| Pages: 1 [2] 3 4 :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Aldarica
Spinal Discipline
   |
Posted - 2010.07.04 02:16:00 -
[31]
Ok let's assume that's real leaked/stolen and maybe modified (just for the show) EVE client with GM tools. Someone care to explain how it could possibly change anything on server or 'force' the server to immediately provide all those data?
|
Stick Cult
Unspoken Autonomy.
|
Posted - 2010.07.04 02:19:00 -
[32]
Edited by: Stick Cult on 04/07/2010 02:18:48
 Originally by: Aldarica
Ok let's assume that's real leaked/stolen and maybe modified (just for the show) EVE client with GM tools. Someone care to explain how it could possibly change anything on server or 'force' the server to immediately provide all those data?
Well, let's assume this is real, someone injected USEFUL python code into eve for once. The "uber-scanner" simply asks for info from the server, its client side where the limitations on range (or angle, in the d-scan) is taken into account.
ninja-edit: enjoy your ban, bro
Originally by: CCP Tuxford
my bad. Rest assured I'm being ridiculed by my co-workers.
|
Isis Soryu
Caldari
Universitas Interimo Research
|
Posted - 2010.07.04 02:26:00 -
[33]
I doubt Sidekick John is the author of the modified client, the guy claiming to have written it posted this to SHC and K trying to sell the code for a quick profit. Some of his claims are a bit outlandish but it is possible to inject python as people have been doing so to get an autopilot to zero function without the use of a macro for atleast a year now.
This uberscanner also seems plausible. He's also claiming to be able to inject code to decrease the session change timers down to 5 seconds and who knows what else.
I'm quite frankly sickened by this. 
|
Qolde
Minmatar
art of eve
Gunmen of the Apocalypse
|
Posted - 2010.07.04 02:26:00 -
[34]
The way the scanner seems to work, it seems to make perfect sense. If you run a 360 scan, you see that little network action spinning clock thingy go, but if you change the angle, it perform another network query. So your client knows where everything is from the 360 scan range you just ran, and just shows you an updated list when you change angle, direction, or range. Since there's no way to fix this without adding a crapton more lag, they might as well put it in the game.
Originally by: CCP Wrangler
EVE isn't designed to just look like a cold, dark and harsh world, it's designed to be a cold, dark and harsh world.
|
Sidekick John
|
Posted - 2010.07.04 02:35:00 -
[35]
Edited by: Sidekick John on 04/07/2010 02:37:35
Originally by: Stick Cult
Edited by: Stick Cult on 04/07/2010 02:18:48
simply asks for info from the server, its client side where the limitations on range (or angle, in the d-scan) is taken into account.
Check out the big brain on Stick Cult! Your a smart mother****er that's right, the client is where the limitations are enforced. |
Loki O'Grady
|
Posted - 2010.07.04 02:35:00 -
[36]
For those yet to watch it, the file is a ZIP folder containing a single AVI file. Scans clean using AVG antivirus. File is named "uberscanner" 2min 48sec long.
You see an EVE client with standard overview and d-scanner windows open. Also there are: an "uber scanner - yes it is real (omg)" window, a "console" window, and an "insider" toolbar. System is Perimeter, number of players in system suggests its TQ rather than Sisi.
The uberscanner window is showing the same information as the d-scanner window, along with "distance", "nearest" (presumably nearest warpable object), and "proximity" (presumably of selected item to nearest warpable). Selected items are well away from current grid - the example in the video is a Badger in an asteroid belt 7.8 AU away from the scanning player. Player then warps to that asteroid belt; the context box for the belt has a bunch of GM extra options along with the regular "warp to", "align to" etc choices.
While warping, he quickly runs through the various dropdown menus on the insider toolbar - "Tools" has utilities like Tournament Manager; "Macro" includes Repair Ship and Repair Modules; "Ship" (we see he is in a Caldari shuttle); "Charges"; "Drones"; "Implants" has what looks like every available implant able to be hot-slotted on the fly; and lastly "QA".
A bit more warping back and forth; console window has a tick box for "stealth" - impressive cloak seeing as at one point, he's sitting on top of Jita Gate, and has four objects within 2500m...
Ends with "Haters Gonna Hate" in the console, sadly this does not bring up a picture of a strutting eagle, but rather a confirmation box titled "Proof enough :)" and a quote from Mark Twain about censorship.
Almost certainly a Dev tool that has escaped into the wild, and scary stuff for anyone on the wrong end of it...
|
John Ellsworth
Gallente
|
Posted - 2010.07.04 02:38:00 -
[37]
Edited by: John Ellsworth on 04/07/2010 02:39:14
Originally by: Aldarica
Ok let's assume that's real leaked/stolen and maybe modified (just for the show) EVE client with GM tools. Someone care to explain how it could possibly change anything on server or 'force' the server to immediately provide all those data?
Well it's like a satellite signal .. all the "signal is present in the air" you only need the "proper authorized receiver" to collect that signal decode it and display it to your screen , in this case it's a client rather than a receiver and a sever instead of a satalite....  and OMG did not click 
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.07.04 02:44:00 -
[38]
Originally by: Loki O'Grady
Almost certainly a Dev tool that has escaped into the wild, and scary stuff for anyone on the wrong end of it...
Much more likely code injection.
With the right tools you can browse the pointers, functions etc of almost any piece of code and hook your own classes onto those.
Thus you can trigger hidden methods or overload/intercept them.
Want a doomsday device on your shuttle?
Funny thing is most of the tools that exploit this technique are in somewhat common usage in "end-game" alliances.
You'll notice in patchnotes "Several exploits removed".....
Hopefully that isn't too delayed, hate to think there are people still warping to zero on AP.
|
Stick Cult
Unspoken Autonomy.
|
Posted - 2010.07.04 02:48:00 -
[39]
Originally by: Dr BattleSmith
Originally by: Loki O'Grady
Almost certainly a Dev tool that has escaped into the wild, and scary stuff for anyone on the wrong end of it...
Much more likely code injection.
With the right tools you can browse the pointers, functions etc of almost any piece of code and hook your own classes onto those.
Thus you can trigger hidden methods or overload/intercept them.
Sure. Except he has all the dev tools (in right click and that top 'ribbon' tool with the buttons is a dev tool, seen it in fanfest videos), and I hope, hope a LOT, that CCP doesn't release dev tools in the standard client, even if they are hidden.
Originally by: CCP Tuxford
my bad. Rest assured I'm being ridiculed by my co-workers.
|
Loki O'Grady
|
Posted - 2010.07.04 02:53:00 -
[40]
Originally by: Dr BattleSmith
Originally by: Loki O'Grady
Almost certainly a Dev tool that has escaped into the wild, and scary stuff for anyone on the wrong end of it...
Much more likely code injection.
With the right tools you can browse the pointers, functions etc of almost any piece of code and hook your own classes onto those.
Thus you can trigger hidden methods or overload/intercept them.
Ah, ok, cool - I was going off all the various GM/Dev items I was seeing and thought it was a legit but modified tool..
|
Opus Dai
|
Posted - 2010.07.04 03:03:00 -
[41]
Edited by: Opus Dai on 04/07/2010 03:03:19
Python injection is as common as muck in this game and affects almost every aspect of Eve.
Anyone who trades in goods of limited supply will instantly notice a sudden massive drop in competition following any major patch - presumably because botters programs require a fix or they're waiting to check out the client code for any traps put in to catch them out. A week or two later normal market service resumes and any legitimate trader will find that their orders are -0.01'd with 30 seconds to 60 minutes - yet immeidately after a patch an order can be up for days. This leaves the only option to basically sell to the botters for a 10% loss, who will then relist your goods for their profit knowing full-well you can't consistently compete against them as to do so would be a full time job.
CCP knows this and isn't going to do anything about it soon - botters are everywhere, doing almost every aspect of the game.
That said, I think the video in the op is a GM Tool and is useless to the average player without the GM account flag.
|
Josefius
Gallente
JOKAS Industries
Apocalypse Now.
|
Posted - 2010.07.04 03:17:00 -
[42]
Originally by: Opus Dai
Edited by: Opus Dai on 04/07/2010 03:03:19
Python injection is as common as muck in this game and affects almost every aspect of Eve.
Anyone who trades in goods of limited supply will instantly notice a sudden massive drop in competition following any major patch - presumably because botters programs require a fix or they're waiting to check out the client code for any traps put in to catch them out. A week or two later normal market service resumes and any legitimate trader will find that their orders are -0.01'd with 30 seconds to 60 minutes - yet immeidately after a patch an order can be up for days. This leaves the only option to basically sell to the botters for a 10% loss, who will then relist your goods for their profit knowing full-well you can't consistently compete against them as to do so would be a full time job.
CCP knows this and isn't going to do anything about it soon - botters are everywhere, doing almost every aspect of the game.
That said, I think the video in the op is a GM Tool and is useless to the average player without the GM account flag.
I always wondered how people could re-list an item immediately after I buy it, with 1 item being offered.
|
Lady Karma
|
Posted - 2010.07.04 03:20:00 -
[43]
Originally by: Opus Dai
Edited by: Opus Dai on 04/07/2010 03:03:19
Python injection is as common as muck in this game and affects almost every aspect of Eve.
Anyone who trades in goods of limited supply will instantly notice a sudden massive drop in competition following any major patch - presumably because botters programs require a fix or they're waiting to check out the client code for any traps put in to catch them out. A week or two later normal market service resumes and any legitimate trader will find that their orders are -0.01'd with 30 seconds to 60 minutes - yet immeidately after a patch an order can be up for days. This leaves the only option to basically sell to the botters for a 10% loss, who will then relist your goods for their profit knowing full-well you can't consistently compete against them as to do so would be a full time job.
CCP knows this and isn't going to do anything about it soon - botters are everywhere, doing almost every aspect of the game.
That said, I think the video in the op is a GM Tool and is useless to the average player without the GM account flag.
It will be far easier for CCP to lock this thread for discussing exploits, than to address any of the issues raised.
Welcome to WOB, world of botters
|
Daisuke Aoki
Gallente
Independent Coalition
Honourable Templum of Alcedonia
|
Posted - 2010.07.04 03:22:00 -
[44]
I hope there's a response beyond just a lock by CCP to this, some kind of explanation at least.
Also, screenshot from 0:29 of that video...probably means someone somehow got their hands on a GM client rather than doing any kind of omgl33t Python injection.
|
Captain Vampire
Caldari
No.Mercy
|
Posted - 2010.07.04 03:26:00 -
[45]
Originally by: Daisuke Aoki
Also, screenshot from 0:29 of that video...probably means someone somehow got their hands on a GM client rather than doing any kind of omgl33t Python injection.
Sure, because there is no way that the EVE client could just be borked right? |
Daisuke Aoki
Gallente
Independent Coalition
Honourable Templum of Alcedonia
|
Posted - 2010.07.04 03:28:00 -
[46]
Well, I suppose it's possible some moron is trying to make himself look like he has insider stuff or whatever, so it could have been made to just look like that. Who knows, Python is stupidly easy.
|
Lady Karma
|
Posted - 2010.07.04 03:36:00 -
[47]
Originally by: Daisuke Aoki
I hope there's a response beyond just a lock by CCP to this, some kind of explanation at least.
Also, screenshot from 0:29 of that video...probably means someone somehow got their hands on a GM client rather than doing any kind of omgl33t Python injection.
The drop down menus are created dynamically based on the methods available. So if someone managed to have access to all of them, you might see a similar menu to a GM client.
|
Felix Esperium
Lysergic Distortions Research and Development
|
Posted - 2010.07.04 03:41:00 -
[48]
*wanders off to learn python*
|
Serpents smile
|
Posted - 2010.07.04 03:47:00 -
[49]
Well, this is not nice. Jeebus christ. 
|
AdmiralJohn
The Unknown Bar and Pub
|
Posted - 2010.07.04 03:49:00 -
[50]
It's amazing the lengths people will go to just to get ahead in an online game.
/me wishes that talent was used on useful things.
|
Genya Arikaido
|
Posted - 2010.07.04 03:55:00 -
[51]
Edited by: Genya Arikaido on 04/07/2010 03:56:08
Being ever dubious, but cautious, I did some poking around...and found the original curious coder who found and explain his methods on his site, for anyone at all to read.
Let's just say this video is very likely to be real, as the method would work. I've tested it with another Python-based program, and it does exactly as advertised, exposes every client function to the user.
To be clear, I COULD, do the following in EVE, should it be used:
find out precisely where anyone in EVE is at, find out their skill info, their ISK, spawn ships, items, ISK, teleport, teleport others, Instakill anyone, add any amount of SP to themselves or anyone, fly Jovian Battleships, change the session timer for themselves, warp to zero on autopilot, buy everyone's stuff for 0.01 isk, Delete stuff in your hangars, delete your corp, alliance, characters.... the list is as long as your imagination.
Obviously some things are going to be ridiculously obvious. I'm certain ISK and SP stuff is logged, else certain petition results would be impossible. However, it's the passive informational side that carries the worst implications. This uber scanner as posted here is entirely possible, and very easy to do...and leaves NO trace of use on the server, its logs, or anything else. session timers, might. warping to 0 on autopilot probably wouldn't either, as I don't think you need to ask the server permission to turn AP on or off (as the button is always instant).
CCP, I don't know what to tell you. Watchdog programs are the usual solution, but then you have privacy activists banging on your door. Some of the data that can be exploited is needed for normal client function, and cannot be restricted to normal users.
I'm filling in a bug report, and detailed explanation now, CCP...this is beyond critical.
Originally by: CCP Tuxford
my bad.
Rest assured I'm being ridiculed by my co-workers.
|
Isis Soryu
Caldari
Universitas Interimo Research
|
Posted - 2010.07.04 04:08:00 -
[52]
Originally by: Genya Arikaido
Edited by: Genya Arikaido on 04/07/2010 03:56:08
Being ever dubious, but cautious, I did some poking around...and found the original curious coder who found and explain his methods on his site, for anyone at all to read.
Let's just say this video is very likely to be real, as the method would work. I've tested it with another Python-based program, and it does exactly as advertised, exposes every client function to the user.
To be clear, I COULD, do the following in EVE, should it be used:
find out precisely where anyone in EVE is at, find out their skill info, their ISK, spawn ships, items, ISK, teleport, teleport others, Instakill anyone, add any amount of SP to themselves or anyone, fly Jovian Battleships, change the session timer for themselves, warp to zero on autopilot, buy everyone's stuff for 0.01 isk, Delete stuff in your hangars, delete your corp, alliance, characters.... the list is as long as your imagination.
Obviously some things are going to be ridiculously obvious. I'm certain ISK and SP stuff is logged, else certain petition results would be impossible. However, it's the passive informational side that carries the worst implications. This uber scanner as posted here is entirely possible, and very easy to do...and leaves NO trace of use on the server, its logs, or anything else. session timers, might. warping to 0 on autopilot probably wouldn't either, as I don't think you need to ask the server permission to turn AP on or off (as the button is always instant).
CCP, I don't know what to tell you. Watchdog programs are the usual solution, but then you have privacy activists banging on your door. Some of the data that can be exploited is needed for normal client function, and cannot be restricted to normal users.
I'm filling in a bug report, and detailed explanation now, CCP...this is beyond critical.
I really don't see CCP doing anything other than locking/deleting this thread and censoring every mention of this from the eve-o site. Sad really.
|
Widemouth Deepthroat
|
Posted - 2010.07.04 04:09:00 -
[53]
it is obviously a dev/gm client
|
Genya Arikaido
|
Posted - 2010.07.04 04:10:00 -
[54]
Originally by: Widemouth Deepthroat
it is obviously a dev/gm client
Which is all too easily created from the normal client...as all of the UI widgets and functions are there, simply disabled for normal clients.
Originally by: CCP Tuxford
my bad.
Rest assured I'm being ridiculed by my co-workers.
|
Lady Karma
|
Posted - 2010.07.04 04:16:00 -
[55]
Originally by: Widemouth Deepthroat
it is obviously a dev/gm client
So by your logic its obviously a GM/DEV trolling us? Recording this footage, and adding jokes to the titles and info boxes.
Yes obvious.
|
Felix Esperium
Lysergic Distortions Research and Development
|
Posted - 2010.07.04 04:17:00 -
[56]
Originally by: Lady Karma
So by your logic its obviously a GM/DEV trolling us? Recording this footage, and adding jokes to the titles and info boxes.
Yes obvious.
Glad we got that settled.
|
Tinneus Nor
|
Posted - 2010.07.04 04:21:00 -
[57]
Client side hacks are bad, but it's unlikely that they would allow an unauthenticated client to send GM/bug-hunter requests no matter how hacked, so it would be limited to eye candy (ooh look at all the shiny buttons I can't press!) or "UI amplification", e.g. uber-scanners, macros etc.
|
Lady Karma
|
Posted - 2010.07.04 04:25:00 -
[58]
Originally by: Felix Esperium
Glad we got that settled.
They do like to troll the subscribers quite often. With things like, check out this great new expansion, we are deploying a fix to the lag problem and our logs show nothing.
CCP inside troll seems quite likely.
|
ghost st
|
Posted - 2010.07.04 04:33:00 -
[59]
Ive known macrominers have been an issue in the game for some time, and issue which CCP has turned a blind eye to, not talking about rmt macrominers, just asshat players running macroes.
But if the macro problem is getting this bad, CCP need to come down hard and fast on macroes. They can no longer afford to turn a blind eye to the issue. If they continue to ignore macroes, and **** like this keeps popping up. I may actually quit.
|
Opus Dai
|
Posted - 2010.07.04 04:36:00 -
[60]
Originally by: Tinneus Nor
Client side hacks are bad, but it's unlikely that they would allow an unauthenticated client to send GM/bug-hunter requests no matter how hacked, so it would be limited to eye candy (ooh look at all the shiny buttons I can't press!) or "UI amplification", e.g. uber-scanners, macros etc.
Not really. Personally I think the video is a GM modified client, but this doesn't invalidate the fundamental point that a percentage of the PCU are macro bots, working away generating ISK in a myriad of ways. Afterall, it's easy to do and doesn't cost anything. While the accounts of course need to be activated they are run for free using CCPs amazing GTC for ISK system. This means that the people who spend their wages on GTCs to sell on the market for ISK are paying for these accounts, in return for some of the profits(ISK).
While CCP do the occassional bot raid every now and then to raise confidence anyone who takes the time to check out a few belts will see that it doesn't really dent the underlying problem. The only course available to the player is to petition suspects, this of course quickly grows dull - partly because you have no idea on whether anything was done as CCP policy specifically prohibits you being told, consequently the few that bother soon give up.
Python injection hacks have been around since shortly after beta and they've steadily become more sophisticated. I've no idea what the punishment given is now, but back in 2004/5 a python injection hack to claim 0 isk escrows would net you a 2 week ban - yes that's right, you get caught specifically cheating with a client modification then CCP would ban you for only 2 weeks.
With little incentive or ability to punish players who cheat, more and more choose to turn to these hacks themselves - not to get ahead, but to play on the same level playing field. It's not hard to find them and there are plenty of online translators to read the instructions.
The scale of the problem is tragically misunderstood by many.
|
| |
|
| Pages: 1 [2] 3 4 :: one page |
| First page | Previous page | Next page | Last page |