Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
chewwbacka
|
Posted - 2009.10.14 15:47:00 -
[1]
Hey Guys.. I'm a relatively new casual EVE player (4 months) and am also studying my final year of Computer Forensics at University. As with any final year i've been given a project/dissertation to complete, the title of which is 'Forensic Analysis of evidence from MMORPG's' .. So at first i'm thinking, great, sounds like it could be fun.. But after extensive googling on the subject i managed to find ONE page on it!!! Understandably, i'm a little worried about this as i have to come up with a minimum of 16'000 words based on my research...
I'd just like to know if it's even possible to gain access locally to past conversations in-game, if so, how easy/difficult is it.. Are in-game conversations stored in eve related cache files?? ... Also in-game emails, are they recorded somewhere? .. I'm not expecting anyone to tell me exactly where they are, i'd just like to know if it's possible to extract this data before i go wasting valuable hours trying to do so... I would be hugely grateful to anyone who knows the answer to my questions...
Thanks ... Chewwie!
|
Dragonaire
Caldari Corax. New Eden Retail Federation
|
Posted - 2009.10.14 16:14:00 -
[2]
The chats are logged as txt files and there use to be some settings in eve to make some changes to how much is kept. They aren't with the other cache files and not in a binary form like the cache files seem to be. Have a look in My Documents\EVE\logs\Chatlogs for them instead. -- Finds camping stations from the inside much easier. Designer of Yapeal for Eve API.
|
Haskell
Gallente
|
Posted - 2009.10.14 16:29:00 -
[3]
16,000 words are about 45 pages in A4. Don't worry; if you just take that webpage you've found and do a practical analysis of what data different MMOs store and how this can be used in a forensic analysis, you'll be able to fill those pages very easily. Also, don't underestimate the space it takes to describe your methods/approach, background information (such as, what an MMO is), and a critical analysis of your results. This will probably make up more than half of the pages (and your time!).
EVE stores all chat logs and some gameplay related logs in My Document\EVE\logs folder. These are in text format and continuously generated while a user plays. There's also a log server which AFAIK collects even more information, but needs to be explicitly started to do so. There also the (binary) cache files which are continually updated during gameplay and can be read using the libraries that can be found in this forum, but reading them requires some programming effort from your side.
Good luck! |
chewwbacka
|
Posted - 2009.10.14 17:41:00 -
[4]
Wow! Ty both for your help and input, this information has helped me greatly, i suddenly feel a whole lot better about the whole thing... No doubt i'll need some more info soon though about the cache files, thx again! ... Chewwie!
|
Hel O'Ween
Men On A Mission
|
Posted - 2009.10.15 10:10:00 -
[5]
There's also the Logserver which CCP distributes along with EVE.
Sometimes, especially when reporting bugs which the devs can't reproduce, CCP asks you to run the Logserver alongside your EVE client, reproduce the crash and add the resulting log file to your bug report.
As I understand it, the Logserver is a 3rd party software, licensed by CCP adn the resulting log file is encrypted so that no one else can "abuse" (google for EVE and BEACON for such a case) that tool. -- EVEWalletAware - an offline wallet manager |
|
CCP Zymurgist
Gallente
|
Posted - 2009.10.15 17:40:00 -
[6]
This sounds really interesting. I hope you are willing to publish this project online so we can all read it after it is complete. I look forward to reading it!
Zymurgist Community Representative CCP Hf, EVE Online Contact us |
|
Johnathan Roark
Caldari Quantum Industries RAZOR Alliance
|
Posted - 2009.10.15 19:16:00 -
[7]
You many also want to look at network traffic. Logs can be turned on/off but online game have to send information over networks. It may be encrypted though, I have never looked to see if EVE send chats in plain text.
Quantum Industries is recruiting! |
chewwbacka
|
Posted - 2009.10.15 21:44:00 -
[8]
Thanks for all your input guys, its been a great help so far, i had an early idea about intercepting network traffic while EVE is running, last year we did a module which focused heavily on BackTrack 3, the hacking OS that runs from LiveCD, i was able to intercept active MSN chats with it over a wireless unsecured network, but didn't have much success at accessing secured networks, has anyone used the tools in Backtrack to intercept secured network traffic, it can apparently be done but only after the PC ur working from has received a million+ TCP packets..?? Bit of a longshot i suppose... Wireshark was the tool i used to intercept the MSN chats... Deffo something to look into i think... Thx again for all your inputs ... Chewwie!
|
Arous Drephius
|
Posted - 2009.10.15 22:03:00 -
[9]
Originally by: chewwbacka Thanks for all your input guys, its been a great help so far, i had an early idea about intercepting network traffic while EVE is running, last year we did a module which focused heavily on BackTrack 3, the hacking OS that runs from LiveCD, i was able to intercept active MSN chats with it over a wireless unsecured network, but didn't have much success at accessing secured networks, has anyone used the tools in Backtrack to intercept secured network traffic, it can apparently be done but only after the PC ur working from has received a million+ TCP packets..?? Bit of a longshot i suppose... Wireshark was the tool i used to intercept the MSN chats... Deffo something to look into i think... Thx again for all your inputs ... Chewwie!
Depends what security settings the network is using. If it's WEP, there's plenty of articles on how to crack it. Once you have the key then you just capture the encrypted packets and use airdecap-ng or something similar to decrypt them.
For WPA it's a bit harder but still possible. You must capture the WPA handshake as the client connects to the network, and then (assuming you know the password) you can decrypt the packets using the password & handshake.
Check the aircrack-ng wiki.
|
Ix Forres
Caldari Righteous Chaps
|
Posted - 2009.10.16 08:14:00 -
[10]
Originally by: Johnathan Roark You many also want to look at network traffic. Logs can be turned on/off but online game have to send information over networks. It may be encrypted though, I have never looked to see if EVE send chats in plain text.
EVE uses crypto on data sent over the network. This is mostly for tamper-resistance; you can't fake a packet without the right key.
Logserver and gamelogs are definitely the way to go for this one. Server mode in the logserver can fairly easily be used to allow game event capture to files for later analysis. Don't overlook game logs though- simple, easy to access and for a project like this it should give you some good data to work with combined with the chatlogs.
To echo earlier responses, I very much hope you publish this online once it's done; I'd be very interested to read it. -- Ix Forres EVE Application Developer EVE Metrics | accVIEW | I Tweet |
|
Hel O'Ween
Men On A Mission
|
Posted - 2009.10.16 10:47:00 -
[11]
Originally by: chewwbacka has anyone used the tools in Backtrack to intercept secured network traffic, it can apparently be done but only after the PC ur working from has received a million+ TCP packets..??
A word of caution: before doing so, I'd suggest to get in official contact (no, this forum doesn't count as such in this matter) with CCP and figure out what you're allowed to do and what not. CCP Zymurgist has already signaled interest in this project, so CCP might even help you in some way or another, if they think they can benefit from your research.
But trying to break into the client/server traffic without official approval might lead to undesirable consequences for you. -- EVEWalletAware - an offline wallet manager |
Lumy
Minmatar Sebiestor tribe
|
Posted - 2009.10.16 11:56:00 -
[12]
Local chat logs can be modified or turned off. However I'd like to point you to this section of EULA:
Quote: 8. PRIVACY AND CONFIDENTIALITY ... Additionally, CCP may (and you hereby expressly authorize CCP to) disclose information about you to private entities, law enforcement or other government officials, as CCP, in its sole discretion, deems necessary or appropriate to investigate or resolve possible crimes or to respond to judicial, regulatory, agency or similar inquiries.
I believe CCP archives logs indefinitely, at least any kind of communication through System (needs to be C/D). You might ask them, what would be official procedure to get access to those logs.
Joomla! in EVE - IGB compatible CMS. |
Pilk
Blade.
|
Posted - 2009.10.16 18:55:00 -
[13]
Chewwbacka,
I do computer forensics investigations. I haven't yet come across an MMORPG player, but I've always wondered how much relevant info I'll be able to pull when I do. The real issue with MMORPG's is not finding the data, it's the sorting and collation of it to find the meaningful bits.
You're welcome to drop me an EVEMail if you'd like to discuss the data that EVE logs or sends over the network, or general computer forensics topics. Be forewarned, though, that I'll make fun of you if you don't either run a *NIX box, or have Cygwin installed.
--P
Kosh: The avalanche has already started. It is too late for the pebbles to vote. Tyrrax's bet status: PAID! |
skarecrowster
|
Posted - 2009.10.21 08:51:00 -
[14]
Quote: I'd suggest to get in official contact (no, this forum doesn't count as such in this matter) with CCP and figure out what you're allowed to do and what not. CCP Zymurgist has already signalled interest in this project, so CCP might even help you in some way or another, if they think they can benefit from your research.
Thanks again guys for all of your input, Sorry for the late reply, I've been a bit busy with other uni stuff... In regards to getting in contact with CCP, how would I go about this, I think it would help me greatly if I could go and visit them at some point, part of my course is study abroad, which as of yet I haven't fulfilled... I've searched the site for some sort of contact point, but found nothing relevant, any help with this would be awesome... Thx again :P
P.s. Piik i'll give you a buzz when I start my research, no doubt i'm gonna hit some problems
|
Hel O'Ween
Men On A Mission
|
Posted - 2009.10.21 10:59:00 -
[15]
Originally by: skarecrowster
In regards to getting in contact with CCP, how would I go about this, I think it would help me greatly if I could go and visit them at some point, part of my course is study abroad, which as of yet I haven't fulfilled... I've searched the site for some sort of contact point, but found nothing relevant, any help with this would be awesome... Thx again :P
As a starting point, try http://www.ccpgames.com/company/contact.asp. If I remember correctly, I wrote to customer support back in 2007, when I tried to figure out if we were allowed to use EVE logos, images and so forth on our corp website. I received a prompt answer from Kieron (which is no longer with CCP, IIRC). -- EVEWalletAware - an offline wallet manager |
chewwbacka
|
Posted - 2009.11.12 17:37:00 -
[16]
Hey Guys, i'd just like to thank you all for your help on this topic, it has been an enormous help to the progression of my project so far. I am on course to meet my target for the first milestone, and no doubt may be contacting some of you in game during the research stage of the project in the near future. Big thanks to Hel'O'Ween for the suggestion of contacting CCP, I have managed to speak to someone at CCP and have been invited to visit to their HQ in Reykjavik, which i reallllyyyy cant wait for...
Huge thx to all who contributed... Fly Safe!
Cheww!
|
PROTOCOL
|
Posted - 2009.11.12 18:32:00 -
[17]
Final year of a forensics curriculum and can't find how to contact ccp, oh my!
|
Tonto Auri
Vhero' Multipurpose Corp
|
Posted - 2009.11.16 01:16:00 -
[18]
Originally by: PROTOCOL Final year of a forensics curriculum and can't find how to contact ccp, oh my!
Poor you... you should read stickies some day, they are to help you here. -- Thanks CCP for cu |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |