## (Fraud-Resistant) DotA Random Draft Pool Generator

My friends and I like playing DotA’s -rd, or “random draft” mode. The mode selects 20 heroes at random, from which the two teams draft. However, we like discussing the pools over email, rather than just picking in-game. So, I wrote a simple hero pool generator. In its most basic use, type this:

cm.py

It will then generate a list of 20 heroes at random.

**But what if you don’t trust your friends to generate a pool?** What if the opposing team’s captain generates the pool at “random”, but it suspiciously includes their favorite heroes every time? That’s where the other modes come in.

By using the more advanced mode of cm.py, you can generate a hero pool that’s verified random to both teams. In technical terms, the captain of each team will pick a number at random. The captains will then exchange a one-way hash of those numbers. After this exchange, they will THEN exchange the original random numbers. These random numbers will be combined to generate a seed for the program’s random number generator, which can then reproducibly generate the hero list for both teams.

So, how do you use it? Here’s the output of “cm.py –help”:

-s <num>: RNG seed

-f <path>: path to hero listing file. Defaults to herolist.txt.

-h, –help: this help message

-o <integer>: hash the integer using md5 and print the output

-x <int1> <int2>: XOR the provided integers, then use as the seed (instead of the single int argument -s)

-r: generate a random number

Here’s the procedure:

- Type “cm.py -r”. The output will look like this:

Your secret number: 1029929668

Your public number: b322801c07f467ae63e5b648eeff99d1 - Email your public number to everyone.
- The opposing team’s captain also performs steps 1-2.
- Both of you now email your secret numbers to everyone. If anyone’s suspicious, they can run “cm.py -o <secretnumber>” to verify that it hashes correctly. For example, I’ll run cm.py -o on the secret number above, and it had better result in the public number above:

cm.py -o 1029929668

b322801c07f467ae63e5b648eeff99d1 - Now anyone can run “cm.py -x <secretnumber1> <secretnumber2>” to generate a list of heroes. For example:

cm.py -x 1029929668 1157727935

Using seed 2019753083 from inputs 1029929668 and 1157727935

Storm Spirit

Witch Doctor

Nerubian Assassin

Necro’lic

Vengeful Spirit

Butcher

Dwarven Sniper

Morphling

Centaur Warchief

Spectre

Enigma

Lightning Revenant

Pit Lord

Slithereen Guard

Warlock

Goblin Techies

Dark Seer

Prophet

Dragon Knight

Admiral - You’re done! Now you can debate those picks to your heart’s content over email, with your completely untrustworthy friends. When you’re done, you just pick your heroes as normal in-game using “-ap”, or “-pa” to pick allied heroes if you’re using any AIs.

If you want to add or remove heroes, they’re all stored in “herolist.txt”, in the .zip linked below. You’ll need to add heroes as they’re added to DotA. Also, I believe -rd disallows Goblin Techies for some reason, but I’ve left them in herolist.txt.

Note: I haven’t done any work to make this method statistically robust. If you have basic knowledge of cryptography and want to help me improve the code, please drop me a line! Also, thanks to Billy for coming up with a lot of the method here. Finally, I actually do trust my friends– but this is fun to do anyway.