Quote:

---

Hello Netacq,

The thread in question has been moved to the moderation area of the forums in order that the subject matter can be investigated thoroughly. As is always the case with threads that discuss exploits or potential exploits we ask that you submit a bug report for QA to investigate the issue or submit a petition if you have information relevant to customer support. You can also alert the Community team by using the "Report Post" feature.

As per the forum rules, discussing exploits on the forums is not permitted as per the forum rules.

13 Do not post about bugs and exploits.

Bugs and exploits should be reported through the proper method by filing a report for our Quality Assurance department. You can find the form here. Discussions about unverified problems in the game can cause unnecessary panic in the community. When there is an issue the community needs to be aware of, we will make an official statement about it.

Thread locked.

---

Originally by: Balsak

---

No cover up at all. There are no posts allowed talking about cheats and exploits so it was removed to the moderated threads section while the matter is investigated. There was a post about this earlier and explained by CCP Navigator if my memory is correct, I can't be bothered to try and find the post.

---

Originally by: Lobster Man

---

Originally by: Balsak

---

No cover up at all. There are no posts allowed talking about cheats and exploits so it was removed to the moderated threads section while the matter is investigated. There was a post about this earlier and explained by CCP Navigator if my memory is correct, I can't be bothered to try and find the post.

---

http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1347767

---

Originally by: Lexa Stone

---

There was a thread yesterday showing a video of a modified EVE client which had python code injected into it allowing the person to isntantly scan out anyone anywhere in the system. In the video it also showed numberous GM abilities in drop down menus. People were saying the client is flawed and that this can be easily replicated.

Now today that thread is missing. What the **** CCP?

Something very wrong is going on here and CCP is pulling the wool over your eyes and covering up any evidence.

---

Originally by: Dianabolic

---

Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL.

Originally by: Lexa Stone

---

No that was not the thread this is http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1347565 and it has been locked by concord see

---

Originally by: Lexa Stone

---

No that was not the thread this is http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1347565 and it has been locked by concord see

---

Originally by: Gladys Pank

---

Don't worry, it's easy to censor discussion of these issues than fix anything.

Give it another five years and they might do something about these loopholes.

---

Originally by: Messoroz

---

Edited by: Messoroz on 04/07/2010 20:55:22
Edited by: Messoroz on 04/07/2010 20:54:03
I believe that video is the perfect example of why writing good chunks of multiplayer code in scripting language is a bad idea. The same problem exists for all unreal engine games because of its unrealscript language and has plagued it from the old versions to the current 3.0 games.

---

Originally by: CCP Capslock

---

OH GOD THE TESTING

---

Originally by: Darth Kilth

---

--------------------------------------------------------------------------------

Maybe the reators of games should learn a lesson that they should make some new code for games, somethign new and original so there will not be a couple of hacks for the game in one week after release.

---

Originally by: Messoroz

---

I believe that video is the perfect example of why writing good chunks of multiplayer code in scripting language is a bad idea. The same problem exists for all unreal engine games because of its unrealscript language and has plagued it from the old versions to the current 3.0 games.

---

Originally by: Mme Pinkerton

---

Originally by: Messoroz

---

I believe that video is the perfect example of why writing good chunks of multiplayer code in scripting language is a bad idea. The same problem exists for all unreal engine games because of its unrealscript language and has plagued it from the old versions to the current 3.0 games.

---

Scripting languages just make the job a little easier but with administrator/root privileges (which you generally can easily get on your local machine) you can always inject code as you wish (just use a debugger, combined debugger/disassembler/visualization tools like IDA help a lot with wrapping your mind around the issue).

On the part of CCP it's basically a matter of obfuscating the relevant code enough to make things like this (i.e. code injections) impractical - you will never get rid of them (maybe if the operating system would run checksums on the code segments in memory but that would possibly affect a lot of legitimate applications that have a need to change executable code during runtime like JIT compilers).

The only real solution to this problem would be to fix it by moving more code server-side.

---

Originally by: Messoroz

---

Edited by: Messoroz on 04/07/2010 21:08:41
Edited by: Messoroz on 04/07/2010 21:07:05

Originally by: Darth Kilth

---

--------------------------------------------------------------------------------

Maybe the reators of games should learn a lesson that they should make some new code for games, somethign new and original so there will not be a couple of hacks for the game in one week after release.

---

The problem isn't reusing code, it's using a script language on the client side are that wide open like a prisoner bending over in a prison shower to **** without protection and serverside checks.

---

Originally by: Messoroz

---

But that's my point, scripting languages make the job ridiculously easier not just a little. Otherwise you can't inject anything without doing the work debugging the assembly. Heck, making a whole new ui element like the uber scanner in the video would require ALOT of time of debugging work to figure out the proper assembly code.
The other popular code injection method I know of are when header files are leaked or are accessible like in the case for source engine games which makes life just as easy as scripting languages.
Then there are also directx based aimbotss and stuff for shooters which were my favs to write long ago :P

---

Originally by: Ghaylenty

---

read up about it. ccp seeds the torrents to catch would-be hackers. you can manipulate the client but nothing comes of it because the relay server which interfaces with the client is completly secure.

if it worked like you imagined it would, you would have access to all server-side information, and all the customers would be at risk for having their payment information stolen. a hacked client would be the least of your concerns.

luckily your description of the problem indicates you have absolutely no clue, and as such, don't understand what the problem -really- is.

nobody's payment information is at risk because there is no risk. the client is just the client, and packet injection has been around since UO... they even had a special client for staff and family which also got released, but surprise surprise, even UO's archaeic security proved too much for any hacker and they never had a problem even though both their clients, GM and customer alike, were made open source by users.

and now you think ccp more than 10 years later has a security issue because a PYTHON BASED CLIENT became open source??

lol.

---

Originally by: Chribba

---

Standard practise. Just leave it alone until they fix the issue. Threads like this only cause more damage than good tbh.

---