Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eve Online Client Source Code Leaked

Posted by ScuttleMonkey on from the shoot-first-ask-questions-later dept.

An anonymous reader writes to tell us that the game client source code for the popular MMO, Eve Online, has been leaked via torrent. In addition to the source code the user also posted a lengthy chat transcript with someone from CCP customer support. While the end goal may have been to call attention to the continuing security issues within Eve (and ultimately themselves), there are probably better ways of getting through to support. Unfortunately, CCP seems to be responding with the usual knee-jerk reaction of banning everyone breathing a whisper of this incident. I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer.

11 of 368 comments (clear)

  1. From TFA... by Lisandro · · Score: 4, Insightful

    In the lengthy and scatological exchange, the poster of the source code attempts to get some answers about CCPs much maligned security practices, particularly concerning the rife issue of bots and scripting in their flagship game. The conversation was a little less than professional.

    Well, atleast on the tidbit shown on the article, the CCP representative sounds perfectly rational and professional. Am i missing something here?

    And by the way, how does this guy ended up with the sourcecode on the first place?!

  2. Re:this is going to be so great by eldavojohn · · Score: 4, Insightful

    I don't think anything major as this has happened before ... Really? It was only the client code, they don't know how the server works (although they could reverse engineer the messaging potentially and mock a server after a lot of work and assumptions).

    On a side note, I think this has happened before on a much more serious scale.
    --
    My work here is dung.
  3. Calmly addressing issues by FooBarWidget · · Score: 5, Insightful

    "I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer."

    I doubt it. But this is not without a good reason.

    Many, many MMORPG players are 13 year old kids. Immature kids. These people are not adults. They do not behave like adults. If the company "calmly addresses the issues", then they'll be flooded by complainers, cheaters and opportunists within no time.

    I've been involved in MMORPG for several years. The immaturity in MMORPG communities in general is just sad. There doesn't seem to be any good way to handle issues other than ruling with iron fist.

    1. Re:Calmly addressing issues by brkello · · Score: 5, Insightful

      I don't understand how the maturity level of the user base has anything to do with how a company reacts. Eve has always been heavy in to banning and suppressing information. Eve also claims to boast a more "mature" player base (which I find a bit laughable). In a game with such mature players, CCP bans more than any other company. I played Eve for awhile and didn't like it very much. The corruption from within the game company made me go from thinking they made a boring game with jerks as a player base to just flat out disliking the game. Don't get me wrong, Eve has its strong points...but fun isn't a part of that.

      Eve banning people and deleting forum posts isn't ruling with an iron fist. It is a desperation move to hold on to customers who may not know what is going on. If they ruled with an iron fist they would actually come down on the people who cheated with the devs. That's the problem, the game should be as cut throat as possible in game...but CCP not only plays the game, but leaks inside knowledge of the game to organizations that are already overpowered. Maybe they are totally clean now (I doubt it) but the game will forever be tainted by the past.

      The reason they ban is because they have too much to hide and would rather do that than address the issue and fix their game.

      --
      Support a great indie game: http://www.abaddon360.com
  4. Re:Don't download the source via the torrent by NightRain · · Score: 4, Insightful

    Well that will be great for any of their users who get a dynamic IP that was previously used to download the code.

    That very fact is why I think the post you were replying to is likely full of it

  5. Re:Warning! CCP Seeding, Banning Torrenters by pthisis · · Score: 4, Insightful

    It wouldnt be a problem for PvE games, but PvP needs the same client for all.

    Or needs to do validation on the server-side of all game-balance-affecting stuff--which is really the only way to ensure fairness, since clients can always be hacked.

    --
    rage, rage against the dying of the light
  6. What's Been Found So Far by rsmith-mac · · Score: 5, Insightful

    For those of you asking "what's the big deal about this?" here are what people have found so far digging through the code.

    • 1) Since the client logic is in Python, introducing new logic is a matter of injecting new Python code in to the game. It turns out this is very easy to do right now, there are several ways, including using the telnet server the client runs so that CCP can upload code to the client computer when it connects
    • 2) The big concern is bots, EVE can be botted and this is a problem like any MMO
    • 3) The other big concern is that the EVE client knows far more than it shows, a problem for a PvP game. It is possible to hack the client to the point where it will tell you exactly who and what entered a system you are in, and where they are at at all times.
    • 4) It's also possible to disable the client's "anti-addiction" code required to meet China's MMO laws. Apparently the server isn't actually booting players, it's telling the client to disconnect. The Chinese government is going to love that one
    • 5) Finally, the game has a custom made built-in web browser (the In Game Browser) that's extremely cruddy and isn't used very much. It's also so cruddy that it's holier than the Pope himself; it's possible to craft links to induce it to execute external applications and web browsers. Basically with a little social engineering you can be trick people in to letting you compromise their machine.

    EVE is a fine game, but the code is a joke. This is very likely going to lead to a lot of problems for CCP for some time to come. If they're lucky they'll only get a flood of bots, if they're not then the game may very well turn in to a wild west of hacking players looking for an edge.

  7. Re:this is going to be so great by the_humeister · · Score: 5, Insightful

    The Second Life client is open source. If that can be done, why is the source code leak for this game such a bad thing?

  8. Re:Don't download the source via the torrent by RonnyJ · · Score: 4, Insightful

    If they just banned every IP, yes, that'd have a high number of false positives, but they could track the following:

    1. A user has previously logged onto Eve Online
    2. The IP linked to that user's previous session downloads the code.
    3. The user logs onto Eve Online again with the same IP (i.e. the same IP/username is maintained throughout).

    Put those three events together, and it'd be easy to track/ban a lot of those downloading.

  9. Re:this is going to be so great by I+Like+Pudding · · Score: 5, Insightful

    If that can be done, why is the source code leak for this game such a bad thing? Because nobody actually cares about Second Life.
  10. Re:Direct link to the torrent by ichigo+2.0 · · Score: 4, Insightful

    It doesn't surprise me though, slashdot is becoming more and more of a PR site for the piratebay and the pirate party. Its only a matter of time before it has a warez and torrents section :(
    It's not just slashdot, every place is starting to see imaginary property for what it is. That's what you get when near-infinite supply meets demand, prices go down.