Sorry for the delay with the Dev Blog this month. There have been quite a few things that have come up in the last few weeks and I was unable to write it up. However, here we are now! We have lots of juicy development news for you, but first....
A Word from Our Lead Developer
Greetings everyone,
As some of you know, earlier this month we were attacked by a hacker. I wanted to write an in-depth explanation of what exactly happened.
I woke up early on the morning of September 9th to a bunch of messages letting me know that our Official servers had been compromised by a hacker that goes by the monicker "123." According to the server logs, it appeared that the hacker had cracked two of our admin's Steam accounts and used their accounts to begin slaying and banning users from the servers. The logs displayed our admin's Steam ID's and logged the slays and bans to those ID's. Our Senior Administrators quickly acted and removed those Steam ID's from having Administrator access on our official servers. After a staff meeting, we decided to require all of our Admins to use 2-Factor authentication on their Steam accounts (aka Steam Guard) to prevent their accounts from being compromised. We also enabled 2FA on our Official Discord to prevent Moderator accounts from being hacked and compromised (which would be a nightmare, could you imagine?).
That evening we released a patch to the game which included Server Admin Passwords, additional logging, and some experimental user validation features. The patch was broken as no user could pass validation now. Two hours later we released a hotfix followed by another patch immediately after. These new patches caused issues as there were features being worked on for 1.N that were not finished and things in 1.M had changed and I was tasked with going through code and trying to undo the 1.N changes, revert things back to 1.M, all while introducing new security features to prevent more hacking. It was very stressful. We also talked to our admins who had appeared to have been hacked the day before and they assured us that their accounts were not hacked and they were already using Steam Guard. This could only mean one thing, the hacker was using Steam ID spoofing software. A little bit of Google research showed me that this is an issue in multiple online multiplayer Steam games including CS:GO and told me that the vulnerability rested somewhere in how the game retrieves Steam ID's from players.
The next day, we woke up to servers that were down again, our night staff encountered the hacker who again kicked, banned, and slew players causing us and our players a lot of grief. But this time the hacker was logging in as my own developer account. We released another patch to fix things that had broken in the previous patch the night before, as well as putting passwords on our Developer accounts, but this patch included it's own set of issues such as players spawning out of bounds. A total of 3 patches and 2 hotfixes were released on September 10th alone. We had also received reports that hackers were on private servers kicking, banning, and slaying players by logging in as Private Server Admins and also as me. They were again able to fake their Steam ID's, bypassing our game's validation checks, and spawn in as the dragons of other players as well as admins. We left our servers offline that night and I continued working on a new patch to both fix the 1.M/1.N issues as well as find the backdoor that these hackers were using to bypass our Steam ID validation checks.
On September 11th, we released a hotfix followed by another patch. Again, the patch failed to fix the vulnerability and the hacker(s) were able to attack both public and private servers. This of course forced us to shut down all servers again to protect all the player data on all Official servers.
For the next 14 hours I studied the logs and dug deep into the Engine code and Steam Subsystem plugin to find the backdoor the hacker had been using to allow him to login with an injected Steam ID. I knew that the hack was client side, as the hacker cannot access the server remotely, they must be injecting their Steam ID at login during server-client network communication. This was going to be challenging, but my brain loves a good challenge, and I've never been faced with a problem I've not found a working solution for.
On the afternoon of September 12th, I finally found the vulnerability in the Steam subsystem that the hacker had been exploiting to inject a fake Steam ID to the server during login. I won't go into details on exactly what I found or what I did to fix it, but I am positive that that particular vulnerability in the Steam subsystem is patched. I was pretty excited when I figured it out and thank you to all of you who believed that I could.
All in all, this hack made us better. Our Admins are all now using Steam Guard to secure their Steam Accounts, our Discord Mod/User accounts are protected with 2-Factor Authentication, our game now uses Dev/Admin access passwords, client-server remote procedure calls are now encrypted preventing hackers from calling them from memory which now won't work without the key provided by the server, the changes in 1.N that made it into the 1.M patches actually make some things smoother such as flight and running, I learned some important things about Unreal's netcode that will benefit 1.0, and all of this happened in the Early Access Beta, which is better than if it had happened in 1.0.
The hacker(s) tried to hurt DoD, but in the end,.. they only made us better.
Jonathan Slabaugh
Lead Developer - Lead Designer - The Only Programmer
Day of Dragons
Now onto the blog...
Mega Map Update
We are ALMOST done creating the overall landmass for the Mega Map's continent. We have made some changes to it and added some more area as well.
The land area to the east of the volcano has been increased, giving room for more burnt and temperate forests. We also moved the desert dunes closer to the volcano. The area the dunes used to be in has transformed into a grassland area which will be home to three large lakes.
Up north, the floating islands have moved a bit west and we have filled more of the ocean in the tundra area to make room for a frozen desert, which will be the home of the Snowslayer worms. Then you may also notice a new sand bar/island area to the south. These islands will be covered in tropical forests.
We plan to do a few more edits to the overall landmass and then we will begin adding details and really bring this map to life.
-<
Animations
Inferno Ravager Walk Animation
Over in our animation department, our team is working hard to bring the next dragons to life!
While animating the Inferno Ravager, we discovered an issue with the wing membranes clipping as it moved its arms. After some work, we were able to come up with a solution! Much like how a bat's membrane works, the Inferno's wing membrane will shrink and stretch as needed. This way we can keep the natural looking membrane size without having the issues that come with it. With the membrane issue fixed, we have been working on redoing the animations.
The Bio animation is going well! We have nearly completed all of his land locomotion animations. Like the Acid Spitter, the Bio will have an extra ground speed known as a "sprint". This will make the Bio very fast on land and able to run circles around most other dragons. However, Acid Spitters can still out pace a Bio on the ground, so these cosmetic dragons should keep on their toes.
We have also begun animating the Blitz Striker. Like the Inferno, the Blitz will also have the shrinking membrane to prevent its wings from clipping. Currently we are working on the land and air locomotion animations.
While the new dragons are being worked on, some of the old are getting some love as well. We are working on creating some new Acid Spitter animations such as the secondary idle animation shown below. This animation will play if your character does not move for a certain amount of time, bringing more live to the dragon. After all, it can be tiring standing in one place too long.
Inferno Ravager Fly Animation
Bio Dragon Trot, Run, and Sprint Animations
Blitz Striker Slither Animation
Blitz Striker Glide Animation
Acid Spitter Secondary Idle Animation
Models and VFX
We are finishing up the last few Kickstarter stretch goal dragon models!
Arguably the best dragon ever [strike](not biased)[/strike], the Feathered Zygovo's adult model is complete. It is now completely feathered and adorable.
We have also determined the sexual dimorphism for this species. The Zygovo will be one of several species that does not use bile to incubate its eggs and instead sits on its nests. Therefore, like snowy owls, the females will have extra spots on their backs to help with camouflage while they lay on their nests.
We are now working on the baby morphs and perfecting the coloration of the Feathered Zygovos. If all goes well we plan on having the babies covered in down instead of feathers.
-<
Onto the other side of the size scale, the Ice Behemoth dragon has also made progress. After going through several different design ideas, we have finalized the horns for the male behemoths. These horns will be perfect for hunting the dangerous Snowslayer Worms in the frozen desert area of the map.
With the male's design done, we will now start working on the baby morph for this massive dragon.
MORE WORDS
Dev Q&A Livestream
Our next Youtube Livestream Q&A will be on...
Friday, September 30th at 1:00 PM EST
Join us while we celebrate our 3 year Kickstarter Anniversary! We will answering the community's questions and showing off the latest updates we have in store for the UE5 update!
From the Community
Each blog post, we pick some of our favorite screenshots and artwork posted by the community to showcase here. Want a chance for your submission to be showcased on our next blog? Post it in the appropriate channels on our discord!
Some of our favorite recent screenshots...
by Dark Mink#2670
by JennyS#5422
by TargetVudu#4808
Some of our favorite artwork from the community...
by ghosteater#5611
by Kimmy#6669
by Oka/Karta#7648
That's all for this month's blog! See you next month and thanks for reading.
~The Day of Dragons Development Team
Don't want to miss out on updates? Follow us on our social media accounts or become a patron to get updates before they are released!
Discord | Twitter | Youtube | Instagram