Eve Online Client Source Code Leaked 368
An anonymous reader writes to tell us that the game client source code for the popular MMO, Eve Online, has been leaked via torrent. In addition to the source code the user also posted a lengthy chat transcript with someone from CCP customer support. While the end goal may have been to call attention to the continuing security issues within Eve (and ultimately themselves), there are probably better ways of getting through to support. Unfortunately, CCP seems to be responding with the usual knee-jerk reaction of banning everyone breathing a whisper of this incident. I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer.
Well... (Score:4, Funny)
Re: (Score:2, Funny)
Don't download the source via the torrent (Score:3, Informative)
They obviously can't watch them all, but don't download the torrent from an IP that you use to play the game.
Re: (Score:3, Insightful)
Well that will be great for any of their users who get a dynamic IP that was previously used to download the code.
I smell corporate suicide.
Re:Don't download the source via the torrent (Score:5, Insightful)
That very fact is why I think the post you were replying to is likely full of it
Re:Don't download the source via the torrent (Score:4, Interesting)
Re: (Score:2)
Re:Don't download the source via the torrent (Score:4, Insightful)
Re: (Score:3, Insightful)
They can do that for any reason they want or for no reason at all.
Also downloading is still often enough to get you passed a lot of legal threshholds. "Just because I downloaded that album doesn't mean I listened to it" wouldn't stop an RIAA copyright lawsuit.
Re:Don't download the source via the torrent (Score:5, Informative)
They don't need a lawsuit to ban accounts on their servers.
Re: (Score:2, Interesting)
Re:Don't download the source via the torrent (Score:4, Insightful)
I'm not sure that many ISPs would give up their logs to just anyone asking for it. Some, sure, but not many. At the very least, a subpoena of some sort would be required, and the logs could be pruned by then.
Re:Don't download the source via the torrent (Score:4, Funny)
Re: (Score:2)
They dont have any right to do that.
Re: (Score:2)
Re:Don't download the source via the torrent (Score:5, Funny)
Re:Don't download the source via the torrent (Score:4, Funny)
Re:Don't download the source via the torrent (Score:5, Insightful)
1. A user has previously logged onto Eve Online
2. The IP linked to that user's previous session downloads the code.
3. The user logs onto Eve Online again with the same IP (i.e. the same IP/username is maintained throughout).
Put those three events together, and it'd be easy to track/ban a lot of those downloading.
Re: (Score:2, Funny)
Re: (Score:2)
If you are an active EVE player, don't use the torrent links to download the source. CCP is monitoring the torrents and banning any accounts with matching IP addresses to any of the people using the torrent.
Well that will be great for any of their users who get a dynamic IP that was previously used to download the code.
I smell corporate suicide.
Say what you want, this is a brilliant maneuver by them that shows common sense that you just don't see companies use very often.
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
This is different than when the RIAA does it, as they actually upload it to unknowing downloaders to get lawsuit fuel.
If CCP only wants to ban downloaders, they don't need any legal evidence to do so, at least as long as indiscriminate bans are covered in their TOS. Therefore, they don't need to go the RIAA road.
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
^ Direct link
irc.partyvan.fm
Direct link to the torrent (Score:5, Informative)
Re: (Score:3, Interesting)
Geez, why not just upload a GTA4 ISO while you're at it.
Re:Direct link to the torrent (Score:5, Insightful)
Re: (Score:3, Interesting)
When it costs practically nothing to produce a 1:1 copy of something, then it becomes impossible to charge much more than nothing for it. It really is as simple as that. There are huge changes coming and telling people to fuck off to North Korea won't change that.
Re: (Score:3, Interesting)
Warning! CCP Seeding, Banning Torrenters (Score:5, Informative)
Frankly, downloading this would be a stupid thing to get banned over. This is CCP's bread and butter, I don't blame them for taking this action. In their eyes, they are trying to eliminate exploiting players in hopes of making the game better for non-exploiting players. This 'policing' action is usually desired by the community. Yeah, it's unfortunate that they're not taking advantage of the security and stability of an open source coding community
Let's see if Linden Labs can make this OSS client thing work to their advantage. I sure hope so because it will give everyone else a reason to make the switch.
Re:Warning! CCP Seeding, Banning Torrenters (Score:5, Funny)
Unless you live in your mom's basement.
Re: (Score:3, Interesting)
If they're actually seeding it themselves then I expect to hear about a lawsuit. Since that would be purely legal to download from them. If CCP is effectively giving away their src what's wrong with accepting their offer?
Re: (Score:3, Insightful)
Chris Hansen isn't a 13-year-old girl, either (Score:2)
Re:Warning! CCP Seeding, Banning Torrenters (Score:5, Funny)
Re:Warning! CCP Seeding, Banning Torrenters (Score:4, Informative)
Fire all weapons on a single click. Automagically select the right ECM jammer for the target ship. And that's what came to my mind in an instant.
I bet there are many more possibilities which can unbalance tweaked clients and standard clients. It is like a free opportunity for wall hacks if other clients are allowed. It wouldnt be a problem for PvE games, but PvP needs the same client for all.
Re:Warning! CCP Seeding, Banning Torrenters (Score:5, Insightful)
Or needs to do validation on the server-side of all game-balance-affecting stuff--which is really the only way to ensure fairness, since clients can always be hacked.
Re: (Score:3, Interesting)
Server-side validation only captures 'illegal commands', it doesn't really capture -automated commands-.
As long as the bots don't do anything Server side validation isn't going to catch squat. It can't easily tell if its a real player at the helm. And it certainly can't tell the difference between player:
click-a, click-b, c, d, e, f, g, h, i, j
Re: (Score:3, Interesting)
Simple.
Suppose you spend 80 hours a week in game.
Suppose I play 15 hours a week, but buy ISK to keep up with you in terms of in game cash.
Our characters wealth and skills would be equivalent, right.
But who is more likely to run a major alliance, control a starbase, or do anything else of real significance?
You see, the guy 'in game' has a massive advantage. He's spending 80 hours a week meeting people, building friendships, t
Re: (Score:3, Funny)
You must be new here. For most of us, it's one and the same. Though the coffee's not $3 a cup.
Re: (Score:3, Interesting)
Going the open source route may or may not help them, depending on how much of the data available clientside has to remain hidden from the user:
The deep dark secrets they don't want out could be something like players getting info on all objects in a solar system, and the client filtering o
Re: (Score:2)
Re:Warning! CCP Seeding, Banning Torrenters (Score:4, Interesting)
This is the best attitude that I've even seen from a commercial MOG developer. It is exactly correct.
Someone just needs to tell their Banstick guys that. If they believe their own argument, then they need to act like it.
this is going to be so great (Score:3, Interesting)
Re:this is going to be so great (Score:5, Insightful)
On a side note, I think this has happened before on a much more serious scale [slashdot.org].
Re:this is going to be so great (Score:5, Funny)
Re: (Score:3, Insightful)
I don't think availability on a warez site is exactly the same thing as "open source",
Sincerely,
RMS
Re:this is going to be so great (Score:5, Interesting)
Back in the dark ages, ya know, the 90s, there was a little game called Ultima Online.
Heard of it? I hope so, it was one of the original MMORPGs.
Every client ever released for that game had all of it's packets decrypted, and the encryption scheme broken for keys, usually within 24-48 hours. Everytime they updated.
Add to that that people edited the client to do whatever they wanted, sometimes with other programs hooking in and altering packets, others by directly altering the assembly of the client.
Many people tried to exploit bugs in the game that way, but most failed, and everytime someone did find one, it was usually fixed relatively quickly. Malformed packets went from "all the rage" and the way to bug up a game to relatively worthless within a span of a month, barring a few new uses that popped up every so often from bad new code introduced.
Having the source code only simplifies this a little for the people who really care, and it doesn't really enable them to do anything they couldn't already.
Oh, also, while i'm at it. Did you know ultima online had a special client for staff characters? And that the binary for that client was leaked as well?
OH NOES! But wait! Ultima online used good security measures and correct privelege systems, so the client was worthless for anything a normal player couldn't do.
Summary: This isn't new, and it's happened before on other games. Except in the past most games were already so well understood by their communities that the source would add almost nothing except a little ease and some time saved duplicating a better version of the client when they stop upgrading.
Add to that, if this causes ANY security issue with EVE, then the people who coded the game should get in trouble, not the players. Good coding practices prevent all trouble the code could possibly do. You ARE checking for privelege levels and sanitizing your inputs, right?
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
Re:this is going to be so great (Score:5, Insightful)
Re:this is going to be so great (Score:5, Insightful)
Re: (Score:3, Interesting)
The fact that Eve is going this ballistic suggests that something strange is going on. Not proof cold, but certainly it qualifies as somewhat sound circumstantial evidence.
Re:this is going to be so great (Score:4, Insightful)
Re: (Score:3, Insightful)
The server code is really what matters from a security stand point. Changing the server can effectively kill any hacked client on the planet, but it can require upgrading legitimate clients as well.
Really, the content is what makes the game. Engines are important and obviously a required part, but the content is what people play. While it is to the companies a
From TFA... (Score:5, Insightful)
Well, atleast on the tidbit shown on the article, the CCP representative sounds perfectly rational and professional. Am i missing something here?
And by the way, how does this guy ended up with the sourcecode on the first place?!
Re:From TFA... (Score:5, Interesting)
Well, the CCP rep did sound vaguely annoyed to me; I could see him rolling his eyes. But then I imagine they roll their eyes at most of the conversations they have.
And by the way, how does this guy ended up with the sourcecode on the first place?!
That's still unclear. Some say its just decompiled python that anyone could do themselves easily enough. But he almost alludes to having a source within ccp... so I'm not sure.
Its too bad he's apparently not an english speaker because that invites mockery. And obviously he's not being terrible mature which further damages his image, but at the end of the day what he is asking for is legitimate in my opinion:
All he wants is CCP to acknowledge there are specific issues and to demonstrate that there have been real fixes added. Because he is firmly convinced that people have been botting for years using known exploits and that CCP hasn't made even the slightest effort to curb them.
So he's basically saying if you've fixed it... prove it. "Show me an exploit that used to work that doesn't now. Show me something, ANYTHING, that you've actually fixed in the last year or so related to stopping botters."
"And Improve your processes, so that if we report exploits you acknowledge them, and fix them, instead of just handwaving that security improvements have been added, because I'm not seeing any."
"And if you don't, I'm releasing the source, so we can ALL see for ourselves what you've actually improved over the last year, because I'm tired of watching people bot for YEARS without having to so much as adapt to new anti-bot tactics."
If this guy is just blowing smoke, then CCP really should have no issue publishing some of the hundreds of botting related exploit scenarios that they claim to have fixed over the last several patches...and showing that they no longer worked.
That much they owe their customers. Frankly, I don't really blame CCP for not publicly acknowledging security issues and bringing additional attention to each exploit before its fixed... BUT... I -do- think that the playerbase deserves some honesty -after- the fact.
If they release an exploit fix, publish it, what used to work, and what no longer works. CCP lacks credibility, and this would go a long ways towards helping restore it.
After all we get a better level of security updates disclosure from microsoft. I think all this guy really wants is the same from CCP. And if CCP *hasn't* actually done anything in the last few years to address all the while claiming they have, well... I can see why a segment of the playerbase is boiling mad about it, and wants to blow this into the public eye where they can't sweep it under the rug anymore.
Potential exploit exposé? (Score:2, Insightful)
Also, since it is the client code that was released, an intrepid cheater can find ways not just to exploit functions in-game, but find ways to pull various bits of data from straight out of memory. This is a bit like third-party programs that utilize CCP's API code system,
Not a leak (Score:5, Informative)
Re:Not a leak (Score:4, Informative)
Re: (Score:3, Informative)
Re: (Score:3, Informative)
Calmly addressing issues (Score:5, Insightful)
I doubt it. But this is not without a good reason.
Many, many MMORPG players are 13 year old kids. Immature kids. These people are not adults. They do not behave like adults. If the company "calmly addresses the issues", then they'll be flooded by complainers, cheaters and opportunists within no time.
I've been involved in MMORPG for several years. The immaturity in MMORPG communities in general is just sad. There doesn't seem to be any good way to handle issues other than ruling with iron fist.
Re:Calmly addressing issues (Score:5, Insightful)
Eve banning people and deleting forum posts isn't ruling with an iron fist. It is a desperation move to hold on to customers who may not know what is going on. If they ruled with an iron fist they would actually come down on the people who cheated with the devs. That's the problem, the game should be as cut throat as possible in game...but CCP not only plays the game, but leaks inside knowledge of the game to organizations that are already overpowered. Maybe they are totally clean now (I doubt it) but the game will forever be tainted by the past.
The reason they ban is because they have too much to hide and would rather do that than address the issue and fix their game.
Re: (Score:2)
Because you can't trust the user base to handle appropriately even when you do the right thing. In other words: *not* banning those people makes the situation even worse.
Re:Calmly addressing issues (Score:4, Insightful)
I keep hearing people saying this, where's the proof? People just make up stats on the fly and like to blame kids -- there's PLENTY of adult players who act like complete asshats.
Here's some actual stats --
"Also of note is the fact that the average age of the typical gamer is 33."
"...female gamers over the age of 18 make up 31 percent of all gamers, a larger percentage than that of male gamers under the age of 17 (20 percent), a group traditionally seen as the majority."
http://blog.wired.com/games/2008/03/38-percent-of-g.html [wired.com]
I will say I've seen my share of immature players in WoW - BUT that doesn't mean I actually know they're age. Also, WoW is also just ONE mmorpg, albeit the largest.
I've played mmorpgs for about 9 yrs starting with EQ. Currently, I play EQII as well as WoW -- and the maturity level is vastly different there. Played AO, DAoC, CoH, GW and generally had good experiences with the player base. Anonymity is really the big issue with mmorpgs, it let's some people (mainly adults) act like idiots without any real repercussions.
Most of my WoW guild is 30 and 40-somethings. One however is a 12 year old boy, and his online behavior is often much more mature/conservative than the adults.
Re: (Score:2)
I keep hearing people saying this, where's the proof? People just make up stats on the fly and like to blame kids -- there's PLENTY of adult players who act like complete asshats.
Re: (Score:2)
I understand the cheaters part, but being flooded with complainers is what a CSR is paid to handle. Simply banning all discussion hurts the community in the long run and if I was a shareholder of said company I would be upset that the customer relations department is damaging the image of the company by not putting up with things its paid to handle.
Re:Calmly addressing issues (Score:4, Informative)
Re: (Score:2)
I rarely meet anyone in Eve that's younger than 18 (that I know of).
Re: (Score:3, Informative)
Re: (Score:2)
Re:Calmly addressing issues (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
I call BS (Score:3, Insightful)
1. Just as a counter-example: Blizzard may not be perfect on the whole, but I don't think there is even 1 documented case of anyone being banned for discussing a bug. You _can_ get banned for using bots, yes, but not discussing bots, for example.
Their internal policy, as documented repeatedly and even recently on Slashdot, is to rely on criticism and try to fix problems. It's a piss poor company who thinks that the "ban hammer" to silence bug-reports is a perfectly normal way to hold a co
Some additional info on this (Score:4, Funny)
First things first - it's not the full source. In fact, it's not even 2mb big. It's not even a fraction of the source.
Secondly, from the IM conversation they had with support:
[20:18] I don\'t know HOW you work
[20:19] i see the RESULT of this work
[20:19] and UNDERPANTS of it
They see the UNDERPANTS of it. Hilarious.
Calmly address theft of the crown jewels? (Score:4, Insightful)
Re: (Score:3, Interesting)
I wonder how Microsoft would respond to someone putting the code for Office online?
Well, that kind of happened. [slashdot.org]
You mean like NT4/Win2K? (Score:2)
Wait a minute... (Score:3, Interesting)
What's Been Found So Far (Score:5, Insightful)
For those of you asking "what's the big deal about this?" here are what people have found so far digging through the code.
EVE is a fine game, but the code is a joke. This is very likely going to lead to a lot of problems for CCP for some time to come. If they're lucky they'll only get a flood of bots, if they're not then the game may very well turn in to a wild west of hacking players looking for an edge.
Re: (Score:2)
Won't be playing EVE online's trial any time soon.
Re: (Score:2)
I loved EVE when i played it years ago, but i really felt that most of the game should have been automated, or at least have the potential for automation. You just gotta make things in the actual environment a bit more unpredictable for offset.
Eve is already structured around this idea, with corps controlled from the top, etc. I think, done right, it could add a lot more depth to the game.
Re: (Score:2)
Re: (Score:3, Informative)
In everything from PR to coding to bug handling to system administration, CCP is a disaster. The only reason the company is viable is because the core idea of the game is awesome, which is why those of us who play get so frustrated and angry that EVE is still bugged to hell and slow as hell when there are hundreds of people in a system.
How long would you last at any real company if:
1. The space-MMO
It's not that special really (Score:5, Informative)
In keeping with the spirit of Slashdot... (Score:2, Funny)
EVE Online Client Open Sourced
but not by choice?
Motivation? (Score:2)
Re:Motivation? (Score:4, Informative)
The developers are fully aware of many of these issues, yet when the players ask for them to be addressed, the devs sometimes play dumb or more often say it'll be dealt with and then never really say whether it got fixed or not.
Short version: There's lots of bots in the game. Players complain. CCP keeps saying Don't worry, we're taking care of it. But the bots never go away. Rinse and repeat that sequence for various other issues.
Re: (Score:3, Insightful)
BINGO.
This is pretty much the standard approach when dealing with software companies that have a history of ignoring well known security flaws in their products (Microsoft, for example). Basically, since they haven't proven themselves honest in dealing with known issues, and rea
Headline article correction for ./ (Score:5, Funny)
Revised: Eve Online Client now open source!
Excerpt from the code... AMAZING (Score:4, Funny)
//Both people are represented by an abstract class
public abstract class Person
{
public bool StrangersToLove { get; set; }
public bool KnowTheRules { get; set; }
}
//Possible thoughts
public enum Thought
{
FullCommitment
}
//Class
public sealed class Me : Person
{
public Thought Thinking()
{
return Thought.FullCommitment;
}
}
//The target of the song, notice that GetThought can only be called by passing in an instance of Rick
//which satisfies that she can't get this from any other guy
public class You : Person
{
private Thought whatHeIsThinking;
public void GetThought(Me guy)
{
whatHeIsThinking = guy.Thinking();
}
}
class Program
{
static void Main(string[] args)
{
var Rick = new Me() { KnowTheRules = true, StrangersToLove = false };
var Girl = new You() { KnowTheRules = true, StrangersToLove = false };
Girl.GetThought(Rick);
}
}
Official Communication from CCP (Score:5, Informative)
CCP does not confirm or deny, nor make any comment, regarding issues of internal security, and will not be doing so in this case. As a policy, CCP removes message board posts regarding violations of its EULA and Terms of Service, and CCP considers any alteration of the Client software, including decompilation, to be such violations.
--------
Ryan S. Dancey
Chief Marketing Officer
CCP
Re: (Score:3, Insightful)
Nothing the EVE client can do can affect the game state, no advantage can be gained by manipulating the EVE client, no advantageous or disadvantageous information can be transmitted to other EVE users by altering the EVE client.
While I agree with not relying on security through obscurity, there are cheats that can be created trivially with the client code.
For instance, integrating a fully automated mining bot in the client would be easy by using the auto pilot code as a starting point (it has more than likely already been done for ages too).
Altough I don't think it's a security problem as much as it is a game design problem: if mining wasn't mind numbingly stupid boring and repetitive, a bot probably wouldn't be able to do it as
boy am I glad I stopped playing (Score:2)
I successfully avoided getting hooked on MUD's and Evercrack but huge honkin' space games were my biggest weakness, a space MMO was where I finally made the plunge. It's a good thing the game couldn't keep me hooked, I still have a life (or what
Full source? (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
If you look at their netcode, you may be maimed for life.
Seriously, it's fucking awful. 8MB packets, and that is all I'll say.
Re: (Score:2)
MACHOOoooo