In an interview with Dream Not Of Today, a person claiming to be the source of the recent source code leak for the client of popular MMO Eve Online divulged details about the much publicized incident. Going by the pseudonym of “Abuser” in a chat transcript with a CCP (the developers and publishers of Eve Online) customer service rep that was posted with the torrent and on several warez sites, the disgruntled Russian Eve player revealed that the “leak” was not a crafty case of insider espionage at all, but rather a poor choice of words.
“[I] decrypted, unpacked, and decompiled, then started checking for possible bugs, sploits, performance lockups, etc.,” said Abuser. “It’s probably my poor English that I used word ‘leak’ instead of what it really was.” Asserting that no inside contact at CCP worked with him for the “leak,” Abuser claimed that the source was obtained by disassembling the client and its main library with a modified decompiler for Python. The alleged source’s disclosure confirms the public statement by CCP, which suggested the source code release was external to the organization:
The [Python] scripting language that is used by the client can be easily decompiled to generate readable code.
Abuser did, however, disagree with CCP’s assessment that the exposure was overblown. Claiming that active exploits were already in the works, Abuser shared proof of concept code and screenshots from the works in progress. “There are a lot of methods to get code executed within EVE’s environment – without refusing from Python, there’s no way to get rid of them,” said Abuser. “Changing the realization of function won’t change the function/class/method names they stay behinds [sic].” One exploit he claimed to be demonstrating allowed for unattended courier missioning; essentially an autopilot bot for loading up on in-game currency.
Abuser went on to suggest that CCP’s apparent policy of denial is what drove him to post the source in the first place.
(10:59:33 AM) (d)N0t: What’s your response to CCP’s assertion that this leak poses no threat to the game?
(11:00:03 AM) Abuser: It’s absurd.
(11:00:39 AM) Abuser: But since CCP didn’t want to cooperate – maybe they still think they are fine?
(11:00:40 AM) Abuser:
(11:01:58 AM) Abuser: i have nothing to say about such incompetence, really.
(11:02:01 AM) Abuser: i’m disappointed
When asked about the motivation for publicly exposing the source code of the Eve client, Abuser cited frustration with a perceived lack of responsiveness from CCP’s engineering group concerning issues of security. Referring to the chat transcript posted with the code’s torrent, Abuser said, “[CCP representative] Morpheus promised to connect me with somebody, who will be responsible for making decision on my ‘ultimatum.’ I was waiting approximately 24 hours before promised dialogue with CCP Software Director. After long waiting I got [CCP representative] GM Grimmi, threatening me with law enforcement instead of promised CCP guy. Morpheus himself was blackmailing me with ban of my characters in Eve.”
Shortly thereafter, Abuser claims he destroyed his main character, sold off all items, and published the source on a number of Russian forums. “First release was announced from forum.eve-ru.com,” said Abuser. “Then opened a thread on Russian warez site with link to rapidshare upload of source.” Alluding to the user “Zakide” credited with posting the torrent to The Pirate Bay, Abuser said, “Somebody from those who were reading this warez thread was kind to make torrent on TPB.”
To be sure, Abuser’s claims are difficult to verify. After examining some of the code in the alleged proof of concept, the possibility of exploit certainly appears more likely than CCP’s public release would suggest. However, with little way to confirm the source’s identity or whether the code can be executed against Eve’s production systems, this latest claim could just be just another exaggeration in a string of hyperbolic events. Or it could mean further deep trouble for CCP, whose past year has been plagued by a number of technical foulups, including a patch that killed users’ ability to boot Windows.
In any case, the truthfulness of CCP and “Abuser’s” claims will be made evident very shortly as the world’s technical community continues to evaluate this release. In closing to the interview, the man claiming to be the possible killer of Eve made a parting shot at his detractors.
(11:34:44 AM) (d)N0t: So unpacking the Eve client’s .pycs and running it through a decompiler. Some folks are suggesting that this is not particularly sophisticated and that this release has little technical value.
(11:35:09 AM) (d)N0t: What would you say to the folks that suggest this is just another Russian script kiddie looking for attention?
(11:36:16 AM) Abuser: Maybe these kids never trieds to do something for EVE to help it survive, rather than smacktalking and creating theories on chat channels and forums?
(11:36:48 AM) Abuser: It could be really not that hard to do the same things i did.
(11:36:59 AM) Abuser: But why nobody did it except me for last 2 years? (11:38:17 AM) Abuser: I don’t afraid to do something, better than doing nothing and looking how eve slowly dies behind the fancy curtain of graphic updates.