Slashdot Mirror
Eve Online Client Source Code Leaked
An anonymous reader writes to tell us that the game client source code for the popular MMO, Eve Online, has been leaked via torrent. In addition to the source code the user also posted a lengthy chat transcript with someone from CCP customer support. While the end goal may have been to call attention to the continuing security issues within Eve (and ultimately themselves), there are probably better ways of getting through to support. Unfortunately, CCP seems to be responding with the usual knee-jerk reaction of banning everyone breathing a whisper of this incident. I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer.
I would worry that unscrupulous players will dig through the source code to find exploits, but it's reassuring to find something that will bring them back to the real world...
If you are an active EVE player, don't use the torrent links to download the source. CCP is monitoring the torrents and banning any accounts with matching IP addresses to any of the people using the torrent.
They obviously can't watch them all, but don't download the torrent from an IP that you use to play the game.
Well, almost. http://thepiratebay.org/tor/4128183/Eve_Online_Source(client_side)_Code
Frankly, downloading this would be a stupid thing to get banned over. This is CCP's bread and butter, I don't blame them for taking this action. In their eyes, they are trying to eliminate exploiting players in hopes of making the game better for non-exploiting players. This 'policing' action is usually desired by the community. Yeah, it's unfortunate that they're not taking advantage of the security and stability of an open source coding community
Let's see if Linden Labs can make this OSS client thing work to their advantage. I sure hope so because it will give everyone else a reason to make the switch.
My work here is dung.
I don't think anything major as this has happened before, and from a online game developer's perspective i will look closely to how this affects cheating and the development of the game further, as something like this is a great nightmare for any game developer, and i really want to see how this one ends.
Unless you live in your mom's basement.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
In the lengthy and scatological exchange, the poster of the source code attempts to get some answers about CCPs much maligned security practices, particularly concerning the rife issue of bots and scripting in their flagship game. The conversation was a little less than professional.
Well, atleast on the tidbit shown on the article, the CCP representative sounds perfectly rational and professional. Am i missing something here?
And by the way, how does this guy ended up with the sourcecode on the first place?!
The major issue behind the source-code leak is the security surrounding the code. Now that it's out, there is the potential for "unscrupulous players" to find exploits. Anyone familiar with Python will be able to find at least something.
Also, since it is the client code that was released, an intrepid cheater can find ways not just to exploit functions in-game, but find ways to pull various bits of data from straight out of memory. This is a bit like third-party programs that utilize CCP's API code system, though it is a direct violation of the Terms of Service of said game, as it could provide access to information that would potentially give a select few an edge.
My eye's on GoonSwarm now; this might be their "big chance" to ruin the game they declared they would.
It's not a leak, the .pyc's have just been decompiled and distributed. Here - go do it yourself.
Something that the summary missed but was reiterated twice in the actual article is that CCP is accused of seeding most of the torrents and then monitoring all IP addresses acquiring the source and then banning accounts associated with those IPs.
If they're actually seeding it themselves then I expect to hear about a lawsuit. Since that would be purely legal to download from them. If CCP is effectively giving away their src what's wrong with accepting their offer?
If i had one dollar for every brain you dont have, i would have $1.
"I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer."
I doubt it. But this is not without a good reason.
Many, many MMORPG players are 13 year old kids. Immature kids. These people are not adults. They do not behave like adults. If the company "calmly addresses the issues", then they'll be flooded by complainers, cheaters and opportunists within no time.
I've been involved in MMORPG for several years. The immaturity in MMORPG communities in general is just sad. There doesn't seem to be any good way to handle issues other than ruling with iron fist.
if eve blocked all the bots all of BOB would stop playing.
I'll probably be modded down for this...
Okay, the torrent is here.
First things first - it's not the full source. In fact, it's not even 2mb big. It's not even a fraction of the source.
Secondly, from the IM conversation they had with support:
[20:18] I don\'t know HOW you work
[20:19] i see the RESULT of this work
[20:19] and UNDERPANTS of it
They see the UNDERPANTS of it. Hilarious.
It's sort of like that, AFAICT
All's true that is mistrusted
What planet are you on? Gosh, I wonder how Microsoft would respond to someone putting the code for Office online? Banning would be the least of it. Open source is a good thing; software patents are bad; but EVERY company is legitimately entitled to its trade secrets.
I piss off bigots.
But maybe someone can pull it down and improve their horrible UI!
Support a great indie game: http://www.abaddon360.com
Get s shell account and download it to there, that way CCP won't be able to get your home IP.
Problem solved.
There is already a code exploit that has been found in the code. The IGB allows the execution of files on the machine via click able links in the in game web browser. Potentially a very serious hole that could cause quite a few problems.
"EXPLOIT FIXES * Several exploit issues have been fixed, making EVE a better world to live in for us all. "
What they dont want is someone adding functionality to the client they avoided for a long time:
Fire all weapons on a single click. Automagically select the right ECM jammer for the target ship. And that's what came to my mind in an instant.
I bet there are many more possibilities which can unbalance tweaked clients and standard clients. It is like a free opportunity for wall hacks if other clients are allowed. It wouldnt be a problem for PvE games, but PvP needs the same client for all.
Does this mean that someone will finally make a proper Mac and Linux build without the Transgaming garbage ;)
Good thing EVE is horribly boring! Now I can download the source code with no worries!
http://img88.imageshack.us/my.php?image=clipboard1qt4.jpg
Seems to me like he told them about the exploits waited a bit of time, and then started seeding this as a means of putting the heat on for them to get this fixed. If they hadn't started banning anyone who downloaded it, then this certainly would have pushed for a huge inrush of exploiters, forcing them to fix the problems.... Instead they found a loophole.
If someone sells me a print do I automatically have the right to re-distribute it willy-nilly?
Also, if a person or even a company makes free wifi available I am not allowed automatic access to it either. The law seems to require additional permission the way things have been shaking out lately.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
I'm messing around building with an MMO client. Would I be a dick if I took a peek at the source to see what their net code looks like? Not that I'd copy it, but the learning experience would be awesome.
It wouldnt be a problem for PvE games, but PvP needs the same client for all.
Or needs to do validation on the server-side of all game-balance-affecting stuff--which is really the only way to ensure fairness, since clients can always be hacked.
rage, rage against the dying of the light
For those of you asking "what's the big deal about this?" here are what people have found so far digging through the code.
EVE is a fine game, but the code is a joke. This is very likely going to lead to a lot of problems for CCP for some time to come. If they're lucky they'll only get a flood of bots, if they're not then the game may very well turn in to a wild west of hacking players looking for an edge.
http://slashdot.org/articles/04/02/12/2114228.shtml
Tibbon
tibbon.com
Back in the day the EVE/script folder had the decompiled python in it in plain text. People did stuff like modify it to create merchant bots that would auto buy/sell stuff on the markets and whatever else they wanted to modify. Then CCP changed it to one 'compiled.code' file instead of all the uncompiled python files, which is easier to manage and check for people making changes. So you can still just take that 'compiled.code' file and decompile it to readable code. Which is what got 'leaked' It's nothing special at all really, and is only a portion of the client code. Anyone that was interested in messing with it has already seen the Python, especially people that played when it wasn't even pre-compiled. Next thing you know right clicking a web page to 'view source' will be considered leaking source code too?
I recompiled it and I still had to download the latest patch :(
...players start spawning their own Eye of God ships.
If you get THAT reference, come join me here in ex-space-MMOer's hell. *pats seat*
Here's something not to do: make the Dev's personal ships explode for a billion jillion points of system-wide damage, to discourage people firing on devs.
Then do nothing about players finding ways to spawn EoG ships in enemy systems and detonating them on purpose...
Mankind, that was the name of it. Now, I can't picture CCP letting that go on for more than 5 minutes - but i do recall them being more than a little touchy about any kind of dissent or confrontation.
It's ironic - EvE devs have never flinched from throwing players into hard situations and seeing how the playerbase coped. This incident may have them on the receiving end - auditing and fixing glaring holes that otherwise may not have been addressed any time soon...
Their GMs and such widely varied. Some had almost inhuman patience, some never lost their cool and had serious style, quite a few joined in with the players in keeping things as IC (or at least tongue-in-cheek IC) as possible... and others were, now and then, sad to say, useless flaming wrecks. It happens. TBH i hope to reactivate my EvE account again one day when i have the time. It's a unique experience.
That which does not kill us makes us... st
Could we rephrase it to say
EVE Online Client Open Sourced
but not by choice?
WARNING: Smartphones have side effects--most of them undocumented.
"Something that the summary missed but was reiterated twice in the actual article is that CCP is accused of seeding most of the torrents and then monitoring all IP addresses acquiring the source and then banning accounts associated with those IPs. So if you're going to get the code just to look at it, I suggest using your mom's house or an internet cafe!"
With a file size of 1.8MB why not just upload it to one of the 100's of free file hosting websites? One not located in the US? or grab the file from a "safe" location (or use the tor option in most torrent programs) and then reseed?
You must be new here. For most of us, it's one and the same. Though the coffee's not $3 a cup.
WARNING: Smartphones have side effects--most of them undocumented.
I read the chat-log, but I'm having a hard time understanding "Abused's" position; what is his motivation for releasing the source code? Why is he so interested in forcing the EVE developer to make a news release confirming that some security exploites have existed "for years"? The code isn't open source, so releasing detailed descriptions of what security holes exist would only allow them to be exploited easier. Is that what he wants?
Having looked through the source, there are some obvious -- I mean reeealy obvious -- places to "work" this code nicely. My Eve addiction just increased.
Old: Eve Online Client Source Code Leaked
Revised: Eve Online Client now open source!
It is just a disassembly of the Python object code. Although this means something that looks a lot like source code, it's not an actual leak: there's no comments and the C++ part of the client is missing. (This "leak" is also out of date.) It is possible for anyone who has downloaded the EVE client to extract this.
Client source shows that applications can be executed with user level privs through the ingame browser by clicking on a link, although you can't pass arguments to them.
There is no reason for this code to be in the browser other than CCP being completely retarded.
It's no wonder they tried so hard to keep this code hidden. I'm not even sure what this is supposed to do.
//The first verse
//Both people are represented by an abstract class
public abstract class Person
{
public bool StrangersToLove { get; set; }
public bool KnowTheRules { get; set; }
}
//Possible thoughts
public enum Thought
{
FullCommitment
}
//Class
public sealed class Me : Person
{
public Thought Thinking()
{
return Thought.FullCommitment;
}
}
//The target of the song, notice that GetThought can only be called by passing in an instance of Rick
//which satisfies that she can't get this from any other guy
public class You : Person
{
private Thought whatHeIsThinking;
public void GetThought(Me guy)
{
whatHeIsThinking = guy.Thinking();
}
}
class Program
{
static void Main(string[] args)
{
var Rick = new Me() { KnowTheRules = true, StrangersToLove = false };
var Girl = new You() { KnowTheRules = true, StrangersToLove = false };
Girl.GetThought(Rick);
}
}
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
CCP is aware that an individual claims to have access to the source code of the EVE client. This access is not a security risk to CCP in any way. CCP does not believe in security by obscurity. The Python scripting language that is used by the client can be easily decompiled to generate human-readable code, and CCP has designed its server-side systems with that understanding. Access to the source code for the EVE client exposes no security vulnerabilities, has no privacy protection issues, and poses no threat to our customers' billing information. The server-side interface used by the client is carefully protected to ensure that no abusive or unwanted information is transmitted to, or from the EVE system. Nothing the EVE client can do can affect the game state, no advantage can be gained by manipulating the EVE client, no advantageous or disadvantageous information can be transmitted to other EVE users by altering the EVE client. The EVE client is signed with a security certificate registered to CCP, and hashes are available on our web site for those who wish to ensure the integrity of EVE client download files they may have received from a source other than direct download from CCP's web site.
CCP does not confirm or deny, nor make any comment, regarding issues of internal security, and will not be doing so in this case. As a policy, CCP removes message board posts regarding violations of its EULA and Terms of Service, and CCP considers any alteration of the Client software, including decompilation, to be such violations.
--------
Ryan S. Dancey
Chief Marketing Officer
CCP
1.8MB? You could download that from practically any open access point without anybody noticing. I'm frankly surprised that the code is that small, I know the bulk of a game is the art and whatnot, but man, I've personally coded some things that were a good fraction of that myself in just a few days.
I read the internet for the articles.
At the risk of sounding like the guy who can't stop telling people how he doesn't have a TV and doesn't miss it in the least, boy am I glad I stopped playing EVE. The waiting game on the bug fix list got old quick, Godot would get here before they ever fixed drones.
I successfully avoided getting hooked on MUD's and Evercrack but huge honkin' space games were my biggest weakness, a space MMO was where I finally made the plunge. It's a good thing the game couldn't keep me hooked, I still have a life (or what passes for one amongst the slashdotterati).
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
...Source code leaks YOU!
I couldn't have happier uninstalling that piece of trash. The whole game is a waste of time so the code is worth as much as George Bush's word these days.
If CCP is seeding, and you get banned. Can you sue them? Because it seems to me they are voluntarily giving you permission to download it (as they distribute it themselves)....
Why is this marked insightful?
Office is COMPLETELY different than the Eve Client, and not just because the programs are different.
The Eve Client is available for download for FREE from their website. You can decompile it with FREE tools fairly painlessly.
Office however is the primary product of Microsoft. It and Windows need each other to exist for the most part, and both are equally important to Microsoft's business plan.
You can't just go decompile Office (easily, I'm sure you can do parts) and voila see the source code.
If this was the source code for the actual Eve SERVERS, then he'd have a valid comment. As it stands, his analogy is wildly inappropriate.
As a former EVE player, I wouldn't be surprised if some people actually tried this.
In that case you'll want pictures of Evelyn Lory instead of this...
WARNING: SOURCE CODE DOES NOT CONTAIN EVELYN LORY.
$
So has anyone actually recompiled it into a working client? Is it even possible or are these just, as people have said, decompiled portions of the client?
60% of the time, this baby works every time.
if ((KnowYourRole == yes) && (you.Location() == hotel['SmackDown'])) {
you="Roodypoo" . "Candy-Ass";
}
From all security i saw - were ROLE permissions for logins with priviliges higher than usual player. A Travesty as CCP Stated that there was no higher priority logins during the BOB/Dev Fiasco. Hence they have been caught in a bold faced Lie. Now you all know how BOB became so Powerful :(
Maybe someone would hack in joystick/spacenavigator ( http://blog.secondlife.com/2008/04/14/4-fun-spacenavigator-3d-mouse-video-tutorials/ ) controls into eve now.
One gripe I've always had with Eve was that you had to click to move, it kinda cut down on the immersion . I want to be able to fly around (specially if I'm on a fast ship more interactively -- aka Starwars like) than it does now with click to move.
The 3D navigator mouse from 3Dconnexion (http://www.3dconnexion.com/solutions/secondlife.php ) currently being made only Second Life would be a pretty good solution if it is integrated into eve.
Rushed code indeed... a good read. There are some gems in there and some barely patched together mistakes. Overall a nice piece of engineering. :)
ui/control/bastard/
self.LogFatal("Disconnecting a node->node connection!?! Man do I smell deep shit going on here...")
LogError("Something fucked trying to create char!")
raise RuntimeError, "Shit happened"
log.LogException(extraText="Some horrid crap happened!!!!!")
objclass = "CrappyClass"
StackTrace(text="Unexpected Crapola: connectionID still found in machoObjectConnectionsByObjectID[objectID]")
class MachoBoobyTrap:
A sneaky little bastard returned from non-blocking calls to catch bugs when you call non-blocking yet expect a result.
michelle = sm.StartService("michelle")
most MMO logic is computer server side, the client is just a graphics engine and an interface
Snowden and Manning are heroes.
antiaddiction.pyc_dis def OnLogin(): """ Check playing time limits for underage players in the Chinese server, to comply with anti-addiction laws. Called after successful login, but before char selection is entered. If a player is eligible for anti-addiction control, game exit and related warnings are executed immediately or scheduled, depending on how longer the law allows her to play. """ global _savePeriod global _displaySeconds global _watchSpan global _allowedTime global _schedule if ((boot.region != "optic") or (not AmIUnderage())): return if prefs.GetValue("aaTestTimes", 0): _watchSpan = _testWatchSpan _allowedTime = _testAllowedTime _schedule = _testSchedule _savePeriod = _testSavePeriod _displaySeconds = True else: _watchSpan = _liveWatchSpan _allowedTime = _liveAllowedTime _schedule = _liveSchedule _savePeriod = _liveSavePeriod _displaySeconds = False sessionID = StartSession() uthread.worker("antiaddiction::EndSession", lambda :EndSessionWorker(sessionID))
def ActionWrap(action, time):
return lambda :action(time)
t = TimeLeft()
for (time, action,) in _schedule:
if (t = time):
action(t)
break
else:
Schedule((t - time), ActionWrap(action, time))
Or needs to do validation on the server-side of all game-balance-affecting stuff--which is really the only way to ensure fairness, since clients can always be hacked.
,m
Server-side validation only captures 'illegal commands', it doesn't really capture -automated commands-.
As long as the bots don't do anything Server side validation isn't going to catch squat. It can't easily tell if its a real player at the helm. And it certainly can't tell the difference between player:
click-a, click-b, c, d, e, f, g, h, i, j, k, l, m
and player
click-X
and exploit-script tells server he: click-a, b, c, d, e, f, g, h, i, j, k, l
freeing the player some extra time to read status readouts, check the map, check his 6, etc.
nor can it tell the difference between:
player oberves condition - click-a, click-b in response and
script-bot detects condition - sends 'click-a, click-b' in response.
freeing the player to not have to issue commands at all. (Think of a bot that can farm ore by itself, return it to base, and make a rudimentary attempt to flee an attacker, even if the player is at work.)
Imagine a blob of 10-20 of these bots gate camping, assisted by just one or 2 players who can give the whole blob move/retreat/regroup/attack orders via an out-band channell like IRC.
Again server side validation isn't going to see anything in terms of invalid input.
These are the sorts of uses that hacking the client can be expected to yield, even if you assume the server is hardened and secure against 'malicious' clients.
Abusers motivation? If CCP will not go for fixing old issues and start doing something with bots by good, releasing the sourcecode and promoting it should force them do this anyway. They refused to confirm they were ignoring bots, client security and perfomance issues, instead releasing new content. This caused source go public. If they would agree to confirm their issues, "leak" would never happen.
I'm just wondering, can you address a few other issues? As I'm sure you know, Slashdot is widely read by your target market, so...
1) This comment lists a number of problems allegedly found in the source. Others have mentioned UI 'improvements' like firing all weapons at once, or automatically choosing the correct ECM. Are there ways to stop all of that?
2) Are the reports of bans true? Will bans really help?
Its a small file so finding free file hosts should be easy to help share and spread.. here are some links i found for a straight download of the file grabbed from the "official" torrent.
...
...
...
...
...
...
...
http://www.2shared.com/file/3146356/97e5e02a/eve_o
http://www.turboupload.com/download/3qP48JT3Fc00/e
http://www.filecrunch.com/fileDownload.php?sub=16a
http://www.uploading.com/files/7MNSZ4LP/eve_online
http://www.mediafire.com/?dxm5vgueblz
http://www.wikiupload.com/download_page.php?id=283
http://uploadfile.org/download.php?id=mjHcNGSPvpyz
http://rapidshare.de/files/39123039/eve_online_cod
http://www.filefactory.com/file/75484f
http://w15.easy-share.com/1700142789.html
http://www.gigasize.com/get.php?d=vzgjlpbgjsc
Fire all weapons on a single click? I do that already with my Logitech G15 gaming keyboard.
If a company who owns the sourcecode seeds a torrent, and you download it from them.
If you redistribute it yourself through that same torrent, you are technically distributing but doing so within the framework supported by the copyright holder so it wouldn't be clear cut and a good lawyer could argue it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I'll call BS there.
1. Just as a counter-example: Blizzard may not be perfect on the whole, but I don't think there is even 1 documented case of anyone being banned for discussing a bug. You _can_ get banned for using bots, yes, but not discussing bots, for example.
Their internal policy, as documented repeatedly and even recently on Slashdot, is to rely on criticism and try to fix problems. It's a piss poor company who thinks that the "ban hammer" to silence bug-reports is a perfectly normal way to hold a conversation.
Heck, there's even been a whole photoshopped "yeah, well, gold can be duped in WoW too" storm in a kettle way back, and I don't think I even heard of anyone getting banned for asking about it. Turns out that shrugging and pointing out that it doesn't work, is a much better way to deal with it, than trying to cover up real bugs like some other companies do.
2. Excuse me? We're talking documented bugs and abuses, including the places in code where they happen. How about freaking just fixing them? Regardless of whether they're reported by a 13 year old, or even a 6 year old. Moaning about the age makes a piss-poor ad-hominem there.
"If the company "calmly addresses the issues", then they'll be flooded by complainers, cheaters and opportunists within no time."? Exactly how's fixing a bug going to get you flooded by those?
- Complainers: you can have the server generate statistics for you, to see if those have a point or not. (Again, it has been discussed about Blizzard fairly recently. They actually _rely_ on "complainers" and statistics to see what needs to be fixed or tweaked.) You _can_ sort out who has a legitimate complain and who doesn't. Trying to silence everyone who has a complaint, is the most piss-poor policy imaginable, especially when they're complaining about an actual provable exploit.
And how about putting things into perspective? If you get _flooded_ in reports of actual bugs you have, it's _you_ who's to blame, not the players. I'd want to see those issues fixed, not silenced.
- Cheaters. Exactly how's fixing a bug going to help those? On the contrary, if I ever actually wanted to cheat in a game, I'd rather look for a company that spent years trying to silence bug reports instead of fixing any of the exploits.
- Opportunists. Excuse me? Exactly what opportunity are we talking about there? The opportunity to help get the game fixed? Give those guys a freaking medal, then.
The opportunity to get a bit of short-lived forum fame in the process? Well, first of all, that's a very small price to pay for getting a thorough testing. Good testers are rare. So if as little as a bit of fame gets one to report the most obscure bugs to you, and do a free code review too apparently in this case, then by all means, give it to them. Post a "top 10 bug reporters" page on the official site. Give them a funny hat in the game, or a unique decal for their ship, or whatever. Whatever gets them to keep working for you for free.
Second, that fame is rather little and short lived if you have a reputation of fixing bugs promptly. You need to have quite a number of discontent players, for them to rally around the loudest guy. If they have no reason to be discontent with your handling bugs, they'll just naturally treat anyone as a troll if they raise a huge stink over some bug that's fixed in a week anyway.
In effect, if a company "calmly addresses the issues", on the contrary, that's the best way to _defuse_ any chronic complainers, cheaters and opportunists. It takes away the whole foundation for any "us vs them" movement. It says "we're on your side, we're all working together to make the game better for you." Starting banning people for just talking about you having bugs, is quite the opposite effect. Nothing says "us vs the players" as loudly as doing that.
A polar bear is a cartesian bear after a coordinate transform.
That sounds like a really cool feature to me - I've always thought Eve would be more fun if you could have automated fleets of ships (think X3 in an MMO setting).
;)
I can however see that it might unbalance things a little
Anyway, it was in EVE's policy to put the grinding to a minimum, this is what made the game so interesting. If I were them, I would embrace the bot wave and custom client GUI wave that may be coming. EVE has come close to eliminate grinding but a lot of frustrating actions were not automatizable. That could be an opportunity.
One can dream...
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Player bots quite often will announce in globals how proud they are of their botted high level characters, and how they are not getting banned.
Joymax will sometimes post announcements about their ongoing "war on bots". Just log into one of their 30 Silkroad servers to see how the war is progressing.
So I'd say, sadly, that Joymax does seem "brave enough to calmly address an issue rather than wielding the ban-hammer [often, or effectively]"
Having a smoking section in a public restaurant is like having a peeing section in a public swimming pool.
Why opensource it when you can leak it!
From my experience with EVE I have the impression that their QA is a bit understaffed. There are some visible bugs in the game that have been unfixed for a while, so I presume there are exploitable security bugs to match.
Going the open source route may or may not help them, depending on how much of the data available clientside has to remain hidden from the user:
The deep dark secrets they don't want out could be something like players getting info on all objects in a solar system, and the client filtering out what should not bee seen. That would be immediately exploitable by a client that has the filter removed. It would also be poor design, but consistent with the general lagginess of EVE.
But then again, their behaviour indicates that they are not interested in going open source anyway.
C - the footgun of programming languages
Could someone please use this to make a real Mac OS X/Linux port using SDL and OpenGL? Thanks.
- chrish
All correct, which is exactly why vulnerability to any form of client side automation should be designed out. The client is never secure, ever. Not even Blizzard with their "We own your machine" EULA can keep up with client hacks.
If you were blocking sigs, you wouldn't have to read this.
This is the best attitude that I've even seen from a commercial MOG developer. It is exactly correct.
Someone just needs to tell their Banstick guys that. If they believe their own argument, then they need to act like it.
If you were blocking sigs, you wouldn't have to read this.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
#! /usr/bin/env python
# emacs-mode: -*- python-*-
What, you mean the darn game's UI might actually be USEABLE? Sheesh.
Or just spoof the IP long enough for CCCP to take notice?
Justice is the sheep getting arrested while an impartial judge declares the vote void.
Meh. I'm a contributor to Spring, an (opensource) online RTS where we allow anyone to run custom Lua code and automate what they want to. It hasn't led to cheating, at least nothing I'd count as cheating (there's often heated debates over whether automating "menial" tasks is cheating but I think it's not, if you don't want e.g. dgunning planes then tell the engine, don't hope that the player is too incompetent to enter it!). A script can only automate trivial things, it cannot do the thinking for you. I don't know much about Eve but since it's an MMO I expect it to have little twitch gaming. In such a situation automating tasks will only give you a small boost as the most important actions are those the computer cannot do for you. Since it's a server-client model information cheating shouldn't be an issue either, just don't tell the client what the player must not know.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
I agree completely.
Except that even an incompetent lawyer could make an argument, since it is so intuitive and even common sense. Unfortunately I would say the same about wifi.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Well, as every bot would need a paid account, I don't see the problem for that from CCP perspective...
Its not a problem from -their- perspective, just as GMs and devs secretly running the biggest player alliance in the game isn't a problem from -their- perspective. But it is a problem for the player base, they perceive it as blatant cheating and find it extremely disenfranchising.
It is just delegating the boring parts to bots. I only see that as an improvement. I imagined more a fleet of asteroid miners but well, many grinding activities could benefit from that.
Correct it IS just a different legitimate play-style. But players in competitve games really want to be ABLE to compete. Its already tough to swallow that some guy who playing 8-hours a day triple-boxxing has advantages your average part timer doesn't. But this just skews the equation to intolerable level.
I've always been a fan of multiple rules server. Let people play how they like, with other like minded people. Create a server that allows botting and macro-mining. If you enjoy botting and macro-mining you can play there, to your hearts content. And the people who can't stand it don't have to be bothered by it. And if you get caught trying to bot and macro on the 'pure human' server that doesn't allow it, you're banned from that server, because the players on that server essentially don't want to play a game where they have to compete with people doing that.
My real dream is a server where people can only play 15 hours a week. Sort of like the chinese 'keep the kids in check' rule but universally enforced on all players.
Why? Because then the 'universe' would be filled with people a lot like me. I and thousands like me can't play more than that so its not really a limit for us. I don't begrudge the people who play 60 hours a week, but honestly, I'd rather not compete with them. Competitive games are more fun when your pooled with players in your league, and I'm willing to compete in terms of playing 'better' or 'smarter', but it pisses me off to inevitably fall behind simply because you play 'more'.
Knowing that the leader of largest alliance, or the wealthiest trader, or the most infamous pirate is only on 15 hours a week would make the game a lot more engaging for us 'casuals'.
So let the fleet-botters play, I don't begrudge them their fun, but I don't want to compete with them, so give them their own space to do it; let them compete with others like them, who agree with and/or want/can bot themselves.
And give me my 15 hour/wk server dammit. To know that I've got as much opportunity as the next guy without having to quit my job and abandon my family would really intrigue me. To turn it into a competition between who can accomplish the most in 15 hours/wk would really engage people like me.
A script can only automate trivial things, it cannot do the thinking for you.
Really? You've never played an RTS, you know, against the AI? Sure the AI's can generally be beaten once you've gotten the hang of the game unless the AI is given massive 'advantages'. But in an MMO the bot can play when your not online, even if its not as effective as a player its far more effective than not playing at all.
And the bot can back you up. You + a semi-competent bot >> You by yourself. Imagine an RTS where you and I are playing against each other "1 on 1" but there is actually a 3rd starting point with an AI run opponent that happens to be allied to you. That can't do anything but give you a huge edge.
I don't know much about Eve but since it's an MMO I expect it to have little twitch gaming.
If something as simple as going to a rock extracting ore and returning it to base can be automated, you can go to sleep and wake up millions richer. Surely that's going to have an effect to your overall success.
In such a situation automating tasks will only give you a small boost as the most important actions are those the computer cannot do for you.
Even just automating locking on target, firng weapons, setting optimum distance, and monitoring shield levels could be automated it make a difference.
If something as simple as following you around, and attacking your target and healing you when you are wounded can be automated you'll be more than a match for any other 'solo' player of similiar 'level' that you encounter. If that other player is two-boxing, you'll still have the edge, because your bot is handling itself semi-competently allowing you to focus 100% on your primary, while your opponent has to either neglect his 2nd box or divide his time. Both of which will cost.
And my bot fleet scales... I have have 3,4,5,6,... 15... 25 ships all following me around, concentrating on my target, and healing eachother. Sure I'm no match for 25 actual players, but I'll take a gang of 5 or 6 effortlessly maybe even 10-15 or more. What my bots fleet lacks for in skill they make up in raw dps...
And when it comes time to mine... well I would be very nearly on par with a corporation with 25 players, and potentially I can mine while I'm at work, sleeping, eating... a
and hey maybe I don't even need 25 accounts... maybe I just need to belong to a corp with 25 members and some trust... and now we're mining 24x7 whether we're on or not, when we're ready to play or mining fleet bot logs off and we log on. When we leave for work/school/sleep/food, we rejoin the bot mining fleet...
ahh yes ... smut!
i knew there was a reason to read this thread!
and then i was dissapointed ...
i feel rick rolled
How would investing more playtime into EVE give you an advantage over other players? Your skills would still train at the same rate. The only thing you can get from playing a lot is more money, but if you really wanted that, there are other legit ways to acquire it without investing time.
http://thepiratebay.org/tor/4128183/Eve_Online_Source(client_side)_Code
As long as your server enforces the game rules, the bot is still constrained to play within the rules. And designing good bots is _hard_; with the exception of incredibly popular games that have had a ton of engineering and CS effort aimed at them (chess, checkers) I've yet to see a non-simple strategy game where a bot can compete with even a moderately experience human (barring games that have badly designed rules such that there's a trivially implementable best strategy).
But if your game is more of a UI experience than a rules-constrained experience (e.g. a twitch game, or an endurance/farming game), then you're probably going to have to either trust the participants or have control over the clients (most likely by having tournaments be physically co-located). The former hasn't really been a problem in my experience, but for MMPOGs things are different.
rage, rage against the dying of the light
How would investing more playtime into EVE give you an advantage over other players?
Simple.
Suppose you spend 80 hours a week in game.
Suppose I play 15 hours a week, but buy ISK to keep up with you in terms of in game cash.
Our characters wealth and skills would be equivalent, right.
But who is more likely to run a major alliance, control a starbase, or do anything else of real significance?
You see, the guy 'in game' has a massive advantage. He's spending 80 hours a week meeting people, building friendships, trust, networks, alliances, and has his finger on the community. You can't simply buy that.
The only thing you can get from playing a lot is more money, but if you really wanted that, there are other legit ways to acquire it without investing time.
What? Selling those time cards for ISK? Come on.
1) If the 15 hour/wk crowd decided to play keep up with the full time players there would be more time codes flooding the market than ore. Supply would outstrip demand a 1000 to 1. Its a solution for a handful of players maybe, but hardly a general solution.
2) I want to play for what I get in eve, not buy it. Its a game, first and foremost.
3) My commitment to Eve is 'several hours a week', and 15$/month or whatever. I'd like to see competitive play at this level. There are many thousands of us after all, so there's certainly no lack of opportunity for a 'league' for us.
But no, we're forced onto the hardcore server, where a chunk of the competition completely and utterly and permanently outclasses us, and we are forced to either dramatically up our committment in time or money to keep up... or come to terms with the fact that we can either remain irrelevant or become cogs in someone elses machine.
Yet if I want to race cars on the weekend, I can take the car of my choice and get into a competitive race with others in the same class of vehicle and skill, with a similiar level of commitment to the sport. I'm not put on the road with pro-drivers in F-1 cars and told that if I want to see anything remotely competitive then I'd better dedicate a lot more time and/or money to the pursuit.
That's just silly... yet that's the competition model in all MMOs to date.
Psh, like torrents are the only way to transmit data across the net.
You down with F.T.P.? Yeah you know me! Who's down with F.T.P?
uh.. sorry about the rap.
Hi, I Boris. Hear fix bear, yes?
I've yet to see a non-simple strategy game where a bot can compete with even a moderately experience human (barring games that have badly designed rules such that there's a trivially implementable best strategy).
You really don't seem to see the implications in a mmorpg. The bot doesn't need to be competive with a human, it just needs to be competitive with not being there at all. And that sets the bar pretty low.
You realize of course there are two major problems with your suggestion.
First and foremost, do you have any idea what the cluster that powers EVE is made of? It's 510 or so on the super computer list in the world. An impressive feat for a GAME. Also, one of EVE's claims to fame is "the largest online universe"... which is only true because it isn't sharded at all.
Second, 15 hours a WEEK isn't enough time to wage a 0.0 war. Not even close. When I was with IRON we played 8-15 hours a DAY for weeks straight in order to wage an effective war against our enemies.
It takes literally DAYS to dominate a system and take it over. Including having at least 1 and usually more Dread pilot online for long stretches bombarding an installation.
I once went to bed, slept 8 hours and woke up to my fleet still pounding a large tower. My Raven doing it's best to spam torps (yes, I used a macro to keep it running). And that was just one tower out of 4 in the system. Many, many more can be placed in a single system.
I like your line of thought, and I agree with it in principle, but EVE was not built with this in mind and the game mechanics flatly deny the possibility.
rage, rage against the dying of the light
I did this yeeeeears ago. Back then the client python code was just a pickle of a dictionary of pyc files. Now it's a pickle of a dictionary of obfuscated pyc files. I poked at it a bit a few months ago and didn't see any obvious clues as to how they're obvfuscated, though they all continue to have a similar header, so I don't think it's anything very difficult.
I've still got all of the old source code for my fully automated multi-client miner, an explorer that saves rock sizes, pirate info, and other interesting things to a database while it runs around, and a partially implemented roving trader.
If whoever has figured out how to decode the new pickle wants to collaborate, I'd love to hear from them. Sadly, this silly public release will probably force CCP to change things significantly. If you're interested, feel free to email me at oldevehacker@gmail.com.
And no, I'm not going to just send the miner source patches to anyone who asks. They're way out of date against the current source and it will take some work to make them apply again, anyway.
For the record, the Eve guys have generally done a good job with security. There are a lot of things that LOOK like they're vulnerable because they're checked in the client, but if you try to exploit them by recompiling a modified client, you'll find that all of it (almost all? i never found anything that wasn't) is checked on the server side. There's nothing as stupidly vulnerable as WoW or most other fast-twitch MMORPGs that have to trust the clients a lot more in order to achieve higher performance.
For anyone who's really bored:
dictfile=open("compiled.code","r")
data = str(dictfile.read())
top = cPickle.loads(data)
master = cPickle.loads(top[1])
code = master['code']
for codebox in code:
codename = codebox[0]
rawcode = str(codebox[1][0])
thingy = codebox[1][1]
fname="dump/"+str(codename)[8:]+"c"
fname=fname.replace("\\","/")
fname=fname.replace("../../","")
dirname=fname[:fname.rindex('/')]
print codename+" => "+fname
try:
os.makedirs(dirname)
except:
pass
codefile=open(fname,"wb");
codefile.write(magic)
codefile.seek(8)
codefile.write(rawcode)
codefile.close()
break
dictfile.close()
You sound so incompetent. Do you think CRC check of EVE files is enough for security?
But in an MMO the bot can play when your not online, even if its not as effective as a player its far more effective than not playing at all.
AFAIK Eve has pretty harsh death penalties (you lose the ship permanently) so if anyone found a weakness in your AI you'll lose more than you gain.
Imagine an RTS where you and I are playing against each other "1 on 1" but there is actually a 3rd starting point with an AI run opponent that happens to be allied to you. That can't do anything but give you a huge edge.
That analogy has the AI in possession of its own resources though. The AI would give you an advantage by fielding troops of its own. When you share the same resources the AI can actually hinder you.
If something as simple as going to a rock extracting ore and returning it to base can be automated, you can go to sleep and wake up millions richer. Surely that's going to have an effect to your overall success.
Not if everyone can do it, even less if everyone can just intercept your mining ship.
Even just automating locking on target, firng weapons, setting optimum distance, and monitoring shield levels could be automated it make a difference.
Sounds like an argument for opening this up, if everyone has automated helpers in his ship then noone gets an advantage. Hell, you could even make a metagame out of developing "computer software" by having players create bot scripts and selling them for ingame money.
If something as simple as following you around, and attacking your target and healing you when you are wounded can be automated you'll be more than a match for any other 'solo' player of similiar 'level' that you encounter. If that other player is two-boxing, you'll still have the edge, because your bot is handling itself semi-competently allowing you to focus 100% on your primary, while your opponent has to either neglect his 2nd box or divide his time. Both of which will cost.
Yeah but that requires two "players" which will always give you an edge over a single player. But why not get a friend to man that second ship? It's a multiplayer game after all.
and hey maybe I don't even need 25 accounts... maybe I just need to belong to a corp with 25 members and some trust... and now we're mining 24x7 whether we're on or not, when we're ready to play or mining fleet bot logs off and we log on. When we leave for work/school/sleep/food, we rejoin the bot mining fleet...
Wouldn't be much different from each individual having his own bot.
I think this could be compared to the X series of games. In those you can buy any number of ships and any you don't pilot can be run by bots. Those bots don't come for free though, buying bot software with better patterns and more commands costs money (in this case you'd obviously make that apply to ships the player isn't officially using so an ingame bot fleet would not cost subscription fees for every ship). Not sure Eve would want to turn into that but it'd definitely be cool.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
CPP can easily turn this 'not nice situation' into overall gain
...
each who find & fix bug in leaked code get's rewarded
- low importance bug = year free sub + public credit thanks for finding/fixing
- med importance bug = 2 years free sub + public credit thanks for finding/fixing
- hi/critical(security) importance bug = lifetime free sub + public credit thanks for finding/fixing
or some similar 'see for code bugs and get rewards' campaign
it's all about corp flexibility and hopefully CCP still got some PR geniuses on board
btw. if source out what about get some native nix client ?
True security for MMOs must be implemented on the server. And to be quite honest, CCP have done a good job there. As much as their client is very easy to hack and graft a new bot onto, their servers are (or were the last time I messed with the game) far more secure than any other MMO I've hacked.
Most MMOs rely on the client to manage most movement and activities of the user. WoW- and Everquest-style MMOs are notorious for allowing speed and teleport and fighting cheats, because the fast-twitch style of combat makes it impossible to have the server mediate all movement and actions. So the client makes the character move at the right speed, times out actions at the right speed, etc. and tells the server "I'm at this location now" and "I just launched this attack."
That model is incredibly vulnerable. They "secure" the system via auditing and looking for unlikely patterns (very quick movement, too many attacks in a minute, etc.). It lets them catch cheaters, but it doesn't let them prevent it.
With Eve, on the other hand, the client doesn't tell the server anything but what the player wants to do. It tells the server "I want to move in this direction" and "I want my engines on at this power level." The server manages all of the movement and tells the client where the player is and what it did or didn't manage to do. (The client does manage its own physics state as well, but this if for display continuity purposes only and it gets periodically resynched from the server.)
All you can really do in Eve is automate what a normal human could do. The bot still has to play by the rules. And the combat in Eve is sufficiently slow that it's really not any more effective than paying someone in China to sit there and do the same actions; it's just cheaper and more fun to write a bot.
I don't say this in defense of CCP--because they've had their share of screwups and have a terrible track record when it comes to wildly oscillating game rebalances--but in defense of their general model, which is more correct and less vulnerable to cheating than most. Cheating takes the fun out of things. No one wants to write a chess program that moves knights diagonally when it feels like it. But writing a computer-based player that has to play by the rules is _fun_.
http://dl.eve-files.com/media/0804/WP_banner_lolcat45.jpg
I worked on Ultima Online for five years. If I could get back all the time that I spent fixing exploits, I could have doubled the content/systems that went into the game during that timeframe.
Talking about EVE mechanics..
There are a lot of things that you don't even dream about in EVE.
For example it is such thing like Implant boost time, it depends on implant set and activation time. If you take new implant set with predefined list and activate them at the given time you can get from 5x to 50x boost for skill training. Once activated this feature stays for ever (or when CCP removes it) to that account but with decreased boost ratio (first boost works for 1 skill lvl after this, boost decreases 2xtimes).
Also someone mentioned that exists developer clients... it is true and they are used/activated to players who are in touch with CCP. That's include upcoming features, unpublished game content and so on.
Also some players have access to faction/npc blueprints in game.
Another way of doing money is POS stuff (Player Owned Starbase). Seems like CCP developers can hide one thing into another. For example there was one thing that "friend" told me: "I get jovian CT hidden with gallente CT skin (CT = Control Tower), so it works 100% more efficiently, have more hitpoints and does not require defence". So having this player can mine billions of isk in a week and sell them. This thing also are "watched" by several GM's who runs "business".
From where I know that?
Well.. I used to have a in game "friend" who have demonstrate this.
As a former EVE player, I wouldn't be surprised if some of the Eve developers actually tried this.
Meh, I am definitely not playing EVE "h4rdc0r3" at this point (few hours a week lately), and honestly, I'm doing fine. I'm in a fairly large 0.0 alliance, and there's usually at least one fleet going on at any moment in time so that I can log on and jump into action. Or I can jump into empire and pirate solo or with my corp. At my level, making money is not a problem at all. I'm only a few months old, so 15 minutes of killing NPCs in 0.0 gets me a new T1 cruiser or whatever cheap ship that can contribute just fine to my fleet. If I really need money, I probe out and clear some exploration sites and make anywhere between 50-500 mil off of each one.
As for the "social connections" part, yeah, I don't see how you would be able to make that up without putting any time at all into the game. You're right, you can't just buy that. Socializing is the biggest appeal of any MMO because every other aspect of the game is usually done better in traditional RPGs. I understand that some people will be online 24/7 and have many more "e-friends" than you, but I don't see how it would put you in a major disadvantage against them.
Unless you play the game entirely by yourself and avoid human contact whenever possible, you WILL find plenty of people to fly with. Also, the activities you aspire to perform in the game such as "running a major alliance" and "controlling a starbase" are quite dull and stressful and turn the game into a job. Luckily for us, there's plenty of people that play 80 hours per week that will gladly do all of the above and more.
Also, the activities you aspire to perform in the game such as "running a major alliance" and "controlling a starbase" are quite dull and stressful and turn the game into a job. Luckily for us, there's plenty of people that play 80 hours per week that will gladly do all of the above and more.
... those might be dull to you, but they are the only draw to me.
What you find exciting I find pretty mundane. I can run missions/quests with a group in any game. I can get into pointless random pvp in many games. What does eve have to offer except the ability to do something interesting -- corner the market on some item, sieze and hold a piece of space,
And as for them 'being a full time job'... yes. Of course they are. The game is 24x7, and many of my 'competitors/opponents' in that part of the game are putting many dozens of hours in per week to keep up. So yeah, to play at that level, it becomes a full time job. But if the game itself were slowed down, enough, casual players could play at that game.
I used to play a game called tradewars2002 on a BBS. It was a rudimentary text based game that yet in many ways resembles EVE. The interesting thing was that each day I logged in I'd have a few hundred moves, that took me 30 minutes to an hour to play on average, and then I couldn't do anything until the next day. As a result anyone who could put in a few hours a week could play competitively on roughly equal footing. The game would run for a few months a winner would be declared and the game would reset and we'd start all over.
Of course, there were other tradewars servers running without turn limits, and players who had the time and internet connections could and did play 24x7. I have nothing against those players or their play style, and their games naturally advanced much faster than the ones I was in did.
I also played other BBS games that were much more complex, with player alliances, and resources, and weapons manufacturing, markets, tech trees, and so on. But I've forgotten their names.
But because of the time limited play, it didn't become a full time job to play, even to run an empire and manage allies, etc. On the average day I could spend under an hour thinking about the game, and then after that there wasn't anything more to be gained and I could go do something else without worrying that my 'competition' was getting a leg up on me by 'playing more'.
Your solution was simply not to compete. Just join a corp instead, fly around and have fun or whatever. And that's fine if that's all you want to do.
But me, I miss being able to compete for the crown in games, without having to dedicate my life to the game to be competitive.
I don't see why you expect to be able to handle things like cornering the market and holding territory on your own (unless it's something insignificant). It's not realistic. However, as a corporation/alliance, you can easily vertically integrate your production, protect your space, and help each other upkeep your stations with only a small/moderate time commitment from each individual. Yes, if you want to have your own personal empire, it will be time-consuming and borderline impossible, as it should be. Specialize and trade (ideally with your corpmates).