Clone Wars, The Exploit... Continuation

[lordkator]

60K items where duped and 54K items are on the banned accounts. Wouldn't it be interesting to test out to delete all items duped items first on the accounts of the banned and rescan the remaining 6K items how they will be flagged when you delete the 54K items first?

The 54K duped items on the account of the banned can be considered 100% duped
Items crafted by the banned that are on the dupe list can be considered 100% duped

You can still flag the remaining 6K items, but you can't ignore the fact it would be an interesting test to see if they still popup as being duped. I know for a fact that several of these remaining items are 100% legit and show up as a false positive because a sister items was duped. The admins can still decide on a later date to delete or to save those items.

The problem is the way they duped caused these items are invalid under the hood, the items ended up sharing child objects in a way the code was never designed to handle. We will be dealing with server instability and very strange behaviors. As an example some of the weapons they cloned had ADK on it and if they made 5 dupes there would only be one single ADK, as soon as someone deleted the weapon they would get the ADK deed and the other weapons would be in an invalid state. It’s not safe to keep these invalid items on the server.

Also, deleting the banned accounts items first will not change the fact that an item was duped! It either was duped it wasn’t and it being on a banned account had nothing to do with it.

And you are not correct in your logic, there is no way the “sister” items are 100% legit, we can not prove it with the data we have and we know for a fact they duped many things that people “loaned” them and did not return the original to the person who loaned it to them.

[esmiswg]

The problem is the way they duped caused these items are invalid under the hood, the items ended up sharing child objects in a way the code was never designed to handle. We will be dealing with server instability and very strange behaviors. As an example some of the weapons they cloned had ADK on it and if they made 5 dupes there would only be one single ADK, as soon as someone deleted the weapon they would get the ADK deed and the other weapons would be in an invalid state. It’s not safe to keep these invalid items on the server.

Also, deleting the banned accounts items first will not change the fact that an item was duped! It either was duped it wasn’t and it being on a banned account had nothing to do with it.

And you are not correct in your logic, there is no way the “sister” items are 100% legit, we can not prove it with the data we have and we know for a fact they duped many things that people “loaned” them and did not return the original to the person who loaned it to them.

When your tool is flagging items as duped that are made with the same factory run of *crafted components* where a single one of those components got duped on a completely separate account, then your tool does not meet the specification of correctly detecting duped items. It needs more time and additional information taken into account to even work right.

[lordkator]

When your tool is flagging items as duped that are made with the same factory run of *crafted components* where a single one of those components got duped on a completely separate account, then your tool does not meet the specification of correctly detecting duped items. It needs more time and additional information taken into account to even work right.

Trust me it is no where near that simple in implementation, it's 1,300 lines of code just for the part that flags the items. I appreciate the complexities are not obvious, but we have spent a lot of time looking at the edge cases here.

I will not go into the details of the exploit, however there were a number of "artifacts" that could be used as a seed.

The system that does the tagging has 8 separate phases that unpack each level of detail to match items, not just a simple s/n counter.

If we just sorted based on s/n's we would have flagged 100 million items.

That said when you do see a s/n with thousands of copies and its a loot item not a manufactured item, pretty clear what happened there.

[esmiswg]

Trust me it is no where near that simple in implementation, it's 1,300 lines of code just for the part that flags the items. I appreciate the complexities are not obvious, but we have spent a lot of time looking at the edge cases here.

I will not go into the details of the exploit, however there were a number of "artifacts" that could be used as a seed.

The system that does the tagging has 8 separate phases that unpack each level of detail to match items, not just a simple s/n counter.

If we just sorted based on s/n's we would have flagged 100 million items.

That said when you do see a s/n with thousands of copies and its a loot item not a manufactured item, pretty clear what happened there.

How does it matter when it's so obviously wrong? It does not do the job it's supposed to do. It's close, but not quite yet. Please spend some more time polishing it until it's actually correct. It would be such a waste to spend months on something and then have the results be half-assed. It's really not missing much, but it is missing a significant part.

I have items flagged from the same factory run of components that contain *no* looted items btw.

[lordkator]

How does it matter when it's so obviously wrong? It does not do the job it's supposed to do. It's close, but not quite yet. Please spend some more time polishing it until it's actually correct. It would be such a waste to spend months on something and then have the results be half-assed. It's really not missing much, but it is missing a significant part.

I have items flagged from the same factory run of components that contain *no* looted items btw.

Contact support if you think it's wrong, give them OID's. But are you sure every single resource you used was clean? Because they duped everything including resource crates and wall modules. Its crazy.

I appreciate you're upset, many people are, but saying the system doesn't do what it's supposed to do when you don't know the entire extent of what happened is not helpful.

I've been "polishing" this for months using TC-Prime, you all thought it was down but instead, I built code that allowed me to keep it up for testing and later just for staff.

I've done 100's of spot checks, even since the marking I've had outreach and thus far not found any item that should not have been tagged. I have however found net-new ones that should be. The program that does the audit is fairly conservative, I know it doesn't feel that way to you but they duped an incredible amount of items, I have another log I'm looking through where I found even more ADK's they duped but because of the way they did it the audit did not find them.

I don't know how to help you with your intuition that its not working, when all the data we look at with CSR's and others shows it actually is working as intended.