Eve Online Client Source Code Leaked

An anonymous reader writes to tell us that the game client source code for the popular MMO, Eve Online, has been leaked via torrent. In addition to the source code the user also posted a lengthy chat transcript with someone from CCP customer support. While the end goal may have been to call attention to the continuing security issues within Eve (and ultimately themselves), there are probably better ways of getting through to support. Unfortunately, CCP seems to be responding with the usual knee-jerk reaction of banning everyone breathing a whisper of this incident. I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer.

Direct link to the torrent

Well, almost. http://thepiratebay.org/tor/4128183/Eve_Online_Source(client_side)_Code

Warning! CCP Seeding, Banning Torrenters

[eldavojohn]

Something that the summary missed but was reiterated twice in the actual article is that CCP is accused of seeding most of the torrents and then monitoring all IP addresses acquiring the source and then banning accounts associated with those IPs. So if you're going to get the code just to look at it, I suggest using your mom's house or an internet cafe!

I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer. This particular user used this code to point out a few things regarding security:

From all security i saw - were ROLE permissions for logins with priviliges higher than usual player, and some minor things in relation to prevent some remote service calls (some with potentially bad payload) I'm not entirely sure if he's implying there's some exploitable permissions bug or if there are some user roles that are jacked up (you know, like a coder at CCP giving himself the keys to the game and claiming it was for debug when it was for his own account's gain). But whatever it is, CCP should fix that.

Frankly, downloading this would be a stupid thing to get banned over. This is CCP's bread and butter, I don't blame them for taking this action. In their eyes, they are trying to eliminate exploiting players in hopes of making the game better for non-exploiting players. This 'policing' action is usually desired by the community. Yeah, it's unfortunate that they're not taking advantage of the security and stability of an open source coding community ... but you have to admit it would be easy for someone to fork and go off and make their own client with. Maybe there's deep dark secrets they don't want out and since it's only a game and I don't really care for it I'm not too concerned.

Let's see if Linden Labs can make this OSS client thing work to their advantage. I sure hope so because it will give everyone else a reason to make the switch.

Not a leak

[Fweeky]

It's not a leak, the .pyc's have just been decompiled and distributed. Here - go do it yourself.

Re:Warning! CCP Seeding, Banning Torrenters

What they dont want is someone adding functionality to the client they avoided for a long time:

Fire all weapons on a single click. Automagically select the right ECM jammer for the target ship. And that's what came to my mind in an instant.

I bet there are many more possibilities which can unbalance tweaked clients and standard clients. It is like a free opportunity for wall hacks if other clients are allowed. It wouldnt be a problem for PvE games, but PvP needs the same client for all.

It's not that special really

[Hachima]

Back in the day the EVE/script folder had the decompiled python in it in plain text. People did stuff like modify it to create merchant bots that would auto buy/sell stuff on the markets and whatever else they wanted to modify. Then CCP changed it to one 'compiled.code' file instead of all the uncompiled python files, which is easier to manage and check for people making changes. So you can still just take that 'compiled.code' file and decompile it to readable code. Which is what got 'leaked' It's nothing special at all really, and is only a portion of the client code. Anyone that was interested in messing with it has already seen the Python, especially people that played when it wasn't even pre-compiled. Next thing you know right clicking a web page to 'view source' will be considered leaking source code too?

Official Communication from CCP

[Vecna!]

CCP is aware that an individual claims to have access to the source code of the EVE client. This access is not a security risk to CCP in any way. CCP does not believe in security by obscurity. The Python scripting language that is used by the client can be easily decompiled to generate human-readable code, and CCP has designed its server-side systems with that understanding. Access to the source code for the EVE client exposes no security vulnerabilities, has no privacy protection issues, and poses no threat to our customers' billing information. The server-side interface used by the client is carefully protected to ensure that no abusive or unwanted information is transmitted to, or from the EVE system. Nothing the EVE client can do can affect the game state, no advantage can be gained by manipulating the EVE client, no advantageous or disadvantageous information can be transmitted to other EVE users by altering the EVE client. The EVE client is signed with a security certificate registered to CCP, and hashes are available on our web site for those who wish to ensure the integrity of EVE client download files they may have received from a source other than direct download from CCP's web site.

CCP does not confirm or deny, nor make any comment, regarding issues of internal security, and will not be doing so in this case. As a policy, CCP removes message board posts regarding violations of its EULA and Terms of Service, and CCP considers any alteration of the Client software, including decompilation, to be such violations.

--------

Ryan S. Dancey
Chief Marketing Officer
CCP

Re:Don't download the source via the torrent

[pipatron]

surely they have no legal grounds for a lawsuit

They don't need a lawsuit to ban accounts on their servers.