What's the best way to find what channel a no-mod script uses, scanning the entire range?

[Sara Nova]

I'm well aware that there might not be a good way to do this. I'm simply asking about the best way, however well or poorly it may work. What I currently know:

• There are 2^32 = 4,294,967,296 channels total. Two of them (0 and DEBUG_CHANNEL) are already visible, so I'll need some way of monitoring 4294967294 channels. (All at once would be ideal, but I wouldn't be surprised if that's not feasible.)
• A single script can listen to a maximum of 65 channels at once.
• Hence, listening to all of them simultaneously would require 66,076,419 scripts total.
• Scripts can be copied en masse within an object using llGiveInventory, but they'll be set to not running by default.
• Using Firestorm's bulk recompile feature (not sure whether it's in the official viewer) will also set scripts to running as they're recompiled, but the recompilation itself is an unnecessary step that takes too long. There's no "set all scripts to running" feature, but I could probably add one in a custom-compiled viewer. (Might as well submit it upstream as well.)

What I don't know is how many scripts I can feasibly get running at once, and therefore how many channels I can feasibly scan at once. There's probably some kind of per-prim inventory limit, and I know there's limits for how many prims I can have, single-triangle meshes probably being most efficient. I'm not sure if lag will be an issue, but I can make sure I do it in a sim without anyone else nearby.

And yes, I'm well aware I can ask the person who wrote the script, and they might just tell me. But even if they're okay with me knowing, I might not be able to reach them. And even if they don't want me to know...well, I'm sorry, but if I buy something, I'm going to do what I want with it, to the maximum extent permitted by the Linden ToS. I know some people here may take issue with that, but I'm not looking for a debate, so please try to keep this on topic—thanks.

[Wulfie Reanimator]

• You can copy scripts and have them running without recompiling if you just copy the object they're in.
• Objects can contain up to 10'000 items in their inventory.
  • You'll probably want a lot less than that or you'll be waiting for the inventory to load forever.
• When you put an item into an object that has the same name as something else in the same inventory, they'll get a number appended to their name.
  • eg. Script, Script 1, Script 2...
• You can get the name of the current script with llGetScriptName
• You can get the name of the current object with llGetObjectName

So...

1. Write a script that...
   1. knows the name of the object it's in. (It should be a number only.)
   2. knows what number comes after its name. (This number, combined with the object name is its starting point.)
   3. starts listening on 65 channels from its starting point when touched.
2. Put like 100 copies of that same script into an object, name the object "1".
3. Copy the whole object, name the new copy "2".
4. Repeat until you have enough.
5. Touch all of the objects to make all of the scripts in them listen on their respective channels.

And now you can cover as many channels as you can be bothered to set up. If you did it correctly, you could be listening on 65'000 channels with 10 objects with 100 scripts in each. That means 1000 scripts, so you'll want to make sure you're not doing this in any sim where other people are doing things, as you'll definitely be causing some overheard for the sim.

[Qie Niangao]

3 hours ago, MyAlt4099 said:

• Hence, listening to all of them simultaneously would require 66,076,419 scripts total.

That's a lot of scripts. Sims generally saturate around 6000 scripts, so that's like 10,000 sims worth of scripts, give or take. Maybe a sim can handle way more of these kinds of scripts because they're idle unless something comes in on one of their channels. Or maybe a sim can't handle as many because they'll all be doing the same thing, perhaps sharing some limited resource: can a sim handle tens of thousands of listeners, for example, no matter how they're spread across scripts? Unless somebody's already done it, looks like work to test for that limit where the script listening on the right channel will be reasonably sure of getting the message.

[Lindal Kidd]

Hmmm.

All I will say is,

"There are some things man was not meant to know."

[Sara Nova]

That's actually what I was thinking I'd do, with the auto-incremented number at the end of the duplicated script name. Thanks though!

So it's 10,000 inventory items per prim, huh? I find that kind of interesting! The fact that it's a power of 10 suggests it was chosen intentionally; if it were a technical limitation it would more likely be a power of 2. I wonder if they ever thought anyone would need that many? I guess it's better to err on the more permissive side.

If it causes lag, I'd actually say LL deserves at least some of the blame, for making such a resource-intensive, but easily optimizeable, process necessary. Still not an excuse to lag a sim with people who had nothing to do with it, of course. (A sim full of Lindens on the other hand...😜)

2 hours ago, Lindal Kidd said:

Hmmm.

All I will say is,

"There are some things man was not meant to know."

Good thing I'm not a man then.

[Lucia Nightfire]

There is a cap on the number of scripts a region can have.

There is a cap on the number of scripts an object can have.

There are restrictions that prevent you from copying mass scripted objects that would hit the region cap.

It would take over a month of 24/7 non-stop checks with what you can have out at any one time and then resetting or moving on to another range of listens.

And to listen to what? An applier or something?

Sounds like a major waste of time.

[Sara Nova]

46 minutes ago, Lucia Nightfire said:

There is a cap on the number of scripts a region can have.

There is a cap on the number of scripts an object can have.

There are restrictions that prevent you from copying mass scripted objects that would hit the region cap.

It would take over a month of 24/7 non-stop checks with what you can have out at any one time and then resetting or moving on to another range of listens.

And to listen to what? An applier or something?

Sounds like a major waste of time.

The cap for object scripts is 10,000, right? What's the cap for region scripts?

What are those restrictions specifically?

[Wulfie Reanimator]

59 minutes ago, Lucia Nightfire said:

There is a cap on the number of scripts a region can have.

There is a cap on the number of scripts an object can have.

There are restrictions that prevent you from copying mass scripted objects that would hit the region cap.

It would take over a month of 24/7 non-stop checks with what you can have out at any one time and then resetting or moving on to another range of listens.

And to listen to what? An applier or something?

Sounds like a major waste of time.

Is there an actual cap on the amount of scripts an object/sim can have? A practical limit maybe, but a hard limit? That's not mentioned on the Limits wiki page. (I've also had no trouble with 650 scripts in a single object... besides disconnecting myself while trying to transfer more inventory to the original.)

I did get this error while cleaning up, though.

Whatever the reason and whatever the limitations, most products use either fixed channels (very easy to start guessing) or base the channel on the owner's key. In the latter case, it's pretty easy to narrow down the initial starting point. Often, the channel is based on the first or the last part of the key because they're conveniently sized for a 4-byte hex number. Then the most common things to combine with that are 0x80000000 or 0x7FFFFFFF or some other hand-picked but small number.

It's only going to take months if you don't try to narrow things down before you begin.

Edited February 9, 2020 by Wulfie Reanimator

[Sara Nova]

2 minutes ago, Wulfie Reanimator said:

It's only going to take months if you don't try to narrow things down before you begin.

But what if the creator specifically chose a random 32-bit number cause they don't want people poking around and doing something unintended? What I'm looking for is something that can't be "hidden from" in such a trivial way. If there's something unintended I want to do, that doesn't violate the ToS, then if at all possible I want to be able to do it.

[Wulfie Reanimator]

11 minutes ago, MyAlt4099 said:

But what if the creator specifically chose a random 32-bit number cause they don't want people poking around and doing something unintended? What I'm looking for is something that can't be "hidden from" in such a trivial way. If there's something unintended I want to do, that doesn't violate the ToS, then if at all possible I want to be able to do it.

I've already helped you as much as I'm going to, I'm not that interested in actually accomplishing what you're trying, I'm just interested in the technical theory.

That said, you can't just "choose a random number" because you need to pair the other objects somehow. For example, if you have a product and a control HUD, the HUD can't just llFrand(999999999) and use that, because how is the product going to know which number was chosen? At some point, there must be some kind of static or statically-generated channel between the two, and that's what you want to catch.

Unless you meant the creator themselves picked some arbitrary channel, in which case I should point out that people aren't random. People are actually terrible at picking random numbers even when they try, and this is very well demonstrated by psychological studies and just layman's observation in things like games. Even if someone was to use a random number generator, many will react to the first result with "well that doesn't look random enough" and keep "randomizing" until they find a number they like, which might end up being predicable in some way like a certain range.

Edited February 9, 2020 by Wulfie Reanimator

[Sara Nova]

1 minute ago, Wulfie Reanimator said:

I've already helped you as much as I'm going to, I'm not that interested in actually accomplishing what you're trying, I'm just interested in the technical theory.

That said, you can't just "choose a random number" because you need to pair the other objects somehow. For example, if you have a product and a control HUD, the HUD can't just llFrand(999999999) and use that, because how is the product going to know which number was chosen? At some point, there must be some kind of static or statically-generated channel between the two, and that's what you want to catch.

That's fine; I was just pointing that out. Though I actually meant choosing a random number beforehand, that no one else knows.

https://xkcd.com/221/

[Mollymews]

if the app is secure then knowing that a message was received on a channel, can be of no use, as the next message is received on a different channel. the next message another channel, and so on. No two same channels ever used in a session

this is typically done by encoding a permutation using a feistal network method

for LSL, using just the negative numbers then the possible number of permutations is factorial(2^31) . 2^31 * 2^31-1 * 2^31-2 * 2^32-3 ..

[ItHadToComeToThis]

The cap on scripts is around 10k...I tested it a few years back And around 10k was when it started throwing me an error. Interesting note, if you put 10k scripts in a prim it becomes a difficult object to get rid of. 
 

As for channel scanning. I have a vague memory of working it out based on a 30k channel scanner and how long it took me to setup each listen. I had it down to 7 seconds per setup and 10 seconds per test. Then took the amount of channels there are, divided it by 30k then multiplied it by 17 and then divided by 60 for minutes and again for hours.

i forget the result now and I cba working it out as just finished work but it was a pretty decent amount of time.

[Arduenn Schwartzman]

23 hours ago, MyAlt4099 said:

What's the best way to find what channel [?]

You could break a lot of content in SL with the answer. That's why I always change to another random channel every 'now and then'.

[Lucia Nightfire]

23 hours ago, ItHadToComeToThis said:

The cap on scripts is around 10k...I tested it a few years back

Things were changed.

Things still need more "scrutiny".

[Pussycat Catnap]

It sounds like you're trying to hack applier systems...

There are easier ways to do that, given that the UUID of every texture you see in SL, even if you don't own it - it just needs to be within camera range of your avatar, is public knowledge if you use the official viewer or any other viewer, even one that is no-mod, no-copy, no-trans...

But actually cracking somebody's applier system also sounds like a direct line to getting in trouble with the service...

And if your goal is to crack into some other system - you've even less legitimate reasons... as most other things that would be using hidden channels will be communicating less public knowledge...

 

Edited February 10, 2020 by Pussycat Catnap

[Bree Giffen]

I'll save everyone the trouble. The channel is 2,889,567. You're welcome.

[Paul Hexem]

Generally speaking, most creators will share with you an API if you just ask.

If they don't, they're not worth buying from.

[Sara Nova]

On 2/9/2020 at 5:53 PM, Arduenn Schwartzman said:

You could break a lot of content in SL with the answer. That's why I always change to another random channel every 'now and then'.

I don't doubt that. I like experimenting with stuff.

15 hours ago, Pussycat Catnap said:

It sounds like you're trying to hack applier systems...

I didn't specifically have that in mind, but if I can, then sure, why not?

15 hours ago, Pussycat Catnap said:

But actually cracking somebody's applier system also sounds like a direct line to getting in trouble with the service...

What service? Second Life? Would that be against the ToS?

15 hours ago, Pussycat Catnap said:

And if your goal is to crack into some other system - you've even less legitimate reasons... as most other things that would be using hidden channels will be communicating less public knowledge...

How do you know that? One thing I had in mind was exploiting attachments from the same creator that interact with each other, for the purpose of using them in unintended ways. If it's my own attachment, what's illegitimate about that? I can't think of anything "illegitimate" one could do with their attachments unless they're copybotting them or something. My understanding is that if you're the owner of something, then you're allowed to do anything you want with it that's alllowed by the built-in scripting system—not counting things like spamming which you wouldn't be allowed to do even with your own self-created item. Is my understanding incorrect?

Edited February 11, 2020 by MyAlt4099

[Cinos Field]

Indeed there's nothing wrong with doing what you want with your own items. Purchasing something automatically includes the right to take it apart to whatever degree you wish. (and SL-specifically, though not legally - as long as doing so doesn't violate the "no modify" permission.)

Any potential ethical dilemmas come from how you use the knowledge you've gained, but curiosity itself should never be shamed.

[Wulfie Reanimator]

4 hours ago, Gadget Portal said:

Generally speaking, most creators will share with you an API if you just ask.

If they don't, they're not worth buying from.

To be fair, sometimes the creator doesn't even know the channel and doesn't know how to figure it out, because they're using someone else's scripts.

[Arduenn Schwartzman]

    listen(integer channel,string name,key id,string data){
        key owner=llGetOwner();
        key user=llGetOwnerKey(id);
        if(llListFindList([owner]+gGuests,[user])==-1){
            llRegionSayTo(user,0,"Time for bye-bye.");
            llInstantMessage(owner,"Ban this person: "+(string)user);
        }
    }

On of several checks to determine whether the signal is legit.

[Cinos Field]

2 hours ago, Arduenn Schwartzman said:

    listen(integer channel,string name,key id,string data){
        key owner=llGetOwner();
        key user=llGetOwnerKey(id);
        if(llListFindList([owner]+gGuests,[user])==-1){
            llRegionSayTo(user,0,"Time for bye-bye.");
            llInstantMessage(owner,"Ban this person: "+(string)user);
        }
    }

On of several checks to determine whether the signal is legit.

I can't even think of a situation in which this check would do anything useful, pertaining to this topic, given that realistically the same person would have to own all the relevant objects if they wanted to scan through all eleventy billion channels.

[Sara Nova]

6 hours ago, Cinos Field said:

Indeed there's nothing wrong with doing what you want with your own items. Purchasing something automatically includes the right to take it apart to whatever degree you wish. (and SL-specifically, though not legally - as long as doing so doesn't violate the "no modify" permission.)

Any potential ethical dilemmas come from how you use the knowledge you've gained, but curiosity itself should never be shamed.

What I mean is everything that a ToS-compliant viewer allows me to do with the item, plus everything allowed by the LSL architecture combined with that item's scripts.

Here's an example I thought of that might not be obvious.

Let's say I have an item that I want to apply my own textures to, but the item is no modify. It does come with a HUD to apply textures to it, but by design, it doesn't let me use my own textures, just the ones that came with it. If I were to figure out, through trial and error, how the HUD communicates with the item, and get it to accept my own UUID, then I'm in the clear, right? Even if I need to exploit a bug in the script? In other words, my understanding is that the burden is on the creator to ensure their scripts only do what they intend. Is that correct?

In fact, that gives me an interesting idea. I don't have any plans to do this—not that I'd have any moral issues with doing it—but what if the creator sold other textures for the product using the same applier system, and they enjoyed a monopoly on it because only they know how to get the appliers to work. What if I figured it out, and then started selling my own compatible appliers that compete with the ones the creator put out? To be clear, I don't mean ripping off the creator's textures; I mean making my own textures that are entirely my work. Am I correct in assuming that would be allowed?

[Cinos Field]

6 minutes ago, MyAlt4099 said:

What I mean is everything that a ToS-compliant viewer allows me to do with the item, plus everything allowed by the LSL architecture combined with that item's scripts.

Here's an example I thought of that might not be obvious.

Let's say I have an item that I want to apply my own textures to, but the item is no modify. It does come with a HUD to apply textures to it, but by design, it doesn't let me use my own textures, just the ones that came with it. If I were to figure out, through trial and error, how the HUD communicates with the item, and get it to accept my own UUID, then I'm in the clear, right? Even if I need to exploit a bug in the script? In other words, my understanding is that the burden is on the creator to ensure their scripts only do what they intend. Is that correct?

In fact, that gives me an interesting idea. I don't have any plans to do this—not that I'd have any moral issues with doing it—but what if the creator sold other textures for the product using the same applier system, and they enjoyed a monopoly on it because only they know how to get the appliers to work. What if I figured it out, and then started selling my own compatible appliers that compete with the ones the creator put out? To be clear, I don't mean ripping off the creator's textures; I mean making my own textures that are entirely my work. Am I correct in assuming that would be allowed?

What you described isn't really an exploit, no.

But generally a better option is to just favor buying moddable items. :P It'd save you a lot of time while also supporting better creators.