Welcome, Guest. Please login or register.
March 28, 2024, 11:03:42 PM

Login with username, password and session length

Search:     Advanced search
we're back, baby
*
Home Help Search Login Register
f13.net  |  f13.net General Forums  |  The Gaming Graveyard  |  MMOG Discussion  |  Eve Online  |  Topic: New eve client injection 4.7.2010 0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: New eve client injection 4.7.2010  (Read 11242 times)
Comstar
Terracotta Army
Posts: 1952


WWW
on: July 04, 2010, 01:48:10 AM

Found an interesting thread on Eve-O

YouTube Video of someone using dev tools on the main server, allegedly via a python injection attack. With it, you can do pretty much everything a GM can (super cloak, scan system, warp to anyone, anywhere etc etc).





Defending the Galaxy, from the Scum of the Universe, with nothing but a flashlight and a tshirt. We need tanks Boo, lots of tanks!
Fordel
Terracotta Army
Posts: 8306


Reply #1 on: July 04, 2010, 02:17:44 AM

EVE is just one giant pile of exploits.  awesome, for real

and the gate is like I TOO AM CAPABLE OF SPEECH
Sir T
Terracotta Army
Posts: 14223


Reply #2 on: July 04, 2010, 02:29:09 AM

Hey look, thread has been deleted  Oh ho ho ho. Reallllly?

Hic sunt dracones.
Gets
Terracotta Army
Posts: 1147


Reply #3 on: July 04, 2010, 05:16:24 AM

http://scrapheap-challenge.com/viewtopic.php?t=35622&postdays=0&postorder=asc&start=0

http://eve-search.com/thread/1347565/page/1

Mostly everything said on the forums is complete bogus because of people throwing in their guesswork. The guy who made it however is selling the uberscanner, warp to 0 autopilot, 5 second session timer and contract dump to file supposedly. I'm waiting to see who puts the word out first: CCP or a your favorite MMOzine.
Simond
Terracotta Army
Posts: 6742


Reply #4 on: July 04, 2010, 11:11:41 AM

Hey look, thread has been deleted  Oh ho ho ho. Reallllly?
If nobody knows about it, then it doesn't exist! :ccp:

"You're really a good person, aren't you? So, there's no path for you to take here. Go home. This isn't a place for someone like you."
Gets
Terracotta Army
Posts: 1147


Reply #5 on: July 04, 2010, 12:36:20 PM

eve-o doesn't allow threads talking about bugs and exploits hth
Goumindong
Terracotta Army
Posts: 4297


Reply #6 on: July 04, 2010, 12:46:32 PM

Given how cheap it is to send information that is non-interactive in any game it makes sense that all of this is basically possible.

I.E. when you scan something down with the on board scanner, its much more likely that the server gives your client location information than it does the calc each time. Its probably much cheaper to query the information than query the information and the process. The local machine does the processing. Because of this, every time you scan you're going to get information relating to where everything is in the system so long as you can access that info out of the client you are going to know:

1. Whether a ship is on a permanent or temporary grid.

2. Ship type and other pertinent info. Probably player ID as well. Given that local exists its probably easier to set up an identifier for set of ship information when a player enters local and simply always refer to that identifier. I.E. player A is in a falcon. Rather than send "falcon, player name X" each time it just sends the player ID which is then cached once.

Since temporary grids are tied to objects and since there exists methods to warp to ships in your gang. It follows that if you can modify the client, you can probably warp to any object that you can scan down, but the client typically prevents it.

GM actions however are probably off limits. Those would require the server acknowledging the action, which won't happen without authorization. That is to say you won't be able to get access to GM tools unless you know a way to trick CCP or the server into thinking you're a GM. And you'll forgive me if i doubt if authentication is handled client side.

edit: all of this is just speculation by someone who doesn't do networking, just thinking about how I would design a system that would send as little information as possible and streamline actions as much as possible without getting into the problems of making it too easy to cheat.
« Last Edit: July 04, 2010, 12:49:01 PM by Goumindong »
Simond
Terracotta Army
Posts: 6742


Reply #7 on: July 05, 2010, 11:11:30 AM

From SA:
Quote
Seems like that one guy managed to finish his project, actually took a while. I've seen the initial version of that thing running a long time ago.

Basically a special version of decompyle (yes, that's the name of the app) was constructed like about two years ago that specifically targets stackless version of Python which has been used ever since to decompile successfully every single client update CCP has put out. This means that even one "maintenance" update CCP put out right after this decompiling was announced on Kugutsumen it was immediatly noticed that the update didn't really address any of the issues (patch notes said something about dumb drones) but instead just added some additional logging to built-in functions such as slash commands which started to send the userid to EVE cluster. A quick injection later that number was quickly hardcoded to be zero.

To summarize, EVE client is actually a lot of things; It's

    * Client for the game we all know as EVE Online
    * GM Tool for the same game
    * Development tool for the developers (it can run Python and most of EVE is done as Python scripts, duh!)
    * and most notably, cluster node for working in tandem with other linked cluster nodes as distributed server environment.


The last one above is the fun part: Because most of the client code is made with Python and client is actually the same as EVE cluster node, the game will always lag because the scripts that should be just mirroring server status to clients are the exact same ones which calculate the very same things on the server side, but instead of doing it to one person the server side mode calculates them for everyone.

Welp, so much for CCP ever fixing the lag.  awesome, for real

"You're really a good person, aren't you? So, there's no path for you to take here. Go home. This isn't a place for someone like you."
slog
Terracotta Army
Posts: 8232


Reply #8 on: July 06, 2010, 05:47:16 AM

explain that in English?

thanks

Friends don't let Friends vote for Boomers
Simond
Terracotta Army
Posts: 6742


Reply #9 on: July 06, 2010, 10:34:34 AM

Which part? The bit where the 'normal' client is also the GM client, the server code, and the Dev toolkit, or the lag?

If I'm reading it right, the lag boils down to the server (node? grid?) recalculating everything individually for every client each 'tick', rather than simply outputting the server/node/grid state to every client at once.

"You're really a good person, aren't you? So, there's no path for you to take here. Go home. This isn't a place for someone like you."
Kitsune
Terracotta Army
Posts: 2406


Reply #10 on: July 06, 2010, 11:50:40 AM

Apparently Fnorgen the Icelandic wonder programmer set things up so that every eve client is in effect a partner to the server.  This means that the server is transmitting huge piles of irrelevant data to every client rather than only the data that the client needs to display the game to the player.  Surprisingly, this results in degraded performance.
Sir T
Terracotta Army
Posts: 14223


Reply #11 on: July 06, 2010, 11:57:02 AM

Stuff such as the position of cloaked ships, drones, cargo cans etc.

One of the nice things about Apochrypha is it made Covert Ops frigs nearly untouchable as cargo cans and drones sere set to have no 'body', so the server didn't have to keep track of their position anymore. That was one of the key decisions in reducing lag. Of course they decloak stuff again now, so covert ops frigs are still nearly invincible and everyone is lagged to death by people launching drone swarms etc.

its one of those quietly not mentioned 'improvements' in Dominion

Hic sunt dracones.
slog
Terracotta Army
Posts: 8232


Reply #12 on: July 06, 2010, 12:25:50 PM

Apparently Fnorgen the Icelandic wonder programmer set things up so that every eve client is in effect a partner to the server.  This means that the server is transmitting huge piles of irrelevant data to every client rather than only the data that the client needs to display the game to the player.  Surprisingly, this results in degraded performance.

OK this makes perfect sense.  thanks!

Friends don't let Friends vote for Boomers
kildorn
Terracotta Army
Posts: 5014


Reply #13 on: July 06, 2010, 12:40:18 PM

Man, just the other day I was thinking "what ever happened to when we used to trust the client with shit it shouldn't know.."

You go, CCP. I think my favorite part of this is that it would take a massive redesign of the client and server setups to fix.
slog
Terracotta Army
Posts: 8232


Reply #14 on: July 06, 2010, 01:11:47 PM

I'm having flashbacks to Shadowbane.  Someone is going to teleport my ship into the middle of the sun.

Friends don't let Friends vote for Boomers
Sir T
Terracotta Army
Posts: 14223


Reply #15 on: July 06, 2010, 01:15:09 PM

Funnilly enough, that's what happens to me when a bridge in cyno is destroyed  DRILLING AND MANLINESS

Hic sunt dracones.
Fordel
Terracotta Army
Posts: 8306


Reply #16 on: July 06, 2010, 03:22:04 PM

Doesn't the sun just vomit you out at hilarious speeds if that happens?

and the gate is like I TOO AM CAPABLE OF SPEECH
squirrel
Contributor
Posts: 1767


Reply #17 on: July 06, 2010, 10:19:33 PM

God I love EVE.

Speaking of marketing, we're out of milk.
Setanta
Terracotta Army
Posts: 1512


Reply #18 on: July 07, 2010, 12:42:26 AM

Show me another MMO (or game for that matter) that has this much drama both in the game and out of the game :D

"No man is an island. But if you strap a bunch of dead guys together it makes a damn fine raft."
Fordel
Terracotta Army
Posts: 8306


Reply #19 on: July 07, 2010, 05:06:33 AM

WoW is doing its damnedest to catch up with their Real ID debacle  why so serious?

and the gate is like I TOO AM CAPABLE OF SPEECH
Goumindong
Terracotta Army
Posts: 4297


Reply #20 on: July 07, 2010, 08:26:28 AM

Stuff such as the position of cloaked ships, drones, cargo cans etc.
Actually that stuff is kinda important to know on the client side. If you don't then it takes longer for ships to decloak on your screen than it does on theirs or on the server.

Which is to say that if you have to get new data for ships each time a new one appears on grid, there is going to be seconds delay between when things show up and when they get seen. This is a big deal if you're landing on grid(you have to load X ships and they have to load just you) or if you're hunting a cloaked ship(cloaked ship will know he is decloaked way before you, essentially negating his lock time)

Some of the posts at SHC have actually been very informative with regards to the super-scanner thing
TripleDES
Terracotta Army
Posts: 1086


WWW
Reply #21 on: July 26, 2010, 09:26:11 AM

That's a hilarious way to implement their netcode. And it'd involve a hilarious near-impossible effort to fix this, i.e. implementing a more traditional client server model. They'd have to rip everything out from the inside, turning the current Python implementation into mere public interfaces and write everything new beneath it.

EVE (inactive): Deakin Frost -- APB (fukken dead): Kayleigh (on Patriot).
Goumindong
Terracotta Army
Posts: 4297


Reply #22 on: July 26, 2010, 11:57:49 PM

Not really, its just an extrapolation of the old "when do you tell someone when another player comes around a corner" problem.
ghost
The Dentist
Posts: 10619


Reply #23 on: July 30, 2010, 08:35:37 AM

Hmm.  Just when my sub is getting ready to run out. 

Think I'm going to abandon this.
Pages: [1] Go Up Print 
f13.net  |  f13.net General Forums  |  The Gaming Graveyard  |  MMOG Discussion  |  Eve Online  |  Topic: New eve client injection 4.7.2010  
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC