Tuesday, April 15, 2008

Part of Eve Online source code leaked?

[20:44] [abuser] Could you certainly say me what your programmers did to secure clientside from exploiting Eve?
[20:44] [abuser] what’s certainly
[20:45] [abuser] I don’t have anything against content makers - their ideas are good, really good
[20:45] [abuser] I have full eve sourcecode, so you know what’s did, and what’s not;)
[20:46] [abuser] From all security i saw - were ROLE permissions for logins with priviliges higher than usual player, and some minor things in relation to prevent some remote service calls (some with potentially bad payload)
[20:46] [abuser] nothing else
[20:47] [abuser] is that called “programmers working on security”?
[20:47] [[IA]Morpheus] Are you cruising for a job or something?
[20:47] [abuser] Nah
[20:47] [abuser] neither job, neither anything else
[20:47] [abuser] you may think of in such direction
[20:48] [abuser] Digging the situation to uncover the truth :)
[20:49] [abuser] You may compare me to fox mulder from x-files series
[20:49] [abuser] it’s the best description of why i do this
[20:49] [[IA]Morpheus] Ah, well, nice to meet you Mr Mulder.
[20:50] [abuser] So… would you like to answer what AWESOME ccp programmers did in relation to client/server security (at least for client?)
[20:51] [[IA]Morpheus] No, we won’t respond to blackmail. If you think we don’t care or aren’t working on improving security you are sadly mistaken
---
"CCP is aware that an individual claims to have access to the source code of the EVE client. This access is not a security risk to CCP in any way. Access to the source code for the EVE client exposes no security vulnerabilities, has no privacy protection issues, and poses no threat to our customers' billing information.

The server-side interface used by the client is carefully protected to ensure that no abusive or unwanted information is transmitted to, or from the internal EVE server systems. Nothing the EVE client can do can affect the game state, no advantage can be gained by manipulating the EVE client, no advantageous or disadvantageous information can be transmitted to other EVE users by altering the EVE client."
Eve Online Source Code Leaked
eve online drama again ?
CCP plays down EVE Online source code leak

3 comments:

Anonymous said...

The exchange was quite lengthy, and I did not take the time to read all of it but I was wondering if this exchange wasn't only for trying to know what was going on the server side of Eve, just by asking the customer service, pretending to have full source code.

Anyway, I've downloaded the source code, I do not play Eve and am not planning to, but I at least will be seeding it for others to enjoy.
Simple access to uncompiled source code like that is always useful.

Dopefish said...

I haven't read up on it propertly, but I think he (or someone else) decompiled the client code from the binaries rather than accessing CCP network and stealing the code. Haven't checked the source code or even downloaded it, but as far as I heard it didn't have any comments in it, which surely is a sign it's not the code from CCP themself... or atleast not their source / working code.

So yeah, he only have part of the client code and was acting like an ass in hopes that they'll give him parts of the server code aswell.

None the less, this should be interesting for anyone interested in game programming (and especially MMO / Eve Online), aswell as business people to see how CCP handles a possible code theft (mostly banning alot of customers).

Anonymous said...

Yep, the code is uncommented, but it does not necessarily means it is not a working code.
As it is supposed to be decompiled source code, comments may have been stripped out in the compiling phase in order to reduce file size of the compiled executable. Therefore, no more comments when decompiling.

And as is stated on the official website : "The Python scripting language that is used by the client can be easily decompiled to generate readable code, and we have designed our server-side systems with that understanding."

So, I bet it IS the working code, but there is nothing especially amazing in getting it, and this guy is (imho) just basically saying "Hey, look, I can create bots in your game, but I won't tell you how, I just wanna know how you think I may be doing it" in the sad hope that the real developper team will answer and telling him the security holes...

I finally doubt this story ever helps nor prevent cheating in Eve, but you're right, it shows us how CCP handle this kind of thing.
And I can't refrained from thinking that banning accounts only for speaking about this story or downloading the file is... bad idea.