 Good afternoon, everybody. Are you enjoying SHA 2017? Oh, I made me scared a little bit. Welcome to PA, to off-grid disclosing your zero days in a video game mod. Games, tools, hacking. I want to do good mornings, get any better. So welcome and give a warm applause to Rich Metzen and Harry Rose. H. Well, the talk disclosing your zero days in a video game mod might need a little explanation because there's quite a lot pumped into that title. So let's get started with that. If the slides will move. Just hit that. Yeah. Like that. Great. So disclosing our days in a video game, eh? Well, I think it's worth bearing in mind that the earliest video game was essentially a hack. The 1962 repurposing of a ballistic missile trajectory testing program at MIT to make the game Tennis for Two. I'd put money on the fact that half of you got into hacking through the video games vector, most likely modding the games you played as a child. Playing computers have gone hand in hand since their inception. Most people's first experience of code was reading type in code magazines and realizing that the files on your Commodore or Spectrum games could be edited to change the game. Several computer hobbyist magazines were full of examples of code you could input and repurpose, often spending hours typing in and squashing bugs in basic, or even be occasionally printed by the lazy writers assembly and machine code games. So whether through shareware and the reversing of Doom, so players could make their own maps in the 90s, or the use of Half-Life 2 as a modding platform for completely new games that we all know and love, like Portal being the biggest example of a game that started in the Source engine and was acquired by Valve and turned into a full standalone game. So we get the bit about hacking and games, that makes sense, but what about the off-grid thing? Well, off-grid is a video game we've been developing about data privacy and hacking. It's basically a stealth game where data is your most powerful weapon. It actually manipulates the AI characters by collecting their data and engineering their personalities. You hack and bastardize IoT devices around their environments to trick or trap them or further escalate your network privileges. So without further ado, I'll throw up a live demo because it seems like that's the easiest way of showing you all what the game looks and feels like. Fingers crossed, all goes absolutely fine. So this should have some audio, maybe not. Cool. Oh, we briefly had audio. So I'm just going to cheat and skip across to a new level here. Show you a bit further into the game. This is a little animatic intro setup. Should be some sound here as well. But basically this will be fully playable when the game gets to release next summer. For the time being, when you see behind the character, that's a bit that's playable. So you're delivering breakfast over to your daughter. She gives you a present because it's your birthday. Turns out it's a set of Google Glass-style AR glasses. But these ones are open source because Jen's a bit of a hacker and knows how to tool her data. He's a complete technophobe though. So essentially he pulls out his phone and doesn't know how to connect anything. So she says, no, here you press this button and the apps come up. And she goes in for the hug. Happy birthday, Dad. But then smash. She gets taken away and he gets told, stay back, sir. Essentially he gets given a national security letter that says, your daughter's in processing will be in touch in 90 days. Don't call us, we'll call you. So anyway, that's the basic setup for who you are in the game. I'll skip this over. While he's passed out on the floor here, some of Jen's compadres have all been raided simultaneously. They give him a phone call saying basically everyone's been bundled up and like Jen has except for one of them. And he's on the run. He's a hacker who's going to teach you, the dad who's a technophobe, from absolute scratch how to hack into the devices around the buildings and hopefully find information about what's going on. So we're getting just some sound. So here we have these little crypto chat conversations that you have and you get taught by this hacker how to manipulate data and networks using kind of like a wire shark, AR visualization, sort of a packet sniffer, but for your glasses. You have an array of apps that they'll take you through how to use. Spectrum, data delete, debugging tools. You've got a light monitor set on your glasses, all these kind of little apps and you've got them down the bottom here. You can use them to scan and save data and do all kinds of varying things. So here we'll just delete a couple of data points. Oh, that one's protected. So yeah, I'll skip over back to the presentation and we can come back to the demo of some of the mechanics. So the gameplay logic in Off-Grid all runs on Lua under the hood. All the computers that you hack, whether they're desktop PCs or IoT devices dotted around the buildings, they're technically their own Lua virtual machines. They essentially run as many computers in the game. They can input and output data. They store data and inventories from character and NPC interactions. And so the gameplay kind of revolves around hacking as many devices as possible and acquiring as much data as you can to profile the NPCs. This allows modders and hackers to create their own Lua hackable devices, hacking tools and data types as well as levels and character personalities. This will allow anyone to model real life or cutting edge hacks to whatever level of detail they're interested in. So next time you find a bleeding edge exploit, why write a white paper when you could model it in a mod and pass it on to people to play? So a little bit on where Off-Grid's sort of thinking came from. We always wanted to make something that even though satirical had a dose of realism and felt like a very near future dystopian tomorrow, a kind of imagination of if SOPA had gone through and continued on with a generous helping of dark, ironic British humor. We actually thought back in 2013 when we started making prototypes of the game that one of the villains could be an all-powerful Theresa May-like figure dedicated to safety. Little did we know that we'd actually predict the future of British politics. Consistently along the way, we've held off being two out there with the fiction in the game. And again, back in 2013, it didn't seem like a world where all of the devices in a building would be IoT and connected, would be something that people would feel was realistic and maybe was too futuristic. Unfortunately, we've then throughout development gone on to implement our then more far-fetched ideas as they've unfolded in real life. We've had to make the networks and surveillance tools more pervasive, having previously felt people would think our implementation was too over the top. So unfortunately for the real world and sadly fortunate for our game design, the last three years have seen an incredible public affirmation of some of the Orwellian fears that most of you folks in here will have been shaking your heads at for quite some time. To add to this, development of the sorts of products that manufacturers think should be connected to the internet has been like something straight out of Terry Gilliam's Brazil. That is to say, underwhelmingly implemented technology prevalent everywhere, toasters that pour coffee on your breakfast, air-conditioning vents that stop you leaving your house. In 2013, we really did think that that was going to be over the top, but then this kind of thing started happening. But the real world is basically outpacing us. The fiction we can write at quite a rate. For instance, Slow Cook is running Linux because hackers might want to SSH into their BBQ beef. So the origination was make a game about data privacy and in the modern world that means by default cloaking or hiding or even interacting in a way that produces no data. Our thoughts were hiding, covering our tracks, reducing visibility. We should make a stealth game and then put a twist on the conventional hacking genre by putting it in a 3D world and using some poetic license and setting up the data as a tangible thing like a kind of breadcrumb trail. So understanding privacy and vulnerabilities and ultimately surveillance circumvention seemed to us to be something some people in the wider public had a hard time grasping because it's invisible. We hope making data physical would help with that as well as make for good game mechanics. You play a character who's a technophobe, as I've said before. The player learns about this world as the character does. Off-grid is an opportunity to take those abstract concepts of data and privacy, social engineering, et cetera, and physicalize them. And then get the player to explore on a basic level some of the infosec techniques you can use to navigate this world safely. Experiencing something is better than telling someone about it. So to some extent we just want to give players the opportunity to vicariously experience being totally surveilled and invading the privacy of others to try and realize what that would mean in their real lives. Who knows, this could be a way of engaging people to take a step towards trying out what can be a very intimidating set of privacy tools and technology such as PGP or TOR or whatever else. So the basic structure of the game is you gain access to a building. You scan for data to gain access crack or social engineer your way into different levels of the building's networks. You then use the personal data you find on those networks to manipulate the behaviors of NPCs to move them out of your way and avoid discovery, pranking and spoofing in increasingly funny ways. You then manage to exfiltrate some sensitive data on one of the machines in the building to help build an image of the case of what has happened to your daughter. And then you get to the roof and set up a mesh network node to link the information over. In this world the idea of an open internet is a long distant memory. And of course, don't get caught. We want to set up a kind of TOR onion router like mechanic where you, as the player, had to be careful in what way and how many times you access the networks so as to avoid being traced. The more devices you can hack around the building you are in, the more nodes you can add to a cascading proxy, extending the time you can scan in the data view for. We started with the basics of needing to essentially be able to clear your logs as you move through an environment. And so each time you connect to the network you do leave a data point around that you need to be careful about as well. This has evolved into being able to scan an environment with, like I said, a sort of showdown style API that works like a visual packet sniffer. Looking for open ports on devices and looking for packets of data that you might be able to use to manipulate people with. And then you find those devices and take control of them to build up a proxy chain or to make them do something even more interesting. Essentially finding and owning vulnerable devices extends your powers. So you have a set of tools that give you the ability to see the data characters in the world are leaving behind. Data is generated by characters personalities procedurally and these tools allow you to collect that data to profile them and manipulate their behavior based on their interests or what kinds of things those guards would be easily distracted by. Essentially you're socially engineering the AI. Each device you gain access to can also receive this data generated. Data can either have an effect by modifying a device's behavior based on what is received or you can actually get it to do a callback or ping data to other machines and have various effects across a network. You can then use this to find other data containing passwords, keys, hide your own data move your adversaries out of their usual patrol routes and get to your goals. Collecting data is the name of the game for all the above reasons. On a character you need to gain access to and you should be able to collect their data and build up a contextual map of their personality or build a dictionary to speed up the time needed to use a brute force tool to crack a password on a machine, almost like a rainbow table that you collect actual physical pieces for. But just collecting interesting data and sending it to an NPC can have an interesting effect too. Why is that? Well, how NPCs react to data is interesting. We've written GoApp AI that's goal oriented action planning. It's an implementation in C sharp for using Unity. This essentially means you can throw new actions at the AI in real time and they will find the best way to use them to get to their objectives. This allows us to do quite a lot of interesting things by manipulating the AI's environments and its solutions to navigating those environments and naturally the AI will do emergent things in order to try and re-root themselves. So you hack a device or let's say you hack a light bulb in a room and a guard doesn't have a flashlight he will need to either find a light switch or flashlight to get through the room but he plans that on the fly. So I've got a little example of how these hacks start to come together. So this will be actually more difficult to play over there. There we go. So here you can't see because of the bloom but someone's actually been looking at the char wiki on this laptop that they've left open. So we connect to the network because we've got an SSH into it. At the moment you just get this kind of end curses style back end for all of the SSH windows but we're building a couple of different moddable UI setups so that you can have a desktop or an industrial control system or maybe various others. So we're looking on this laptop for Bluetooth devices and we've just turned the Bluetooth on and discovered that there's actually a radio in the room next door. So these guards are in our way. We move around the room and then scan over here again and we can see that there's an open device that's a radio here. So we then are able to SSH into this because it's discoverable on the network and this takes a second because I pressed the wrong button. And so once we gain access into the radio we can do various things. So at the moment this one's quite simple. Change the music to the soundtrack in the background. Set it to play and turn on social media interaction and turn the volume up and this creates a noise distraction and because of this wonderful bug with the flashlights of the guards you can actually see they're running past us on the other side of the wall. And so then we can evade them and get through to our next bit. So there are various other interesting hacks as well. So another example would be this vending machine. So these devices can be chained together. In this instance we're just hacking directly into the vending machine. You can set up particle effects, animations, lighting effects as modders. So it's not stuff that you only get to see from a developer providing it to you. You can do all of it. So here we're firing coat cans but you could set up a CCTV camera in the room that when a guard walks past it is set to recognise the MAC address of his phone because phones all have generated IP addresses and MAC addresses in the game and they connect to networks with handshakes. They're simulated cell phone towers. So all of the networks have a sort of logic that you guys would naturally understand. So you could take it that this camera that you've set up needs to recognise a guard's MAC address as he walks through it, it pings a message to instead of the fire alarms it pings it to or the burglar alarms it to the vending machine and the vending machine is set to fire cans at him. And so you knock the guard over by chaining together different weird and spooky IoT hacks. So these are all kind of far-fetched examples for the sake of a kind of video game setting and playability. Well, hang on, I'll get rid of that. But basically this can be used to do all manner of more realistic or accurate infosec techniques or showing to a kind of a non-technical audience what you're talking about when you've found a new exploit that you think is worrying. To summarise we've got examples like exfiltrating compromising personal data from a phone and sending it to printers on screens in the area near the affected character so that they're embarrassed and have to run over and try and shut down the printers. Scanning smart TVs that are listening for voice commands and have accidentally picked up the head of IT's conversations and stored the admin passwords in clear text. Turning on smart light bulbs on and off remotely and then turning up the thermostats in the room to 38 degrees or covering body temperatures in order to get past thermal cameras that you've now plunged into darkness. We're hoping players will find all kinds of new and interesting ways to combine these kinds of strange hacks and really the types of stuff that can be done grows exponentially as we add more props, more ideas as players ask for more features within the modding API. So, yeah all of the kind of modding stuff is done from the perspective of how we make things as devs so we've basically built up a toolset that works within the Unity engine which the Unity engine although proprietary is free to use so in terms of 3D game engines it's about as good as you can get the only real open source 3D engine out there is the blender game engine which has not really been reliably used to ship a kind of mainstream kind of level title so here we've got the level kit toolset that we've put together these are all different bits and pieces that you can use for geometry to build your levels but the kind of interesting stuff gets into when we kind of start to put the lure scripting together one of the first modded hacks that we put together because we use these modding tools to make the rest of the game so that they work just as well for players, modders and hackers as they do to make the core content of the game one of the first mods we put together was inspired by a talk I saw at StillCon in 2016 last year and so to show you some of the possibilities of the modding tools I'll talk you through the basic mod and how that was inspired so this was inspired by seeing Scott Helm talk about vulnerabilities within the Nissan Leaf electric car app he and Troy Hunt had done some really interesting research on how it could be exploited in essence they found that the JSON API for the car's remote control app could be manipulated with a get request that required no auth other than the VIN number which is a vehicle identification number the VIN number is actually legally required to be visible from the outside of the car so as something that you'd use as auth it was pretty big fail and because it's a production line based number it's like a serial number if you get one of them you can just increment them and then find all of the cars so they found some pretty scary flaws within the Nissan Leaf that took a long time to get them to come around to fixing and in the meantime Scott gave this talk so the basic principles of it is by using HTTPS intercepting proxies like Fiddler or BurpSuite to watch the comms going back and forth between the app and the main servers they were able to start mapping out the API just stripping the SSL and seeing what was kind of in there and what calls were being made and they saw that in those calls literally just by dropping out elements of the get request they could get the server to return that data to them so if you dropped out user ID but you had a valid VIN number it would send back the user ID so you could get a VIN number and essentially call to ask for the owner's name so it got scary quite quickly and they got to the point where by dropping in the auth get request dropping everything except for the VIN number they could gain access to the entire API basically if you can get the VIN or you can control, you can guess it, you can control someone's car the kind of things that they could return the requests could return were the user ID of the owner which is usually their name or their email address the geo locations of the cars restracking, battery status of the electric vehicle, lengths of journeys and they could also control by charging and discharging the battery they could control basically the health of the battery and its status and they could turn climate control on and off so they found they could even void the warranty of the Nissan leaf because there's a clause that if it's been high charge which is when it just goes to a high 90s percentile and then goes back on charge repeatedly you'll reduce the capacity of that style of battery they found that you could remotely void someone's warranty on a 5 grand battery so this seemed perfect for mocking up in a mod as there's some nice physical elements with the VIN being displayed on the dash and I'll show you a little video of that one so here we are in a car park let's say this is Scott or Troy having a little look around, I guess this is Troy and this is Scott's car here so Troy spotted Scott's car he walks over to it and this is a pretty simple work in progress version of this so you'll see that we can add to it later essentially you try to use your SSH tool to aim at the onboard car computer but nothing comes up but that's fairly straight forward because there is a VIN license plate in the window you just get your data save app up and scan that to download the VIN number and then hey press though we should be able to use that as well now so now that's identified that we've got the VIN and you can get to the control system and here we've just got an example where you can open the car doors and turn the interior lights on and off and so then we find that in the car because we're in a high security harbour, one of the guards has had his security card slip out his pocket so there are other kinds of things you can build up with sort of semi-realistic or not realistic at the moment but a kind of first pass a realistic hack that could be built upon so there's only three kind of lure elements that you need to write to set this up in the game you set up the car computer as a device and what it can control and this is pretty much all of it that's all the lure that you need to write for that set up the VIN plate to contain the VIN data that you scan the objects for the elements that you want to control via the car computer such as the car doors, lights or alarms this is fairly naive at the moment but it's possible to build out as we continue to add to the game so off-grid supports devices reacting to data sent to them so the Nissan hack being based on get requests to the API filling in missing data as long as the VIN was present we could set up a data type that you could leave with an empty payload or that took the VIN number and took a get request to send that piece of data to the car computer and get it to pull back with the user ID to you and then use both of those pieces of data as credentials you can basically start to build up as you'll see with when Harry goes through the technical details of it quite interesting complexity and although it's not simulation you can model kind of some of the technical detail of your hack rather than it being kind of a top pass like these examples I'm showing at the moment so the interfaces that we've shown at the moment are just kind of end curses like I said kind of back end type basic UIs but we're working on a couple of different types so that you could have an industrial control system or a normal desktop environment you can run logic in these devices to make certain button presses reveal different information so there's quite an interesting heatmizer thermostat vulnerability that was to do with HTML elements of the pages not being properly secured so if you went to left-htm which was this left bar down the side window and pulled for that in the URL finder you could get just the left-htm turn up with all of the elements including the clear text passwords before you'd logged in so that's the sort of thing that you could mock up as a hack just in the kind of devices window itself is that right so on top of this who knows what kind of things still contours might inspire coming going forward there's all kinds of terrible IoT device ideas with horrifying XSS vulnerabilities requiring only an email address for login etc so on top of that the internet is a great resource for coming up with fantastic takes on IoT hacks and traps but for off-grid take two ridiculous IoT devices off of the internet put them together and you have the perfect trap for off-grid looking forward to seeing whether people make attempts at things like this like an IoT air freshener hooked up to a poker stop so that when a guard goes to collect some Pokemon they get sprayed in the face maybe combining Bluetooth hands-free gloves with some pelvic floral training shorts that are IoT connected so that when the guard gets pranked by you he gets a buzz and this one's actually done the exercise for me already and it's advertising hacking the happiness of a foes health tracking Tamagotchi drinks bottles so they have to spend the majority of their shift at the water fountain keeping it alive and actually in fact we already made this one includes doctors appointments and there's actually a little bit of mirai functionality down at the bottom how did that get in there we're already seeing public systems that take control of entire rooms in real life so here we have two flavors of the same system repurposed by rent a kill one that tracks the pest control traps in a building at the top and then using the same system another installed in public toilets to track and alert if people don't wash their hands I'm fairly sure if a few wires got crossed that would make for an interesting mechanic so essentially new hacking apps and tools in the game can be created this way and we'll all run within the Lua framework we're hoping to see player invented devices data types hacking tools and apps they can all be created and of course levels of missions to be filled with all the above so I'll hand over to Harry to talk you through a little bit of the more technical detail on how we've implemented the Lua side of the game and what kinds of things are in the API that you'll be able to mess around with so I'll pass over hello I'm Harry I've been a systems and tools programmer on off grid for just over a year now I'll give you a brief kind of technical overview of what making a mod in off grid actually entails so making a modern off grid kind of has two main components the first is making the mission geometry so the world that your player is going to walk around in the second is setting up the mission logic so as rich mentioned earlier we're using unity as our main game engine and also our level editor we're really keen to make sure that we use the same tools that your use so that by the time we're shipping out modding tools to customers we'll be fairly bug free as things go so unity is what you're going to be using to make your geometry it's also what you're going to be using to mark up important objects or we like to call them mission objects in our modding tools as far as geometry pieces go we have over 850 so far and that number is increasing those are pretty small objects but we're using those to make much much bigger ones like we have preassembled rooms buildings stairwells doors door frames of every kind you could imagine so you can really be as complex or as simple as you want I'm not really into design but I really like coding so I tend to just throw some preassembled rooms together and make my geometry that way so this might work that might work so here's a little example of setting up a laptop as a mission object let's let's try it cool so yeah it's really simple as just clicking this laptop if you've used unity before this might look familiar but it's just adding what we call a component in this case you can't quite see the text but you have a drop down for the type of mission object so in this case it's hackable we also have things like trigger volumes generic mission objects which is kind of like moving around and interactions which is kind of how we saw the Scott helm scanning the VIN number so different interactions can have scanning animations or they can have grabbing animations or opening door animations and we're probably going to add more of those too let's get that back so and the second part is mission scripting so that's all scripted in Lua the main role of it is pretty much the set of your initial state of your mission and also the logic that reacts to important or mission objects and we have a load of APIs already and that's also increasing quite heavily I want to give like a very tiny introduction to Lua just as a language because you might not have heard of it it's really really simple it's perfect for game scripting it's been using thousands of games so far so hopefully modders can jump in if they've done work on previous games we're using moonshark because we're using a C-sharp game engine or our code is C-sharp and that allows us to do the bindings for that I'd recommend it if you're interested just a little bit of intro to like the Lua syntax it's typeless it's got strings, it's got floats, it's got ints it has... it doesn't really have arrays or dictionaries it has tables which are both and neither so I've given you an example of using it in both ways it's a really good language except for the fact it's one index we kind of like to think of mission scripting in off-grid as like a story or a film script and in the sense that you're going a lot of what you're doing is marking up a list of characters that are going to be in your world at this mission the objectives that you want players to go through and to tell your story as well as marking up the physical items that are going to be in players' inventories for them to use or that are going to pick up along the way even if those are just kind of storytelling world-building items that don't progress the story we also have the data files and these are things that could be dropped by guards be in the players' inventory by default a little bit maybe this is the PGP key of the player so you're going to have a bunch of those for leaked documents that you might want the player to pick up or pre-defined text messages that might contain identifying information and these are data files that are going to be thrown through our virtual network so you also set up the networks because you want to define whether or not it's a mobile network, it's a mesh network, what the creds are on the network, what the names are loads and loads of things you might have an office with just one network or you might have a big harbour with each room having its own for some reason and also the fun bit you're going to be setting up your hackable devices in here here's a very brief example of how that kind of example I showed before will map into actually being used this static date up here was in that previous screenshot it's Joe, Joe's our main character so we have the characters table inside that we have Joe Joe has a few values here which is display name that's going to be anything that the UI tries to use it's Joe Harman internal name is kind of like an ID you can think of it as it's got to be unique the character type here is player but it could be guard or anything we add in the future prefab is like the 3D visual aspect of the character it's just going to be the player, we're going to be providing screenshots and a load of possible ones for that, spawn point is something you're setting level it's literally where the player spawns you have to provide the same thing for the guards or any character with a physical representation this setup mission is something that we're going to call for you but you'll need to set up in your lower scripts and you're going to be adding the main character here at the top so it's literally as simple as mission.addCharacter which in this case is mission.characters.jo and we'll scan this data and we'll read it in and do all the interesting stuff so setting up the network is pretty much the same thing, here we set up a mobile network called Samayapas 4G and then we're just going to let the game know that we started the mission so it's going to be a very simple mission with not much in it but it gives you an idea of how you might use that static data in a way that's a little bit dynamic I mentioned that we had different types of mission objects so here's the triggers mission object an example of how you do that so you can't really see because of the bloom but there's a kind of a cube, well that's a bit getting too close to that feels weird there's a kind of outlined cube which is the trigger volume and when the player runs into it we just want to start an objective we want to say right the player ends the building give them a pop-up and maybe send them a text message to say hey there I saw you got into the building here's the blueprints for that building so it's really as simple as giving that trigger volume a name setting it as entrance trigger slapping a mission object on it setting it to trigger and as soon as that's done that's the principle in Lua so now you can say right I want to set the on trigger enter go back name is whatever's entered the trigger and if it's the player I want to start the objective so really really quickly you can get something in Lua reacting to the physical state of the world and Rich mentioned briefly that we have this N-Curses UI this is all in Lua too but not only is the devices kind of behaviour in Lua so you get updates on the game update you can scan for things you can have it trigger things every X amount of seconds but also the visual representation of it is in Lua so here we were using some Lua static data to create this UI so you can change things like the header at the top background colour the highlight colour this is a particularly garish example of the colours being used as well as the buttons if you set up buttons on the highest level then they're appear on the left and the sub buttons will appear once that's clicked on the right and those all have on clicks so they can be used to trigger pretty much anything you can trigger in Lua or do any kind of logic that you want here's a few examples of the stuff that we're allowing you to do at the moment and this as I said is increasing you can manipulate the AI when you press a button you could potentially demotivate them or change their path you can trigger animations if you're an aspiring animator or modeler and you've made something in Blender you can animate that in Blender and throw it into level kit and get it triggered when a user hits a trigger point or presses a button in the UI that conversation that you saw in the game demo that's totally in Lua as well it allows branching conversations that affect the game in any way you want using any of these systems devices this can be used to turn devices on and off doors why not open all the doors why not shuttle the doors why not change the keys that affect certain door zones particles if you're into pyrotechnics you could do some of that or make an explosion you can also trigger sounds to distract guards if that's your wish as well as manipulating the player's kind of UI and sending data around the network so this is actually not even the full list there's an insane amount you can do it pretty much any place where there's Lua to be typed in you can have some fun I've thrown a hell of a lot of you so yes we're going to have a lot of documentation so don't worry this is an example of some of the documentation we have just one of the functions we're going to plan on having a really extensive wiki we also want the community to get involved in it so if that's something that interests you please do that's kind of part of the fun we want everyone to feel like they can contribute and whether that's posting a code snippet or actually editing this because the description doesn't sound quite right to you also we've set up like atom snippets for we're kind of targeting the atom IDE but I've also got this working on visual studio code and if people want and there's a demand for it I'll pretty much generate these for any IDE that you want to edit Lua in so here we just got an example of like this is what it does and if you hit more this links you straight to the wiki page for that function so thanks for listening to me talk very quickly about a lot of stuff at you I'm going to pass back to Rich well so I suppose it's worth summarizing that although it does all sound a bit kind of overly complex put up on slides we've actually more recently been testing out modding tools with friends so this is our mate Spoonzy who has no game development experience at all he does write a bit of python here and there so he basically came in spent a sort of short kind of four or five hours with us having a look at the tools and getting up and running and he put several brand new hacks into the game based on his ideas for hacking things that would be interesting as mechanics so you can see in the kind of left here he's dropped a server cabinet into a room then down below it he's actually just searched for some shell code online and pulled that up and then copy and pasted the content of it into a file that will be generated within off grid and when he sends that file to the server he's able to root the box with it he then went on and developed that a little bit further and we've got another friend who's well into his crypto currency so Spoonzy made a Muscoin Muscoin essentially can only be affected once you've rooted that box so essentially Spoonzy set it up so that once you rooted the box with the exploit you could then steal Muscoin off of it and so you could start to kind of envision the types of things that people could actually start to do and tell interesting stories about the game to be like the south park of data privacy and hacking games so if you imagine episodes of south park when something happened in the news that the creators Troy and Matt thought were was particularly hilarious it could end up in an episode as little as a week later and with the modding tools I think that people will be able to have something interesting happen within our community and talk about it or share it or show their take on it within a mod in a day or two to some detail so on top of that we're doing a couple of modding workshops later this afternoon that will take all of this that's been sort of condensed and thrown at you and break it down and give you the opportunity to mod your own hacks into the game if you'd like to come and join us there's one at part 1 is at 335 and then part 2 is at 815 and they're both in the PI 10 is somewhere there yeah it'd be great to have you come down basically you can blow in and out have them as you wish even if it's just to try playing the game but if you have the time and you want to sit down through both workshops then because there's a bit of downtime and getting everything set up we'll be able to get you right the way through making a couple of your own mods it's worth going on the wiki ahead of time and checking what bits you'll need like if you've got a laptop that can run Unity then that's brilliant get Unity downloaded and go to the links on the Frab and then any questions if you don't have any questions right now feel free to tweet at me or at Harry or at the game and yeah any of that sound particularly interesting or particularly stupid so are there any questions there's a mic in middle there we go devices in an area can you use that to do Denial of Service attacks yeah you could you could set it up that way I mean essentially any device can be set to behave based on Lua commands it receives so I mean Harry you could take through improve Lua coding in my head this is okay so yeah you could definitely do that if you set up most of devices that they kind of knew about the ability to flood another device and another device knew about the ability to be flooded you could definitely make a coffee machine that would refuse to like give a guard coffee which could affect them or affect their motivation and they go and sit in a corner and cry because they're doing night shifts and so yeah definitely in generally you're designing the levels in such a way that there are multiple ways to solve problems yeah that's definitely something that I want like all good stealth games there's myriad ways that you can play through each level with the fans of the Metal Gear Solid kind of uvra and the idea of being able to solve some of the rooms with multiple complex hacks in order to be able to come back and play through them multiple times this is something we're aiming to do gentlemen in the back hi I was wondering if you're developing all of this in your free time or are you busy with this all day basically we started out just in our free time it sort of started in 2013 and we're still going but actually we got funded by of all things the UK Government to make a game about surveillance that is something that we get worried about by the UK Government so yeah we've been fully funded for a year and a half and Harry came on to help us with really sort of making the modding tools flourish about a year ago and there's three of us so we're a little three person full time for now studio and we hope to manage to keep things rolling to the point that we release next summer we've got everything in place to be able to get to a full release with the three of us next summer even if it's a bit tight thanks so does anybody have a question for them any plans on multiplayer unfortunately not it's the sort of thing that you should definitely plan into a game first port of call and we kind of decided that for the type of gameplay we couldn't quite get our heads around how to plan for that kind of thing if you can get that working at lower though let me know I'd be very impressed amazing talk really looking forward to this game you mentioned the social engineering aspect and also the 100% staying hidden aspects will there be an opportunity to interact with the guards maybe disguising your physical appearance and entering into a dialogue with them to try and talk your way into buildings or past doors or is it going to be 100% traps your sort of home alone style cascading coffee machine exploding traps or will you be able to talk your way around hitman comes to mind from that perspective you go and rob the food delivery van and put on the chef's clothing and kind of work your way through we haven't got plans for that kind of thing yet it's one of those we have a huge list of interesting potential but probably won't ever do them backlog tasks and that's probably somewhere at the bottom of it that's the complexity of implementation however there is the chance that you'd be able to you saw the crypto chat window at the beginning actually spoof someone else's number actually I know this is something you're interested in Jake but basically using spoofing techniques on SMS or messaging services to pretend you're their wife and maybe have a conversation with them that does engineer them through make them leave the building via an emergency yeah exactly so it would be via the text and chat window and it kind of indicates to the kind of thing that you're talking about oh very nice, thank you next question hi, hello it's a very interesting idea but you mentioned that that was the government that was funding your your idea have you considered maybe that as for example the military used 3D games for training their troops it could be used for intelligence services to automatically map and facilities the network and make it able for their agents to try different without getting there trying various strategies to explore and enter those places I suppose it's like any tool kind of an inner thing that we don't really have control of as to how people would use for making mods so yeah you could end up with if security services had enough of a sense of humour using upgrade as a way of training their next gen agents to infiltrate buildings it's not something we've built it for it's not an intention but on the other hand it could also be used for young hackers to explore the realm of infosec in a slightly safer environment rather than them just going into the big grey area of the deep dark web and pinging.gov addresses and getting themselves in trouble they get to learn maybe a little bit in a safer environment while they get their heads around what you are and aren't allowed to do so maybe there's a payoff there having a positive contribution as well as possibly being used the idea that you have a script for the game it has specs for automatic scanning of getting from google maps and synchronising things and writing it right up so people can explore well there are ways of getting 3D models from open street map so if you can get those into a mesh and you want to throw them into level kit and run around then that's something you could do interesting thanks so is there another question I was wondering if you've also thought about the maintainability of the code and the data model because suppose you launch this in the next summer and a lot of people they start creating extra mods enthusiastically for this it looks like it might get out of hand quite quickly possibly if you haven't thought about that properly actually Harry gave a talk at a development conference to game devs and one of those elements came up as a question it's definitely something that I'm thinking about and I've come up with a few ways that we can potentially do it that aren't yet implemented but definitely it's very very high on my list I don't want modders being frustrated about the fact that we put a patch out that's broken all of their mods or I definitely don't want to contact a modder and ask them to rebuild stuff so yes I understand that that's definitely a concern and it's on my mind heavily one of those things that even kind of the larger scale mod that you see like City Skylines and Kerbal Space Program they make mistakes in updates and patches that do break mods and usually if that happens a developer as long as they've got enough resources make time to help then repatch and make sure that those mods survive in the second update we're definitely going to do our best to support modders in that way yeah okay is there another question nobody well give both Rich and Harry a warm applause and thank you for your speech thank you very much