+ Reply to Thread
Page 7 of 9 FirstFirst ... 3 4 5 6 7 8 9 LastLast
Results 91 to 105 of 131

Thread: Clone Wars, The Exploit... Continuation

  1. #91
    Junior Member Pitchcontrol's Avatar
    Join Date
    Dec 2011
    Location
    Belgium
    Posts
    155
    Quote Originally Posted by lordkator View Post
    FYI there are 500 Million objects in Basilisk's db. The sceneobjects table alone if 633 Gigs... When I dump the entire db to JSON it consumes about 1TB of disk space for just one snapshot.

    The reason we keep Basilisk alive is not just the database, without players the database is useless. How exactly would we be able to monitor 1 million+ transactions a day that happen on basilisk if it's just a database on a disk somewhere?

    The wipe will come!

    Sadly I lost five months of my life to these people, I could have been coding on other parts of the project all that time.
    60K items where duped and 54K items are on the banned accounts. Wouldn't it be interesting to test out to delete all items duped items first on the accounts of the banned and rescan the remaining 6K items how they will be flagged when you delete the 54K items first?

    The 54K duped items on the account of the banned can be considered 100% duped
    Items crafted by the banned that are on the dupe list can be considered 100% duped

    You can still flag the remaining 6K items, but you can't ignore the fact it would be an interesting test to see if they still popup as being duped. I know for a fact that several of these remaining items are 100% legit and show up as a false positive because a sister items was duped. The admins can still decide on a later date to delete or to save those items.
    Drop off at 3521 -5596 Tatooine (South Eisley mall vendor Hot Drops)


  2. #92
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    971
    Quote Originally Posted by Pitchcontrol View Post
    60K items where duped and 54K items are on the banned accounts. Wouldn't it be interesting to test out to delete all items duped items first on the accounts of the banned and rescan the remaining 6K items how they will be flagged when you delete the 54K items first?

    The 54K duped items on the account of the banned can be considered 100% duped
    Items crafted by the banned that are on the dupe list can be considered 100% duped

    You can still flag the remaining 6K items, but you can't ignore the fact it would be an interesting test to see if they still popup as being duped. I know for a fact that several of these remaining items are 100% legit and show up as a false positive because a sister items was duped. The admins can still decide on a later date to delete or to save those items.
    The problem is the way they duped caused these items are invalid under the hood, the items ended up sharing child objects in a way the code was never designed to handle. We will be dealing with server instability and very strange behaviors. As an example some of the weapons they cloned had ADK on it and if they made 5 dupes there would only be one single ADK, as soon as someone deleted the weapon they would get the ADK deed and the other weapons would be in an invalid state. It’s not safe to keep these invalid items on the server.

    Also, deleting the banned accounts items first will not change the fact that an item was duped! It either was duped it wasn’t and it being on a banned account had nothing to do with it.

    And you are not correct in your logic, there is no way the “sister” items are 100% legit, we can not prove it with the data we have and we know for a fact they duped many things that people “loaned” them and did not return the original to the person who loaned it to them.
    Last edited by lordkator; 08-04-2020 at 09:49 AM.
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

  3. #93
    I'll still suggest just removing all ADKs and letting non cheaters keep their tainted items, which will naturally decay, is best solution imo.

    But everyone knows how biased against ADKs I am at this point.

  4. #94
    Really should have just wiped the server, it so badly in need of a wipe. It really should be getting wiped every 3-4 years anyway, almost all the cities are just ghost towns.

  5. #95
    Banned
    Join Date
    Apr 2012
    Location
    duped
    Posts
    808
    Quote Originally Posted by dedaskalion View Post

    But everyone knows how biased against ADKs I am at this point.
    you've never mentioned it before

  6. #96
    Quote Originally Posted by Gravel86 View Post
    Really should have just wiped the server, it so badly in need of a wipe. It really should be getting wiped every 3-4 years anyway, almost all the cities are just ghost towns.
    Should never have implemented bank withdrawal ☠️

    One of the ways these cities linger so long is that only the mayor is active and he just bank tips Everyone in the citizen list every so often to keep the houses around.
    Last edited by dedaskalion; 08-04-2020 at 12:00 PM.

  7. #97
    Junior Member Woha's Avatar
    Join Date
    Jun 2011
    Location
    Germany
    Posts
    135
    Items on Banned Accounts 54,004
    Items on Active Accounts 6,125

    Oh boy this says everything! Good job!

    What I misss in the list the Create of free Resource Deed. I guess this would be the top 1 if I would think like a criminal.

    Reg. ADK in a TS someone told he was able to claim more then one ADK after a patch if I got it right the counter did't work right. Guess this was more then two years ago I missed everything name, where he was from...
    Last edited by Woha; 08-04-2020 at 03:25 PM.

  8. #98
    Dedicated Tyrson's Avatar
    Join Date
    Oct 2014
    Posts
    923
    Quote Originally Posted by lordkator View Post
    We will be dealing with server instability and very strange behaviors. As an example some of the weapons they cloned had ADK on it and if they made 5 dupes there would only be one single ADK, as soon as someone deleted the weapon they would get the ADK deed and the other weapons would be in an invalid state. It’s not safe to keep these invalid items on the server.
    I mean, these objects have been around for years. This is nothing new. The server seems pretty stable from a player's perspective.

    What are the consequences of an item being in an "invalid state"? Would it break for the player? Get deleted? Not take a new ADK? I only had a couple flagged items, nothing of consequence, but from the perspective of a someone who might be losing their "end game" weapon I'm sure they'd rather have a chance of their weapon becoming "unstable" then having it deleted.

    I guess I'm struggling to see how it's "not safe to keep these invalid items on the server" if they have been here for years and years.

    /way -200 -5678 The Mall
    Current Stock

  9. #99
    Member Jackleware's Avatar
    Join Date
    Jul 2012
    Location
    USA
    Posts
    304
    Ever work with a database that has tables with a messed up seed in the auto-generated primary key field? You see some really weird stuff and after any amount of time, you get issues with things that should be unique that are no longer unique.
    Also, just because we have had a level of player-accepted stability or instability for years does not mean we will never reach a point where it becomes unacceptable and a hindrance to further development of the project.

    Edit for clarification - I'm not suggesting that there is a primary key issue in the database. I was using that scenario as an example of how when records are supposed to be unique, but then they are no longer unique, you can get some big issues in the database.
    Last edited by Jackleware; 08-04-2020 at 07:47 PM.
    Argus - Swordsman | OldShavey - Tailor | Splike - Smuggler | Aakaash - CH

  10. #100
    Quote Originally Posted by lordkator View Post
    The problem is the way they duped caused these items are invalid under the hood, the items ended up sharing child objects in a way the code was never designed to handle. We will be dealing with server instability and very strange behaviors. As an example some of the weapons they cloned had ADK on it and if they made 5 dupes there would only be one single ADK, as soon as someone deleted the weapon they would get the ADK deed and the other weapons would be in an invalid state. It’s not safe to keep these invalid items on the server.

    Also, deleting the banned accounts items first will not change the fact that an item was duped! It either was duped it wasn’t and it being on a banned account had nothing to do with it.

    And you are not correct in your logic, there is no way the “sister” items are 100% legit, we can not prove it with the data we have and we know for a fact they duped many things that people “loaned” them and did not return the original to the person who loaned it to them.
    When your tool is flagging items as duped that are made with the same factory run of *crafted components* where a single one of those components got duped on a completely separate account, then your tool does not meet the specification of correctly detecting duped items. It needs more time and additional information taken into account to even work right.
    Last edited by esmiswg; 08-04-2020 at 06:35 PM.
    Vendor: -3027, -4562 (Gorath, Tatooine)

  11. #101
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    971
    Quote Originally Posted by esmiswg View Post
    When your tool is flagging items as duped that are made with the same factory run of *crafted components* where a single one of those components got duped on a completely separate account, then your tool does not meet the specification of correctly detecting duped items. It needs more time and additional information taken into account to even work right.
    Trust me it is no where near that simple in implementation, it's 1,300 lines of code just for the part that flags the items. I appreciate the complexities are not obvious, but we have spent a lot of time looking at the edge cases here.

    I will not go into the details of the exploit, however there were a number of "artifacts" that could be used as a seed.

    The system that does the tagging has 8 separate phases that unpack each level of detail to match items, not just a simple s/n counter.

    If we just sorted based on s/n's we would have flagged 100 million items.

    That said when you do see a s/n with thousands of copies and its a loot item not a manufactured item, pretty clear what happened there.
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

  12. #102
    Quote Originally Posted by cmurphy50 View Post
    Are you stupid? They sold in game items for real currency, that's about as far against the terms of service as you can possibly go. You are misinformed if you think you can play devil's advocate on this one. Test server doesn't mean anarchy.
    No, I'm actually very smart. Probably smarter than you. All the players who were banned didn't sell things for money. I'm talking about duping not cashing in. Your straw man didn't work.

    And I'm not playing devil's advocate. I'm exposing the double standard. That it's ok to waste time on bad people, but its not ok to waste time on good people.

    If it truly is just a test server then all players who did not sell things for $$$ should be let back in immediately so that they can continue to expose more bugs/flaws. If it's just a test server then why are testers who exploit banned? Nothing matters right? Or does it?

    Can't have it both ways.
    Drop Vendor: Coronet (443, -2952)
    IGN = Odrii / Gint

  13. #103
    Junior Member
    Join Date
    Feb 2012
    Posts
    121
    Guys, guys...I'm obviously the smartest person here right now. I'm in Mensa. Do you people even know what that is?

    I can say all this because it's the Internet. And I'm smart enough to capitalize the "I" in "Internet," because that's just how smart I am, clearly.

  14. #104
    Quote Originally Posted by lordkator View Post
    Trust me it is no where near that simple in implementation, it's 1,300 lines of code just for the part that flags the items. I appreciate the complexities are not obvious, but we have spent a lot of time looking at the edge cases here.

    I will not go into the details of the exploit, however there were a number of "artifacts" that could be used as a seed.

    The system that does the tagging has 8 separate phases that unpack each level of detail to match items, not just a simple s/n counter.

    If we just sorted based on s/n's we would have flagged 100 million items.

    That said when you do see a s/n with thousands of copies and its a loot item not a manufactured item, pretty clear what happened there.
    How does it matter when it's so obviously wrong? It does not do the job it's supposed to do. It's close, but not quite yet. Please spend some more time polishing it until it's actually correct. It would be such a waste to spend months on something and then have the results be half-assed. It's really not missing much, but it is missing a significant part.

    I have items flagged from the same factory run of components that contain *no* looted items btw.
    Last edited by esmiswg; 08-05-2020 at 04:44 AM.
    Vendor: -3027, -4562 (Gorath, Tatooine)

  15. #105
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    971
    Quote Originally Posted by esmiswg View Post
    How does it matter when it's so obviously wrong? It does not do the job it's supposed to do. It's close, but not quite yet. Please spend some more time polishing it until it's actually correct. It would be such a waste to spend months on something and then have the results be half-assed. It's really not missing much, but it is missing a significant part.

    I have items flagged from the same factory run of components that contain *no* looted items btw.
    Contact support if you think it's wrong, give them OID's. But are you sure every single resource you used was clean? Because they duped everything including resource crates and wall modules. Its crazy.

    I appreciate you're upset, many people are, but saying the system doesn't do what it's supposed to do when you don't know the entire extent of what happened is not helpful.

    I've been "polishing" this for months using TC-Prime, you all thought it was down but instead, I built code that allowed me to keep it up for testing and later just for staff.

    I've done 100's of spot checks, even since the marking I've had outreach and thus far not found any item that should not have been tagged. I have however found net-new ones that should be. The program that does the audit is fairly conservative, I know it doesn't feel that way to you but they duped an incredible amount of items, I have another log I'm looking through where I found even more ADK's they duped but because of the way they did it the audit did not find them.

    I don't know how to help you with your intuition that its not working, when all the data we look at with CSR's and others shows it actually is working as intended.
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts