HomeGamesUpdatesPricingMethodology
Steam News21 June 202613d ago

Demo Update - v0.9.1

Bug fixes and QoL based on early Next Fest player reports. Thanks to super_aardvark, cas, Tanner07, vince_kully, Delta, and marvelous for the detailed feedback - some of this shipped directly from your reports.

In this update6

Full notes

Full Blackdoor update

Read the full published notes in a cleaner layout. The original post stays linked below.

What changed

7 fixes3 additions13 changes5 removals
  • Store
  • Performance
  • Gameplay
  • Fixes
  • Server
  • UI and audio
changedQoLshop ls and shop buy - browse and purchase from the terminal without opening the browser. shop alone still opens the browser as before
changedQoLBrowser form inputs: backspace works in input fields; entered values display on the page after submission; password fields show plaintext while typing, stars in the page render
addedQoLNew string methods : find() (index of substring), substr() (extract portion), trim() (strip whitespace)
fixedQoLmv file .. no longer silently deletes the file - .. in paths is now resolved correctly
addedQoLrm -r added for recursive directory deletion
changedQoLTutorial improvements - static now explains the trace timer and disconnect during orientation; first SSH to any server shows a reminder the trace is running; mission_00 objectives show the exact commands to type; hello.bd points toward probe.bd and cracker.bd as next steps
Chicken Run trace time reduced -300s120sChicken Run trace time reduced - decreased, nerf

Blackdoor changes

changedshop ls and shop buy - browse and purchase from the terminal without opening the browser. shop alone still opens the browser as before
changedBrowser form inputs: backspace works in input fields; entered values display on the page after submission; password fields show plaintext while typing, stars in the page render
addedNew string methods : find() (index of substring), substr() (extract portion), trim() (strip whitespace)
fixedmv file .. no longer silently deletes the file - .. in paths is now resolved correctly
addedrm -r added for recursive directory deletion

Bug fixes and QoL based on early Next Fest player reports. Thanks to super_aardvark, cas, Tanner07, vince_kully, Delta, and marvelous for the detailed feedback - some of this shipped directly from your reports.

QoL

  • shop ls and shop buy - browse and purchase from the terminal without opening the browser. shop alone still opens the browser as before

  • Browser now accepts http:// and https:// prefixes and ip:port format - type URLs naturally and they resolve correctly

  • Browser now recognises web panels on non-standard ports (e.g. admin panels on 8080)

  • Browser form inputs: backspace works in input fields; entered values display on the page after submission; password fields show plaintext while typing, stars in the page render

  • import "x" as y alias syntax - import modules under a shorter name

  • New string methods: find() (index of substring), substr() (extract portion), trim() (strip whitespace)

  • Function display shows parameters - log(myFunc) now prints

  • Tutorial close now explicitly mentions help scripting and help api

  • mylib.myFunc() now works - calling imported module functions via dot notation was failing; had to assign to a local variable first

  • mv file .. no longer silently deletes the file -.. in paths is now resolved correctly

  • rm -r added for recursive directory deletion

  • Mixed-case script names work - userTest.bd can be run by typing userTest

  • connect() now accepts user@host format and an optional password argument

  • whoami(conn) and get_hostname(conn) now accept an optional conn argument

  • Tutorial: clicking in the file pane advances objectives - navigating into a directory or clicking to view a file counts the same as typing cd or cat

  • Tutorial improvements - static now explains the trace timer and disconnect during orientation; first SSH to any server shows a reminder the trace is running; mission_00 objectives show the exact commands to type; hello.bd points toward probe.bd and cracker.bd as next steps

  • help scripting now covers language basics: list literals, indexing, loops, conditionals, type conversion

  • ~/docs/security_guide.txt updated to reference help scripting and help api

  • Editor sidebar reference expanded - variables, control flow, operators, list methods, string methods, and builtins all documented in the editor panel. Open the editor and check the right pane

Balance

  • Chicken Run trace time reduced - 300s → 120s. The intended path (find credentials in the filesystem) fits comfortably. Brute-forcing root at 0.9 security no longer does. Briefing now hints at credentials being faster than cracking

  • Trace bar snaps faster when time is low - under 15 seconds the bar catches up to the actual timer more quickly, so high-alert situations read correctly on screen

Bug Fixes

  • Trace no longer runs after a script finishes or is interrupted - if a script called connect() then was killed before reaching disconnect(), the trace kept running at the home terminal. Now cleaned up when any script exits

  • Delete/scrub missions no longer prompt you to upload to the drop server - completing a delete objective now ends the mission correctly

  • list_files() now returns a path field - f.path gives the full path, making recursive traversal straightforward

  • DictCracker rewritten - the previous version built a wordlist but never used it. Now does real noise-managed cracking with sleep() backoff and progress/hint logging

  • api.blackdoor.tools dead link removed from api_quickref.txt - replaced with help api

  • security_guide.txt updated - explains that cracker.bd calls connect() internally, starting the trace

  • Containment timer no longer fires after mission abandon - if a high-IDS-penalty disconnect triggered the HUNTED state right as you abandoned, consequences fired 30 seconds later while you were back at the terminal. Now cancelled cleanly on force-disconnect

  • Abandoned missions now return to the picker - dropping a mission with mission abandon previously removed it from the list permanently. It now reappears so you can re-accept it. Existing saves: just reload the game and any abandoned missions will be back

  • Numpad Enter now submits terminal commands correctly

  • Script usage string fixed - running a script without required arguments showed probe.bd (wrong filename, wrong format). Now shows probe to match how scripts are actually invoked

  • Tutorial hints corrected - referred to probe target=142.93.44.12; correct syntax is positional: probe 142.93.44.12

  • scan() on unknown host now fails immediately - an unrecognised IP was silently redirected to the current connected server, causing probe to run forever on a typo'd IP. Now errors with "host unreachable" straight away

New Shop Items

  • QuietCrack ($200) - replaces DictCracker. Same noise-managed cracker, honest name. The old one claimed to use a dictionary; it didn't

  • Rockyou Pack ($50) - 1000 real leaked passwords delivered to ~/wordlists/rockyou.txt

  • Corporate Pack ($75) - 500 corporate-pattern passwords. Company names, years, policy patterns

  • Targeted Pack ($100) - 200 passwords pulled from the game world. Rewards players who explore

  • Wordlists are plain text files delivered to ~/wordlists/. Not wired into the default cracking flow yet - that mechanic is coming. Buy them now to be ready, or wait until it lands

New - Crack Source

A new shop item: Crack Source ($650). This shipped after players asked why the scripting mechanics feel like a black box.

Buying it delivers the source as an editable .bd file and a plain-English breakdown of how the system works. It also unlocks lower-level primitives for players who want to build their own tools.

crack() still works exactly as before. You don't need any of this. But if you want to understand it - or build something smarter - it's there.

What's Coming

  • Web attack vectors - SQL injection and command injection as attack paths are on the design board for 1.0

  • Tutorial - more hand-holding through the first hack. Work in progress

A proper roadmap post is coming. This is the short version.

  • Static

Source

Steam News / 21 June 2026

Open original post

Changelog.gg summarizes and formats this update. How we read updates.