• Rob Spectre
  • 14
  • Apr
  • 08

Full source code for the client for popular MMORPG Eve Online was made available recently via BitTorrent on The Pirate Bay. Along with the torrent, the user posts a chat transcript with a representative identified as [IA]Morpheus from Eve’s developer and publisher CCP. In the lengthy and scatological exchange, the poster of the source code attempts to get some answers about CCP’s much maligned security practices, particularly concerning the rife issue of bots and scripting in their flagship game. The conversation was a little less than professional.

[20:44] <Abuser> Could you certainly say me what your programmers did to secure clientside from exploiting Eve?
[20:44] <Abuser> what’s certainly
[20:45] <Abuser> I don’t have anything against content makers – their ideas are good, really good
[20:45] <Abuser> I have full eve sourcecode, so you know what’s did, and what’s not;)
[20:46] <Abuser> From all security i saw – were ROLE permissions for logins with priviliges higher than usual player, and some minor things in relation to prevent some remote service calls (some with potentially bad payload)
[20:46] <Abuser> nothing else
[20:47] <Abuser> is that called “programmers working on security”?
[20:47] <[IA]Morpheus> Are you cruising for a job or something?
[20:47] <Abuser> Nah
[20:47] <Abuser> neither job, neither anything else
[20:47] <Abuser> you may think of in such direction
[20:48] <Abuser> Digging the situation to uncover the truth :)
[20:49] <Abuser> You may compare me to fox mulder from x-files series
[20:49] <Abuser> it’s the best description of why i do this
[20:49] <[IA]Morpheus> Ah, well, nice to meet you Mr Mulder.
[20:50] <Abuser> So… would you like to answer what AWESOME ccp programmers did in relation to client/server security (at least for client?)
[20:51] <[IA]Morpheus> No, we won’t respond to blackmail. If you think we don’t care or aren’t working on improving security you are sadly mistaken

Buzz on forums surrounding the incident report that in reaction CCP is strictly censoring its online forum from references related to the code leak. In addition, reports are being posted that CCP is seeding most of the torrent themselves, then using the IP addresses of those who download the client’s source code to ban Eve Online accounts.

No public recognition of this source code leak has yet been offered from CCP.

  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Reddit
  • StumbleUpon
  • Technorati

» Both comments and pings are currently closed.

No similar posts found.
  • Dan

    With the numbers of 30k plus each day, this game is no where near dying...

    I think a lot of you are not looking at the true picture... The so called scandals with T20/BoB and so on are not driving folks away, the "drama" is just reeling people in, and its for sure you get some who cry and complain, but what game don't you have them in...

    Have had over 3 yrs ingame now, and still enjoy it.

    Don't like the game then find another one to play.

  • Dan

    Meant to add,
    no Im not part of bob or goons, hate em both, and ccp do suck for their support if ure not bob or supporter.

  • CCPEnemy

    Personally, I think CCP are a bunch of twats. I wish someone would simply hack into them and cause there overrated game a lot of hassle.

  • sicksucker

    dont cheat in mmogs you damn suckers, how can someone be so bad in playing games that he has to do things like that

  • People who are gamers are in all reality sheep. Or in other words they are slaves to the trickery of games like EVE and of the developers who maintain the gamer's need for more.
    Cheating or hacking into these soul reaper gaming systems is the only way to fight back.
    If most of you sad little sheep understood what the Shepard had in mind.
    All gamers who are not aware of the truth of how a monster CCP thinks about the majority of the players will continue to be hamsters running on a wheel getting no where fast.

  • Siner

    Anything new on this topic?

  • Rod Rye

    Abuser: But why nobody did it except me for last 2 years?

    ^ This is the classic bit, people have been doing the same for 5 years, he was the only one to go to the media with it though. How on earth do you think all the macro users that get banned wrote their macros in the first place ? The game holds the record for the most players online in a single server at once, almost 42,000 players, with a subscriber base of 300,000. As someone pointed out using 2006 data it was 'only' 100,000 then. So in the last 2 years it has tripled in the number of subscribers, and continually sets the record for PCU in any game. Which is hardly the sign of a dying game. On the other hand most MMO's peak shortly after release, fall rapidly, charge people for expansions before turning off development and going into maintenance mode and shutting down completely. Not sure of any other game that every year for 5 years continually grows in subscriber numbers.

    The reason why this is a non-issue is because it has been an issue CCP have had to deal with from day 1, but unlike many other MMOs their security DOESN'T rely on the client not being decompiled, they knew it would happen from day 1 and built the system to cope with the eventuality that people would get the source. What is most funny is that Abuser thinks he is the first or last person to do this.

    I'm not quite sure what the hole in CCP's security is other than they released a piece of software, which like any other vendor who does can be decompiled... whoopee.

    If it was the server side code, it might even be worthy of a read-over, and they might have even needed to breach some form of security to obtain it, other than download the freely available version everyone gets and decompile it.

  • TheBaron

    Hmm...

    I've played EvE for years now and always noticed odd little legs up that BoB would get. But that's an aside.

    The thing I see coming out of a leaked source incident is that the bots will become more advanced, possibly being run on thier own without the EvE client, which is the current vogue. I do not know if they will ever be as advanced as some used, in, for example, Ragnarok Online (One there actually has advanced built in chatbot capabilities, to initially try and fool GMs, who often just IM a player to check for botness) but I feel that it is a step on the wrong direction. Soon BoB and Goons will be a handful of players and their swarm of alts. This will be different then things are now in that more of the alts will be online and actually doing things then, say, passively tanking or focus firing as a swarm at a single target.

  • Jimbob

    I quit Eve-O about 2 months ago. I can say to LZ that when I was there player trust in CCP was very low and falling. The T20 incident did a lot of damage to CCP and EVE, both inside the game's community and outside. The whole boot.ini thing demonstrated to everyone what a bunch of clowns were running what could have been a great game.

    One of the reasons I left (the others being the vast numbers of nubs, griefers and bots, and the all-encompassing, spirit-crushing lag) was that I felt uneasy handing my money over to a company that was, in game terms, corrupt. Having been quite high up in the Alliance heirarchy (albeit one of the smaller ones) I can tell you that broken database problems were only fixed if they affected BoB, the rest of us were told basically to go hang, or do time-consuming and boring workarounds in our own time. I even heard a leaked BoB teamspeak transcript where a senior figure was complaining that Goonfleet now had devs in their ranks as well as BoB, and that this somehow 'wasn't fair'. It's now got to the point that server nodes will mysteriously crash whenever BoB is about to lose a Titan. hmmm.

    As for the source code leak, if the client really is as easy to decompile as CCP's statement says it is, then chances someone already did it a long time ago. That would explain all the blatant botting and macroing. The people who did that would presumably keep quiet, whereas it seems Abuser had a different motivation (though I'm not sure exactly what it was).

    Eve is a fantastic game, but it's broken and corrupt and CCP do not have the physical, technological, ethical or intellectual capability to fix it.

  • Jambo

    EVE is and stays a fantastic game - I think people rumor too much about corruption. We've killed BoB titans several times without the node crashing ( and without devs in the ally ), in the end all the bots and macrominers didnt affect the market in THAT extreme way the POS reaction bug.. server side problem.. did.

    For me EVE is still a game, not a lottery, nor a security service.
    People use to mix up the real and ingame life - If you say CCP is corrupt you would still give them your credit card data for fees..
    A lot of rumors come from fallen game masters which may have used their position for their advance and got banned from the virtual world.

  • Dan

    Well said.

    @XO: Examining copyrighted source code is about as immoral as stealing a math formula to find out how many multiplications are in it. It may be a violation of civil law exposing one to risk, but it's not criminal, and certainly more moral under that purpose than the obfuscating side.

    It is when someone examines the source for the purpose of devising exploits or duplicating it to unfairly compete that I tend to agree with you.

    I find it annoying and tiresome constantly rebuking self righteous programmers for their claims of illegality and immorality. It's a goddamn algorithm, a math function, not your daughter I'm examining.

  • Howlow

    Aoo billion isk a week by legitamite means? Like hell. 100 billion a month maybe and most of that. They did the money went straight into the bank acound of the alliance leaders. T20 not only spawned free t2 Ammo and ship bpos for them (and by the wat t2 ammo at the time was like giving everyone in thealliance a uniqwe sword it was so unbalanced, in fact after the first tournament t2 ammo was completely banned form competition) he also ran their Capital building program.. only he was the guy that designed all aspects of capital ships in the first place. Basicly he would work at the details of capital creation during the day, then go home and tell the alliance how to arrange their economy and what to stock up to crank out caps in the future.. He also placed a conqurable station with all the trimmings in the center of their home region where it was invulnerable to attack (and marked it in the database as his) AND loaded the region down with NPC stations for mission to have a great flow of prate implants. And thats the stuff we actually know about. After bing forced to leavve he was spotted ina BOB helper alliance 2 months later. Obviously had really learned his lesson there.

    Also Delve was loaded with more complexes (like dungeons) than any other region, and a guy from another alliance went public in that they were all bugged. They respawned once and hour and not twice a day. He did this after trying to get CCP to fix them in private for literally months and was talking to the same brick wall we are seeing now. Only by going public were those complexes fixed. Those complexes had been spitting out the top class gear for years. Oh and delve had the best moons for moon mining as well as a kicker. I could go on and on..

    Legitimately earning isk my ass.

    As for the leak this could be done by anyone, and people examination of it has already spawned discussion on the crazy design decisions that had been made. Anyway from past experiance the only and I mean ONLY way to get that company to pretend to clean up its act is to blow it out into the public arena, and for that reason I fully support this action.

  • cthings

    CCP is still the nazi group of mmo gaming.

    If CCP had once single cell of integrity, they would have been transparent with all the background cheating their employees engaged in to assist their own corps in the game. Instead they banned people that asked about it. Now they are at it again when their childish ideal of security is brought up...typical of them. Can't win a fight, censor the F out of the players until the issue goes away...

    CCP and EVE-O are a niche alright, a niche for the criminally minded type of the word.

  • The XO

    Anyone downloading or sharing the code is breaking the law. The code has been leaked and is property of CCP.

    Those who are distributing/downloading it are stealing and/or handling stolen goods.

    The code should remain private and closed, there's no need to view it.

    People who say "I'm distributing it and I don't play EVE so they can't hurt me" are nothing less than pathetic criminals runing the game and community for others - I mean why? For what end? Grow up and get a life

  • JavaJr

    Sorry, i can´t agree with you. The source code is intelectual property, this is a fact. However, we cant look just by one side of the facts. If CPP employes are really favoring this or that player, they are breaking their onw contract with the people who play their game, thus the game can´t be considered legal at first place. When a game companny force the player to respect certain rules, the least they can do is to respect the rules too.

    If the security leak provided by the code will put their corruption o the focus, them i can´t say it is ilegal.

    Bank accont monitoring is a crime. However, it can be used in some cases as proof to a crime, rigth?

    if you look rigth, you will se that this is the case.

  • Dan

    I could very easily write the backbone code to a game such as Eve, along with the database and network/caching infrastructure. It might take me two months if I did it by myself.

    I probably will put a trivial amount of effort into it, but I have a lack of motivation caused by the fact that I'm now secure in my income but not other things, and simply because it's more fun to play than create.

    I'll follow up though with people working on such projects to see if anything strikes my fancy.

  • =Pso=

    Welp, My coworkers and I (we play, and are Coders and security IT professionals) speculate that such things as 'cloaked ships' etc will now be able to be found with clients modified to display cloaked objects, etc. Damn..

  • LZ

    Oh and once you reach a certain point in the game, it becomes free anyway because you can pay for your subscription with ingame currency. You just have to be at the point where you can make that amount in a month and still have more for your own use.

    So the people wanting a "free server", I think what you mean to say is that you'll have a server with even poorer performance and non-existent client-support. Good luck and enjoy that!

  • LZ

    I just love how all these EVE haters crawl out of the wood work all of a sudden and start defending the criminal actions of this person/people who are seeding the source.

    I dont care that you lost your noob-ship to a pirate and now you hate the game or that you failed basic maths and now you blame your failure to play the game on a broken economy (which for those who dont play the game, its not broken).

    Fact is, EVE doesnt appeal to everyone and nor should it. Its a niche game. There are people who absolutely love the game, and its open sandbox gameplay.

    People claiming the the whole community dont trust CCP should maybe get a grip on reality.

    And if you actually got anywhere in the game, instead of quiting during the free trial, you would realize two things.

    1) In EVE, you very quickly can become as good as the oldest players in any one ship class or profession. All that veteran players have over newbies is versatility. The skill tree is not very deep at all, its wide.

    2) And that T20 incident was so blown out of proportion by people who dont know a thing about large alliance warfare. T20 maybe scored his alliance a nett ~6 billion ISK over the entire time he had those blueprints, by cheating. But that same alliance made easily 100 billion ISK A WEEK through ligitimate means. But most players dont even realize the large numbers which those alliances play with. They just hear "6 billion! omg haxor banxor, game broken!!111!!"

    Please just get a grip and move on. If you dont like the game, simply move onto to a game which you do like.

    THERE IS ABSOLUTELY NO REASON TO MALICIOUSLY ATTACK THE GAME, THE COMPANY WHICH MAKES IT, and ESPECIALLY, the loyal players who will be there loooong after all the nay sayers have left.

  • Al K. Hall

    IT IS JUST A GAME!

    JEEZ PEOPLE, GET A LIFE!

  • I quit EVE 3 years ago, good riddance. I'm not surprised at all, by any of this, except that it didn't happen sooner. Already an emulator for EVE in development - http://evemu.sourceforge.net/

    ...BUT if you really want a better space MMOG that's not a n00b filled gankfest with a broken economy, lag, exploits, and etc etc - stop by and visit the crew at www.enb-emulator.com ;) The better predecessor of EVE is coming back to life, and near to going live!

  • To bad they don't listen to the players who reviewed the source.

    I don't play this game and now never will be ;)

  • Nemmes

    @ LZ - rock on man. CCP should protect themselves and us.

    Free servers, yawn

  • just wondering

    Isn't this the same game that deleted your boot.ini? So now we have the source code to start our own free servers like the rest of the mmo world big deal.

  • uh

    "protected by international copyright law."

    u wish

  • nobody

    Lmao reading this thread is like being at a Jerry Springer taping.

    Extremely entertaining.
    Carry on.

  • An EvE Player

    Quote:
    "Coma Says:

    April 15th, 2008 at 12:42pm

    I really fucking hate EVE Online so I will definitely be DLing this and seeding until the tracker goes down.

    Bad games deserve bad actions against it.

    MMO Clerks » EVE Online source code stolen, seeded Says:

    April 15th, 2008 at 1:17pm
    "

    And people like you who do bad things like that deserve to be bubba's new girlfriend in jail. Hope you enjoy it when/if you get busted seeding stretch.

    =)

  • kilo

    DS would appear to be a diehard fanboi (if not a dev, heh--"Crowd Control Productions" is showing your knickers there a bit), but the simple fact of the matter is that eve and ccp have generated much, much more bad press than anything else, has a player base that doesn't trust them, and is known for lying, covering lies up, promising effective action about the lying and the covering up, and then sitting on it until it goes away.

    cf. T20, the NYT article about the CSM which was supposed to be a group of player ombudsmen and has now degenerated to a group of "elected advisers" who will "present the concerns of the players" instead of poring over the database and transaction logs to ensure more T20 dev-spawns-BPO corruption isn't taking place, etc., etc. And the CSM was supposed to have been appointed in November '07.

    Oh, and their community manager was fired or quit (signs point to fired), and you know who made the first statement about it? The players, about a month or so after the fact. The forum thread grew so long that ccp could no longer ignore it and finally did comment on it, but "mysteriously" that thread on the forums failed to be marked with the distinctive "blue line" that indicates a dev has posted on it. Why? Must be a "random bug."

    "And as for the people stating that Eve is a failing game, just look at the numbers. In the last two instances where CCP were pulled through the ringer, their numbers went up."

    Yeah, because they offer 14 and now 21 day trial accounts and because anyone who plays knows there are literally thousands of macro farmers generating game currency for sale on ebay, etc. No exaggeration--thousands. Easily.

    eve's days are numbered, and I personally can't wait until some other "spaceship mmo" comes along so I can jump ship.

  • Coma

    I really fucking hate EVE Online so I will definitely be DLing this and seeding until the tracker goes down.

    Bad games deserve bad actions against it.

  • As is usually the case

    As is usualyl the case, this is way overblown. There are no mass bannings, and really, what could you do with the source that people aren't already doing with mouse macro programs anyways. Everything important is handled on the server side. Way overblown interweb drama.

  • Collin

    *edit above*

    dumbass me quoted the wrong bit. quote should be:

    "After all, someone starting right now will never, ever, -ever- be as good as someone else who started earlier, no matter what."

  • Collin

    "Not a recipe for success, and then they trash their already fragile credibility? Not a good move."

    Oh come on, name me a game where that is NOT true. Any game where you have a head start on another person you will always have the advantage. The advantage can be lvl, equipment, resources, or various other reasons.

  • DS

    Simple point is, if you don't like it, don't play it. Games are meant to be fun. So if I put my money into a game to go play and enjoy, why should anyone else tell me I'm wrong to do so?

  • DS

    Wouldn't a failing game be losing numbers, not gaining them? Who says a game has to have 8 million people to be successful? Eve is consistently breaking numbers for the most people on one server at any given time. CCP are constantly upgrading their technology to give users better gameplay. Hell, it's easy to find and fix problems when you have tens of thousands of people doing the same thing over and over again to delirium, but not so easy when you have 30,000 people consistently changing the backdrop for your game.
    Like I said, small community syndrome. Someone dies in a town, the whole town is shocked, someone dies in a city, it's forgotten in a day or two.
    While I'll be the first to admit, Eve can be a rather daunting task for someone new to the game, but flying your first battleship can feel like more of an accomplishment than reaching level 70. And a small frigate pilot that's spent 2 months training Electronic warfare can be just as helpful in a fleet battle as the Mothership pilot who's spent 2 years and billions of ISK to get in it.
    CCP doesn't claim to be the best, they claim to be unique, and with that comes a lot of challenges. You don't have the cut and dried formula of most other MMO's to rely and fall back on. You have to do something different and radical.
    CCP's success isn't measured in the number of servers it has or a massive volume of players, it's measured in the fact that 30,000 people log on to one server, everyday, and put their money, ships and talents to the test. It's the fact that one small corporation, or a major alliance, can change the entire game world in a single day.

  • XS

    Who cares if source code is leaked? Eve Sucks anyway..

  • Hinoki

    http://crystaltips.typepad.com...

    Eve Online has -1- percent of MMO players. Failing game indeed, due to lack of confidence (and, admittedly, not everyone likes pvp gank-fests), gameplay issues. After all, someone starting right now will never, ever, -ever- be as good as someone else who started earlier, no matter what.

    Not a recipe for success, and then they trash their already fragile credibility? Not a good move.

  • DS

    I find all of the remarks against CCP highly hilarious.

    First off, the big thing NO ONE seemed to mention is that this "guy" posted a "transcript" of a conversation. How many ways could a transcript be tainted to destroy the whole focus of it? Also, we have no idea what was said before or after this transcript. Who's the say this guy didn't try to blackmail CCP first and all we are getting are "his version" of events.

    Secondly, Eve source is solely owned by Crowd Control Productions, making this not only a violation of CCP user agreement, but also theft, copyright infringement.... I could go on.

    Third, in a client-server environment, the vast array of your security practices are going to be implented SERVER side, not client.

    And really, how many games have had their source code cracked? How many have had obvious flaws pointed out to them? It's easy to bury something like this when you have 8 million users, but when you only have 100,000? Come on. It's like living in a small town, EVERYONE knows what's going on. And how many companies go on the record about security flaws BEFORE they get a chance to fix them? "Hey, there's a big hole in our security wall and we haven't fix it yet, come on in", right, I don't think so.

    But, it just falls down to the philosophy of "Let's pick on the little guy". And as for the people stating that Eve is a failing game, just look at the numbers. In the last two instances where CCP were pulled through the ringer, their numbers went up.

  • olafur

    This source code is nothing more then like viewing the source of this page... though I can see how it is structured that does not mean I can see how it was made... so sad CCP's CEO in an interview on an Icelandic news story... cheers

  • Collin

    Ryan S. Dancey is a pencil-and-paper game designer, so I'm fairly sure that slash-dot article isn't authentic.

  • Beastage

    Abuser - Ryan S. Dancey is not, anonymous blackmailer is... very simple

    You got nothing... this is nothing, you fail, this is not news.

  • Hinoki

    So the sourcecode is released. So what? I mean really. The game already has a fading market share... absolutely -NO- credibility whatsoever..

    They lost any credibility whatsoever when the whole Devs favoring their corporations with high-level plans and such scandal broke. Sure, they 'made efforts' to 'fix' the situation. You still have these megaconglomerates that were formed and solidified under Dev assisted conditions. These conglomerates should have been dismantled -IMMEDIATELY- for game balance reasons, the Devs prevented from playing -AT ALL-, and the players accounts banned that received the plans.

    Did any of this happen? Nope. They threw one Dev under the bus and called it good. Sorry.. not even close to enough.

    The code got released, and now somene else might be able to forge the keys to the kingdom.

    *twirls a finger* I'm sooooooo worried.

  • Abuser

    nota bene:

    Ryan S. Dancey - lier :)

  • Abuser

    Going offline now.

    P.S. Just CCP first, then me. If there were no things CCP prefer to stay silent about - i wouldn't start all this shit.

  • Abuser

    (sorry for poor english, my native spoken lang are Russian and Belarussian)

  • Abuser

    If you have question we can make a conference room on Yahoo, where i can answer all your questions (if any).

  • EVE Player

    Source code released yesterday....extended downtime for patching today.....any connection?

  • IT WAS ME! Buahahahahaha!!

  • Dan

    Except releasing source code isn't criminal. It's a violation of terms of use and copyright, which are both civil law cases.

    Reverse engineering is only civilly against the law if you did agree to the terms of use (because it's a violation of contract, otherwise, it's legal)

    I don't know what CCP will do. I think they'll just keep going about their merry lives. Bot guys didn't need the source, they just write macros that simulate keys and clicks. Too easy.

    Most this will do is force them to re-evaluate security, get alot of people banned, and mean some noobs will try to make their own Eve and fail for lack of skill and resources - the same reason they don't write their own from scratch.

    It's a security breach, but I'd imagine the consequences will be short lived.

  • Al

    "Yeah, I already play for free because it takes me < 1 hour to earn a GTC"

    I, and several other people I know, play for free because CCP's billing system doesn't work very well!

  • Comet

    People may call it whatever they want. Publishing they're source code online is wrong. That's what puts food in they're tables. He wanted to hack into they're system and make a point about they're lack of security? that's one thing. but what he did is plain evil. for us it's just a game. For them it's they're life. They have wasted lots of time and money on that. And I'm not even talking about the big guys. But the small guy that lost weekends. Besides this hacker action will only lead to a small guy loosing even more weekends and getting more stress. He could have made a point without making they're lives more miserable.

  • Neocid

    Well.

    I Would not say it's a good thing, use illegal action is never a good thing. But now CCP is back to the wall and have to deal with his own mess.

    They used to ignore their customer, most of petition finish like : We can't do anything for you.

    It's time to listen your community CCP.

    What do you think they will do ?

    Close eve-online's server until investigation end?
    Begin to clean their code?
    Complain behind the law for blackmailing?

    Is something like that can make the futur of Eve uncertain ? Can CCP be put in trouble with that?

    if the full source code is release to publicy...what can happend?

    Time will tell.

  • Wanderer

    They forgot the first rule: Your client is in the hands of the enemy. Code accordingly.

    If having the client source code makes it possible/easier for someone to exploit the game, you're doing it wrong. Or you're Wolfpack. Shadowbane godmode switch, anyone?

  • Abuser

    "Patch with a different encryption scheme" won't help at all, CCP knows that tbh.

  • LZ

    As an EVE player I support CCPs actions completely. They should take any and every action necessary to protect their business. I hope they do more than ban accounts, I hope they take legal action against those who seed this code as its protected by international copyright law.

    These people who claim they are downloading and seeding the source code "on principle", what principle would that be? Maliciously spoiling the fun of literally thousands of players world-wide perhaps?

    If you arent even an EVE player, you arent invested in this so why do people insist on sticking their noses in this business.

    Some people are so focused on this stupid anti-corporate gravy-train ("the company must learn a lesson" trip), they dont stop for just one second to see how their actions are affecting the majority of law-abiding non-malicous players.

    If you seed proprietary source it is plain and simply criminal and unethical. Dont come here pretending to be a champion of the people. You sure as hell arent my champion!

    And lastly, we dont know what CCP is doing in response to this so its pointless to speculate. Its also somewhat naive to think that they are doing nothing but banning accounts.

    The bannings are the only thing in the public eye and as for the rest, they have absolutely no obligation to let every tom, dick and harry know whether they are having code reviews or planning a version change within the next week etc.

    signed - A VERY IRRATE EVE PLAYER

  • Anarchy

    i agree my dad played eve for 3 years in ATLAS alliance under the name futehr benzulden and i have been playing for 6 months this game has no problems that you can see and just recently the admins have been helping players with their problems

  • Dan

    I think that's a bit harsh. They've had their share of mistakes, but it's obvious they've worked to fix the dev/player fairness issues, and they are working.

    The IP ban thing *is* the wrong approach and while it'll hit some people downloading it, it'll generate false positives and negatives; and both will draw PR fire.

    The correct approach is to very quickly release a patch with a different encryption scheme, and do an emergency review to make sure clients can't do anything damaging; to apologize for any disruptions it might bring to the game rather than asserting it simply won't.

    CCP isn't handling this well, but up to this point I'd still consider working for them.

  • lolwat

    "After the code was released I think they took the only action available to them to protect the users of the game: ban accounts that match to IP’s that downloaded the code."

    That's ridiculous. That doesn't prevent anyone from using the source code to cheat, there are already servers offering the source code in rar. What are they going to do, threaten the provider to give them the ip's that downloaded it? lol. Give me a break. CCP screwed up here and they well deserve the backlash that they're going to recieve.

    CCP deserves no respect after the many past fiasco's they have done (Like employees giving out experience and credits to players they liked, then outright denying it).

    CCP ruined the game well before any hacker tried too, and their attempt to entice players from the linux world failed horribly.

  • Dan

    @Mark: Well, I'm not sure. I've reverse engineered closed-source software numerous times, and the first thing you do is disclose that.

    You then bring up the reason why you're approaching the content creator, which is usually either security or a gaping performance flaw. If I was told "don't come here and blackmail us" for mentioning a security flaw exists, I'd get pretty offended.

    I have personally had to approach content creators three times, and twice was misunderstood. All too often they think reversing is as illegal as child molesting and try to shoot at us in spite of affirmations of good intent, even when we offer help; so I felt the need to pose the counterargument.

    I draw attention to the Creative Labs guy who fixed their drivers for them before getting mowed down by their legal team.

    Speaking generally like ("he" I'll use) did, with the poor language he did and I tend to agree he very well could be just be a plain malicious 14 year old. He could just be a good natured dutch guy slow to the point who got frustrated.

    I personally, don't know.

  • Slashdot's post has some excellent comments pointing out some of the technical details of the leak. In addition to some reports on what the code review produced, the article may have the first possible communication from CCP:

    http://games.slashdot.org/comm...

    Still no word on the official Eve forums or website.

    Communication to CCP by (d)N0t has not yet been returned.

    In purely selfish news, my account has not yet been banned. Feel free to give me a yell if you're around Korsiki. ;)

  • @Dan: I don't see CCP telling him to screw off. It's obvious from the way "Abuser" approached the CCP rep. that he was attempting to threaten them. Stating that he has the source code prior to asking them what they've done to fix the security issues makes it blatant. Releasing said source code after the fact just confirms his malicious intentions. As far as I can see, CCP did not go "apeshit" anywhere in their conversation with him. After the code was released I think they took the only action available to them to protect the users of the game: ban accounts that match to IP's that downloaded the code. What else would you expect? Yeah, some accounts might get banned when they shouldn't have, but that's easy to undue and is really a minor annoyance compared to what could happen if just one person with that code found and exploited a major flaw. Then, well, the gamers would be going apeshit, no?

  • Dan

    @Hyper: I'm not sure if you noticed, but the reverser approached CCP about the lack of security. I'm not sure what his motives are, but that to me implies at least some modicum of interest in getting this fixed - rather than a desire to exploit it which would result in the reverser never mentioning a word.

    Releasing the code was pretty dumb, but after being told by CCP basically to screw off I can't say I blame him/her. CCP screwed up at security and then went apeshit when he asked them to fix it. Eve is a game. Security isn't, and I'd imagine there are probably several major risks to the user in the game client.

    If that hypothesis is correct then from that perspective, perhaps you could understand that the user's rights come before some aggressive company.

  • KeefNugs

    I'm also downloading it and seeding it like a mofug. I don't even play EVE, but maybe the company will learn a lesson!

  • HyperInferno

    Wow. I haven't downloaded it. but afaik, most of EvE is done serverside anyways. Which is why you always have that slight-to-long delay with turning modules on and off. If my theory is correct. Then having the source code doesn't help you out all too much. Sure, it makes spamming and scripting easier (bump script anyone?). BUT! it won't cause permanent open hacking like other leaks have caused. You can't make your modules more accurate. You can't make them do more damage. You can't make your small armor repair II heal 3000 hp in 2 seconds. ooooooo, you might find security holes! Well, those can be patched up, or just moved! Oh noes, you found something clientside that can be exploited. CCP declares "omfg exploit" and bans you, and then moves that feature server-side, thus causing EVEN MORE LAG!! Way to go a-hole, you have either ruined a great game, or done absolutely nothing!

  • powellpork

    sabertooth light missile hits Guristas Obliverator doing 25,000 Damage :)

    lvl4's anyone

  • Missles

    Yea, I can't wait to modify my missile damage! Hook CryptEncrypt and CryptDecrypt after 1000 or so calls...

  • Vecana

    Out of curiosity, what would happen to accounts on a large network if one IP on said network were to download/seed the source code? Specifically, I'm talking about a campus network with several gaming computers that all have EVE installed on them. I personally don't use them, but I know people who do, and I'm really hoping my friends don't get big shiny ban marks.

    ~Vecana Rayne (EVE Character)

  • Dan

    Yeah, I already play for free because it takes me < 1 hour to earn a GTC. I'd imagine a few game author wannabees, modders etc. will take the pepsi challenge, and a few folks will probably cheat and ruin the game a bit.

    Based on their response, CCP won't fix it they'll just shoot anyone that mentions it's broken; so it'll stay broken indefinitely, just like with the spammers and isk sellers...

    I wonder if there's a good solution to that problem?

  • david

    CCP done lost their dang minds. ah well, bless their paranoid sociopathic little hearts.

    srsly, properly secured db shouldn't be subject to compromise simply because the source is known. these kids are in way over their heads if they're using client opacity as part of their 'security' package. why, what would happen if the client code were compromised? (i guess we'll see soon enough, eh?)

  • scir

    good work kid!

  • Dan

    In spite of their flaws, I think working for CCP would be alot more fun and challenging for me than working where I do now, at a bank. : (

  • As many folks are pointing out, CCP is making a concerted effort to conceal the leak. Posts on the Eve Online forums even asking for information about the release are resulting in account bans.

    In the online business, stuff like this does happen. But what separates professionals from posers is how issues like this are managed. Going Gestapo on paying customers is not at all the solution to the problem.

    I'm going to be interested to see if I can login when I get home.

  • DoomGas

    They don't care about security until AFTER they get caught. Same principal as not recalling a commercial product unless they are sure the cost of the recall is less than the cost of not doing the recall. It's not as bad as waiting for x little children to choke on a toy before issuing a recall, but it speaks to how little they care about their security and how quick they are to assume someone is trying to blackmail them, even if the person is trying to help. Most of us don't even bother reporting security holes anymore...even if we have good intensions (which most do) because the company will sue you for your trouble rather than thank you and fix the hole.

  • will hill

    in case you don't want to risk getting banned from EVE, here's the rar: http://silenceisdefeat.org/~kolas/pre51200sc.rar

  • Dan

    I believe if you can't open it, you don't own it. That said, I play Eve and I am a reverser. While I have opened up the client and poked around, I did so only for curiosity's sake - learning things like what font engine, graphics engine etc they chose.

    I personally think that approaching the content creator in this manner was malicious or stupid. At best, there would be a vast array of negative results and maybe the positive result of CCP correctly authoring their code.

    I also think CCP handled it very poorly. While I agree that you don't respond positively to blackmail, an algorithm which must be interpreted by the CPU must also be theoretically reversible; and it's our computers.

    They would have done better to find out what this individuals full intentions and interests were. They could well have averted it being posted to bittorrent simply by saying "yeah, okay we haven't really put much thought in security, we'll go through it. If you notice anything, let us know." Well, assuming that's really what the reverser was trying for.

  • Erm

    What was "scatological" about that chat transcript? Not that I was actually looking for a scat discussion, but... when you see "In the lengthy and scatological exchange" you can't help but read on...

  • NC

    ///brittany Says:

    April 14th, 2008 at 3:07pm

    I’m going to download and seed this on principle. I don’t play EVE, so they can’t hurt me.///

    fucking cunt

  • Slashdot is running commentary on this story here: http://games.slashdot.org/arti...

    Personally, as an Eve player, I'm not really happy about this. I'm a fan of open source, but when code is revealed in manners like this it only causes problems for the players.

  • MeToo

    Me too, brittany!

    On principle!
    (That and I always love reading other people's code... :)

  • Ford Prefect

    Wouldnt it suck if somone uses a unsecured wireless or cracked wireless access point of a eve user to seed the torrent and the eve user gets banned and he or she didnt do anything wrong?

  • Sneezy

    Thanks for the tip.. to to circumvent the obvious. DONT download/seed from the same IP range you log in with. Simply get a new DHCP address do your thing.. then get another DHCP address ... Wow pretty complicated .. I would hate to see though someone getting your IP address you used .. banning the wrong person. OH well when it gets complicated use a sledge hammer rather than needle nose pilers.

  • brittany

    I'm going to download and seed this on principle. I don't play EVE, so they can't hurt me.

  • Be warned, CCP is logging all the downloader/seeder IPs (bittorrent) and then banning any EVE-O user accounts that match EN MASSE.

    Any posts on this subject on CCP's support forums, even when it is a simple request for information or verification, are immediately deleted, and the poster's account is summarily banned.

blog comments powered by Disqus