• Rob Spectre
  • 14
  • Apr
  • 08
This entry is part 1 of 3 in the series Eve Online Source Leak

Full source code for the client for popular MMORPG Eve Online was made available recently via BitTorrent on The Pirate Bay. Along with the torrent, the user posts a chat transcript with a representative identified as [IA]Morpheus from Eve’s developer and publisher CCP. In the lengthy and scatological exchange, the poster of the source code attempts to get some answers about CCP’s much maligned security practices, particularly concerning the rife issue of bots and scripting in their flagship game. The conversation was a little less than professional.

[20:44] <Abuser> Could you certainly say me what your programmers did to secure clientside from exploiting Eve?
[20:44] <Abuser> what’s certainly
[20:45] <Abuser> I don’t have anything against content makers – their ideas are good, really good
[20:45] <Abuser> I have full eve sourcecode, so you know what’s did, and what’s not;)
[20:46] <Abuser> From all security i saw – were ROLE permissions for logins with priviliges higher than usual player, and some minor things in relation to prevent some remote service calls (some with potentially bad payload)
[20:46] <Abuser> nothing else
[20:47] <Abuser> is that called “programmers working on security”?
[20:47] <[IA]Morpheus> Are you cruising for a job or something?
[20:47] <Abuser> Nah
[20:47] <Abuser> neither job, neither anything else
[20:47] <Abuser> you may think of in such direction
[20:48] <Abuser> Digging the situation to uncover the truth :)
[20:49] <Abuser> You may compare me to fox mulder from x-files series
[20:49] <Abuser> it’s the best description of why i do this
[20:49] <[IA]Morpheus> Ah, well, nice to meet you Mr Mulder.
[20:50] <Abuser> So… would you like to answer what AWESOME ccp programmers did in relation to client/server security (at least for client?)
[20:51] <[IA]Morpheus> No, we won’t respond to blackmail. If you think we don’t care or aren’t working on improving security you are sadly mistaken

Buzz on forums surrounding the incident report that in reaction CCP is strictly censoring its online forum from references related to the code leak. In addition, reports are being posted that CCP is seeding most of the torrent themselves, then using the IP addresses of those who download the client’s source code to ban Eve Online accounts.

No public recognition of this source code leak has yet been offered from CCP.

  • Rob Spectre
  • 15
  • Apr
  • 08
This entry is part 2 of 3 in the series Eve Online Source Leak

CCP, the developers and publishers for EVE Online, posted reactions both to players and Slashdot readers in a public release about the recent posting of source code from the Eve Online client on the Internet. Posted some 48 hours after the story broke on (d)N0t, the release on the Eve Online website was available only to registered player accounts for the game. The post, which was largely similar to the comment of the Slashdot article, included new details about CCP’s reaction to public exposure of the client’s source:

Finally, there have been no mass bannings, as reported in some news articles, though we do remove all message board posts regarding violations of our EULA and Terms of Service as per standard policy and procedures. We consider any alterations of the client software, including decompilation, or discussions thereof, to represent such a violation.

CCP representatives indicated that the releases would serve as the only comment the company would make publicly. When pressed for further details about the incident and its origin, CCP’s Valerie Massey provided the following addition:

There may be additional comments as needed in the discussion thread for the blog, but we really do consider this a non-issue that got blown far out of proportion. The “leak” is of no consequence whatsoever.

In the meantime, the number of seeds for the source code via the tracked torrent on The Pirate Bay passed 255, suggesting an explosion of proliferation after the release became public. With the increased distribution, additional scrutiny has been given to the source leak. Initial reviews of the source exposed some interesting technical details about the Eve client including th existence of a local Telnet server and the client’s visibility of location data for all players in a local zone.

Rife speculation has been made of last night’s Eve Online downtime event, which was extended late in the day from one to four hours. Though the release notes for the patch do not mention the source leak directly, much attention has been paid to two oblique references to customer service and exploits.

Multiple bug fixes were made to our GM tools and some new features implemented to improve our customer support.

Several exploit issues have been fixed, making EVE a better world to live in for us all.

CCP would not comment further if the patch extension was in reaction to the source leak.

  • Rob Spectre
  • 15
  • Apr
  • 08
This entry is part 3 of 3 in the series Eve Online Source Leak

In an interview with Dream Not Of Today, a person claiming to be the source of the recent source code leak for the client of popular MMO Eve Online divulged details about the much publicized incident. Going by the pseudonym of “Abuser” in a chat transcript with a CCP (the developers and publishers of Eve Online) customer service rep that was posted with the torrent and on several warez sites, the disgruntled Russian Eve player revealed that the “leak” was not a crafty case of insider espionage at all, but rather a poor choice of words.

“[I] decrypted, unpacked, and decompiled, then started checking for possible bugs, sploits, performance lockups, etc.,” said Abuser. “It’s probably my poor English that I used word ‘leak’ instead of what it really was.” Asserting that no inside contact at CCP worked with him for the “leak,” Abuser claimed that the source was obtained by disassembling the client and its main library with a modified decompiler for Python. The alleged source’s disclosure confirms the public statement by CCP, which suggested the source code release was external to the organization:

The [Python] scripting language that is used by the client can be easily decompiled to generate readable code.

Trojan Horse Test ScreenshotAbuser did, however, disagree with CCP’s assessment that the exposure was overblown. Claiming that active exploits were already in the works, Abuser shared proof of concept code and screenshots from the works in progress. “There are a lot of methods to get code executed within EVE’s environment – without refusing from Python, there’s no way to get rid of them,” said Abuser. “Changing the realization of function won’t change the function/class/method names they stay behinds [sic].” One exploit he claimed to be demonstrating allowed for unattended courier missioning; essentially an autopilot bot for loading up on in-game currency.

Abuser went on to suggest that CCP’s apparent policy of denial is what drove him to post the source in the first place.

(10:59:33 AM) (d)N0t: What’s your response to CCP’s assertion that this leak poses no threat to the game?
(11:00:03 AM) Abuser: It’s absurd.
(11:00:39 AM) Abuser: But since CCP didn’t want to cooperate – maybe they still think they are fine?
(11:00:40 AM) Abuser: :)
(11:01:58 AM) Abuser: i have nothing to say about such incompetence, really.
(11:02:01 AM) Abuser: i’m disappointed

When asked about the motivation for publicly exposing the source code of the Eve client, Abuser cited frustration with a perceived lack of responsiveness from CCP’s engineering group concerning issues of security. Referring to the chat transcript posted with the code’s torrent, Abuser said, “[CCP representative] Morpheus promised to connect me with somebody, who will be responsible for making decision on my ‘ultimatum.’ I was waiting approximately 24 hours before promised dialogue with CCP Software Director. After long waiting I got [CCP representative] GM Grimmi, threatening me with law enforcement instead of promised CCP guy. Morpheus himself was blackmailing me with ban of my characters in Eve.”

Shortly thereafter, Abuser claims he destroyed his main character, sold off all items, and published the source on a number of Russian forums. “First release was announced from forum.eve-ru.com,” said Abuser. “Then opened a thread on Russian warez site with link to rapidshare upload of source.” Alluding to the user “Zakide” credited with posting the torrent to The Pirate Bay, Abuser said, “Somebody from those who were reading this warez thread was kind to make torrent on TPB.”

To be sure, Abuser’s claims are difficult to verify. After examining some of the code in the alleged proof of concept, the possibility of exploit certainly appears more likely than CCP’s public release would suggest. However, with little way to confirm the source’s identity or whether the code can be executed against Eve’s production systems, this latest claim could just be just another exaggeration in a string of hyperbolic events. Or it could mean further deep trouble for CCP, whose past year has been plagued by a number of technical foulups, including a patch that killed users’ ability to boot Windows.

In any case, the truthfulness of CCP and “Abuser’s” claims will be made evident very shortly as the world’s technical community continues to evaluate this release. In closing to the interview, the man claiming to be the possible killer of Eve made a parting shot at his detractors.

(11:34:44 AM) (d)N0t: So unpacking the Eve client’s .pycs and running it through a decompiler. Some folks are suggesting that this is not particularly sophisticated and that this release has little technical value.
(11:35:09 AM) (d)N0t: What would you say to the folks that suggest this is just another Russian script kiddie looking for attention?
(11:36:16 AM) Abuser: Maybe these kids never trieds to do something for EVE to help it survive, rather than smacktalking and creating theories on chat channels and forums?
(11:36:48 AM) Abuser: It could be really not that hard to do the same things i did.
(11:36:59 AM) Abuser: But why nobody did it except me for last 2 years? (11:38:17 AM) Abuser: I don’t afraid to do something, better than doing nothing and looking how eve slowly dies behind the fancy curtain of graphic updates.