tools will later be bundled into one executable, HEKPlusPlus.exe. While this does mean you will no longer be able to tab complete, it at least means you will no longer be able to do tab completion. It's a win/win, honestly. As always, thank you for using and supporting HEK++. It's very much appreciated! ST34MF0X and Takka like this Share this post Link to post Share on other sites
Posted April 1, 2022 Finally, a worthy successor to Notepad++ Kavawuvi, Sceny and ST34MF0X like this Oddly, this is familiar to you... as if from an old dream. Share this post Link to post Share on other sites
Posted April 12, 2022 I've updated Invader to 0.49.1. This is mainly bugfixes, but support for the newer definitions of the April 2022 update of the H1AEK has been added, too. Sadly, I had to change Invader's name back. Sorry if you liked HEK++. ST34MF0X, Takka and Sunstriker7 like this Share this post Link to post Share on other sites
Posted April 12, 2022 (edited) I kinda liked HEK++ but I understand why it couldn't stay :'( Edited April 12, 2022 by Sunstriker7 ST34MF0X, Takka and Kavawuvi like this Share this post Link to post Share on other sites