EVE : [Rumeur] Des fuites de code ?

EVE

Editeur : CCP
Développeur : CCP

» Fiche du jeu

» Site Officiel

» Fansite

Windows Linux Mac

[Rumeur] Des fuites de code ?

«Restons prudent, pas de panique»

Par Ineeh

Attention : cette news contient 100% de rumeurs invérifiables

On s’autorise à dire, dans les milieux autorisés, que le code source d’EVE aurait été mis en ligne sur BitTorrent. La personne qui en serait à l’origine a aussi dévoilé ce qu’elle affirme être un extrait d’une discussion (par chat) entre lui et Morpheus, l’un des membres de l’équipe Internal Affairs de CCP. Il y affirmerait que son intention est de pousser CCP à améliorer la sécurité du côté du client, en particulier dans la lutte contre les bots.

Vrai ou faux, mystère, je ne sais pas si quelqu’un a ouvert le fameux package pour jeter un œil au contenu, mais en continuant dans les rumeurs, l’une d’entre elle affirme que CCP se servirait du téléchargement du fichier (en l’ayant mis en partage eux-mêmes) pour récupérer les IP des gens qui le partagent ou qui le downloadent et ainsi, par recoupement, les bannir d’EVE.

Bien entendu tout cela est à prendre avec des (très grosses) pincettes, aucune réaction officielle de la part de CCP pour le moment, à part que tous les posts sur le sujet sur le forum officiel semblent être impitoyablement modérés.

NDMP : Comme il s’agit d’informer les joueurs sur une fuite potentielle qui pourrait avoir des conséquences sur le jeu (mettre le code source complet entre les mains de gens mal intentionnés n’est généralement pas une bonne chose), et non pas d’encourager ce genre de comportement, il va sans dire que tout post donnant un lien Torrent ou un site donnant ce lien sera modéré.

Avis

Nos visiteurs lui donnent :

75%

Sur 28 tests de visiteurs

Lire les tests - Noter ce jeu

Fiche

Forum

Fansite

ONeill a dit :

La discussion :

Citation:

As title says... =) Guy asked to spread it, why not? =) History: [20:16] <Abuser> So. Talking with Arkanon wasn\'t fruitful. [20:17] <[IA]Morpheus> Not quite, what are you trying to achieve? [20:17] <Abuser> Make CCP confirm some things they are refusing to confirm ... [20:18] <Abuser> Make intelligent approach to fixing bugs and perfomance issues instead of messing with game balance [20:18] <Abuser> at least [20:18] <[IA]Morpheus> You have no idea how we even work, theres 350 employees working at CCP and you don\'t know the slightest about our processes. [20:18] <Abuser> I don\'t know HOW you work [20:19] <Abuser> i see the RESULT of this work [20:19] <Abuser> and UNDERPANTS of it [20:19] <Abuser> I have enough experience researching MMO\'s [20:19] <Abuser> eve isn\'t first [20:19] <Abuser> and won\'t be last [20:20] <Abuser> so if you want to tell i don\'t have the understanding of CCP infrastructure related to eve - you are somewhat wrong [20:20] <Abuser> but question isn\'t about this [20:20] <Abuser> from what i know previous sourcecode leak [20:20] <Abuser> was couple years ago [20:20] <Abuser> and from what i see, nothing changes in terms of quality [20:21] <Abuser> neither things, allowing people to exploit eve (for botting) - were fixed [20:21] <Abuser> is that how 350 people (i doubt if at least 1/5 - 1/7 of them are programmers) [20:22] <Abuser> work? [20:22] <Abuser> Customers without in-depth knowledge will not notice this [20:22] <Abuser> but what if somebody will explain the situation for them? [20:23] <Abuser> or you consider USD14.95 people pay you every month aren\'t enough to be fair with them? [20:26] <[IA]Morpheus> This is the wrong way to go about things and will not lead to a revolution in how CCP does things internally. [20:26] <[IA]Morpheus> Sorry if thats what you were after. [20:26] <Abuser> I\'m not looking for revolution [20:27] <Abuser> Do you know such term as \"Proof of Concept\"? [20:27] <Abuser> It\'s only enough it to get into hands of people who consider themselves to be programmers [20:28] <Abuser> Currently eve don\'t have any clientside (and i\'m 100% no serverside, except logs) routines to detect bots

[20:28] <Abuser> Even stupid ones, using OCR and called Macroses [20:28] <Abuser>

[20:29] <Abuser> Won\'t the wave of intelligent bots make CCP work at least in the direction of securing the engine? [20:29] <Abuser>

[20:29] <[IA]Morpheus> Of course it will, that\'s obvious. [20:29] <Abuser> Nice [20:29] <Abuser> that\'s at least part of the plan [20:29] <[IA]Morpheus> If thats what you want to achieve then congratulations, we are always working on improving security and plugging holes. If you want to help with that, try a normal approach like say sending us an email with suggestions. [20:30] <Abuser> No, you are lying

[20:30] <Abuser> Security wasn\'t improved since last theft [20:30] <Abuser> except some CryptoAPI and zlib [20:30] <Abuser> so don\'t try to fool me [20:31] <[IA]Morpheus> Security is always being worked on, I trust you know programming takes a lot of time and effort. [20:31] <[IA]Morpheus> You say we have no ways to detect bots, yet we continue to ban thousands of exploiters who sell ISK and so forth. [20:32] <Abuser> And that\'s all? [20:32] <Abuser> And what if people start using some hypothetic people2people trading service [20:33] <Abuser> that will avoid of using sellers who are constantly monitored via logs? [20:33] <Abuser> so there will be signle and not interconnecting trades [20:33] <[IA]Morpheus> Then we\'ll pick up on that and fix it..? [20:33] <Abuser> that\'s how Blizzard can\'t do anything with such theme [20:33] <Abuser> don\'t think you will manage [20:33] <Abuser> they are losing more than you [20:33] <Abuser> Why not to add client-side routines to detect bots? [20:34] <Abuser> Why using petitions? [20:34] <Abuser> People can lie, people can put a bucket of dirt on player who never violated eula [20:35] <Abuser> And he will be banned, if petition will contain only right details describing the things you will never log, but that are surely be bot\'s actions [20:36] <Abuser> EVE Clientside is enough to put bot-detecting routines there [20:36] <Abuser> you can even use [20:36] <Abuser> your spyware approach [20:36] <Abuser> similar to when downloading PC identification python object during authentication as payload [20:37] <[IA]Morpheus> Let it all out, I\'ll be sure to forward the conversation to all of our programmers, if thats what you want. [20:37] <Abuser> No, your programmers are just following the plan [20:37] <Abuser> they aren\'t that bad guys who caused all this anarchy [20:37] <[IA]Morpheus> Care to tell me who did? [20:38] <Abuser> Those who plan eve development and/or who decide the priority of client upgrades to be implemented. [20:39] <Abuser> Currently Shiny Features have more priority than solidifying security and fixing bugs, from what i see [20:40] <Abuser> Or how else you can explain the ability for the bots to use same approach to exploit eve engine as when previous sourcecode leak was? [20:41] <Abuser> Nothing changed to prevent this? [20:41] <Abuser> But we\'ve got tons of content patched [20:41] <Abuser> but still lagging jita and deadly lagging blobs [20:41] <Abuser> but from patchnotes i see that these things aren\'t your priority [20:42] <[IA]Morpheus> I see that your intentions are good but this isn\'t playing out nicely for either parts. [20:43] <Abuser> Guys, theres no other way that will play better. [20:43] <Abuser> You simply ignore community requests to fix the core of eve, rather than add new coats to it, to make community forget about the bugs. [20:43] <[IA]Morpheus> I despise bots and hacks over everything, but this is also a business, we\'ve got developers designing content and EVE needs to grow. I know for a fact that there are programmers working on security, more than that I can\'t really say. [20:43] <[IA]Morpheus> If you think we are releasing new content to make you forget about bugs then I\'m not sure what I can say to convince you. [20:44] <[IA]Morpheus> Patches have always been 50% bug fixes 50% content or so. [20:44] <Abuser> Could you certainly say me what your programmers did to secure clientside from exploiting Eve? [20:44] <Abuser> what\'s certainly [20:45] <Abuser> I don\'t have anything against content makers - their ideas are good, really good [20:45] <Abuser> I have full eve sourcecode, so you know what\'s did, and what\'s not

[20:46] <Abuser> From all security i saw - were ROLE permissions for logins with priviliges higher than usual player, and some minor things in relation to prevent some remote service calls (some with potentially bad payload) [20:46] <Abuser> nothing else [20:47] <Abuser> is that called \"programmers working on security\"? [20:47] <[IA]Morpheus> Are you cruising for a job or something? [20:47] <Abuser> Nah [20:47] <Abuser> neither job, neither anything else [20:47] <Abuser> you may think of in such direction [20:48] <Abuser> Digging the situation to uncover the truth

[20:49] <Abuser> You may compare me to fox mulder from x-files series [20:49] <Abuser> it\'s the best description of why i do this [20:49] <[IA]Morpheus> Ah, well, nice to meet you Mr Mulder. [20:50] <Abuser> So... would you like to answer what AWESOME ccp programmers did in relation to client/server security (at least for client?) [20:51] <[IA]Morpheus> No, we won\'t respond to blackmail. If you think we don\'t care or aren\'t working on improving security you are sadly mistaken. [20:51] <Abuser> IA [20:51] <Abuser> did you saw the code yourself? [20:51] <[IA]Morpheus> Yeah, and? [20:51] <Abuser> or you are just telling me someone else\'s words? [20:52] <[IA]Morpheus> Nop, I\'m all alone. [20:52] <Abuser> And where do you see security fixes or bot catching routines in client? [20:52] <[IA]Morpheus> I wouldn\'t know, I\'m not a programmer. [20:52] <Abuser> YAY [20:52] <[IA]Morpheus> If you think we are gonna tell you everything we\'ve done or are going to do then I\'ve got a bridge to sell you. [20:53] <Abuser> so how you can tell if there are security pathces? [20:53] <Abuser> Morpheus, i have a client sourcecode [20:53] <Abuser> and have a people who can supply me with updates [20:53] <Abuser> of each new version [20:54] <Abuser> (where my python decompiler won\'t be able to handle optimized bytecode) [20:54] <[IA]Morpheus> There\'s probably more to it than meets the eye, Fox Mulder. [20:54] <Abuser> so in relation to client i have the same about of knowledge as you [20:55] <Abuser> So you insist that security patches are applied to client and client is secure and non-exploitable? [20:55] <Abuser> Maybe i should release a small hack with portion of eve sourcecode to eve forums that will exploit something? [20:55] <Abuser> or you will continue to talk that everything is fine? [20:56] <[IA]Morpheus> Heh, I\'m not saying there aren\'t exploits, don\'t be naive.. [20:56] <Abuser> o [20:56] <Abuser> there\'s 1 big exploit ) [20:56] <[IA]Morpheus> There are and probably will always be, however we will continue to work against them. What else do you want? [20:56] <Abuser> and tons of small ones [20:56] <Abuser> not the ones requiring people to do queue of actions ingame to achieve the result [20:57] <[IA]Morpheus> And you want this fixed? [20:57] <Abuser> i\'m talking about the ones, that are coming to light when you are exploiting eve python engine (oh god they said me it\'s impossible) [20:57] <Abuser> Easiest way was to start using c++ and completely rewrite the code some time ago [20:57] <Abuser> but i assume it\'s too late [20:58] <Abuser> so you will not get rid of python injections [20:58] <[IA]Morpheus> Time will tell, I suppose. [20:58] <Abuser> but you can think of coding anti-bot routines [20:58] <Abuser> I wonder if your programmers and qa know at least 1/20 of they ways possible to use to inject the code [20:59] <Abuser> starting from most stupid approach [20:59] <Abuser> and ending with ring0 injector [20:59] <Abuser> trust me [21:00] <Abuser> you can try [21:00] <Abuser> ugh [21:00] <Abuser> you COULD try [21:00] <Abuser> but nothing was done in this direction for years

[21:00] <Abuser> i know people who are safely botting (first with ocr, then on python code bots) from early years of eve [21:01] <Abuser> and they also agree nothing was changed in terms to stop or make the bots function wrong [21:02] <[IA]Morpheus> You know, if you want that to stop you should let us know exactly how those bots function instead of threatening to leak source code. [21:02] <Abuser> only if i will have public guarantess and confirmation that certain list of things will be fixed [21:03] <Abuser> confirmation on each exploit [21:03] <Abuser> otherways - there\'s no sense [21:03] <Abuser> i\'m not only want to see these things fixes [21:04] <Abuser> it also requires CCP to confirm that these bugs existed (and exist) over years [21:04] <Abuser> you understand what i mean [21:05] <Abuser> i\'m thinking of some patching for trinity graphic engine [21:05] <Abuser> to show that it\'s possible to make client show much more fps [21:06] <Abuser> at least in space, during large fights

[21:06] <Abuser> (and that\'s one more stone to the window of your programmers, who must be forgot of such thing as level of details) [21:07] <Abuser> there are many things - some interesting constants, that should be controlled by server, but they are not; ability to faster change sessions, unloading unnecessary services in runtime when they are not required [21:08] <Abuser> truth on some strange session roles like viplogin

[21:08] <Abuser> 10 megabytes of code are enough to find a lot of things that should be there [21:10] <Abuser> *should not [21:11] <Abuser> And How these bots are functioning? [21:12] <Abuser> Executing python code inside of eve python interpreter [21:12] <Abuser>

[21:12] <Abuser> Or calling python api (these are less intelligent ones) to call objects, methods from eve python [21:14] <Abuser> Untile eve uses python, there\'s no way to prevent these bots from using it too [21:14] <Abuser> Untile=>*While [21:15] <Abuser> It\'s possible to catch them, but not prevent from appearing and being more and more intelligent. [21:15] <Abuser> In near perspective, other people who also have eve sourcecode (not from me) - will be able to release the bot that will be able to keep in control every single in-game activity usual player can do ingame. [21:16] <Abuser> So only way (if you are not going to stop using python) - is to implement a bot catching routines on clientside [21:22] <[IA]Morpheus> Well, thanks for all the advice. [21:23] <Abuser> so [21:23] <Abuser> i assume there will be no public excuse and to do list of bugs to fix from CCP? [21:27] <[IA]Morpheus> Not quite, however, we are prepared to talk if you want your EVE Accounts reopened. This would also be a chance for you to give and receive feedback on the horrible bugs and exploits you know about. [21:27] <Abuser> I\'m not interested in my eve accounts [21:27] <Abuser> The ones you closed [21:27] <Abuser> weren\'t involved in testing

[21:27] <[IA]Morpheus> Then we have nothing more to discuss, thank you for your time and have a good day. [21:32] <Abuser> It\'s was nice you agreed to talk with me. [21:32] <Abuser> Personal thanks for your patience, Morpheus. [21:32] <Abuser> Have a good day. [21:32] <[IA]Morpheus> Sure thing. Farewell. <[IA]Morpheus> Hi, give me a few minutes to reply to your mail. <Abuser> Sure <[IA]Morpheus> Do you have a list of bugs and exploits, the ones that you want us to fix? <Abuser> 1. List of exploitable clientside things. <Abuser> 2. Description of ways to exploit python engine (with examples) <Abuser> 3. Ways to detect the bot(-s) <Abuser> but <Abuser> only in case terms i listed during our last discussion yesterday <Abuser> *case of accepting <[IA]Morpheus> Can you list them again please so I can run this by some people? <Abuser> 1. List of places in clientside code that allows to code small client-side hacks. <Abuser> 2. Descriptions of the ways to intrude in EVE python engine and execute arbitary code there <Abuser> 3. Ways to detect existing bot(-s) (at least know 1 serious enough) <Abuser> 4. General ideas to improve EULA. <Abuser> Only when: <Abuser> 1. CCP published press release with: <Abuser> a) confirmation of some bugs/holes existed for years <Abuser> or <Abuser> b) publishes in-depth reports on these bugs, and reports on what fixes were made for them <Abuser> 2. CCP starts work in direction of serverside+clienside bot detection routines, also with public press releases (less detailed ofc) <Abuser> That\'s all. <[IA]Morpheus> Alright, give me a few please. <Abuser> Sure. <[IA]Morpheus> Going to forward this to someone who can make a decision.

Super idée de donner aux tricheurs le moyen de mieux tricher. J'ai rapidement suivi la discussion mais on dirait un gamin qui veut passer pour robin des bois. Pitoyable, ses pseudos exigences font rire. J'espère qu'il va se prendre une armée d'avocats sur la tronche, voir que son adresse soit bizarrement lâché sur un forum

. Il aurait mieux fait de demander des sous... Des fois il y en a qui réfléchissent pas beaucoup ! Isben PS: Je suppose que la discussion n'est pas sensible. Et ça évitera que certains cherchent et tombe sur le méchant lien...

posté le 15/04 à 17:04

Joshua Newborn a dit :

Info ou Intox ? ça tombe en tout cas justement le jour du patch ...

posté le 15/04 à 17:04

Arianrodh a dit :

Citation:

Je suppose que la discussion n'est pas sensible. Et ça évitera que certains cherchent et tombe sur le méchant lien...

3sec chrono pour le trouver ton lien...

Citation:

. Il aurait mieux fait de demander des sous... Des fois il y en a qui réfléchissent pas beaucoup !

quelque part, tu dois surement avoir raison, mais pas sur ce que tu crois apparement..

posté le 15/04 à 19:04

Maybe a dit :

Citation:

Posté par JeuxVideo.com

Le code source de l'excellent MMORPG spatial EVE Online a été volé et se trouve désormais accessible sur les réseaux de piratage. L'information a été confirmée par le développeur CCP, qui n'a toutefois pas précisé les conditions de la fuite. Peut-être une boîte mail Outlook comme dans la rocambolesque affaire Half-Life 2 ? Toujours est-il que le studio tient à rassurer tout le monde en jurant ses grands dieux que jamais ô grand jamais ce piratage n'entraînera de problèmes pour la sécurité des données du jeu comme pour celle de ses utilisateurs (notamment les informations de paiement). Pourvu que l'avenir lui donne raison.

A priori infos et non intox ^^

posté le 15/04 à 19:04

ONeill a dit :

Citation:

Posté par Arianrodh

3sec chrono pour le trouver ton lien...

Justement, j'avais mis la discussion pour pas que vous ayez à chercher. Je te rassure, 90% des gens qui viennent sur ce forum savent utiliser google et ont eux aussi réussi à trouver le lien en 3s.

Citation:

quelque part, tu dois surement avoir raison, mais pas sur ce que tu crois apparement..

Développe! J'ai envie de savoir ce que tu penses de ce qu'il dit le gus. Tes commentaires sur mes dires sans explications... c'est pas important!

Citation:

Posté par JeuxVideo.com Le code source de l'excellent MMORPG spatial EVE Online a été volé et se trouve désormais accessible sur les réseaux de piratage. L'information a été confirmée par le développeur CCP, qui n'a toutefois pas précisé les conditions de la fuite. Peut-être une boîte mail Outlook comme dans la rocambolesque affaire Half-Life 2 ? Toujours est-il que le studio tient à rassurer tout le monde en jurant ses grands dieux que jamais ô grand jamais ce piratage n'entraînera de problèmes pour la sécurité des données du jeu comme pour celle de ses utilisateurs (notamment les informations de paiement). Pourvu que l'avenir lui donne raison.

Jeuxvideo.com n'est pas non plus une référence. A mon avis il y a de forte chances qu'ils aient juste extrapolé! De un parce qu'ils parlent du "code source" de eve alors que c'est juste le code source du client. De deux ccp n'a pas confirmé sur son site. Et surtout le "L'information a été confirmée par le développeur CCP", genre eve est codé par un développeur... Tant que canard pc ou ccp confirme pas, je crois pas! haha

posté le 15/04 à 19:04

...

» La suite des commentaires sur nos forums

Vous devez être inscrit et connecté pour poster un commentaire.
(inscription gratuite et rapide en cliquant ici)