Most active commenters
  • db48x(4)
  • trinix912(3)

←back to thread

How a 20 year old bug in GTA San Andreas surfaced in Windows 11 24H2

(cookieplmonster.github.io)
1371 points yett | 22 comments | 23 Apr 25 14:00 UTC | HN request time: 1.434s | source | bottom
1. trinix912 ◴[23 Apr 25 15:27 UTC] No.43773261[source]
Putting the (very valid) reasons for not having human-readable game saves aside, are you sure it's worse than using a 3rd party library that's built to accept semi-valid input values, possibly evaluates user input in some way and has difficult to debug bugs that occur only under certain inputs? I agree that writing a stable and safe parser for a binary data file isn't easy, but there's less things that can go wrong when you can hardcode it to reject any remotely suspicious input. Third party XML/JSON libraries OTOH try to interpret as much as possible, even when the values are bogus. Also no need to deal with different text encoding bugs, line endings...
replies(2): >>43773307 #>>43773413 #
2. hattar ◴[23 Apr 25 15:31 UTC] No.43773307[source]
> Putting the (very valid) reasons for not having human-readable game saves aside,

I don't follow. What would the reasons be?

replies(4): >>43773397 #>>43773436 #>>43773439 #>>43773462 #
3. gsinclair ◴[23 Apr 25 15:40 UTC] No.43773397[source]
A human-readable game save file is presumably human-editable.
replies(3): >>43773604 #>>43773642 #>>43773899 #
4. db48x ◴[23 Apr 25 15:41 UTC] No.43773413[source]
You misunderstood. Game developers should use a _good_ third–party library, not a _bad_ one. At a minimum they should be able to read the source code so that they know it is good. Thus open source libraries should be at the top of the list.

If you don't know what “good” looks like, take a look at [Serde](https://serde.rs/). It’s for Rust, but its features and overall design are something you should attempt to approach no matter what language you’re writing in.

replies(1): >>43773567 #
5. trinix912 ◴[23 Apr 25 15:44 UTC] No.43773436[source]
Mostly to prevent people and programs from editing them, obfuscating implementation details, reducing file sizes (say had they used XML vs. binary)...
6. egypturnash ◴[23 Apr 25 15:44 UTC] No.43773439[source]
Higher barrier to cheating.
replies(2): >>43773498 #>>43775340 #
7. ◴[23 Apr 25 15:45 UTC] No.43773462[source]
8. hattar ◴[23 Apr 25 15:49 UTC] No.43773498{3}[source]
It's a single player game. Cheat codes are built into it by design.
9. vinyl7 ◴[23 Apr 25 15:55 UTC] No.43773567[source]
There are no good third party libraries
replies(1): >>43773702 #
10. kadoban ◴[23 Apr 25 15:58 UTC] No.43773604{3}[source]
Require a hash in the file to match the rest of the file if you want to avoid effortless changes to the file.

(There is no way to prevent changes by a knowledgeable person with time or tools, so that's not a goal)

11. RHSeeger ◴[23 Apr 25 16:03 UTC] No.43773642{3}[source]
Most binary save game files are human editable, too; unless they go through a separate encoding stage.
replies(1): >>43775181 #
12. db48x ◴[23 Apr 25 16:09 UTC] No.43773702{3}[source]
I disagree. Serde is not merely good, it is excellent.

The only C code that I have recently interacted with uses a home–grown JSON “library” that is actually pretty good. In particular it produces good error messages. If it were extracted out into its own project then I would be able to recommend it as a library.

replies(1): >>43773807 #
13. trinix912 ◴[23 Apr 25 16:19 UTC] No.43773807{4}[source]
But how is that C project using a custom made JSON library doing better than Rockstar games doing the same? Because that library has good error messages?

Apart from that, many of us thought that Java serialization was good if just used correctly, that IE's XML parsing capabilities were good if just used correctly, and so on. We were all very wrong. And a 3rd party library would be just some code taken from the web, or some proprietary solution where you'd once again have to trust the vendor.

replies(1): >>43773867 #
14. db48x ◴[23 Apr 25 16:25 UTC] No.43773867{5}[source]
It’s good because they have spent hundreds or thousands of hours polishing and improving it. It’s paid off too, because stable releases never have broken data files any more. Any mistakes that do get made are usually found and fixed before the code is ever committed. Even the experimental branch rarely sees broken data files. It’s more likely to see these error messages when loading save files, because the code to read old save files and convert them for newer versions of the game is the hardest to write and test.

> And a 3rd party library would be just some code taken from the web, or some proprietary solution where you'd once again have to trust the vendor.

Open source exists for a reason, and had already existed for ~15 years by the time this game was begun. 20 years later there are even fewer excuses to be stuck using some crappy code that you bought from a vendor and cannot fix.

replies(1): >>43774449 #
15. mrguyorama ◴[23 Apr 25 16:29 UTC] No.43773899{3}[source]
Before game companies earned all their profit through selling cosmetics and premium currency nobody cared if you cheated at your single player game and nobody SHOULD care if you want to give yourself extra money.

It's only now that single player progress is profitable to sell that video games have taken save game encryption to be default.

It's so stupid.

replies(1): >>43774385 #
16. keyringlight ◴[23 Apr 25 17:17 UTC] No.43774385{4}[source]
The trouble is that if some weirdness happens because of the edit, you've got to handle it even if you say it would be reasonable to assume that it's outside of being supported. Maybe you spend a bit more time defensive coding around what inputs it reads from the file, maybe a certain proportion of users doing the save edit see bugs in an apparently unrelated part of the game and seek support (and their bug report might not be complete with all the details), developers spend time to chase down what went wrong, maybe they bad-mouth it on forums which affects sales - there's going to be some cost to handling all of that.

One of the anecdotes from Titan Quest developed by Iron Lore is that their copy protection had multiple checks, crackers removed the early checks to get the game running but later 'tripwires' as you progress through the game remained and the game appeared to crash. So the game earned a reputation for being buggy for something no normal user would hit running the game as intended.

replies(1): >>43774995 #
17. sumtechguy ◴[23 Apr 25 17:24 UTC] No.43774449{6}[source]
You both are correct.

But also keep in mind in 2004 the legality of many open source projects was not really tested very well in court. Pretty sure that was right around the time one of the bigger linux distros was throwing its weight around and suing people. So you want to ship on PS2 and XBOX and PC and GameCube. Can you use that lib from inside windows? Not really. Can you build/vs buy? Buy means you need the code and probably will have to port it to PS2/GameCube yourself. Can you use that opensource lib? Probably, but legal is still dragging its feet, and you get to port it to PS2. Meanwhile your devs need a library 3 weeks ago and have hacked something together from an older codebase that your company owns and it works and means you can hit your gold master date.

Would you do that now? No. You would grab one of the multitudes of decent libs out there and make sure you are following the terms correctly. Back then? Yeah I can totally see it happening. Open source was semi legally grey/opaque to many corporations. They were scared to death of losing control of their secret sauce code and getting sued.

18. mrguyorama ◴[23 Apr 25 18:13 UTC] No.43774995{5}[source]
>The trouble is that if some weirdness happens because of the edit, you've got to handle it even if you say it would be reasonable to assume that it's outside of being supported.

What? No. What even are you suggesting? Hell, games with OFFICIAL MODDING SUPPORT still require you submit bug reports with no mods running.

Editing game files has always been "you are on your own", even editing standard Unreal config files is something you wont get support for, and they are trivial human readable files with well known standards.

>One of the anecdotes from Titan Quest

Any actual support for this anecdote? Lots of games have anti-piracy features that sneakily cause problems, and even could fire accidentally. None of those games get a reputation for being buggy. Games like Earthbound would make the game super hard and even delete your save game at the very end. Batman games would nerf your gliding ability. Game Dev Tycoon would kill your business due to piracy.

None of these affected the broad reputation of the game. Most of them are pretty good marketing in fact.

replies(1): >>43776548 #
19. hermitdev ◴[23 Apr 25 18:28 UTC] No.43775181{4}[source]
Editting simcity saves was my introduction to hex editing...
replies(1): >>43784537 #
20. RGamma ◴[23 Apr 25 18:42 UTC] No.43775340{3}[source]
HESOYAM
21. dwattttt ◴[23 Apr 25 20:57 UTC] No.43776548{6}[source]
Game Dev Tycoon even later added Pirate Mode to the game, for people who wanted to experience super-hard-mode. Complete with random mail they got telling them why people pirated their game, framed as why people were pirating the game you just made.
22. RHSeeger ◴[24 Apr 25 16:21 UTC] No.43784537{5}[source]
For me, iirc, it was Bard's Tale