Slashdot Mirror

← Back to Stories (view on slashdot.org)

Left 4 Dead Bug Patched Quickly, EVE Exploit Takes 4 Years

Posted by Soulskill on from the fast-and-not-so-fast dept.

Earlier this week, news surfaced that some savvy modders of Valve's Left 4 Dead were able to find a way to enable console commands (meant for the PC version) in the Xbox 360 version of the game. This allowed players to increase the size of their character models to ridiculous proportions, spawn unlimited weapons for themselves (or unlimited enemies for other, unsuspecting players), and go around the map deleting objects as they saw fit. A video posted on YouTube showed how to enable the commands. Valve reacted swiftly to the issues, releasing a patch to disable access to the commands a few days later. Several readers have pointed out another exploit-related story which broke recently; in EVE Online, a bug that was reported and went un-patched for four years has recently come to light, apparently responsible for the fraudulent creation of trillions of ISK, the game's currency. An anonymous reader says that (illegitimate) sales of ISK between players and farmers run on the order of $35 per 450 million ISK.

30 of 157 comments (clear)

  1. Eve-online exploit: more information by Anonymous Coward · · Score: 2, Informative

    Eve-online bug was reported but the GM that handeled the report mistook it for an other bug 4 years ago.

    Some players kept exploiting the bug without reporting it again and its effect on eve-online has been "profound" according to CCP.

    It is ofcourse impossible to get all the exploit-isk out of the game, we'll just have to live with it. Tech 2 prices are on the rise and the last 2 days have been heaven for market speculators, making billions on market manipulation (a condoned action by CCP)

    1. Re:Eve-online exploit: more information by powerspike · · Score: 2, Insightful

      when you spend 40 hours a week in a high stress job, and you want to play a game, sometimes spending $20 to get what you want, instead of spending 1/2 of your weekend "earning" it, can seem very tempting....

    2. Re:Eve-online exploit: more information by tolan-b · · Score: 2, Insightful

      There is an in-game market. Why wouldn't there be speculators?

    3. Re:Eve-online exploit: more information by Dunbal · · Score: 4, Insightful

      Market speculators in a game. It's a fucking game for c'sake, not a damn country/government.

            To each their own. Some people like shooting creatures from hell when playing a game called Doom, some people like moving medieval armies around a chessboard, and some people like speculating in make believe markets. All of them are GAMES. If you don't like it, don't play it. I'm amazed at your delusions of grandeur that let you think you are God's One and Only Game Censor, and can decide which games are Worthy and which games are Not.

            Short version: no one cares if you don't like EVE. Go play your shooter and leave us alone.

      --
      Seven puppies were harmed during the making of this post.
    4. Re:Eve-online exploit: more information by fitten · · Score: 4, Insightful

      As the other poster said, Eve's market is huge. Ships, ammo, as well as lots of modules for ships (and lots of other stuff including *all* tech2 items) are made by players. The market is quite large so it's easy to do speculation, provided you have in-game money. The prices of the raw materials for tech2 item production are getting rarer? Well... that's going to mean the prices of tech2 items are likely to increase. So, buy a bunch off the market right now in the hopes that prices will go up and you'll get a nice profit, just for waiting a few weeks.

    5. Re:Eve-online exploit: more information by fitten · · Score: 2, Interesting

      You have to have the methods in the game to tack this stuff... records have to be kept about the creation of minerals, etc. and then all of that has to be tied together. Sure, you may have records that moon minerals were being created... there's lots of that going on and it's something probably logged. But you have to correlate that with certain stations not using fuel to create these minerals, if such a think is recorded... "station X used Y amount of fuel and created Z amount of minerals" is something that probably isn't logged (but may be soon). Plus, if there's a bug in the code, those messages may be in the log anyway... just wrong. You can notice large amounts of isk moving around from player to player in-game, but how do you correlate *that* 0.12 isk (out of literally many trillions of ISK in the game) entered the game through an exploit? I don't know of any game that's able to tag every unit of in-game money that way.

    6. Re:Eve-online exploit: more information by Goaway · · Score: 2, Insightful

      If you spend 40 hours a week in a high stress job, maybe you shouldn't play a game that is another job.

    7. Re:Eve-online exploit: more information by harl · · Score: 2, Insightful

      One who failed to notice that starbase production output of widgets was significantly more than is mathematically possible with the number of moons that possessed the raw material needed for widgets.

      He compiles trivia after the fact. He's a statistician and nothing more.

      --
      I find being offended by me offensive.
    8. Re:Eve-online exploit: more information by Jedi+Alec · · Score: 2, Insightful

      And if someone else tries to manipulate the markets as well, you can pay people to blow him out of the sky...bit harder to do on Wall Street? :P

      --

      People replying to my sig annoy me. That's why I change it all the time.
  2. Not a bug, a design feature! by Anonymous Coward · · Score: 2, Funny

    It's a shame that game companies don't realize how much fun this is, and implement a game where the object is to hack the system to inflict grievous nuisances on other players.

  3. Bad console players! by Ash-Fox · · Score: 4, Funny

    Bad console players! You're not allowed access to the console! Bad, BAD players!

    --
    Change is certain; progress is not obligatory.
  4. Re:I hate consoles, and the article is wrong. by Anonymous Coward · · Score: 5, Funny

    English motherfucker, do you speak it?

  5. The article is WRONG, no gigant, but a 3D skybox. by Tei · · Score: 5, Interesting

    Half-Life engine uses a tecnique to have "3D skybox" using a special room where stuff displayed here show in the sky, so anything there looks gigantic.

    Tutorial here:
    http://www.moddb.com/games/half-life-2/tutorials/3d-skybox-tutorial

    --

    -Woof woof woof!

  6. ISK value and the creation of ISK by Anonymous Coward · · Score: 3, Informative

    As you can buy in game time for $35 and resell it for ISK at around the 450 million mark, I believe this is what the poster was referring to; this is actually a legitimate transaction and is supported by CCP (this is nice because it sets a cap on the price that gold/isk sellers can charge out of game and allowing indirect regulation). This exploit didn't allow the creation of ISK, just the creation of high end materials for module and ship production. While those sell for a lot of ISK, it is only other players that buy it so the net player isk production wasn't effected.

  7. Pathetic by Anonymous Coward · · Score: 4, Interesting

    As someone who played Half-Life and particularly Team Fortress Classic for numerous years and clans at a fairly advanced level (not to mention all the Quakes, Unreal Tourney, etc. etc.) this whole story is a gigantic WTF for me.

    The ranting and frothing of the various console owners who, quite simply don't have a clue - or appreciate - what the in-game console is or does is stunning. I suppose it's kinda to be expected from not really having a keyboard to access this stuff but the responses from the vast majority are shocking (see the kotaku article on this:
    http://kotaku.com/5106048/left-4-dead-xbox-360-hacks-to-ruin-everything ).

    First off these aren't hacks or exploits in the traditional sense and generally can't be run unless the server owner has set their server to cheat mode on (console command: sv_cheats 1). The reporting of this isn't crystal clear in the Half-Life engine and can catch people unawares, but only the server host/admin can adjust it. I suppose this wasn't such a big deal back in the day when a 'server' was usually dedicated as opposed to the way it runs on todays consoles (the host player runs the server and plays in it at the same time). At any rate, I imagine that even on the Xbox only the host player can run these commands (or anyone with remote server admin logon). It's not like JoeySmacktard can join your game and use these commands without you going out your way to allow him to do so.

    Secondly, this kind of tweaking is absolutely HILARIOUS (at least amongst consenting adults ;) ). I've some fond memories of many games and mods run on my LAN with friends running around maps in low gravity, movement speed set to several hundred miles per hour or friction set to be negative, throwing everyone all over the place. If valve truly has nuked these commands for good on xbox then I can only say it is a sad day for console owners of the game. It's a co-op game for god's sake, you're probably playing with good friends and once you've worked your way through the standard game such 'tweaks' really give it a new lease of life.

    If these commands were left in without sv_cheats being the toggle and usable by anyone on the server - I will humbly stand corrected. But frankly I doubt it. Glad I'll be getting the PC version so that this sort of stuff is left optional to me - as it should be.

    1. Re:Pathetic by JCSoRocks · · Score: 2, Insightful

      I'm sure the problem is that 90% of the people on consoles aren't computer savvy enough to get that. In my opinion if you have a PC and a console, you're going to get the PC version just because the mouse is so much better for gaming. So the sorts of people on the console or that prefer it won't necessarily be the sorts that "get" what's going on. Particularly if the person "cheating" is just using it to send endless hoards in versus while they're infected and then they turn it off when they're survivor. In my example if someone doesn't know the people he's playing with it just looks like the other team is hacking to send endless zombies at you.

      If the console works the same as the PC there's no way to choose between dedicated games and locally hosted games... so you have no way (aside from joining friends) of controlling whether you join a game that allows "cheats" or not. I think this is something valve needs to fix on both platforms. It's pretty easy to host a game locally and then jack around with the people that join your game without them realizing it.

      --
      You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
    2. Re:Pathetic by fastest+fascist · · Score: 4, Insightful

      The problem with server-side variables in L4D is that with matchmaking you have no way of knowing if you're connecting to a vanilla server or some 4chan hellhole. Of course allowing the user to filter out servers that allow cheats should be trivial, but as it is the matchmaking system doesn't let you do that.

  8. Culture of Complacency by ObsessiveMathsFreak · · Score: 2, Informative

    I've said it once and I'll say it again. PC game developers are complacent about quality. Too complacent. There is in fact a culture of complacency among PC developers. Console developers by contrast, owing to many years of zero patch capability after release, have much, much higher standards and bugs, major and minor are not tolerated to anywhere near the same extent as they are in PC titles.

    This problem has not gone away and is only becoming more evident as PC developers attempt to port or move into console development. Almost universally, they run into serious quality issues, allowing bugs, glitches and crashes to occur far, far more frequently that any console player is used to dealing with.

    In 1995, I spent over four hours trying to get Discworld to run with sound on my PC. Last month, my brother spent over six hours trying to get Fallout 3 to even play on his PC. In 1995, every single game on the SNES, Mega Drive, and nascent Playstation ran flawlessly from the moment it was turned on. Today, that is still the case with consoles.

    PC gamers can say what they like about games on consoles and the people who play them. But one thing they cannot deny is just how solid and reliable console games have been, and continue to be. You put in the cartridge/disc, and the game "Just Works(TM)" from day one. No patches, no bugs, no crashes. This is a standard which PC developers should obviously be reaching from, yet in over a decade, by objective measures, they have not made one lick of progress in this direction.

    This complacency is what will spell the end of PC gaming if developers do not get their acts together. People are not going to spend four hours downloading and installing patches for games that refuse to work out of the box when consoles begin to offer those same titles, with the same specs and control schemes. People are not going to keep buying $200 upgrades just to turn something on anymore, when custom hardware consoles offer long term(5+ years) powerful capabilities in just one purchase. People are not going to put up with imbalanced, glitchy or hacked PC games for months in online play, when console developers aggressively pounce on issues and issue automatic mandatory patches within days (Many developers already do this in Xbox360(see article) and PS3 titles).

    In short, the culture of quality in console gaming that the PC gaming industry needs to swiftly adopt.

    --
    May the Maths Be with you!
    1. Re:Culture of Complacency by Anonymous Coward · · Score: 2, Insightful

      Poor comparison.

      There is 1 hardware configuration for a Nintendo. The developer develops to it and it is done.

      There are probably a billion hardware configurations for a PC. Impossible to test everything.

    2. Re:Culture of Complacency by zysus · · Score: 2, Insightful

      You are missing a key point here, something that embedded developers understand. It is much easier to support software on 1 platform, where you have complete control. (Such as a console)
      On a PC you have thousands of hardware and driver configurations, other conflicting pieces of software that you may or may not know about, library versions. All kinds of unknowns. It is a whole different beast.

    3. Re:Culture of Complacency by LingNoi · · Score: 2, Insightful

      This is the dumbest thing I have ever read.

      It just shows you have no idea about game development.

    4. Re:Culture of Complacency by mrgreenfur · · Score: 2, Insightful

      Good points. But this won't last for long as games get more complex and consoles get internet enabled for post-release patching.

    5. Re:Culture of Complacency by Kneo24 · · Score: 2, Insightful

      Today, that is still the case with consoles.

      That is not true. Console games are having these issues now too. Fable II, Fallout 3, GTAIV, and the list goes on.

  9. Re:I understand... by Kneo24 · · Score: 2, Insightful

    It's actually quite useful to see certain things that you normally can't see. A lot of times you can't see your choke, ping, FPS, movement speed, etc... Just the diagnostic information alone is nice. If I'm lagging really bad, I'd like to try and figure out why, not blame just outright blame it on the server.

  10. ISK? by Simon+Brooke · · Score: 3, Funny

    Eve Online's currency is Icelandic Kronur? No wonder they're in trouble!

    --
    I'm old enough to remember when discussions on Slashdot were well informed.
  11. TFS Is Wrong About the EVE Exploit by rsmith-mac · · Score: 4, Informative

    apparently responsible for the fraudulent creation of trillions of ISK

    No, that's not it at all. I'm not sure how TFS ended up at that conclusion

    The bug was a manufacturing bug, similar in some respects to an item duping bug. Certain types of production in EVE are multi-step processes where materials get made in to other materials before everything finally is made in to a finished good*. Players could build certain mid-process manufacturing materials (we'll call the fake materials [stuff]) without needing the materials/inputs normally required to build said [stuff]. This resulted in a lot of [stuff] being made out of nothing that was then used to build finished products. No ISK was ever created since this exploit created [stuff], not ISK. The exploiters could sell their fake [stuff] to other players for ISK, but there was never any more ISK in the game because of it.

    Ironically this was better for the vast majority of players who were not in to manufacturing, since the deflation that results from the excess [stuff] meant they could get many finished goods for cheaper than what they should actually be at. The flip side is that correcting this means that prices on the deflated goods are about to shoot up like a rocket, in other words the game is about to hit a period of rapid inflation as the market corrects for the lack of further fake [stuff].

    *Specifically, it was an exploit involving Tech 2 manufacturing. The production chain looks like this, and things that could be fraudulently made are tagged with [stuff]: Raw Materials -> Basic Materials [stuff] -> Advanced Materials [stuff] -> Components -> Finished Goods

  12. Not entirely true... by Junta · · Score: 4, Informative

    In terms of complaints about getting a game to run 'at all' or 'with sound at all', that comes down to hardware complexity. No development company will have this sort of glaring omission on any sane console platform, due to the consistency of hardware in the field. You'll note also that PC developers have tweak-able settings for resolution, geometric complexity, etc etc, because they don't know what hardware they are going to run into. It's just that simple. Richer APIs have helped abstract the differences better, but they are still there.

    I think the console development issues can be more attributed to the complexity of the platform. Frankly, I don't remember having to acquire many patches before the latter half of the 90s for PC games. Some of the fancier DOS games had issues, but a lot of the DOS games simply didn't have a lot to worry about.

    Another complicating factor is the aspect of multi-player games. The mentioned bugs, for example, would not even be worth a patch if it were not a multi-player game. The multi-player aspect requires all bugs that must intentionally be triggered that can provide unfair advantage to be patched. You can find scores of bugs that were exploits in Console history. Final Fantasy 7 W-ITEM underflow bug and Wild Arms Item underflow bug come to mind off the top of my head, The vast majority of patches for modern games have fallen under this category, fixing exploits and fine-tuning balance. This goes for both PC and Console games. Take a look at a single player game and a multiplayer game in the current generation and you'll be hard pressed to find a multi-player game without patches, yet single-player games exist commonly without patches. Before the current generation, internet multi-player gaming on consoles hadn't gotten off the ground, so it wasn't as much a concern, while internet PC multi-player has been common over the last 6-8 years.

    And finally, I have seen on occasion games lock up or just glitch in the console world too. Some games released multiple versions of ROM cartridges, and a publisher, if bothered, would exchange an older, buggy one for the new version. It was rarely worth anyone's time to do so, but they still had glitches that slipped past QA. Generally you could avoid them, but still.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  13. On this Eve bash by khallow · · Score: 4, Insightful

    I play the game, Eve and there's a bunch of hate going on for the developers, CCP as a result of this bug. I think the bashing of CCP is excessive, but it's worth considering why it might have happened.

    First, much has been made of the claim that CCP "knew" about the exploit. Why has this assertion been made? Because the exploit in question was "petitioned", that is, someone complained about the exploit to an ingame admin some time four years ago. I gather this was reported multiple times in the same way though it's hard to figure out who's telling the truth. But what is the petition proces for? Resolving an ingame problem with a user. If the user is ok with the outcome ("I have free stuff!") and isn't currently cheating, then I gather the petition is closed. So one possibility for the failure is simply that the exploit never got reported as a bug either by players or by the admins handling the problems. I wouldn't be surprised, if the admins never bothered either because it wasn't their job (since the bug wasn't resulting in actions that required immediate admin correction) or because that part of the game was notoriously buggy.

    Now as I understand it, the bug is as follows. There is something called a "player owned station" or "POS". You start by anchoring something called a control tower which for our purposes can only be anchored in a fixed number of spots, one per "moon" in the game (my SWAG is hundred thousand locations). Near that tower, you can anchor other POS structures. Some are for defense. One is to extract a resource "moon minerals". You can attach factories, drug labs, asteroid ore refineries. The most important structures are (chemical) reactors. You store various moon mineral resources and reactor products in "silos". The reactors take input products from some silos and dump the output in other silos. Think of it like a flow chart made of industrial widgets. There are two layers of reactions known as "simple" and "complex". Every moon mineral (of which there are maybe 15-20 types) goes through a simple reaction (where it is combined with another moon mineral) and then a complex reaction (where the resulting simple reaction product is combined with 1-3 other simple reaction products).

    Economically, most of the value coming out of reactions comes out of the second layer of reactions. The reactors for complex reactions are bigger and most POS can only handle one such reactor. That often means that a chain of reactions can spread over half a dozen reactors or more. The really efficient corporations (Eve equivalent of guilds) can run dozens of these things to generate all the reaction products that the Eve markets consume. That's if you do it the fair way.

    Eve like many such games has a one hour downtime. Some enterprising players apparently discovered that one can manipulate a single reactor so that over downtime it fills the output silo with the desired reaction product even though no input material was used. Normally it takes a week or longer in real time to fill that silo and you need to fill the input silos with the appropriate materials. The complex reactions, being the more valuable ones and the final product of POS reactions (which would immediately be bought by manufacturers), were the ones that were exploited. Certain moon minerals were far more scarce than others. In fact, it was to the point that a lot of the game activity centered on controling sources of those moon minerals. This was all bypassed by creating the complex reaction products that had the valuable moon minerals in them.

    For your edification, here's a screenshot halfway down the page showing a control tower (the big vertical thing), a bunch of silos (9 of them present along with a "coupling silo" which looks identical, meant to buffer the flow of output product), and two reactors (on the far left), one complex and one simple. "Online" means it is active and able to do something. "Anchor

  14. I Can Tell You're Not A Developer by Chabil+Ha' · · Score: 2, Insightful

    The decision to release buggy software often does not lie in the hands of the developer, but the business paying the developer. In many cases, bugs and vulnerabilities are well known, but a business decision is made to release anyway.

    --
    We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
  15. Re:What about Castle Crashers? by SCPRedMage · · Score: 2, Informative

    Actually, they only fixed this when playing on dedicated servers, meaning there hasn't been an actual update on the user's end. The update stop this from happening on local games hasn't actually been released yet.

    They probably just put "sv_cheats 0" in the config files...

    --
    My sig can beat up your sig.