| Pages: 1 2 3 4 :: [one page] |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Sidekick John
   |
Posted - 2010.07.04 00:09:00 -
[1]
dl.eve-files.com/media/1007/uberscanner.zip
Maybe a rewrite of the database queries are in order CCP? While working on that, since your working on the client, could you listen to your community maybe and revamp the UI aswell? That would be something special. |
Tameris Khan
|
Posted - 2010.07.04 00:13:00 -
[2]
This looks legit
|
Lt Angus
Caldari
the united
Negative Ten.
|
Posted - 2010.07.04 00:16:00 -
[3]
gimmi your email and ill just mail you my account details
please resize your signature to the maximum allowed file size of 24000 bytes. Navigator
Shhhh, Im hunting Badgers |
RedLion
Caldari
State Constructions
|
Posted - 2010.07.04 00:16:00 -
[4]
what is this?
- - - - - - - - - - - - - - - - - - - - - - -
The Gallenteans must be destroyed
- - - - - - - - - - - - - - - - - - - - - - - |
Jada Maroo
|
Posted - 2010.07.04 00:30:00 -
[5]
Could be real but I don't know enough about the Eve client to tell for certain. Convincingly scary at least.
Hopefully it gives CCP a kick in the butt to get us some fixes.
|
Grarr Dexx
Amarr
GK inc.
|
Posted - 2010.07.04 00:37:00 -
[6]
Welcome to the wonderful world of python injection. Other side effects include warp-to-zero autopilot, contract dumps and shortening session change timer. I urge as many people as possible to open petitions so CCP knows they have something to fix.
|
Captain Vampire
Caldari
No.Mercy
|
Posted - 2010.07.04 00:40:00 -
[7]
 Originally by: Grarr Dexx
I urge as many people as possible to open petitions so CCP knows they have something to fix.
The queue is already backed up to no end so please do not such thing. This thread should generate enough awareness.
|
Grarr Dexx
Amarr
GK inc.
|
Posted - 2010.07.04 00:41:00 -
[8]
Nobody besides Zymurgist actually would read this thread  They won't give a **** until you ram it up their ass so deep it comes out their mouth.
|
Last Tardfighter
|
Posted - 2010.07.04 00:42:00 -
[9]
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
|
Pr1ncess Alia
|
Posted - 2010.07.04 00:43:00 -
[10]
Edited by: Pr1ncess Alia on 04/07/2010 00:45:19
in before "PL HAXOR CHEATING!!!!!"
edit: doesn't appear to have anything malicious
--
A game that is significantly nonlinear is sometimes described as being open-ended or a sandbox, and is characterized by there being no "right way" of playing the game. |
|
|
Blane Xero
Amarr
The Firestorm Cartel
|
Posted - 2010.07.04 00:44:00 -
[11]
Originally by: Last Tardfighter
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
The Link is broken, but it's easy to fix. I aint doing it for you because i'm suspicious of it being safe.
_____________________________________
Haruhiist since December 2008
Originally by: CCP Fallout
Been there. Done that. Need antibiotics.
|
Captain Tavius
Picon Fleet
New Eden Research.
|
Posted - 2010.07.04 00:48:00 -
[12]
Originally by: Blane Xero
Originally by: Last Tardfighter
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
The Link is broken, but it's easy to fix. I aint doing it for you because i'm suspicious of it being safe.
Indeed, I'd be wary of something that safe too.
Just look at fruit! Perfectly safe to eat, but the Daily Mail insists it gives you cancer.
|
Sidekick John
|
Posted - 2010.07.04 00:48:00 -
[13]
Edited by: Sidekick John on 04/07/2010 00:51:21
http://dl.eve-files.com/media/1007/uberscanner.zip
Perfectly clean and safe.
I am not here to infect your precious PC nor to steal your accounts. Awareness must be raised for issues that CCP has decided to casually overlook. But please, go ahead, take all precaution you deem nessecary. |
Vexidious
|
Posted - 2010.07.04 00:51:00 -
[14]
For those scared of dangerous ZIP and AVI files(OMG!), the video is fairly convincing evidence of a modified EvE client that includes a tool that allows perfect and instant scanning of all objects in a system.
|
Jojo Yohan
Gallente
New Eden Regimental Navy
Rebel Alliance of New Eden
|
Posted - 2010.07.04 01:06:00 -
[15]
If you are concerned look at the Archive Preview on the right side of the eve-files page. It only contains an AVI file. Nice video, would be nice to hear some GM input.
|
Pajama Sam
The Tuskers
The Tusker Bastards
|
Posted - 2010.07.04 01:11:00 -
[16]
Edited by: Pajama Sam on 04/07/2010 01:12:39
uh oh
/starts warming up the popcorn machine
|
Blane Xero
Amarr
The Firestorm Cartel
|
Posted - 2010.07.04 01:13:00 -
[17]
AVI files can be infected, but none the less, how are we to know this isn't some (possibly soon to be fired GM) which has decided to throw the forums into outrage?
rabblerabblerabble tinfoil hat rabblerabblerabble tinfoil hat rabblerabblerabble
Etc.
_____________________________________
Haruhiist since December 2008
Originally by: CCP Fallout
Been there. Done that. Need antibiotics.
|
Amarr Supremacist
|
Posted - 2010.07.04 01:16:00 -
[18]
CCP will sweep this under the rug because it's too hard to fix. Calling it now.
Originally by: Blane Xero
AVI files can be infected, but none the less, how are we to know this isn't some (possibly soon to be fired GM) which has decided to throw the forums into outrage?
rabblerabblerabble tinfoil hat rabblerabblerabble tinfoil hat rabblerabblerabble
Etc.
You're stupid.
____________
HYDRA Reloaded - 2nd place at Alliance Tournament 8
EVE-Arena is awesome!
|
RutilusUnus
|
Posted - 2010.07.04 01:18:00 -
[19]
The .zip is clean so relax. If this is real, which it does look like it is, then CCP needs to do something about this. It looked like the person had something for macroing, plugging in implants and finding people without having to scan...
I do hope this is fake though.
|
Sidekick John
|
Posted - 2010.07.04 01:19:00 -
[20]
Edited by: Sidekick John on 04/07/2010 01:21:36
Originally by: Blane Xero
but none the less, how are we to know this isn't some (possibly soon to be fired GM) which has decided to throw the forums into outrage?
The same was said about the recent Monkeysphere upset, which was patched not a week later. This is real and must be addressed. Strike that, the entire overall state of the EVE client must be addressed not just this particular problem. |
|
|
Blane Xero
Amarr
The Firestorm Cartel
|
Posted - 2010.07.04 01:21:00 -
[21]
Edited by: Blane Xero on 04/07/2010 01:21:27
Originally by: Amarr Supremacist
CCP will sweep this under the rug because it's too hard to fix. Calling it now.
Originally by: Blane Xero
AVI files can be infected, but none the less, how are we to know this isn't some (possibly soon to be fired GM) which has decided to throw the forums into outrage?
rabblerabblerabble tinfoil hat rabblerabblerabble tinfoil hat rabblerabblerabble
Etc.
You're stupid.
Apparently you're a Hypocrite, as you didn't quite get the hint.
there's a difference between trolling and being stupid
_____________________________________
Haruhiist since December 2008
Originally by: CCP Fallout
Been there. Done that. Need antibiotics.
|
JennyD
|
Posted - 2010.07.04 01:21:00 -
[22]
hmm does it let u not be seen in local ?
|
Hainnz
Imperial Academy
|
Posted - 2010.07.04 01:32:00 -
[23]
Cute. |
Denton Farrow
Quam Singulari
Cult of War
|
Posted - 2010.07.04 01:33:00 -
[24]
Wow this is the biggest game breaker i've ever seen in Eve.
If it's not just a video of a GM client then it needs to be fixed like lastweek, drop everything and make sure this client cannot work anymore because if it becomes widespread it will seriously damage Eve.
|
Aliea Konovalev
Amarr
|
Posted - 2010.07.04 01:36:00 -
[25]
yeah it looks more like a gm/dev client, but who knows for sure.
|
Sidekick John
|
Posted - 2010.07.04 01:46:00 -
[26]
Edited by: Sidekick John on 04/07/2010 01:51:46
Originally by: Aliea Konovalev
yeah it looks more like a gm/dev client, but who knows for sure.
As Grarr Dexx correctly noted this is custom injected Python code.
The recent Alliance Tournament VIII actually shows the GM options quite a few times, you might be interested in comparing both those windows and the ones found in this video.
Also, why would CCP developers name their improved scanner "Uber Scanner - Yes It Is Real (OMG)"?
|
Herzog Wolfhammer
Gallente
Aliastra
|
Posted - 2010.07.04 01:51:00 -
[27]
You can get the source code for the EvE client - and even the server too if you want to pull a Keanu Reeves and have your own private Idaho.
But all "rules" are kept on the server, as is the case on most MMOs. Anything that is not is open to hax. This is one of the challenges to MMO architecture. This is also why there is so much lag, but in a distributed computing model, it would only take one punk finding out a way to go into "God Mode" and wreck the game for everybody.
And this game especially, because of the way it is advertised, it attracts that kind of people who would do that sort of thing (when buying ISK is not enough).
|
Felix Esperium
Lysergic Distortions Research and Development
|
Posted - 2010.07.04 01:53:00 -
[28]
Originally by: Sidekick John
custom injected Python code.
How would ccp go about stopping this?
|
Bryg Philomena
Don't Taze Me Bro
|
Posted - 2010.07.04 02:00:00 -
[29]
-snip.
Discussing exploits. =P
Originally by: CCP Wrangler
Am I reading this correctly? You claim you have a bug that undresses female avatars???
Your signature |
Kephael
Caldari
SERENDIPITY INC
R-I-P
|
Posted - 2010.07.04 02:06:00 -
[30]
I was told by a bug hunter they had the same tools and the scanner was named the same thing.
__________________________________________
|
|
|
Aldarica
Spinal Discipline
|
Posted - 2010.07.04 02:16:00 -
[31]
Ok let's assume that's real leaked/stolen and maybe modified (just for the show) EVE client with GM tools. Someone care to explain how it could possibly change anything on server or 'force' the server to immediately provide all those data?
|
Stick Cult
Unspoken Autonomy.
|
Posted - 2010.07.04 02:19:00 -
[32]
Edited by: Stick Cult on 04/07/2010 02:18:48
Originally by: Aldarica
Ok let's assume that's real leaked/stolen and maybe modified (just for the show) EVE client with GM tools. Someone care to explain how it could possibly change anything on server or 'force' the server to immediately provide all those data?
Well, let's assume this is real, someone injected USEFUL python code into eve for once. The "uber-scanner" simply asks for info from the server, its client side where the limitations on range (or angle, in the d-scan) is taken into account.
ninja-edit: enjoy your ban, bro
Originally by: CCP Tuxford
my bad. Rest assured I'm being ridiculed by my co-workers.
|
Isis Soryu
Caldari
Universitas Interimo Research
|
Posted - 2010.07.04 02:26:00 -
[33]
I doubt Sidekick John is the author of the modified client, the guy claiming to have written it posted this to SHC and K trying to sell the code for a quick profit. Some of his claims are a bit outlandish but it is possible to inject python as people have been doing so to get an autopilot to zero function without the use of a macro for atleast a year now.
This uberscanner also seems plausible. He's also claiming to be able to inject code to decrease the session change timers down to 5 seconds and who knows what else.
I'm quite frankly sickened by this. 
|
Qolde
Minmatar
art of eve
Gunmen of the Apocalypse
|
Posted - 2010.07.04 02:26:00 -
[34]
The way the scanner seems to work, it seems to make perfect sense. If you run a 360 scan, you see that little network action spinning clock thingy go, but if you change the angle, it perform another network query. So your client knows where everything is from the 360 scan range you just ran, and just shows you an updated list when you change angle, direction, or range. Since there's no way to fix this without adding a crapton more lag, they might as well put it in the game.
Originally by: CCP Wrangler
EVE isn't designed to just look like a cold, dark and harsh world, it's designed to be a cold, dark and harsh world.
|
Sidekick John
|
Posted - 2010.07.04 02:35:00 -
[35]
Edited by: Sidekick John on 04/07/2010 02:37:35
Originally by: Stick Cult
Edited by: Stick Cult on 04/07/2010 02:18:48
simply asks for info from the server, its client side where the limitations on range (or angle, in the d-scan) is taken into account.
Check out the big brain on Stick Cult! Your a smart mother****er that's right, the client is where the limitations are enforced. |
Loki O'Grady
|
Posted - 2010.07.04 02:35:00 -
[36]
For those yet to watch it, the file is a ZIP folder containing a single AVI file. Scans clean using AVG antivirus. File is named "uberscanner" 2min 48sec long.
You see an EVE client with standard overview and d-scanner windows open. Also there are: an "uber scanner - yes it is real (omg)" window, a "console" window, and an "insider" toolbar. System is Perimeter, number of players in system suggests its TQ rather than Sisi.
The uberscanner window is showing the same information as the d-scanner window, along with "distance", "nearest" (presumably nearest warpable object), and "proximity" (presumably of selected item to nearest warpable). Selected items are well away from current grid - the example in the video is a Badger in an asteroid belt 7.8 AU away from the scanning player. Player then warps to that asteroid belt; the context box for the belt has a bunch of GM extra options along with the regular "warp to", "align to" etc choices.
While warping, he quickly runs through the various dropdown menus on the insider toolbar - "Tools" has utilities like Tournament Manager; "Macro" includes Repair Ship and Repair Modules; "Ship" (we see he is in a Caldari shuttle); "Charges"; "Drones"; "Implants" has what looks like every available implant able to be hot-slotted on the fly; and lastly "QA".
A bit more warping back and forth; console window has a tick box for "stealth" - impressive cloak seeing as at one point, he's sitting on top of Jita Gate, and has four objects within 2500m...
Ends with "Haters Gonna Hate" in the console, sadly this does not bring up a picture of a strutting eagle, but rather a confirmation box titled "Proof enough :)" and a quote from Mark Twain about censorship.
Almost certainly a Dev tool that has escaped into the wild, and scary stuff for anyone on the wrong end of it...
|
John Ellsworth
Gallente
|
Posted - 2010.07.04 02:38:00 -
[37]
Edited by: John Ellsworth on 04/07/2010 02:39:14
Originally by: Aldarica
Ok let's assume that's real leaked/stolen and maybe modified (just for the show) EVE client with GM tools. Someone care to explain how it could possibly change anything on server or 'force' the server to immediately provide all those data?
Well it's like a satellite signal .. all the "signal is present in the air" you only need the "proper authorized receiver" to collect that signal decode it and display it to your screen , in this case it's a client rather than a receiver and a sever instead of a satalite....  and OMG did not click 
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.07.04 02:44:00 -
[38]
Originally by: Loki O'Grady
Almost certainly a Dev tool that has escaped into the wild, and scary stuff for anyone on the wrong end of it...
Much more likely code injection.
With the right tools you can browse the pointers, functions etc of almost any piece of code and hook your own classes onto those.
Thus you can trigger hidden methods or overload/intercept them.
Want a doomsday device on your shuttle?
Funny thing is most of the tools that exploit this technique are in somewhat common usage in "end-game" alliances.
You'll notice in patchnotes "Several exploits removed".....
Hopefully that isn't too delayed, hate to think there are people still warping to zero on AP.
|
Stick Cult
Unspoken Autonomy.
|
Posted - 2010.07.04 02:48:00 -
[39]
Originally by: Dr BattleSmith
Originally by: Loki O'Grady
Almost certainly a Dev tool that has escaped into the wild, and scary stuff for anyone on the wrong end of it...
Much more likely code injection.
With the right tools you can browse the pointers, functions etc of almost any piece of code and hook your own classes onto those.
Thus you can trigger hidden methods or overload/intercept them.
Sure. Except he has all the dev tools (in right click and that top 'ribbon' tool with the buttons is a dev tool, seen it in fanfest videos), and I hope, hope a LOT, that CCP doesn't release dev tools in the standard client, even if they are hidden.
Originally by: CCP Tuxford
my bad. Rest assured I'm being ridiculed by my co-workers.
|
Loki O'Grady
|
Posted - 2010.07.04 02:53:00 -
[40]
Originally by: Dr BattleSmith
Originally by: Loki O'Grady
Almost certainly a Dev tool that has escaped into the wild, and scary stuff for anyone on the wrong end of it...
Much more likely code injection.
With the right tools you can browse the pointers, functions etc of almost any piece of code and hook your own classes onto those.
Thus you can trigger hidden methods or overload/intercept them.
Ah, ok, cool - I was going off all the various GM/Dev items I was seeing and thought it was a legit but modified tool..
|
|
|
Opus Dai
|
Posted - 2010.07.04 03:03:00 -
[41]
Edited by: Opus Dai on 04/07/2010 03:03:19
Python injection is as common as muck in this game and affects almost every aspect of Eve.
Anyone who trades in goods of limited supply will instantly notice a sudden massive drop in competition following any major patch - presumably because botters programs require a fix or they're waiting to check out the client code for any traps put in to catch them out. A week or two later normal market service resumes and any legitimate trader will find that their orders are -0.01'd with 30 seconds to 60 minutes - yet immeidately after a patch an order can be up for days. This leaves the only option to basically sell to the botters for a 10% loss, who will then relist your goods for their profit knowing full-well you can't consistently compete against them as to do so would be a full time job.
CCP knows this and isn't going to do anything about it soon - botters are everywhere, doing almost every aspect of the game.
That said, I think the video in the op is a GM Tool and is useless to the average player without the GM account flag.
|
Josefius
Gallente
JOKAS Industries
Apocalypse Now.
|
Posted - 2010.07.04 03:17:00 -
[42]
Originally by: Opus Dai
Edited by: Opus Dai on 04/07/2010 03:03:19
Python injection is as common as muck in this game and affects almost every aspect of Eve.
Anyone who trades in goods of limited supply will instantly notice a sudden massive drop in competition following any major patch - presumably because botters programs require a fix or they're waiting to check out the client code for any traps put in to catch them out. A week or two later normal market service resumes and any legitimate trader will find that their orders are -0.01'd with 30 seconds to 60 minutes - yet immeidately after a patch an order can be up for days. This leaves the only option to basically sell to the botters for a 10% loss, who will then relist your goods for their profit knowing full-well you can't consistently compete against them as to do so would be a full time job.
CCP knows this and isn't going to do anything about it soon - botters are everywhere, doing almost every aspect of the game.
That said, I think the video in the op is a GM Tool and is useless to the average player without the GM account flag.
I always wondered how people could re-list an item immediately after I buy it, with 1 item being offered.
|
Lady Karma
|
Posted - 2010.07.04 03:20:00 -
[43]
Originally by: Opus Dai
Edited by: Opus Dai on 04/07/2010 03:03:19
Python injection is as common as muck in this game and affects almost every aspect of Eve.
Anyone who trades in goods of limited supply will instantly notice a sudden massive drop in competition following any major patch - presumably because botters programs require a fix or they're waiting to check out the client code for any traps put in to catch them out. A week or two later normal market service resumes and any legitimate trader will find that their orders are -0.01'd with 30 seconds to 60 minutes - yet immeidately after a patch an order can be up for days. This leaves the only option to basically sell to the botters for a 10% loss, who will then relist your goods for their profit knowing full-well you can't consistently compete against them as to do so would be a full time job.
CCP knows this and isn't going to do anything about it soon - botters are everywhere, doing almost every aspect of the game.
That said, I think the video in the op is a GM Tool and is useless to the average player without the GM account flag.
It will be far easier for CCP to lock this thread for discussing exploits, than to address any of the issues raised.
Welcome to WOB, world of botters
|
Daisuke Aoki
Gallente
Independent Coalition
Honourable Templum of Alcedonia
|
Posted - 2010.07.04 03:22:00 -
[44]
I hope there's a response beyond just a lock by CCP to this, some kind of explanation at least.
Also, screenshot from 0:29 of that video...probably means someone somehow got their hands on a GM client rather than doing any kind of omgl33t Python injection.
|
Captain Vampire
Caldari
No.Mercy
|
Posted - 2010.07.04 03:26:00 -
[45]
Originally by: Daisuke Aoki
Also, screenshot from 0:29 of that video...probably means someone somehow got their hands on a GM client rather than doing any kind of omgl33t Python injection.
Sure, because there is no way that the EVE client could just be borked right? |
Daisuke Aoki
Gallente
Independent Coalition
Honourable Templum of Alcedonia
|
Posted - 2010.07.04 03:28:00 -
[46]
Well, I suppose it's possible some moron is trying to make himself look like he has insider stuff or whatever, so it could have been made to just look like that. Who knows, Python is stupidly easy.
|
Lady Karma
|
Posted - 2010.07.04 03:36:00 -
[47]
Originally by: Daisuke Aoki
I hope there's a response beyond just a lock by CCP to this, some kind of explanation at least.
Also, screenshot from 0:29 of that video...probably means someone somehow got their hands on a GM client rather than doing any kind of omgl33t Python injection.
The drop down menus are created dynamically based on the methods available. So if someone managed to have access to all of them, you might see a similar menu to a GM client.
|
Felix Esperium
Lysergic Distortions Research and Development
|
Posted - 2010.07.04 03:41:00 -
[48]
*wanders off to learn python*
|
Serpents smile
|
Posted - 2010.07.04 03:47:00 -
[49]
Well, this is not nice. Jeebus christ. 
|
AdmiralJohn
The Unknown Bar and Pub
|
Posted - 2010.07.04 03:49:00 -
[50]
It's amazing the lengths people will go to just to get ahead in an online game.
/me wishes that talent was used on useful things.
|
|
|
Genya Arikaido
|
Posted - 2010.07.04 03:55:00 -
[51]
Edited by: Genya Arikaido on 04/07/2010 03:56:08
Being ever dubious, but cautious, I did some poking around...and found the original curious coder who found and explain his methods on his site, for anyone at all to read.
Let's just say this video is very likely to be real, as the method would work. I've tested it with another Python-based program, and it does exactly as advertised, exposes every client function to the user.
To be clear, I COULD, do the following in EVE, should it be used:
find out precisely where anyone in EVE is at, find out their skill info, their ISK, spawn ships, items, ISK, teleport, teleport others, Instakill anyone, add any amount of SP to themselves or anyone, fly Jovian Battleships, change the session timer for themselves, warp to zero on autopilot, buy everyone's stuff for 0.01 isk, Delete stuff in your hangars, delete your corp, alliance, characters.... the list is as long as your imagination.
Obviously some things are going to be ridiculously obvious. I'm certain ISK and SP stuff is logged, else certain petition results would be impossible. However, it's the passive informational side that carries the worst implications. This uber scanner as posted here is entirely possible, and very easy to do...and leaves NO trace of use on the server, its logs, or anything else. session timers, might. warping to 0 on autopilot probably wouldn't either, as I don't think you need to ask the server permission to turn AP on or off (as the button is always instant).
CCP, I don't know what to tell you. Watchdog programs are the usual solution, but then you have privacy activists banging on your door. Some of the data that can be exploited is needed for normal client function, and cannot be restricted to normal users.
I'm filling in a bug report, and detailed explanation now, CCP...this is beyond critical.
Originally by: CCP Tuxford
my bad.
Rest assured I'm being ridiculed by my co-workers.
|
Isis Soryu
Caldari
Universitas Interimo Research
|
Posted - 2010.07.04 04:08:00 -
[52]
Originally by: Genya Arikaido
Edited by: Genya Arikaido on 04/07/2010 03:56:08
Being ever dubious, but cautious, I did some poking around...and found the original curious coder who found and explain his methods on his site, for anyone at all to read.
Let's just say this video is very likely to be real, as the method would work. I've tested it with another Python-based program, and it does exactly as advertised, exposes every client function to the user.
To be clear, I COULD, do the following in EVE, should it be used:
find out precisely where anyone in EVE is at, find out their skill info, their ISK, spawn ships, items, ISK, teleport, teleport others, Instakill anyone, add any amount of SP to themselves or anyone, fly Jovian Battleships, change the session timer for themselves, warp to zero on autopilot, buy everyone's stuff for 0.01 isk, Delete stuff in your hangars, delete your corp, alliance, characters.... the list is as long as your imagination.
Obviously some things are going to be ridiculously obvious. I'm certain ISK and SP stuff is logged, else certain petition results would be impossible. However, it's the passive informational side that carries the worst implications. This uber scanner as posted here is entirely possible, and very easy to do...and leaves NO trace of use on the server, its logs, or anything else. session timers, might. warping to 0 on autopilot probably wouldn't either, as I don't think you need to ask the server permission to turn AP on or off (as the button is always instant).
CCP, I don't know what to tell you. Watchdog programs are the usual solution, but then you have privacy activists banging on your door. Some of the data that can be exploited is needed for normal client function, and cannot be restricted to normal users.
I'm filling in a bug report, and detailed explanation now, CCP...this is beyond critical.
I really don't see CCP doing anything other than locking/deleting this thread and censoring every mention of this from the eve-o site. Sad really.
|
Widemouth Deepthroat
|
Posted - 2010.07.04 04:09:00 -
[53]
it is obviously a dev/gm client
|
Genya Arikaido
|
Posted - 2010.07.04 04:10:00 -
[54]
Originally by: Widemouth Deepthroat
it is obviously a dev/gm client
Which is all too easily created from the normal client...as all of the UI widgets and functions are there, simply disabled for normal clients.
Originally by: CCP Tuxford
my bad.
Rest assured I'm being ridiculed by my co-workers.
|
Lady Karma
|
Posted - 2010.07.04 04:16:00 -
[55]
Originally by: Widemouth Deepthroat
it is obviously a dev/gm client
So by your logic its obviously a GM/DEV trolling us? Recording this footage, and adding jokes to the titles and info boxes.
Yes obvious.
|
Felix Esperium
Lysergic Distortions Research and Development
|
Posted - 2010.07.04 04:17:00 -
[56]
Originally by: Lady Karma
So by your logic its obviously a GM/DEV trolling us? Recording this footage, and adding jokes to the titles and info boxes.
Yes obvious.
Glad we got that settled.
|
Tinneus Nor
|
Posted - 2010.07.04 04:21:00 -
[57]
Client side hacks are bad, but it's unlikely that they would allow an unauthenticated client to send GM/bug-hunter requests no matter how hacked, so it would be limited to eye candy (ooh look at all the shiny buttons I can't press!) or "UI amplification", e.g. uber-scanners, macros etc.
|
Lady Karma
|
Posted - 2010.07.04 04:25:00 -
[58]
Originally by: Felix Esperium
Glad we got that settled.
They do like to troll the subscribers quite often. With things like, check out this great new expansion, we are deploying a fix to the lag problem and our logs show nothing.
CCP inside troll seems quite likely.
|
ghost st
|
Posted - 2010.07.04 04:33:00 -
[59]
Ive known macrominers have been an issue in the game for some time, and issue which CCP has turned a blind eye to, not talking about rmt macrominers, just asshat players running macroes.
But if the macro problem is getting this bad, CCP need to come down hard and fast on macroes. They can no longer afford to turn a blind eye to the issue. If they continue to ignore macroes, and **** like this keeps popping up. I may actually quit.
|
Opus Dai
|
Posted - 2010.07.04 04:36:00 -
[60]
Originally by: Tinneus Nor
Client side hacks are bad, but it's unlikely that they would allow an unauthenticated client to send GM/bug-hunter requests no matter how hacked, so it would be limited to eye candy (ooh look at all the shiny buttons I can't press!) or "UI amplification", e.g. uber-scanners, macros etc.
Not really. Personally I think the video is a GM modified client, but this doesn't invalidate the fundamental point that a percentage of the PCU are macro bots, working away generating ISK in a myriad of ways. Afterall, it's easy to do and doesn't cost anything. While the accounts of course need to be activated they are run for free using CCPs amazing GTC for ISK system. This means that the people who spend their wages on GTCs to sell on the market for ISK are paying for these accounts, in return for some of the profits(ISK).
While CCP do the occassional bot raid every now and then to raise confidence anyone who takes the time to check out a few belts will see that it doesn't really dent the underlying problem. The only course available to the player is to petition suspects, this of course quickly grows dull - partly because you have no idea on whether anything was done as CCP policy specifically prohibits you being told, consequently the few that bother soon give up.
Python injection hacks have been around since shortly after beta and they've steadily become more sophisticated. I've no idea what the punishment given is now, but back in 2004/5 a python injection hack to claim 0 isk escrows would net you a 2 week ban - yes that's right, you get caught specifically cheating with a client modification then CCP would ban you for only 2 weeks.
With little incentive or ability to punish players who cheat, more and more choose to turn to these hacks themselves - not to get ahead, but to play on the same level playing field. It's not hard to find them and there are plenty of online translators to read the instructions.
The scale of the problem is tragically misunderstood by many.
|
|
|
Trauli
|
Posted - 2010.07.04 04:42:00 -
[61]
My guess is macro miners are just one tip of the iceberg due to being easy to identify and exploiting in every facet of the game is much more common than we collectively think.
|
Domonique Molvoy
Exploitation Inc.
|
Posted - 2010.07.04 04:47:00 -
[62]
Oh Dear.
Domonique Molvoy
Shiptoasting extraordinaire |
Opus Dai
|
Posted - 2010.07.04 05:01:00 -
[63]
Originally by: Trauli
My guess is macro miners are just one tip of the iceberg due to being easy to identify and exploiting in every facet of the game is much more common than we collectively think.
Precisely.
Blatant exploits like the chat spammers on a set route travelling around and around empire then CCP will act on them...well...allow us to automatically petition them while blocking them at the same time. Anything else travels safely under the radar if there's plausible deniability. A chat spammer is fine in Jita as not many would notice and there's the element of deniability. I think it was Chribba who once sat an alt in Jita for a day and ran the resulting chatlog file through an interpreter to generate some interesting 'inhuman' facts about the most prolific speakers.
|
Ascendic
Brotherhood of Suicidal Priests
R.A.G.E
|
Posted - 2010.07.04 05:03:00 -
[64]
Edited by: Ascendic on 04/07/2010 05:03:41
Posting in epic threadnaught that will make or break CCP, potentially leading to a scandal investigation which flushes out the corruption within CCP. News stations all over the world will post news of the corruption of the online gaming company and CCP will inevitably implode.
|
Adunh Slavy
|
Posted - 2010.07.04 05:11:00 -
[65]
Karma is a *****
The Real Space Initiative - V6 (Forum Link)
|
Qoi
New Eden Warriors
|
Posted - 2010.07.04 05:29:00 -
[66]
While stuff like automatically mining/adjusting market orders/mission running and autopiloting to zero will always be possible (or even trivial, i just looked up how you can inject custom code in the eve client via google in no time), it should definitely be possible to blur the scan results on the server - so this could definitely be fixed.
|
Baneken
Gallente
Aseveljet
|
Posted - 2010.07.04 05:38:00 -
[67]
Tome that client looks very much like an "ingame GM-tool" with all the bells and whistles.
http://desusig.crumplecorn.com/sigs.html |
Verrenici
|
Posted - 2010.07.04 05:40:00 -
[68]
Originally by: Genya Arikaido
Originally by: Widemouth Deepthroat
it is obviously a dev/gm client
Which is all too easily created from the normal client...as all of the UI widgets and functions are there, simply disabled for normal clients.
Funny, that. You would think you could whip up some proof of concept, seeing as it's oh so simple, and you're all quite the 'Python experts'.
I'm not holding my ****ing breath.
|
Qoi
New Eden Warriors
|
Posted - 2010.07.04 05:56:00 -
[69]
Originally by: Verrenici
Funny, that. You would think you could whip up some proof of concept, seeing as it's oh so simple, and you're all quite the 'Python experts'.
I'm not holding my ****ing breath.
Getting banned on all accounts in the process? Stupid idea.
Until CCP allows us to penetration test anything, only people with malicious intent will bother.
|
Julius Rigel
|
Posted - 2010.07.04 06:11:00 -
[70]
Originally by: Qoi
Originally by: Verrenici
Funny, that. You would think you could whip up some proof of concept, seeing as it's oh so simple, and you're all quite the 'Python experts'.
I'm not holding my ****ing breath.
Getting banned on all accounts in the process? Stupid idea.
Until CCP allows us to penetration test anything, only people with malicious intent will bother.
Yeah, if only there were some sort of... extra server, designed for bug hunting and testing of game mechanics and such. And if it were named something similar to Tranquility, like... Mobility? Virility? Velocity? Singularity? Peculiarity? Hemispherectomy?
|
|
|
Ascendic
Brotherhood of Suicidal Priests
R.A.G.E
|
Posted - 2010.07.04 06:22:00 -
[71]
Originally by: Julius Rigel
Originally by: Qoi
Originally by: Verrenici
Funny, that. You would think you could whip up some proof of concept, seeing as it's oh so simple, and you're all quite the 'Python experts'.
I'm not holding my ****ing breath.
Getting banned on all accounts in the process? Stupid idea.
Until CCP allows us to penetration test anything, only people with malicious intent will bother.
Yeah, if only there were some sort of... extra server, designed for bug hunting and testing of game mechanics and such. And if it were named something similar to Tranquility, like... Mobility? Virility? Velocity? Singularity? Peculiarity? Hemispherectomy?
Testing or not modifying the game code will result in a ban regardless.
|
EvilSyKOSkitzo
|
Posted - 2010.07.04 06:34:00 -
[72]
Wow,
Spent a few minutes doing a little more research into whats involved in doing Python injection and from what I have seen, anyone with a little know how can start tinkering.
And thats really made me think.
Chances are that there are at least a few other people out there. A lot more tight lipped then this guy, with more advanced builds.
I guess CCP can try to crack down on this sort of activity but with my understanding, unless they stop certain calls/requests flowing between the client and the server, EVE will always be exposed to some sort of injection.
I honestly think a better solution would be to create an interface API for EVE and let people create legitimate modifications to the client.
For example..
Custom built modifications in WOW have allowed Blizzard to remove many of the calls/requests/functions that made the game too automated (auto targetting players/npcs, etc). Spawned repositories of client mods, which allowed others access to the same sort of functionality powerusers had access too and gave the community greater oversight into what was happening.
There always will be exploits that people will take advantage off. I'd say, try leveling the field with an API and get the communities eyes onto certain aspects of the game that can be abused and have them flag it.
Anyways,
- Evil
|
Qoi
New Eden Warriors
|
Posted - 2010.07.04 06:35:00 -
[73]
Originally by: Julius Rigel
Originally by: Qoi
Originally by: Verrenici
Funny, that. You would think you could whip up some proof of concept, seeing as it's oh so simple, and you're all quite the 'Python experts'.
I'm not holding my ****ing breath.
Getting banned on all accounts in the process? Stupid idea.
Until CCP allows us to penetration test anything, only people with malicious intent will bother.
Yeah, if only there were some sort of... extra server, designed for bug hunting and testing of game mechanics and such. And if it were named something similar to Tranquility, like... Mobility? Virility? Velocity? Singularity? Peculiarity? Hemispherectomy?
Maybe you should read the thread before you answer? This is a client code modification, not testing of game mechanics.
Ix Forres asked if we could do any kind of penetration testing on the Singularity Version of evegate. no response. There is a guy who detected several flaws in the client and reported them to CCP without abusing them. He is permabanned on singularity.
|
Julius Rigel
|
Posted - 2010.07.04 06:40:00 -
[74]
Edited by: Julius Rigel on 04/07/2010 06:44:43
Originally by: Qoi
There is a guy who detected several flaws in the client and reported them to CCP without abusing them. He is permabanned on singularity.
Ah, I did not know that. 
|
Ascendic
Brotherhood of Suicidal Priests
R.A.G.E
|
Posted - 2010.07.04 06:45:00 -
[75]
I guess CCP does not like being penetrated?
They instead like to penetrate YOU and your WALLET for flawed game mechanics that still have gone unfixed for years...and a laggy broken server.
|
Cryptkiller
Minmatar
Ebola Allstars
|
Posted - 2010.07.04 06:49:00 -
[76]
ITT: People playing a different game than the OP, and :rage:
Someone just won EVE; as usual dunno if I should congratulate or report him.
|
TZeer
BURN EDEN
|
Posted - 2010.07.04 06:58:00 -
[77]
Relax guys.
CCP will give us walking in stations...
|
Widemouth Deepthroat
|
Posted - 2010.07.04 06:58:00 -
[78]
I spent the last hour or so injecting my python into the Eve client but so far have been unable to confirm this is a hacked client.
|
Memorya
|
Posted - 2010.07.04 07:09:00 -
[79]
CCP wont care about this, they need to make MONEY ! 
------------------------
"English is a funny language; that explains why we park our car on the driveway and drive our car on the parkway."
English is my 5th. Language.
|
Zxays
Caldari
Echolon Four Inc.
|
Posted - 2010.07.04 07:10:00 -
[80]
Looks like there's a volunteer going to get ****d by CCP...
|
|
|
Abdiel Kavash
Caldari
Paladin Order
Fidelas Constans
|
Posted - 2010.07.04 07:15:00 -
[81]
Edited by: Abdiel Kavash on 04/07/2010 07:15:56
Originally by: Widemouth Deepthroat
I spent the last hour or so injecting my python into the Eve client but so far have been unable to confirm this is a hacked client.
Yo dawg, I heard you like Python so I injected Python into your EVE so that you can Python while you EVE.
Also, IBTL, IBTDelete, IBTBan. Edit: IBTChribba and IBTAFKCloaker.
|
Sma da'Marenhide
|
Posted - 2010.07.04 07:18:00 -
[82]
Originally by: Cryptkiller
ITT: People playing a different game than the OP, and :rage:
Someone just won EVE; as usual dunno if I should congratulate or report him.
This
|
Zxays
Caldari
Echolon Four Inc.
|
Posted - 2010.07.04 07:24:00 -
[83]
OMG here's another one: autopilot.zip
Now we're all doomed...
|
Yuki Kulotsuki
|
Posted - 2010.07.04 07:28:00 -
[84]
This almost makes me want to learn python.
Originally by: CCP Lemur
THIS IS GOD: ...
IF YOU HAVE ANY MORE REQUESTS I'M AVAILABLE SUNDAY FROM 10:30 TO 12:00 TO RECEIVE YOUR PRAYERS.
|
Zxays
Caldari
Echolon Four Inc.
|
Posted - 2010.07.04 07:34:00 -
[85]
Originally by: Yuki Kulotsuki
This almost makes me want to learn python.
Have fun! Let me know when you found out that you aren't able to do this with uber python skills and realize that this is only doable with bug-hunter-, gm-, dev- or whatever-roles. Roles wich this one has been given but now for certain got revoked, because he definitly wasn't allowed to log on to tranquility in the first time.
|
Qoi
New Eden Warriors
|
Posted - 2010.07.04 07:38:00 -
[86]
Originally by: Zxays
Have fun! Let me know when you found out that you aren't able to do this with uber python skills and realize that this is only doable with bug-hunter-, gm-, dev- or whatever-roles. Roles wich this one has been given but now for certain got revoked, because he definitly wasn't allowed to log on to tranquility in the first time.
Why would you give someone special roles on a server where he is not supposed to login?
|
Zxays
Caldari
Echolon Four Inc.
|
Posted - 2010.07.04 07:43:00 -
[87]
Originally by: Qoi
Why would you give someone special roles on a server where he is not supposed to login?
Think about it. The server on which you're supposed to test things is Singularity (and Multiplicity). And because database of sisi is a copy Tranquility's you need to have the chars on Tranq aswell. Otherwise you would need to create a new char everytime Sisi gets an update.
|
Yuki Kulotsuki
|
Posted - 2010.07.04 07:47:00 -
[88]
Eh. I prefer languages that run on the metal. I figure this is probably some bug hunter client or GM trolling but on the off-chance it's not, some digging around in the eve code might be fun. I've always been more of a ROM data hacker though. RAM hacks and executable hacks aren't really my style. Might be worth a go to see what's under the hood.
Originally by: CCP Lemur
THIS IS GOD: ...
IF YOU HAVE ANY MORE REQUESTS I'M AVAILABLE SUNDAY FROM 10:30 TO 12:00 TO RECEIVE YOUR PRAYERS.
|
Ninetails o'Cat
League of Super Evil
|
Posted - 2010.07.04 07:55:00 -
[89]
You know, type python injection into google and it actually suggests "eve online python injection" for you.
This must be a whole lot deeper than just that one video.
|
Qoi
New Eden Warriors
|
Posted - 2010.07.04 07:56:00 -
[90]
Originally by: Zxays
Think about it. The server on which you're supposed to test things is Singularity (and Multiplicity). And because database of sisi is a copy Tranquility's you need to have the chars on Tranq aswell. Otherwise you would need to create a new char everytime Sisi gets an update.
So you are saying, creating a completely different market and creating stations and beacons is easy to do, but giving characters special roles is not? Think about it.
I'm pretty sure Bughunters have rights on sisi which they don't have on tq.
|
|
|
Memorya
|
Posted - 2010.07.04 07:56:00 -
[91]
Youtube Link
------------------------
"English is a funny language; that explains why we park our car on the driveway and drive our car on the parkway."
English is my 5th. Language.
|
Reverted Pacifist
|
Posted - 2010.07.04 08:03:00 -
[92]
Thank you for a sane link.
Hmm, i wonder if/how ccp might fix this, if I know them, they'll rush out some stupid hacky solution that only increases lag, and forgo the option to make useful improvements.
|
Doddy
The Executives
IT Alliance
|
Posted - 2010.07.04 08:05:00 -
[93]
Originally by: Sidekick John
Also, why would CCP developers name their improved scanner "Uber Scanner - Yes It Is Real (OMG)"?
This is ccp devs we are talking about right? I don't understand the question.
|
Zxays
Caldari
Echolon Four Inc.
|
Posted - 2010.07.04 08:05:00 -
[94]
Originally by: Qoi
I'm pretty sure Bughunters have rights on sisi which they don't have on tq.
If you're right than you should be able to reproduce what the guy/gal in those videos was able to. If it's possible it can't be that hard, don't you think? If a 12year old boy can run his own wow-server, than you can inject some python... >.<
But maybe you shouldn't talk about "python-injection" as long as you don't even know what it means. (Yeah I know, probably everybody in this forum is able to python really roxxor )
|
Steve Celeste
Caldari
Inglorious-Basterds
|
Posted - 2010.07.04 08:09:00 -
[95]
I too, like to penetrate with my Python.
|
I'thari
Minmatar
|
Posted - 2010.07.04 08:15:00 -
[96]
So CCP's problem with modifiable UI is that server feed client too much info (and possibly can even be controlled by client to some extent) and CCP don't want to do anything about it... thought so :) |
CeneUJiti
|
Posted - 2010.07.04 08:15:00 -
[97]
|
Super Whopper
I can Has Cheeseburger
|
Posted - 2010.07.04 08:20:00 -
[98]
Edited by: Super Whopper on 04/07/2010 08:24:32
I've had several cases in which I was sitting somewhere cloaked in a Helio, someone warped to me and podded me. The question isn't whether this is being used but how widespread it is.
I forgot to say: knowing CCP this isn't going to get patched for months, if not years, to come and then we'll see some mass bannings.
P.S. I can haz 12b fitted Vindicator with High Grade implants?
Originally by: I'thari
So CCP's problem with modifiable UI is that server feed client too much info (and possibly can even be controlled by client to some extent) and CCP don't want to do anything about it... thought so :)
I knew one guy whose corp had some really powerful tools. I declined to join because I'd rather fail at PVP, EVE and life (I do them all quite successfully) than cheat.
|
Qoi
New Eden Warriors
|
Posted - 2010.07.04 08:23:00 -
[99]
Originally by: Zxays
Originally by: Qoi
I'm pretty sure Bughunters have rights on sisi which they don't have on tq.
If you're right than you should be able to reproduce what the guy/gal in those videos was able to. If it's possible it can't be that hard, don't you think? If a 12year old boy can run his own wow-server, than you can inject some python... >.<
But maybe you shouldn't talk about "python-injection" as long as you don't even know what it means. (Yeah I know, probably everybody in this forum is able to python really roxxor )
a) Of course it is difficult to reproduce the tool that was shown in the video. I'm not able to do that, but several people in this forum will.
b) Either you are trolling or you are really dumb. 12olds installing software is the same as injecting code into running applications?
c) I know the abstract on how you would hook into the eve exefile process (for example with easyhook), get a GIL (so it doesn't crash right away) and execute some python commands - then release GIL, play game as usual. Building a scanner like in the video is of course a different story.
d) How are bughunter roles on the server related to client code injection? You are not making any sense.
|
Qui Shon
|
Posted - 2010.07.04 08:26:00 -
[100]
Originally by: Blane Xero
there's a difference between trolling and being stupid
Not since 1999.
|
|
|
CeneUJiti
|
Posted - 2010.07.04 08:33:00 -
[101]
Edited by: CeneUJiti on 04/07/2010 08:36:07
I don't know about 12yo kids, but I know that at 13 and 14 I was tweeking autoexec.bat and config.sys and manually hacking gamesaves when I really needed it. (Sadly age of windows made me lose those skills, curse you shiny user friendly GUI, curse you).
So I have no reason not to believe a real hacker with real knowledge skills and dedication can do some "interesting" stuff with EVE client. Still I must say again its immense fail of CCP to allow client to make and get returned server calls user is not be authorized to do.
Don't care about "privacy", I already clicked enough EULAs to know I have non left. CCP gief us EVE_Warden and fix the game. Permabanning exploiters might help too.
Edit. We are sooo dooomed. Some other "hackers" have opensourced their solutions.
|
ObviousTroll Alt
Gallente
Hulkageddon Orphanage
|
Posted - 2010.07.04 08:37:00 -
[102]
Originally by: CeneUJiti
Permabanning exploiters might help too.
Then the entire DEV team would have to Perma-ban themselves.
|
Verrenici
|
Posted - 2010.07.04 08:38:00 -
[103]
Originally by: Qoi
Originally by: Verrenici
Funny, that. You would think you could whip up some proof of concept, seeing as it's oh so simple, and you're all quite the 'Python experts'.
I'm not holding my ****ing breath.
Getting banned on all accounts in the process? Stupid idea.
Until CCP allows us to penetration test anything, only people with malicious intent will bother.
Ubar skillnitz Python hax0rs that can't use proxies or set up trial accounts? Sounds much more likely than, say, they're full of ****?
|
ViperTan
Minmatar
Republic Military School
|
Posted - 2010.07.04 08:39:00 -
[104]
Would not a GM/DEV client be locked to specific user accounts?
Seems the easiest way to prevent unauthorised use.
*assuming this is a client and not a hack!
VT
|
CeneUJiti
|
Posted - 2010.07.04 08:42:00 -
[105]
Edited by: CeneUJiti on 04/07/2010 08:43:05
Originally by: ObviousTroll Alt
Originally by: CeneUJiti
Permabanning exploiters might help too.
Then the entire DEV team would have to Perma-ban themselves.
Wording/phrase****. They should permaban people who have used EULA violating tools and modifications to game code they are not authorized to have/use. Better now?
PS. Googling shows that issue with python injections has really been known for years. 1. Proof that this is legit. 2. Very sad it hasn't been fixed all these years.
|
Shionoya Risa
The Xenodus Initiative.
Overclockers Podpilot Services
|
Posted - 2010.07.04 08:42:00 -
[106]
Originally by: ViperTan
Would not a GM/DEV client be locked to specific user accounts?
Seems the easiest way to prevent unauthorised use.
*assuming this is a client and not a hack!
VT
Yes, yes they would, should and are.
----- |
Asperath Fernandez
|
Posted - 2010.07.04 08:53:00 -
[107]
Whoa.
|
Victor Valka
Caldari
Endoxa Corporation
|
Posted - 2010.07.04 08:57:00 -
[108]
I'm very surprised that this thread has remained open as long as it has. I'm not sure what that says about it.
Originally by: Spaztick
You are not outnumbered, you are in a target-rich environment.
|
Drenan
State War Academy
|
Posted - 2010.07.04 08:58:00 -
[109]
This is going to spoil Hilmur's Sunday.
|
|
|
| |
|
| Pages: 1 2 3 4 :: [one page] |