Forums » General
Wow this whole thread went totally over my head but I couldn't stop reading... lol
/me looks at picture
OK.. reading assembly, eh...
/me shudders at the thought of programming in 80x86 assembler...
OK.. reading assembly, eh...
/me shudders at the thought of programming in 80x86 assembler...
Isn't decompiling and reverse engineering the code against the EULA? It is against the law regarding virtually all programs, period.
Do you have the Dev's express permission written or otherwise to allow you to mess with their code?
You are claiming to be leading an anti-cheat crusade when in fact you are doing nothing more than the common ripper.
Hiding it under the guise of 'looking for cheats' is just that - you are attempting to find exploits but without formal approval.
This makes you, the decompiler, a cheater looking for vulnerabilities.
Do you have the Dev's express permission written or otherwise to allow you to mess with their code?
You are claiming to be leading an anti-cheat crusade when in fact you are doing nothing more than the common ripper.
Hiding it under the guise of 'looking for cheats' is just that - you are attempting to find exploits but without formal approval.
This makes you, the decompiler, a cheater looking for vulnerabilities.
Well, as far as I can see, he's not decompiling at all. He's just trying to crack the packet format, which is sort of a grey area. It's not direct access to the servers, nor is it the client side code, but the data streaming between the two. It's not something I'd do, though legality in regards to the EULA is actually only the second reason I wouldn't do it. The first reason is that it's not a very nice thing to do. (Third reason is that I'm lazy.)
Ksah;
I could cheat by memory manipulation (i think)... I'm not even looking at the program code, or reverse engineering it (hence not breaking the EULA), so unless it becomes illegal to read/write to my own systems memory, what you going to do about it?
With regards to packet analysis... If the server is spitting them out, and they are travelling through your hardware, you can do what you like with them... (thats my point of view anyway). Lets face it, these rules and conditions are not really enforcible, are they?
I could cheat by memory manipulation (i think)... I'm not even looking at the program code, or reverse engineering it (hence not breaking the EULA), so unless it becomes illegal to read/write to my own systems memory, what you going to do about it?
With regards to packet analysis... If the server is spitting them out, and they are travelling through your hardware, you can do what you like with them... (thats my point of view anyway). Lets face it, these rules and conditions are not really enforcible, are they?
ksah, just parsing the messy output from a decompilation into a readable format would take months, maybe years, and then you'd still have to go about looking for exploits. i don't think anyone here can be arsed.
Plus, guess what? The people making exploits aren't going to care if it'll go against the EULA! They'll decompile it anyway!
Like it or not the packets are an integral element of the game system. They are composed fully of information derived from a proprietary source, and are used for the express purpose of communicating between the client and server.
Since when is a game element a grey area in regards to their legal rights to that data (that they made), that is associated with their undisputed legal right to their material? Since when did their data (packets) suddenly become yours to do with as you wish?
Altering these packets and sending them to the server is compromising (or attempting to) the way the game works, and in a fashion unintended by the authors.
The packets are encrypted for a reason. This is analagous to a big sign saying "PRIVATE"
You are allowed to USE the data they gave you, in the way they intended and this does not include the right to malform, alter, shape, tweak, experiment, or otherwise screw around with their game.
Try pulling something like this in any other established MMO. The very mention of it will get you banned...a quote from the SWG EULA at http://starwarsgalaxies.station.sony.com/content.jsp?page=Policies%20EULA under article 7 they speak in regards to this very subject: "You may not decrypt or modify any data transmitted between client and server;"
This isn't rocket science here, folks.
Since when is a game element a grey area in regards to their legal rights to that data (that they made), that is associated with their undisputed legal right to their material? Since when did their data (packets) suddenly become yours to do with as you wish?
Altering these packets and sending them to the server is compromising (or attempting to) the way the game works, and in a fashion unintended by the authors.
The packets are encrypted for a reason. This is analagous to a big sign saying "PRIVATE"
You are allowed to USE the data they gave you, in the way they intended and this does not include the right to malform, alter, shape, tweak, experiment, or otherwise screw around with their game.
Try pulling something like this in any other established MMO. The very mention of it will get you banned...a quote from the SWG EULA at http://starwarsgalaxies.station.sony.com/content.jsp?page=Policies%20EULA under article 7 they speak in regards to this very subject: "You may not decrypt or modify any data transmitted between client and server;"
This isn't rocket science here, folks.
This is, however, also a beta test. This'd be a much bigger issue if this were release and he was doing this, but so long as he finds exploits and REPORTS THEM, then he is in fact doing a better job testing than most of us have the skill to do.
Quoteth above:
"Heh, this thread is entertaining. Keep it up. :)"
It's hard to get a _more_ official endorsement. As long he reports any exploits he finds I personally wouldn't mind what he's doing.
EDITS: oups did't see your post :)
"Heh, this thread is entertaining. Keep it up. :)"
It's hard to get a _more_ official endorsement. As long he reports any exploits he finds I personally wouldn't mind what he's doing.
EDITS: oups did't see your post :)
"This is, however, also a beta test."
What version the game is, has absolutely no bearing on their legal rights and assertions to their material. Nor does it diminish your specific obligations as a user of this material. Alpha, Beta, Retail...you are still bound to play by their rules regardless, at any time, and in any form of their software.
I also do not recall the developers formally requesting people to hax0r their encrypted packets as part of this beta test. 'ENTRY LEVEL PROGRAMMERS NEEDED'??
"...but so long as he finds exploits and REPORTS THEM, then he is in fact doing a better job testing than most of us have the skill to do."
I don't know that guy. Do you know him? Do the developers know that guy? Is he doing officially sanctioned work on their software, with their permission? Is there any oversight? Can we conclusively say he is really going to report any exploits he finds? Does anyone have a definitive way to verify any of what he is saying?
He is not testing. Testing is defined as performing a predefined set of actions(play the client) within a controlled environment(server) with officially sanctioned oversight and permission, providing feedback.
Just because 'some other exploiters' may do this doesn't give anyone the right to act in the same manner either, for any reason. It is inexcusable. Ultimately though, it comes down to whether the Vendetta crew chooses to assert their intellectual rights in matters like these.
I am not their legal team, nor do I represent them. I am simply providing some sobering facts in what is obviously a vacuum devoid of morality and common sense.
What version the game is, has absolutely no bearing on their legal rights and assertions to their material. Nor does it diminish your specific obligations as a user of this material. Alpha, Beta, Retail...you are still bound to play by their rules regardless, at any time, and in any form of their software.
I also do not recall the developers formally requesting people to hax0r their encrypted packets as part of this beta test. 'ENTRY LEVEL PROGRAMMERS NEEDED'??
"...but so long as he finds exploits and REPORTS THEM, then he is in fact doing a better job testing than most of us have the skill to do."
I don't know that guy. Do you know him? Do the developers know that guy? Is he doing officially sanctioned work on their software, with their permission? Is there any oversight? Can we conclusively say he is really going to report any exploits he finds? Does anyone have a definitive way to verify any of what he is saying?
He is not testing. Testing is defined as performing a predefined set of actions(play the client) within a controlled environment(server) with officially sanctioned oversight and permission, providing feedback.
Just because 'some other exploiters' may do this doesn't give anyone the right to act in the same manner either, for any reason. It is inexcusable. Ultimately though, it comes down to whether the Vendetta crew chooses to assert their intellectual rights in matters like these.
I am not their legal team, nor do I represent them. I am simply providing some sobering facts in what is obviously a vacuum devoid of morality and common sense.
>I am not their legal team, nor do I represent them.
no really...
>I am simply providing some sobering facts in what is obviously a vacuum
>devoid of morality and common sense.
He announced what he is doing. To me that's is more morally correct than random accusatons.
You are makeing a lot of noise about a non-issue. He could just aswell have done everything in secret.
And .. breaking stuff is fun. :P
[LOCKED?]
no really...
>I am simply providing some sobering facts in what is obviously a vacuum
>devoid of morality and common sense.
He announced what he is doing. To me that's is more morally correct than random accusatons.
You are makeing a lot of noise about a non-issue. He could just aswell have done everything in secret.
And .. breaking stuff is fun. :P
[LOCKED?]
my bad analogy:
it's better to try to hack/break into your own house and discover the vulnerabilities while you have no money stored in it than to be taken by surprise when a burglar comes to loot.
SaguratuS is a tester; he's supposed to find vulnerabilities in the game, but instead of waiting to passively stumble upon bugs/problems, he's looking for them actively. the intent is good.
it's better to try to hack/break into your own house and discover the vulnerabilities while you have no money stored in it than to be taken by surprise when a burglar comes to loot.
SaguratuS is a tester; he's supposed to find vulnerabilities in the game, but instead of waiting to passively stumble upon bugs/problems, he's looking for them actively. the intent is good.
I'm very sure one of the devs have read this topic... And if they were so bothered about someone finding a way to "cheat" they would have asked the person nicly not to... Which, they havn't.
So, they either havn't read the topic or they are not that bothered because in some way, SaguratuS is trying to find bugs and explotits which is the whole point of this Beta... He's just doing what he came here to do!
Would be nice if a dev would acaully say... "It's fine that SaguratuS is doing this." :P
So, they either havn't read the topic or they are not that bothered because in some way, SaguratuS is trying to find bugs and explotits which is the whole point of this Beta... He's just doing what he came here to do!
Would be nice if a dev would acaully say... "It's fine that SaguratuS is doing this." :P
And they have read the topic because raybondo responded to it... Ksah, we spent quite a long time doing this a while ago. The devs don't mind. Although they found it funny when we kept finding those error strings. Like "Error: You shouldn't see this error.". If they mind, they tell us. If they don't, then they don't.
Thu 05:15PM raybondo
Heh, this thread is entertaining. Keep it up. :)
Heh, this thread is entertaining. Keep it up. :)
So when do we get the "Pillar of Society" and "Pirate" standings?
We don't necessarily want people poking around in the code, but we aren't so naïve that we don't expect it to happen. One rule of thumb for any internet application is that The Client Is In The Hands of The Enemy. Yes, we expect we may have to ban people for cheating, but they have to cheat first. I predicted on monday that we'd have a successful client hack of some sort within two weeks, and that we need to beef up some anti-cheating code on the server.
Certainly we haven't requested that anybody does this, but we just know somebody will, whether they post about it in the forum or not. So we are forced to take a "technological adversary" attitude rather than a "legal adversary" one, partially because it's better to prevent cheating by making it more technologically infeasible than illegal, and partially because we don't have a lot of administrative resources right now.
So yes. Officially: don't do this. Unofficially: since you're going to do it anyway, it's entertaining to watch at the moment. Trust us, we know where the present holes in the engine are, having used them ourselves, and we intend to fill them before release. I wouldn't even call the protocol remotely "secure" as it stands right now; not much effort has actually been made on making it anything but efficient.
As a side note, the only reason I implemented auto-aim was to -prevent- cheating. If everyone can do it, there's no reason to make an aimbot, which I considered (at the time, many years ago) the biggest unfair advantage you could possibly gain. (Of course, with the messing around with the autoaim range of railguns, this philosophy hasn't been strictly followed.)
Certainly we haven't requested that anybody does this, but we just know somebody will, whether they post about it in the forum or not. So we are forced to take a "technological adversary" attitude rather than a "legal adversary" one, partially because it's better to prevent cheating by making it more technologically infeasible than illegal, and partially because we don't have a lot of administrative resources right now.
So yes. Officially: don't do this. Unofficially: since you're going to do it anyway, it's entertaining to watch at the moment. Trust us, we know where the present holes in the engine are, having used them ourselves, and we intend to fill them before release. I wouldn't even call the protocol remotely "secure" as it stands right now; not much effort has actually been made on making it anything but efficient.
As a side note, the only reason I implemented auto-aim was to -prevent- cheating. If everyone can do it, there's no reason to make an aimbot, which I considered (at the time, many years ago) the biggest unfair advantage you could possibly gain. (Of course, with the messing around with the autoaim range of railguns, this philosophy hasn't been strictly followed.)
Mmm. Beef code.
<mr_spuck>
"Quoteth above:
"Heh, this thread is entertaining. Keep it up. :)""
"It's hard to get a _more_ official endorsement. As long he reports any exploits he finds I personally wouldn't mind what he's doing."
Maybe Ray is "entertained" by the idea that you will get banned and/or sued.
"Quoteth above:
"Heh, this thread is entertaining. Keep it up. :)""
"It's hard to get a _more_ official endorsement. As long he reports any exploits he finds I personally wouldn't mind what he's doing."
Maybe Ray is "entertained" by the idea that you will get banned and/or sued.