Welcome to Jester's Trek.
I'm your host, Jester. I've been an EVE Online player for about six years. One of my four mains is Ripard Teg, pictured at left. Sadly, I've succumbed to "bittervet" disease, but I'm wandering the New Eden landscape (and from time to time, the MMO landscape) in search of a cure.
You can follow along, if you want...

Saturday, June 2, 2012

Rabbits (and moles) provide good intel

Sigh.  As I've said a couple of times, every time I feel like I've hit bedrock in this game, someone shows me another level.  Or in this case, a rabbit hole.  Also, WARNING: this could be (and hopefully is) a massive troll.  But Mythbusters would judge it plausible, and so do I.

First, you'll need some background.  As you know, I sometimes futz around with various programming calls to EVE API data.  I also consider myself a rank amateur at this.  I've played around a tiny bit with EVE database calls, but it's been well known for a while that there were interesting things being done using Python to make database calls directly to the EVE client (called "injection").  And as background we all know how competitive this game can get, particularly when something like the Alliance Tournament is involved.

This sort of thing is used on Kongregate to earn their achievements all the time, for instance.  You have a Kongregate Flash game running on your brower.  The data from the Flash game is accessible through memory.  With the right tool, you can pause (either naturally or unnaturally) the Flash game, change the data right in it, un-pause, and the game will continue with your changes.  Want to get the Kongregate achievement for earning 100,000 points in a particular game?  This was an easy way to do it: read and change the data right in the game itself through injection.  Your score would jump to 100,000 points, Kongregate would see that, and award you the achievement.  No muss, no fuss.

OK, here we go.  Prepare to get a little sick to your stomach.

It was pretty well known for a while that with locator agent injection, the game actually supplied more or less exact coordinates of the pilot in a system.  It was just the game converted those coordinates into either "in a station" or "not in a station" because the coordinates of the stations were things that the game could look up.  But if you could access those calls directly, the scanner call told the location of pretty much everything in the system.  Given this information, you could triangulate the location of a ship based on the locations of known celestials around them and get a pretty good idea of the first place to put your scanner probes.  Do the math well enough and you could just drop scanner probes right on them, even so far as dropping a probe close enough to them to decloak them.

As Leboe put it on FHC:
3: Devoid
4: Kisana
5: Eredan
6: [pilot name]
x: -113051786385.48347
y: -13798016091.017052
z: -141362124646.32602
Yes, this has been fixed.  But now Dark 0men is saying it goes even farther than that.

There's a discussion going on on FHC about various Alliance Tournament tactics used in past tournaments.  And he's claiming... well, let's start with his own words:
My stuff wasn't locator agents at all. You see, EVE has a "put item into inventory" function call. Where "inventory" is maybe a hangar, and "item" is some ammo or a mod or, if you are a cheater just screwing around, someone's character ID. Obviously, the latter would fail and not do anything, but! It would fail with a Python exception. A Python exception with the database row for the item. So you could try to put someone's character into your ship cargo, and EVE would helpfully tell you their location.

Now, the location for a character would be their ship item ID (or a station, if they've been just podded and aren't in a pod yet). You would then try to put their ship in your cargo, and get the ship type and solar system/station.
This is a bit technical, so I'll translate.  Basically, this is a Python injection asking the game to do something impossible: put a character into a ship as cargo.  The attempt would fail, of course ("generate an exception"), but in the process, the exception would give you the character's "ship ID", an EVE database record locator.  You could then try to put this ship ID into your cargo, that would again fail, but would helpfully supply you with that character's ship type and location.  According to a chat log from IRC, the output of this bit of code looked like this:
[pilot name] [corp] <alliance> (online) // Drake (1560855321) "Cinderella" // Ruerrotta IV - Moon 2 - Combined Harvest Plantation

How was this used in Alliance Tournaments?  Glad you asked.  The claim being tossed around is that Pandemic Legion, knowing the names of the pilots that would probably be flying against them in matches, would run this Python injection against all of those pilot names in the minutes leading up to an AT match.  While the pilots they were to fly against were waiting for a GM to move them to the tournament grounds, PL would be supplied with the exact ship types of the ships they were sitting in.

Again, this could be a troll.  It would be trivial to forge these logs.  But it sure sounds plausible given the dramatic success PL had in past ATs, doesn't it?  At the time, we all assumed it was because PL just had good spies in the alliances they were flying against.  But it strikes me as just as likely that they had a mole working for them: the game itself.


  1. I'm surprised you havn't heard of the Sphere before Jester...

    PL fishing team, half of the PL supercapital fleet local cloaked, the PL suicide gank tool and the newly updated autoscanner.


  2. And then you got incarna, that changed this mechanic. With incarna, when you are docked, you arent in a ship anymore and so this fails.
    And then PL looses last AT and gives the excuse that their spy network wasnt good enough to find Hydra fits... They just couldnt use this trick anymore!

    Now we know what is The Sphere!!! Its the eve client....

  3. This seems... too conveniant and easy to be true.

    And think about it; PL are known for their spy network and metagaming -- bringing the right counter to an enemy setup is what they do best (even if it's just a supercap blob) -- /and/ their theorycrafters are great.

    People who exploit rarely take less than full advantage of their upper hand if they can get away with it and PL have been participating in- and winning in many alliance tournaments; tournaments where - if the source is to be trusted - this technique was used. Of course, sooner or later leaks occur; someone finds out about your dirty little secret - the more you use it, the sooner it happens - and yet this particular 'leak' occurs /just/ before this upcomming alliance tournament. Not last year; not the year before; /this/ year, not long after there was a bunch of whining about PL not getting Hydra'd from the tournament.

    Coincidence? I think not. ;-)

  4. i swear, sometimes i find methods of cheating more interesting than the actual game.

  5. I think the IRC logs are trolls (anything posted by MS), but the old locator stuff is legit.

  6. Nah, just a troll. Probably by a bitter banned Hydra/OB pilot.

    If you go back and watch the past ATs (available on CCP's Youtube channel), esp. the ones where PL first dominated, you'll notice that they simply had some damn interesting and unique setups (which were later copied by everyone and their mothers) and knew how to use them effectively. Whereas their opponents either brought "standard" small gang PVP setups or weird setups which were simply fail, and/or were not as well coordinated as a team. It is pretty obvious from watching the matches that they didn't need to cheat to win.

    As for last year, if PL had known their opponent's setup, in advance, it is likely that they would not have lost as early as they did.

    It is far more likely that Hydra and OB were the ones actually using this exploit last year, given how both of them - best 'o buddies - coincidentally, managed to make it to the finals. As demonstrated this year, cheating doesn't really bother them.


    1. LOL. It either IS a troll and the method is false or it ISN'T a troll and the method is real. It isn't a troll AND real AND used by the other guy. You're funny.

  7. If true, (and that is a big if)

    Could it be that some ex-CCP employees in PL knew about this?

    If so, what should the consequenses be?

    This might get interesting....

  8. No1 programming rule: the client is in the hand of the enemy. The client shall never know information that we don't want to share with the user.

    So if the EVE client can make erroneous calls, it should only get a generic "an error occured" message. Anything else is some capital fail on CCPs part.

  9. Troll? Nope, not likely.

    Face it, this is software, anything the EVE client potentialy has access to an "attacker" who messes with its memory of communications has access to. An analogy; anyone remember Sonys PSN "issue" last year when they "lost" their customers credit card information? Why did that happen? Very simply put, software APIs available via the Internet had access to internal systems deep inside Sony that in turn had access to the credit card information and the internet accessible piece of software had the means (though not intended) to transport the data from its secure storage through to the Internet, so someone did.

    If you connect two pieces of software and, for convinience and to reduce maintainence cost, make their integration object oriented and generic so that you can transport anything in between them as the software evolves, that in principle means anything available to one piece of software is available to the other even though it has no code for retrieving it. In a configuration like this you would have to explicitly filter the data coming from an internal system to the external and that is very hard, especialy so in a game like EVE where the client would actually need to be able to retrieve this data for the character running in the client, but not any other character.

    I'm not suprised at all by this story and given the screenshots higher up in the coments, I would say "Confirmed".

  10. Make the tourney really fair and piss off everyone. Have CCP provide the ships and fits for each round with an announcement 30 minutes before each round of what will be available from a pool of ships so you could have racial variants. Alternatly, have each team submit a fleet roster before the tourney with ships and fits and if found using anything else, you get disqualified. Have each team provide a public key for encription/decription with their initial application and then have them submit their roster and fits using it only after a team gets acceptance to the tourney.

    It is easy to put a stop to the metagaming bullcrap, borderline EULA violations and so on that goes on with the tourney with just a little forethought. Obviously CCP hasn't put this forethought into the process or is giving tacit approval of what goes on. You want the olympics of internet spaceships, then put some thought into it about why the olympic rulebook is so long and so precise and the equipment specifications for a lot of events are also very specific.

  11. Troll or not, in a game where terms like "honor" and "integrity" are considered punchlines, I would expect behavior no less than this.

  12. The thing is correct. The eve-api actually spits it out so you can do offline analysis.


    I'm actually planning on doing something with this in conjunction with my own location services and charging a premium on it.

  13. Can anybody verify whether this definitely used to work?

    If it did work then it's almost certain that someone used it in the past. We'll probably never know exactly who, however.

  14. "But it sure sounds plausible given the dramatic success PL had in past ATs, doesn't it? At the time, we all assumed it was because PL just had good spies in the alliances they were flying against."

    People usually overestimate the effect that spies within alliances have on the tournament. Most alliances segregate their tournament team from the general population and the best teams are from smaller alliances that are hard to infiltrate.

    Passive observation on the test server has a much bigger effect, but even it has significant limits. Even knowing all the setups a certain alliance has tested doesn't tell you which of those setup they will bring in any specific match.

    The best way to predict what you're up against has always been a good grasp of game theory. Look at what setups a team has brought before, look at what's popular that year, and try to gauge what they will be expecting when they look at you.

    Although if you really want the hidden secret of PL's tournament success over the years there's really only one fact you need to know: We've had practice ops (each 3-6 hours long) on 6 of the last 7 nights.


Note: Only a member of this blog may post a comment.