Entropia and hacking... is it safe?

Discussion in 'General Entropia Universe Discussion' started by Wistrel, Feb 10, 2021.

  1. Wistrel

    Wistrel Kick Ass Elf

    OK first off, I've not checked but even talking about this might be against the EULA. I'm hoping there is no "MA law" about asking the questions/raising the concern/having the debate though. So some of you may have noticed I've been "playing" Shenzhen IO lately which is kinda like a basic "made up" assembly language. Through one thing or another it got me wondering about how safe programs (like Entropia) that have already been written are from hackers, once someone really knows what they are doing with assembly language. So I looked into it a bit and, it seems like it is entirely possible to change bits of programs so long as the actor is careful/knows what they are doing.

    Long story short it seems the way is it done is that bits of the program can be overwritten but if you try to "insert" instructions this will screw things. The way people do it therefore is they look for "safe places" that they can overwrite with new instructions, then have other bits (the ones they want to change but have no room) jump to the new instructions in the safe area and back again. The reason they don't just stick it at the end of the program is partly to do with some sort of metadata that tells the operating system how much memory to allocate (so making the program unexpectedly bigger might be an issue) and also because sometimes they want to avoid detection - say if something were to do a simple size based security check to ensure the program had not been tampered with (although one wonders if that too could be tampered with if it existed).

    To make matters worse it seems there are ways to alter programs as they are running even, meaning you wouldn't even be able to check the program before it started as a way of ensuring peace of mind.

    Skipping to the point, I'm wondering what, if any, protection Mindark have against this. I'm guessing as well as a size check you could maybe do some sort of checksum too to look for changes even if the overall size hasn't altered, but are MA doing this sort of thing? Even if they are, what about the "while running" thing? That sounds very tricky to protect against.

    It seems particularly concerning given that MA seem to have something of a dwindling development output and I wonder if anyone there would know how to include protections or detect foul play even if it was occurring. I'm guessing of course, and indeed have always assumed, that MA probably for safety's sake always calculate all the important things on their own servers, meaning altering the game locally wouldn't give anyone an advantage even if they were so inclined to throw huge amounts of effort at it?

    This said though, over the years I have heard people throw about phrases on forums like "speed hacking" (in relation to space travel) and someone once posted here to say something like "The hackers are watching Entropia very closely" which sounded pretty ominous. Now I grant you, that could have been and indeed probably was grandstanding, and of course Entropia remains pretty obscure and off most of the world's radar. But anyway, having looked into the reality of it a little I will admit I now have my doubts, especially with the real cash economy, I could imagine all it takes is for the wrong person with the right skills to get wind of the game before it becomes a very real target.

    So what do people think? Am I unjustly concerned or could this be a real problem given the current development circumstances? Over to the floor...

    Wistrel
     
  2. you should definitly also look into anarchy minecraft, and soon you'll find out about hacking your client, stressing poor servers up to their death, and their sysop's countermeasurements to keep things alive while everyone tries to break it.

    what if everything was allowed? stealing, lying, hacking up to social engineering?

    a very interesting concept, that made me buy futureclient, try some others, and finally use the source-look again. don't trust, verify!!!

    i also follow a bunch of anarchy streamers now, and its everlasting evolution of hacks and counterhacks. funny shit i swear! :geek:

     
  3. technically all houses can be broken in to but that doesn't mean you have to sit up all night with a gun pointed at the inside of every entrance.
     
  4. Just some random stuff :

    Between 2004 and 2007 people used the trick to change their windows clock = revive faster, reload faster etc.

    It worked again in later VUS until 2016/2017 or so.


    They used "autoclicker" to change their clothes thousands of times per second...making the servers lag so badly. Jesus. ^^


    People messed with winsock.dll to run so fast ingame...badass... x'D Ive seen it all...and reported it all.

    Strange they were always choosing me to show these things. ^^

    I remember a vanished discussion on the old "unknown cheats forum". They admitted "its a nice encryption, isnt it ?^^"
    BUT were afraid of haxing PEDs, as it was real money...and SEEin how Mindark asks how you obtained your PEDs, 50 days after you tried to cash out...ooof

    There were quite evil stories about avatars with server sided cheats aka. unlimited ammo.
    Stories about invisible Trade Terminals...and hell yes we found them, but didnt know how to use them.

    There were so many ingame tricks to fake reload speeds...clone items...MOST OF THEM kept returning in later VUs...again and again and again. :)

    So, yeah, in a broken environment like this it can be done. Just dont get caught by these criminal crooks. :)
     
  5. Wistrel

    Wistrel Kick Ass Elf

    That sounds interesting, so sort of a version of minecraft where the whole point is to try and hack/break it? (I guess I should go watch the video haha). Have to admit I know very little about minecraft. I know kids love it and it's massively popular but I never really tried it. I think for me it just isn't pretty enough haha. I'm sort of one of those people who isn't massively keen on retro new games (although will admit to enjoying retro city rampage). I kinda think "you have resolution and colours - use them!" but of course I enjoy genuinely old things. The other thing is I once saw someone point out that old games didn't actually look as blocky as the world would have us remember, they just do on modern screens. This is a good point! But yeh Minecraft kinda falls under that "modern low res textures" thing that I just can't bring myself to like.

    Actually was kinda amused, was visiting a friend and her youngest is crazy into minecraft. She was showing me this book of different minecraft block types by their textures and I was chuckling because to me they all looked roughly the same!
     
  6. Wistrel

    Wistrel Kick Ass Elf

    Between 2004 and 2007 people used the trick to change their windows clock = revive faster, reload faster etc.

    :O

    It worked again in later VUS until 2016/2017 or so.

    :O :O :O

    They used "autoclicker" to change their clothes thousands of times per second...making the servers lag so badly. Jesus. ^^

    Was that something to do with trying to maintain a hold during land grab? That strikes me as the only time such a trick would be desirable, unless someone was just trying to be an arse for a laugh. This does make me chuckle though because using the inventory is sooooooooooooooooooooooooooooooo slow anyhow, the idea that an autoclicker would actually help is kinda funny. I get though that maybe even if the clothes don't actually change, if there is something making the request frequently and often, even if it isn't being acted on in a timely fashion, this would have the potential to slow things down.

    People messed with winsock.dll to run so fast ingame...badass... x'D Ive seen it all...and reported it all.

    So they can run away from mobs I guess? or again, helpful in land grab I guess or when returning to a mob what you half killed but it killed you so you want to get back quick. I guess TP chip or vehicle would be easier but I suppose some financial outlay could be avoided if you could sonic the hedgehog (Gotta go fast!) your way back.

    I remember a vanished discussion on the old "unknown cheats forum". They admitted "its a nice encryption, isnt it ?^^" BUT were afraid of haxing PEDs, as it was real money...and SEEin how Mindark asks how you obtained your PEDs, 50 days after you tried to cash out...ooof

    Hmm... I remember you got asked that... I hadn't appreciated it at the time but... thinking about it now... that's actually kinda worrying. I mean - they - should - know - so the fact that they even had to ask is a little troubling. One wonders the benefit of asking anyhow "Were you up to no good? no? oh ok carry on then" :O I'm not really sure what this implies. Something like maybe their records have been archived off so for old players they can't or can't easily trace the transactions... or something was lost in an accident maybe? or they don't have the people with the know how on how to check any more? Concerning...

    The encryption comment does sound a little troubling... even if whoever these people were didn't fancy taking a risk, there's bound to be someone out there who was/is and maybe they are playing "the long game" or even have some sort of in game money laundering racket going on. I guess as with a lot of crimes I've heard the tricky bit is getting the money. I think I read somewhere that in bitcoin they know there is a huge amount of sleeper cash that just sits there and never gets moved or used. Similarly I think I heard something similar about bitcoin (or was it monero) that is used to extort money from ransomware. Apparently a lot of it just sits somewhere and never gets "moved". Something to do with the "moving" being the bit where the cops would actually have a chance to try and connect the transaction to someone. I dunno.

    There were quite evil stories about avatars with server sided cheats aka. unlimited ammo.
    Stories about invisible Trade Terminals...and hell yes we found them, but didnt know how to use them.


    There were so many ingame tricks to fake reload speeds...clone items...MOST OF THEM kept returning in later VUs...again and again and again. :)

    Were the invisible TT's literally a TT that just had no texture on it? i.e. it was like an invisible box you couldn't walk through but could click on and use the UI? That other stuff about unlimited ammo sounds terrifying. It doesn't surprise me though, I'll never forget "the PEC bug" as a noob with less than 100 ped to my name that truely was an irritating one.

    Wistrel
     
  7. NotAdmin

    NotAdmin Administrator

    I was told about these, too. That they were used by MA staff to quickly travel around when they'd need to, and that they were hidden "in plain sight", just invisible. I suspected the RT one was on or around the pirate ship, an spent several hours there trying to figure out if I could find it. In reality, though, I suspect they actually are located in the middle of a non-landmark area. Obfuscation, so to speak.
     
  8. As for tampering with the Client software itself, there are safe guards in place.

    They actively check if RAM is being tampered with at runtime and you will receive an automated ban if they detect this.
    This has been reported by multiple players in the past who tried to run "improvement" software.
    If they do the above, they surely have simple checksum verification in place as well to make sure the bytecode of the application has not been altered. Thus you will not be able to change code without it being detected (and most likely auto banned).
     
  9. The "invisible" TTs showed up for less then 0.5 seconds when you ran into a Container.
    You had to click em before they dissapeared. But you could not buy stuff from it.

    Most of the times you just lost the connection if you messed around too much. :)
    Usually no ban included.

    Simple "memory editors" usually dont work very well with online games anway, as they are always checking back with the server state.
    Some do, some dont.

    Most bad things happened abusing the "shabby ingame systems". No real hacking needed. :)

    But it happened before. More than once. So...


    And yes, the "autoclicker clothes chaning" stuff was used by...everyone who grabbed a land...and wanted to keep it. This game is so full of cheats and greed... :)
     
  10. haha you wish :) they can't even get their maths correctly, nor do they have any advanced sense for security, said somebody else. his password was sent plaintext at commandline long time ago, and his account later got leeched via PCF. #notme!
     
  11. Wistrel

    Wistrel Kick Ass Elf

    love that idea. That the seemingly random pirate ship was actually a secret gateway to another planet!
     
  12. Wistrel

    Wistrel Kick Ass Elf

    So we have 2 conflicting viewpoints here, one claiming multiple people got caught by checks for running something nefarious (I wonder if the actual meddling was detected, or simply the presence of the software on the system, or maybe checking if it was running), and the other claims MA struggle to even add up (true - see aforementioned reference to PEC bug) and that such claims should be checked.

    Who to believe?
     
  13. Wistrel

    Wistrel Kick Ass Elf

    I was having a poke at the EULA and may be able to answer my own question. I see they do explicitly say you consent to them monitoring how you use Entropia for the purpose of detecting use of bad juju.

    (gotta love that capital Y)

    So "presence of" is presumably not an issue. Just don't run nefarious.exe at the same time as Entropia. So I guess they either:

    A. do nothing
    B. check what is running
    C. somehow check things are not meddling

    Place your bets now...

    oh just spotted they also say the following which, while doesn't imply they check for it, says you aren't allowed to have anything installed that they don't like.

    PS I also note they say this...
    1. Gambling activities are expressly forbidden in the Entropia Universe.
    better steer clear of them explosive projectiles or loot boxs then...
     
    Last edited: Feb 16, 2021
  14. Wistrel

    Wistrel Kick Ass Elf

    Just spotted another one...

    Bugger... well so long folks... it's been nice knowing you all... X'D

    http://www.entropiaplanets.com/threads/fix-a-broken-gold-card-reader.19603

    and I guess the guy McCormick talked about went to MA Jail already for modifying/creating derivatives from the reader ,-)

    Wistrel
     
  15. hacking isn't only about modifying computers or games, it's mostly about RTFM and finding out inner workings, the bugs, and both expected and unexpected behaviours.

    knowing the history of excellence, you don't have to mess around alot. just "play" the "game" and SEE, what doesn't work, what has been broken again, or is still unfixed after ages. this is where the "true" skill and longterm experience of EU hides. and it's dynamic too! :laugh:

    MA's dev skills are fucking lame, simple as that. their development takes ages and is nothing but full of both shit quality and broken promises. i'll never understand why they rather "update" mob textures a dozen times, and copy-paste events incorrectly 6-8 times a year, than finally get their shit going one day...

    well, it still seems to work for them, right? too long already, maybe... :dunno:
     
  16. Wistrel

    Wistrel Kick Ass Elf

    Well... I'm not sure I'd call discovering a bug, even if you were systematically searching for it "hacking". I mean.. I get where you are coming from but I feel that is stretching the definition to the edge. Case in point, that time I discovered I could crash my local server area. Sure, I'd found a bug and was checking how bad it was, (I was concerned I'd found a duplication trick) but I wouldn't call that hacking.

    I take your point though reading between the lines that you are implying those with "skill" are actually those who just found a good exploit and are milking it as much as they can. This is against the rules of course but then again, I do feel MA rely too much (entirely?) on the player base to do their testing for them. It isn't good to rely solely on the rules you enforce on others to ensure folks come forth and inform MA of discovered exploits, or to rely on their sense of decency.

    Still, I don't want to derail this one into discussion of bugs/exploits as they are kinda a given.
     
  17. San

    San

    Nobody can technically, or even legally (despite wide-spread scare tactics), prevent you from disassembling a compiled program on your own computer for your own fun and erudition. What you do with your findings, whether you communicate them to others or apply them in a way that would violate the associated TOS, is a whole different matter. With a product as complex as a game client of many megabytes pure machine code distilled out of even larger sources, it begs the question what you can learn from it with any reasonable effort, or otherwise what your purpose really is.

    Also, there is a difference in terms between "hacking" and "tinkering" which sometimes gets blurred in vernacular. You may like to specify what you mean. Personally, i'm interested in tinkering with a little-known feature of the EU client (if they haven't taken it away), which can send info like ammo or shots left and a few other numbers to a Logitech keyboard with built-in display. I don't have one to try it out and wonder if you couldn't interface with it and get the information without hardware, esp. under Linux. It's not high on my priority list but maybe some day, if/when motivation gets better again. If you mean something like this by "hacking", then you should be safe.
     
  18. NotAdmin

    NotAdmin Administrator

    I might have one of those keyboards lying around. I'll check when I'm home. It's yours if you want it and cover S&H.

    I bought it for a the exact reason you mentioned (tracking ammo, and what not) and at some point had a very brief go at it, but got sidetracked with other stuff. I'm not sure I still have it, or what shape it's currently in, but I'll see if I can dig it up.
     
    • Friendly Friendly x 1
  19. San

    San

    Thank you for your kind offer! I don't need one right now, the idea was to program an interface to receive the information without requiring the actual hardware. I haven't yet spent much time investigating if the protocol is open or if anyone has done this already. In another thread here I started posting some Linux ideas, beginning with extracting info from the chat file and routing it to a TTS converter to enable playing with the UI widgets off. Ammo is the crucial bit missing there. But as said, my motivation for putting effort or money in Entropia is low at the moment. Cheers for the thought.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.