I said no such thing. Of course it's not. It's impossible to make a secure client unless you can prevent access to the code entirely. Python may be a bit easier to decompile than C or C++, but you can always decompile or at least disassemble code written in any language. If the code is available for the CPU to execute, it's available for people to look at and play with. Encrypting code, checking file integrity, etc. are nothing more than annoyances to make it a bit more difficult to change the client.
True security for MMOs must be implemented on the server. And to be quite honest, CCP have done a good job there. As much as their client is very easy to hack and graft a new bot onto, their servers are (or were the last time I messed with the game) far more secure than any other MMO I've hacked.
Most MMOs rely on the client to manage most movement and activities of the user. WoW- and Everquest-style MMOs are notorious for allowing speed and teleport and fighting cheats, because the fast-twitch style of combat makes it impossible to have the server mediate all movement and actions. So the client makes the character move at the right speed, times out actions at the right speed, etc. and tells the server "I'm at this location now" and "I just launched this attack."
That model is incredibly vulnerable. They "secure" the system via auditing and looking for unlikely patterns (very quick movement, too many attacks in a minute, etc.). It lets them catch cheaters, but it doesn't let them prevent it.
With Eve, on the other hand, the client doesn't tell the server anything but what the player wants to do. It tells the server "I want to move in this direction" and "I want my engines on at this power level." The server manages all of the movement and tells the client where the player is and what it did or didn't manage to do. (The client does manage its own physics state as well, but this if for display continuity purposes only and it gets periodically resynched from the server.)
All you can really do in Eve is automate what a normal human could do. The bot still has to play by the rules. And the combat in Eve is sufficiently slow that it's really not any more effective than paying someone in China to sit there and do the same actions; it's just cheaper and more fun to write a bot.
I don't say this in defense of CCP--because they've had their share of screwups and have a terrible track record when it comes to wildly oscillating game rebalances--but in defense of their general model, which is more correct and less vulnerable to cheating than most. Cheating takes the fun out of things. No one wants to write a chess program that moves knights diagonally when it feels like it. But writing a computer-based player that has to play by the rules is _fun_.
Yes, it's been done for a very long time. And it's way more efficient with bots. Some bots run ships with as many lasers as you can fit and just eject ore into cans. Other bots run big ships like indys that pick up the cans and run the cans back to a station. Alternately, if the belt is dangerous and has rats, you can have the battleships run the ore to a nearby bookmark in the middle of nowhere and eject the ore, and have the indys pick up from there. Of course, cans might eventually expire, so you can have another ship just pick up the contents and eject it.
Oh, and make sure you don't pick up anyone else's cans. Corp wars have been started that way. So only pick up cans from friendlies.
I did this yeeeeears ago. Back then the client python code was just a pickle of a dictionary of pyc files. Now it's a pickle of a dictionary of obfuscated pyc files. I poked at it a bit a few months ago and didn't see any obvious clues as to how they're obvfuscated, though they all continue to have a similar header, so I don't think it's anything very difficult.
I've still got all of the old source code for my fully automated multi-client miner, an explorer that saves rock sizes, pirate info, and other interesting things to a database while it runs around, and a partially implemented roving trader.
If whoever has figured out how to decode the new pickle wants to collaborate, I'd love to hear from them. Sadly, this silly public release will probably force CCP to change things significantly. If you're interested, feel free to email me at oldevehacker@gmail.com.
And no, I'm not going to just send the miner source patches to anyone who asks. They're way out of date against the current source and it will take some work to make them apply again, anyway.
For the record, the Eve guys have generally done a good job with security. There are a lot of things that LOOK like they're vulnerable because they're checked in the client, but if you try to exploit them by recompiling a modified client, you'll find that all of it (almost all? i never found anything that wasn't) is checked on the server side. There's nothing as stupidly vulnerable as WoW or most other fast-twitch MMORPGs that have to trust the clients a lot more in order to achieve higher performance.
For anyone who's really bored:
dictfile=open("compiled.code","r") data = str(dictfile.read()) top = cPickle.loads(data) master = cPickle.loads(top[1]) code = master['code']
for codebox in code: codename = codebox[0] rawcode = str(codebox[1][0]) thingy = codebox[1][1] fname="dump/"+str(codename)[8:]+"c" fname=fname.replace("\\","/") fname=fname.replace("../../","") dirname=fname[:fname.rindex('/')]
Slashdot Mirror
True security for MMOs must be implemented on the server. And to be quite honest, CCP have done a good job there. As much as their client is very easy to hack and graft a new bot onto, their servers are (or were the last time I messed with the game) far more secure than any other MMO I've hacked.
Most MMOs rely on the client to manage most movement and activities of the user. WoW- and Everquest-style MMOs are notorious for allowing speed and teleport and fighting cheats, because the fast-twitch style of combat makes it impossible to have the server mediate all movement and actions. So the client makes the character move at the right speed, times out actions at the right speed, etc. and tells the server "I'm at this location now" and "I just launched this attack."
That model is incredibly vulnerable. They "secure" the system via auditing and looking for unlikely patterns (very quick movement, too many attacks in a minute, etc.). It lets them catch cheaters, but it doesn't let them prevent it.
With Eve, on the other hand, the client doesn't tell the server anything but what the player wants to do. It tells the server "I want to move in this direction" and "I want my engines on at this power level." The server manages all of the movement and tells the client where the player is and what it did or didn't manage to do. (The client does manage its own physics state as well, but this if for display continuity purposes only and it gets periodically resynched from the server.)
All you can really do in Eve is automate what a normal human could do. The bot still has to play by the rules. And the combat in Eve is sufficiently slow that it's really not any more effective than paying someone in China to sit there and do the same actions; it's just cheaper and more fun to write a bot.
I don't say this in defense of CCP--because they've had their share of screwups and have a terrible track record when it comes to wildly oscillating game rebalances--but in defense of their general model, which is more correct and less vulnerable to cheating than most. Cheating takes the fun out of things. No one wants to write a chess program that moves knights diagonally when it feels like it. But writing a computer-based player that has to play by the rules is _fun_.
Oh, and make sure you don't pick up anyone else's cans. Corp wars have been started that way. So only pick up cans from friendlies.
Here's a screenshot from a looooong time ago (build 1217. hah!) of the config screen for just such a beast: http://img403.imageshack.us/img403/6203/newminertabvu8.png
I did this yeeeeears ago. Back then the client python code was just a pickle of a dictionary of pyc files. Now it's a pickle of a dictionary of obfuscated pyc files. I poked at it a bit a few months ago and didn't see any obvious clues as to how they're obvfuscated, though they all continue to have a similar header, so I don't think it's anything very difficult.
I've still got all of the old source code for my fully automated multi-client miner, an explorer that saves rock sizes, pirate info, and other interesting things to a database while it runs around, and a partially implemented roving trader.
If whoever has figured out how to decode the new pickle wants to collaborate, I'd love to hear from them. Sadly, this silly public release will probably force CCP to change things significantly. If you're interested, feel free to email me at oldevehacker@gmail.com.
And no, I'm not going to just send the miner source patches to anyone who asks. They're way out of date against the current source and it will take some work to make them apply again, anyway.
For the record, the Eve guys have generally done a good job with security. There are a lot of things that LOOK like they're vulnerable because they're checked in the client, but if you try to exploit them by recompiling a modified client, you'll find that all of it (almost all? i never found anything that wasn't) is checked on the server side. There's nothing as stupidly vulnerable as WoW or most other fast-twitch MMORPGs that have to trust the clients a lot more in order to achieve higher performance.
For anyone who's really bored:
dictfile=open("compiled.code","r")
data = str(dictfile.read())
top = cPickle.loads(data)
master = cPickle.loads(top[1])
code = master['code']
for codebox in code:
codename = codebox[0]
rawcode = str(codebox[1][0])
thingy = codebox[1][1]
fname="dump/"+str(codename)[8:]+"c"
fname=fname.replace("\\","/")
fname=fname.replace("../../","")
dirname=fname[:fname.rindex('/')]
print codename+" => "+fname
try:
os.makedirs(dirname)
except:
pass
codefile=open(fname,"wb");
codefile.write(magic)
codefile.seek(8)
codefile.write(rawcode)
codefile.close()
break
dictfile.close()