Discussion Locating the game files

[nrage]

So, assuming I want to locate the netlog on any given PC what is the best way to go about it?

I know about this FAQ:
https://support.frontier.co.uk/kb/faq.php?id=108

So, I can simply try all those paths. My own installation is not in any of those however, so is the next step to ask the user, or scan all fixed drives, or...?

 

[Otis B.]

It's complicated. This is what I do:
https://github.com/Marginal/EDMarketConnector/blob/master/monitor.py#L287

But this code assumes that the user is playing Horizons, if both Horizons and Season 1 are present. And that they're playing through Steam, if both Steam and non-Steam installations are present. You could get more fancy and compare timestamps if you don't want to make similar assumptions.

 

[nrage]

It's complicated. This is what I do:
https://github.com/Marginal/EDMarketConnector/blob/master/monitor.py#L287

But this code assumes that the user is playing Horizons, if both Horizons and Season 1 are present. And that they're playing through Steam, if both Steam and non-Steam installations are present. You could get more fancy and compare timestamps if you don't want to make similar assumptions.

Some good ideas here, thanks!

I have some very similar code (whipped up last night) but am not using the registry for any specifics .. yet. My installation is in fact in a custom location so I also implemented a depth 2-3 scan of all folders on all fixed drives, starting from C: and stopping if I get any hits. This finds my installation very quickly and does not scan my 4 extra data drives (3x1TB, 1x2TB) which would be pointless.

From what I can make out (I have never used python myself) you build a list of candidates from the following:
- Look in the windows registry for steam, parse the VDF file, find the BaseInstallFolder_
- Look in the windows registry for the frontier installed product and get the InstallLocation
- Include the other default locations

Then you check each candidate for known product name/format folders and those for \Logs and \AppConfig.xml

I don't suppose this handles cases where you're using an alternate steamapps folder? I have an SSD and use C:\Games\Steam for my steamapps folder. Steam itself is installed in C:\Program Files..


While I have your attention.. I noticed that you don't encode some of the information you store.. you know what I mean. You really should

 

[Otis B.]

Yes that's correct.

I don't suppose this handles cases where you're using an alternate steamapps folder? I have an SSD and use C:\Games\Steam for my steamapps folder. Steam itself is installed in C:\Program Files..

The SteamPath registry value gives you both the default Steam library and the location of the config.vdf file. The BaseInstallFolder_ entries (if any) in config.vdf give you the additional Steam libraries.

While I have your attention.. I noticed that you don't encode some of the information you store.. you know what I mean. You really should

I don't see the point. If malware can run under your account or write to your home folder then your screwed anyway. Or if an attacker has physical access to your disk and you haven't encrypted the whole disk you're similarly screwed.

 

[nrage]

I don't see the point. If malware can run under your account or write to your home folder then your screwed anyway. Or if an attacker has physical access to your disk and you haven't encrypted the whole disk you're similarly screwed.

I was talking about registry values, specifically the Elite email and password. An attacker might not necessarily have complete access to the system, or have access for very long. If they manage to obtain a copy of the registry contents, for example, and you've encrypted that information then they've basically got nothing, or a very tough process of decryption ahead of them.

For something like the Elite email and password an attacker is simply not going to bother, and the cost of that protection is ~30 mins of development time.

Users are trusting us, it would be trivial for someone to write an Elite related application and use it to harvest email/password information from your registry keys.

A little encryption will go a long way.

 

[Otis B.]

An attacker might not necessarily have complete access to the system, or have access for very long. If they manage to obtain a copy of the registry contents, for example, and you've encrypted that information then they've basically got nothing, or a very tough process of decryption ahead of them.

Encryption is not magic. It's useless if someone also has access to the software that decrypts the content (in this case the EDMC app). See the DVD encryption fiasco.

What kind of real-world threat are we trying to guard against here? I repeat - if someone has access to your account you're screwed. Pretending that you're not by encrypting sensitive data in a way that's trivially breakable is just theatre.

Here's the Google Chrome's security tech lead's opinion. (And the full thread).

 

[nrage]

Encryption is not magic. It's useless if someone also has access to the software that decrypts the content (in this case the EDMC app). See the DVD encryption fiasco.

It is possible to obtain the registry content without access to EDMC. Access to read the registry is not necessarily the same as access to an executable (which may be installed under another account). Sure, most people use one OS account and if you had that you would have everything. But..

What kind of real-world threat are we trying to guard against here?

Joe Blogs application developer. It would be trivial to write an app which reads your registry keys and emails the login details to a burner email account. Adding some basic encryption will raise the bar to the point where it would take a lot more knowledge/effort to achieve this. There are a few clever things you can do to make the effort required more than most people will bother with, especially for something as trivial as an Elite login.

.. I repeat - if someone has access to your account you're screwed. Pretending that you're not by encrypting sensitive data in a way that's trivially breakable is just theatre.

If someone has access to your OS account you're screwed. But, if your Elite login was encrypted and they were not a professional in the field of encryption/security then your Elite login would likely be safe, at least for a while, giving you the chance to change it.

 

[MagicMau]

If it helps, here's the C# code I use: https://gist.github.com/MagicMau/38ff1db3fc77e58025d1

 

[vernonator]

In Task Manager you can right-click on a running app and select "open file location" this will point you to where the executable lives and the logs dir should be there as well.

 

[nrage]

If it helps, here's the C# code I use: https://gist.github.com/MagicMau/38ff1db3fc77e58025d1

Thanks

 

[nrage]

In Task Manager you can right-click on a running app and select "open file location" this will point you to where the executable lives and the logs dir should be there as well.

Thanks, but I want to do this in code and when the Elite exe isn't running. Checking for a running exe and locating the folder that way isn't a bad idea though.

 

[Otis B.]

Access to read the registry is not necessarily the same as access to an executable (which may be installed under another account).

EDMC stores the credentials in the per-user portion of the registry which is not readable by other accounts.

So our threat is Joe Bloggs who has tricked you into running a malicious app under the same user account that you use to run EDMC.

Either Joe Bloggs is for some reason particularly interested in your E: D credentials (why?) in which case he could look at the EDMC source code or trivially reverse engineer the binary to work out how to decrypt any encryption that it used, or he's interested in whatever he can get in which case he now has a lot more damaging data at his disposal than your E: D credentials (with which he can do practically nothing of interest) and it's time to contact your bank and change all your online account passwords.

 

[nrage]

EDMC stores the credentials in the per-user portion of the registry which is not readable by other accounts.

So our threat is Joe Bloggs who has tricked you into running a malicious app under the same user account that you use to run EDMC.

Ok, sure.

Either Joe Bloggs is for some reason particularly interested in your E: D credentials (why?) in which case he could look at the EDMC source code or trivially reverse engineer the binary to work out how to decrypt any encryption that it used, or he's interested in whatever he can get in which case he now has a lot more damaging data at his disposal than your E: D credentials (with which he can do practically nothing of interest) and it's time to contact your bank and change all your online account passwords.

It is true that there isn't a lot of damage which can be done with E: D credentials, beyond logging into the game and bankrupting it or similar.

Publicly available source code is definitely your biggest problem here as it prevents the use of various techniques which would make decryption that much harder.

Reverse engineering a binary is definitely not "trivial", it's well outside the reach of most developers. Obtaining bank account details via a trojan in an exe is also well outside the reach of most developers.

It comes down to this; Plain text registry keys are something I would expect a rank amateur with google to be able to figure out how to access, and, even very simple encryption would defeat it. You don't have to be 100% safe, nothing is 100% safe, but you can get to moderately safe with very little effort. In addition, whether it's "right" or not people are going to be uneasy about using software which stores their password in plain text.


I suspect we've exhausted this tangent and that I'm not going to change your mind so I'm going to "give up"