Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eve Online Client Source Code Leaked

Posted by ScuttleMonkey on from the shoot-first-ask-questions-later dept.

An anonymous reader writes to tell us that the game client source code for the popular MMO, Eve Online, has been leaked via torrent. In addition to the source code the user also posted a lengthy chat transcript with someone from CCP customer support. While the end goal may have been to call attention to the continuing security issues within Eve (and ultimately themselves), there are probably better ways of getting through to support. Unfortunately, CCP seems to be responding with the usual knee-jerk reaction of banning everyone breathing a whisper of this incident. I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer.

12 of 368 comments (clear)

  1. this is going to be so great by JernejL · · Score: 3, Interesting

    I don't think anything major as this has happened before, and from a online game developer's perspective i will look closely to how this affects cheating and the development of the game further, as something like this is a great nightmare for any game developer, and i really want to see how this one ends.

    1. Re:this is going to be so great by shentino · · Score: 3, Interesting

      where's your proof that they aren't?

      The fact that Eve is going this ballistic suggests that something strange is going on. Not proof cold, but certainly it qualifies as somewhat sound circumstantial evidence.

    2. Re:this is going to be so great by Umuri · · Score: 5, Interesting

      Let me give you a little history lesson.
      Back in the dark ages, ya know, the 90s, there was a little game called Ultima Online.

      Heard of it? I hope so, it was one of the original MMORPGs.

      Every client ever released for that game had all of it's packets decrypted, and the encryption scheme broken for keys, usually within 24-48 hours. Everytime they updated.

      Add to that that people edited the client to do whatever they wanted, sometimes with other programs hooking in and altering packets, others by directly altering the assembly of the client.
      Many people tried to exploit bugs in the game that way, but most failed, and everytime someone did find one, it was usually fixed relatively quickly. Malformed packets went from "all the rage" and the way to bug up a game to relatively worthless within a span of a month, barring a few new uses that popped up every so often from bad new code introduced.

      Having the source code only simplifies this a little for the people who really care, and it doesn't really enable them to do anything they couldn't already.

      Oh, also, while i'm at it. Did you know ultima online had a special client for staff characters? And that the binary for that client was leaked as well?

      OH NOES! But wait! Ultima online used good security measures and correct privelege systems, so the client was worthless for anything a normal player couldn't do. :)

      Summary: This isn't new, and it's happened before on other games. Except in the past most games were already so well understood by their communities that the source would add almost nothing except a little ease and some time saved duplicating a better version of the client when they stop upgrading.

      Add to that, if this causes ANY security issue with EVE, then the people who coded the game should get in trouble, not the players. Good coding practices prevent all trouble the code could possibly do. You ARE checking for privelege levels and sanitizing your inputs, right?

      --
      You never realize how much manually made unmanaged "linked" lists suck, till you have src.link.link.link.link...
  2. Re:Don't download the source via the torrent by Eraslin · · Score: 3, Interesting

    Makes you wonder what the implications are w.r.t. copyright and trade-secret if CCP is distributing the code themselves. Sure, by seeding they'll be able to snag IP addresses and ban users. But, for down the road, I wonder if they've just given up any ability to claim copyright infringement or some such on anyone (defense: ''CCP themselves were seeding it ,your honour. So, I got it from the copyright owner with their permission.'').

  3. Wait a minute... by jeffbax · · Score: 3, Interesting

    Does this mean that someone will finally make a proper Mac and Linux build without the Transgaming garbage ;)

  4. Re:Calmly address theft of the crown jewels? by }{avoc · · Score: 3, Interesting

    I wonder how Microsoft would respond to someone putting the code for Office online?

    Well, that kind of happened.

  5. Re:Don't download the source via the torrent by SiriusStarr · · Score: 4, Interesting

    I don't know... Remember the recent article RE: the FBI investigating any IP that accessed a false child pornography website that they set up? I think the powers that be have yet to realize that IPs are not exactly reliable means of identifying individuals.

    --
    Fear the penguin.
  6. Re:From TFA... by vux984 · · Score: 4, Interesting

    Well, atleast on the tidbit shown on the article, the CCP representative sounds perfectly rational and professional. Am i missing something here?

    Well, the CCP rep did sound vaguely annoyed to me; I could see him rolling his eyes. But then I imagine they roll their eyes at most of the conversations they have. :)

    And by the way, how does this guy ended up with the sourcecode on the first place?!

    That's still unclear. Some say its just decompiled python that anyone could do themselves easily enough. But he almost alludes to having a source within ccp... so I'm not sure.

    Its too bad he's apparently not an english speaker because that invites mockery. And obviously he's not being terrible mature which further damages his image, but at the end of the day what he is asking for is legitimate in my opinion:

    All he wants is CCP to acknowledge there are specific issues and to demonstrate that there have been real fixes added. Because he is firmly convinced that people have been botting for years using known exploits and that CCP hasn't made even the slightest effort to curb them.

    So he's basically saying if you've fixed it... prove it. "Show me an exploit that used to work that doesn't now. Show me something, ANYTHING, that you've actually fixed in the last year or so related to stopping botters."

    "And Improve your processes, so that if we report exploits you acknowledge them, and fix them, instead of just handwaving that security improvements have been added, because I'm not seeing any."

    "And if you don't, I'm releasing the source, so we can ALL see for ourselves what you've actually improved over the last year, because I'm tired of watching people bot for YEARS without having to so much as adapt to new anti-bot tactics."

    If this guy is just blowing smoke, then CCP really should have no issue publishing some of the hundreds of botting related exploit scenarios that they claim to have fixed over the last several patches...and showing that they no longer worked.

    That much they owe their customers. Frankly, I don't really blame CCP for not publicly acknowledging security issues and bringing additional attention to each exploit before its fixed... BUT... I -do- think that the playerbase deserves some honesty -after- the fact.

    If they release an exploit fix, publish it, what used to work, and what no longer works. CCP lacks credibility, and this would go a long ways towards helping restore it.

    After all we get a better level of security updates disclosure from microsoft. I think all this guy really wants is the same from CCP. And if CCP *hasn't* actually done anything in the last few years to address all the while claiming they have, well... I can see why a segment of the playerbase is boiling mad about it, and wants to blow this into the public eye where they can't sweep it under the rug anymore.

  7. Re:Don't download the source via the torrent by Anonymous Coward · · Score: 3, Interesting

    http://seashells.partyvan.fm/~januszeal/pre51200sc.rar

    ^ Direct link

    irc.partyvan.fm

  8. Full source? by Anonymous Coward · · Score: 3, Interesting

    So has anyone actually recompiled it into a working client? Is it even possible or are these just, as people have said, decompiled portions of the client?

  9. Re:Direct link to the torrent by Kayamon · · Score: 3, Interesting

    Am I the only person who thinks it somewhat wrong to post on Slashdot a link to stolen, unreleased source code?

    Geez, why not just upload a GTA4 ISO while you're at it.

    --
    Kayamon
  10. Re:Warning! CCP Seeding, Banning Torrenters by Rogerborg · · Score: 3, Interesting

    CCP does not believe in security by obscurity. The Python scripting language that is used by the client can be easily decompiled to generate human-readable code, and CCP has designed its server-side systems with that understanding.

    This is the best attitude that I've even seen from a commercial MOG developer. It is exactly correct.

    Someone just needs to tell their Banstick guys that. If they believe their own argument, then they need to act like it.

    --
    If you were blocking sigs, you wouldn't have to read this.