|
 
|
Bigger fish to fry...
Submitted by circeus on Sun, 01/29/2006 - 6:08pm.
Well, as some know, earlier in the month the Korean version of City of Heroes, known as "City of Hero" was released. With this came much furor on both the US and Euro forums as the Korean version was released along with an offline character creator - one that allowed you to save up to 20 character looks locally. For short its called CCC for "COH Character Creator".
Problem was it was entirely in Korean.
People started playing with this, and soon realized they could change the registry settings and change the language to English (in the same manner as you can change the language of your own CoH client to say French).
Someone put directions how to do this online. Not long after they were asked to take the directions down, and the first version of the CCC was pulled from the Korean website replaced with a new one.
The registry modification will not work with the new version. Why? Because all you have to do is watch what it does to the registry on startup, and you can see the first thing it does is wonk (programmer term for overwrite) the language setting back to Korean, and then run.
This will stop a normal computer user, it won't stop a hacker, it didn't stop me. Not 5 minutes after realizing the old hack didn't work, I had the new version running in English on my machine. Easy peasy.
In short, proving the old adage that no matter how many steps a developer takes, they will never out-hack a hacker.
So why am I telling you all this...???
Well do any of you use HeroStats? http://www.herostats.org/
Or the new City Game Tracker? http://www.citygametracker.com/
Do you know how these work? No? Let me tell you. They hack the CoH client. I kid you not, they use what is the oldest game client hacking method in the book and they map out certain memory locations inside the client based on known information in the client (typically text strings) and read in key information: character name, origin, archetype, influence/infamy, XP needed, current health, max health, current end, max end, etc.
These programs are actually a much larger hack than changing the registry on your own computer. You don't own the client if you read the EULA, you only own the right to use it. But the registry on your own computer is your own, and you have the right to do with it as you please, and no computer company outside of I guess Microsoft can lay claim to it, or portions of it.
What I'm saying is that the registry modification to run the Korean CCC in English is not a hack by any stretch, despite anything Cryptic or NCSoft might try to say to the contrary, they'd be flat out wrong.
That said, they'd be well within their rights to shut down (or at least try to shut down) HeroStats and City Game Tracker because they really do hack the client which is a domain that Cryptic and NCSoft can lay claim to.
Again though, why am I mentioning this?
Now I, and I'm guessing Zloth, and maybe a few other people who have really put the time into working with CoH Demo files already knew this, but you can determine the location of blinkies from a demo file. I personally don't find blinkies difficult to find, my gripe is more that last mob on a kill all mission that is hiding behind a box you know you've looked behind 50 times before. But I've known for some time that you can do this quite easliy.
Well aparently someone got creative and wrote a program that does this for you graphically: Blinkie Finder. http://www.despertador.org/blinkies/
Now demo files are local files, and ones that Cryptic has completely said they want us to work and play with and understand. In other words, to a multitude of witnesses, they've allowed us to work with demo files. To this end I wrote the demo analyzer, and Zloth has his editor.
So again why all this?
Well see, years ago I worked with many others in hacking Asheron's call. My prior experience had been with hacking just about every Ultima game ever created.
And what I see is this. The knowledge gained by Blinkie Finder, combined with the methods used by HeroStats and City Game Tracker to hack the client put us at most six months out from seeing client hacked radar systems in CoH. You won't need to type /loc to know where you are, you won't need to record a demo to know where blinkies are, and you will know where the blinkies are relative to your current position. Perhaps, at some point, there will even be markers for them painted into the GUI window.
So, expect it, its coming. Heck its almost here now.
»
- Login to post comments
Right. I know they've been
Right. I know they've been around for a while now, but here's the difference. Before I think people largely didn't think much about what HeroStats does, and few looked into how it did its job.
The difference is now another program lifted the client hacking portion of HeroStats and is now using it to create an online character database. A great idea btw (and to some degree something Cryptic/NCSoft should have worked out on their own), because it will help us answer those questions like how many people who start Tankers take them past 20 these days, etc.
Once someone else does that, it means others are in the loop. And you're right PvP will be a driving factor - it always is. And I'm not convinced that this dev team gets that PvP is always about a leg up, and that little else matters in PvP. And that blinkie program can plot way more than just the player, blinkies, and Qs. And while that program won't help much in PvP right now, a live version would pretty much kill PvP. I mean consider that the client lists your primary target in Siren's Call, a radar system would defintely be able to display an alert when your quarry was near.
As for Vidiots? Well, outside of the badge locations, everything else on those maps is stuff the devs should have done up front with their maps, and if I were them I'd make be working to incorporate every last bit of them (beyond the badges). Badges are a whole other gripe point to me right now as in CoV certain contacts unlock with badges, and yet the game still does nothing to teach players about badges. Very poor form.
--
Circeus, Friendly/Neighborhood/Site/Admin
Starmaster, Mutant/Blaster/Energy/Fire
Mighty Quinn, Magic/Tanker/Ice/Stone
Ugh - my poor demos!
Yep - I said it was possible to do this back on the CoH beta boards when I first looked into them. We figured it really just wasn't worth the trouble to hack, it isn't like the glowies are that hard to find. This guy adds Q-Gunners, though. Frankly, if I was Cryptic, I would shut the /demorecord command off with the Pocket-D patch. That kind of change isn't the kind that needs much testing. They could just throw some heavy encryption into the demo files, instead. That isn't too terribly hard but, given this is an unsupported function, even 'not too hard' may be way too hard to justify. Ugh.
Circ, your program mostly just acts as a nice looking registry editor. If they can hassel you about letting players edit the registry then they would have to hassel Microsoft, too, for giving us RegEdit. The registry is ours. If Cryptic doesn't want us dinking around with it then they would encrypt it. Maybe they could get after you for the Diagnostics tab but that would really be a strange thing to do.
I keep expecting Cryptic to put the hammer down on client hacking. Just have something going in the background that checks data files currently not in use. Or maybe do foreground processing checks while other things are loading. Whatever. Herostats and VidiotMaps seem relatively harmless compared to some of the hacks that have gone on in MMOs but it's just begging for worse.
Normally I would disagree with the 6 months. HeroStats and VidiotMaps have been around for (what?) over a year now easily and nothing much has moved on either side. PvP is starting to get a bit more popular, though, and that's something that really tempts people. I'm sure several would be real happy to track invisible players with a hacked client.
I also wanted to add that
I also wanted to add that the main thing here is that how Cryptic responds to this going forward will define much of their future relationships with the entire third party community, myself included.
One thing right now for me is that TweakCoH can currently do things similar to what the registry modification that was used to run the Korean CCC in English. However I have not yet added any code to modify the client's language. This was however something I was considering doing for the next version (say someone French is playing on the US servers, might be useful to them). But I may now hold off on to see where this all flies.
CoH, to date, has gotten a pass. Mostly because way back Michael Lewis contacted me about it, and gave me the thumbs up to continue to develop it. In fact, I've already used that past permission to fight off the legal department once before. And it still held. Which to me is good.
My code is also not open source. I've learned from past mistakes that in the third party development community its not the best idea. There are a lot of jerks out there.
But now HeroStats is open source, as is City Game Tracker. From the looks of it City Game Tracker lifted their client hacking code from HeroStats (looks like the same exact code to me). The question is, do they have a pass like I do. I'm not sure.
I'm guessing that until now they've been tolerated. I'm not sure how much longer that will last. I'm guessing as soon as there is radar all bets are off, possibly even the stuff I've done with TweakCoH.
Heck, they might even disqualify all my mathematical work used in breaking down how the game actually works.
Within 6 months. It will all happen.
--
Circeus, Friendly/Neighborhood/Site/Admin
Starmaster, Mutant/Blaster/Energy/Fire
Mighty Quinn, Magic/Tanker/Ice/Stone