EVE Search - Client architecture flawed. Open for abuse. Tasty video inside.

All Channels

EVE General Discussion

Client architecture flawed. Open for abuse. Tasty video inside.

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Author	Thread Statistics \| Show CCP posts - 0 post(s)
Isis Soryu Caldari Universitas Interimo Research	Posted - 2010.07.04 02:26:00 - [1] I doubt Sidekick John is the author of the modified client, the guy claiming to have written it posted this to SHC and K trying to sell the code for a quick profit. Some of his claims are a bit outlandish but it is possible to inject python as people have been doing so to get an autopilot to zero function without the use of a macro for atleast a year now. This uberscanner also seems plausible. He's also claiming to be able to inject code to decrease the session change timers down to 5 seconds and who knows what else. I'm quite frankly sickened by this.
Isis Soryu Caldari Universitas Interimo Research	Posted - 2010.07.04 04:08:00 - [2] Originally by: Genya Arikaido Edited by: Genya Arikaido on 04/07/2010 03:56:08 Being ever dubious, but cautious, I did some poking around...and found the original curious coder who found and explain his methods on his site, for anyone at all to read. Let's just say this video is very likely to be real, as the method would work. I've tested it with another Python-based program, and it does exactly as advertised, exposes every client function to the user. To be clear, I COULD, do the following in EVE, should it be used: find out precisely where anyone in EVE is at, find out their skill info, their ISK, spawn ships, items, ISK, teleport, teleport others, Instakill anyone, add any amount of SP to themselves or anyone, fly Jovian Battleships, change the session timer for themselves, warp to zero on autopilot, buy everyone's stuff for 0.01 isk, Delete stuff in your hangars, delete your corp, alliance, characters.... the list is as long as your imagination. Obviously some things are going to be ridiculously obvious. I'm certain ISK and SP stuff is logged, else certain petition results would be impossible. However, it's the passive informational side that carries the worst implications. This uber scanner as posted here is entirely possible, and very easy to do...and leaves NO trace of use on the server, its logs, or anything else. session timers, might. warping to 0 on autopilot probably wouldn't either, as I don't think you need to ask the server permission to turn AP on or off (as the button is always instant). CCP, I don't know what to tell you. Watchdog programs are the usual solution, but then you have privacy activists banging on your door. Some of the data that can be exploited is needed for normal client function, and cannot be restricted to normal users. I'm filling in a bug report, and detailed explanation now, CCP...this is beyond critical. I really don't see CCP doing anything other than locking/deleting this thread and censoring every mention of this from the eve-o site. Sad really.

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.