In this update6
Full notes
Full Blackdoor update
Read the full published notes in a cleaner layout. The original post stays linked below.
What changed
- Store
- Performance
- Gameplay
- Fixes
- Server
- UI and audio
Blackdoor changes
Bug fixes and QoL based on early Next Fest player reports. Thanks to super_aardvark, cas, Tanner07, vince_kully, Delta, and marvelous for the detailed feedback - some of this shipped directly from your reports.
QoL
shop ls and shop buy - browse and purchase from the terminal without opening the browser. shop alone still opens the browser as before
Browser now accepts http:// and https:// prefixes and ip:port format - type URLs naturally and they resolve correctly
Browser now recognises web panels on non-standard ports (e.g. admin panels on 8080)
Browser form inputs: backspace works in input fields; entered values display on the page after submission; password fields show plaintext while typing, stars in the page render
import "x" as y alias syntax - import modules under a shorter name
New string methods: find() (index of substring), substr() (extract portion), trim() (strip whitespace)
Function display shows parameters - log(myFunc) now prints
Tutorial close now explicitly mentions help scripting and help api
mylib.myFunc() now works - calling imported module functions via dot notation was failing; had to assign to a local variable first
mv file .. no longer silently deletes the file -.. in paths is now resolved correctly
rm -r added for recursive directory deletion
Mixed-case script names work - userTest.bd can be run by typing userTest
connect() now accepts user@host format and an optional password argument
whoami(conn) and get_hostname(conn) now accept an optional conn argument
Tutorial: clicking in the file pane advances objectives - navigating into a directory or clicking to view a file counts the same as typing cd or cat
Tutorial improvements - static now explains the trace timer and disconnect during orientation; first SSH to any server shows a reminder the trace is running; mission_00 objectives show the exact commands to type; hello.bd points toward probe.bd and cracker.bd as next steps
help scripting now covers language basics: list literals, indexing, loops, conditionals, type conversion
~/docs/security_guide.txt updated to reference help scripting and help api
Editor sidebar reference expanded - variables, control flow, operators, list methods, string methods, and builtins all documented in the editor panel. Open the editor and check the right pane
Balance
Chicken Run trace time reduced - 300s → 120s. The intended path (find credentials in the filesystem) fits comfortably. Brute-forcing root at 0.9 security no longer does. Briefing now hints at credentials being faster than cracking
Trace bar snaps faster when time is low - under 15 seconds the bar catches up to the actual timer more quickly, so high-alert situations read correctly on screen
Bug Fixes
Trace no longer runs after a script finishes or is interrupted - if a script called connect() then was killed before reaching disconnect(), the trace kept running at the home terminal. Now cleaned up when any script exits
Delete/scrub missions no longer prompt you to upload to the drop server - completing a delete objective now ends the mission correctly
list_files() now returns a path field - f.path gives the full path, making recursive traversal straightforward
DictCracker rewritten - the previous version built a wordlist but never used it. Now does real noise-managed cracking with sleep() backoff and progress/hint logging
api.blackdoor.tools dead link removed from api_quickref.txt - replaced with help api
security_guide.txt updated - explains that cracker.bd calls connect() internally, starting the trace
Containment timer no longer fires after mission abandon - if a high-IDS-penalty disconnect triggered the HUNTED state right as you abandoned, consequences fired 30 seconds later while you were back at the terminal. Now cancelled cleanly on force-disconnect
Abandoned missions now return to the picker - dropping a mission with mission abandon previously removed it from the list permanently. It now reappears so you can re-accept it. Existing saves: just reload the game and any abandoned missions will be back
Numpad Enter now submits terminal commands correctly
Script usage string fixed - running a script without required arguments showed probe.bd (wrong filename, wrong format). Now shows probe to match how scripts are actually invoked
Tutorial hints corrected - referred to probe target=142.93.44.12; correct syntax is positional: probe 142.93.44.12
scan() on unknown host now fails immediately - an unrecognised IP was silently redirected to the current connected server, causing probe to run forever on a typo'd IP. Now errors with "host unreachable" straight away
New Shop Items
QuietCrack ($200) - replaces DictCracker. Same noise-managed cracker, honest name. The old one claimed to use a dictionary; it didn't
Rockyou Pack ($50) - 1000 real leaked passwords delivered to ~/wordlists/rockyou.txt
Corporate Pack ($75) - 500 corporate-pattern passwords. Company names, years, policy patterns
Targeted Pack ($100) - 200 passwords pulled from the game world. Rewards players who explore
Wordlists are plain text files delivered to ~/wordlists/. Not wired into the default cracking flow yet - that mechanic is coming. Buy them now to be ready, or wait until it lands
New - Crack Source
A new shop item: Crack Source ($650). This shipped after players asked why the scripting mechanics feel like a black box.
Buying it delivers the source as an editable .bd file and a plain-English breakdown of how the system works. It also unlocks lower-level primitives for players who want to build their own tools.
crack() still works exactly as before. You don't need any of this. But if you want to understand it - or build something smarter - it's there.
What's Coming
Web attack vectors - SQL injection and command injection as attack paths are on the design board for 1.0
Tutorial - more hand-holding through the first hack. Work in progress
A proper roadmap post is coming. This is the short version.
Static
Source
Changelog.gg summarizes and formats this update. How we read updates.
