Slashdot Log In
Diablo2: Apocalypse Now!
Posted by
Hemos
on Mon Jan 01, 2001 05:48 PM
from the bad-news-for-blizzard dept.
from the bad-news-for-blizzard dept.
Weyoun writes "All those who play Diablo2 know that their characters on the battle.net 'Realms' servers are supposedly secure and unhackable. This has been the case up until a few days ago, when a group of crackers discovered a method whereby they could log on as any character. Since then, they have reigned over a virtual apocalypse as hundreds of the top ladder players have seen their items stolen (including that of one well-known Blizzard employee). Even worse, beginning last night one of the hackers began systematically murdering the top hardcore ladder players, by logging in as them and getting them killed (death is PERMANENT for them). As of yet there has been no official reaction from Blizzard, but the entire community is in a state of shock over this situation." Update: 01/02 04:30 AM by T : It appears that Blizzard has now corrected the problem. See below for more.
Gaile - DiabloII.Net sent this update: "Blizzard has posted their response to the Diablo II Realm Character losses on their Realm Status Forum. The losses have been stopped (as of this morning), and characters are secure once more on the Realms. In addition, dead Hardcore Characters will be restored automatically, on January 8th, as outlined here:
In addition, a mechanism is in place for the retrieval of items, as well. The Blizzard post is on the Blizzard Site. We'll have more soon in the DiabloII.Net Bug Bytes section, which is an overview of the current game build."[On] Monday, January 8, we will be reviving all hardcore characters who died between December 19th and January 1st. The restored hardcore characters will be revived with the experience, skills and items possessed as of Tuesday, December 19th. This restore will be automatic and players do not need to contact Blizzard to request that their character be restored. Note: Only dead hardcore characters that died between December 19th and January 1st will be revived.
This discussion has been archived.
No new comments can be posted.
Diablo2: Apocalypse Now!
|
Log In/Create an Account
| Top
| 235 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
What are you smoking? Thats how D1 was (Score:3)
And Diablo 1 was notorious for cheating! The correct answer is to centralize the important things on the server, because otherwise clients are free to modify them. Checksums are just obfuscation, unless you do crypto things to make a private key necessary to log in to your account... which, IMO, is overkill for a game. Of course, you also have to avoid bugs in your database system that completely circumvent the usual login procedure :)
Your post shows a complete lack of awareness of the history here--I think you are trolling.
It is dark. (Score:5)
You appear to be in a cave. It is dark.
north
You go north.
You appear to be in a cave. It is dark.
You are likely to be eaten by a grue.
west
Sorry, you can't go that way.
north
You appear to be in a cave. It is dark.
cast create light
You fumble over the somatic gestures for create light
look
You appear to be in a cave. It is dark.
Someone says "0wn3d j00 d00d!"
cast detect in
Your eyes tingle.
3l33t d00d says "0xDEAD 0xFFFF 0xBEEF"
3l33t d00d casts Buffer Overflow
You have been killed!
Play again? (Y/n)?
N
Feeding Frenzy (Score:5)
From reading the comments posted so far, there's a long stream of "So what? Get a life!" posts. To see that sort of thing coming from slashdot readers has got to be the biggest case of "Pot. Kettle. Black" that I've seen in a long while. It seems that even amongst geeks, there continues to be the constant need to place yourself on the next social rung up from the person beside you - to take something that someone else enjoys, and say "Hey, you're just a nerd. You should be doing something cool instead."
I don't play Diablo myself. I didn't even particularly like nethack. But being the sort of person who can happily spend an entire weekend coding, I can understand people who give their spare time away to something they enjoy, and in which they find some kind of challenge and fulfilment. And to have some fuckwits come along and callously erase all that hard work is going to hurt a hell of a lot of people.
Human nature depresses me. I say we take off and nuke the site from orbit, it's the only way to be sure.
Charles Miller
--
Re:The general flaw: server side data (Score:5)
You can't store anything client side, because you cannot trust the clients. It doesn't matter how much encryption or checksums you have on the client - the bad guys have all the code on the client, and can reverse engineer it down to the metal if they have to. They can write proxies that pretend to be properly checksummed, and behind the scenes are doing whatever they want.
The real solution to problems like this is to store everything server side, have really comprehensive backups, and really good log files.
The server must only send the clients what they should be seeing, according to the game rules.
When someone breaks something, fix the bug, and then roll back the game state to where it was when the bugs were first exploited. With sufficient backups, even if the bad guys completely take over each server, recovery is possible.
Take down the servers, rebuild their software from scratch, fix the bugs, restore the data from backup, and you are back where you started before the exploit. Then use the log files to track the crackers and sue their asses.
Slashdot had a big discussion on this subject back when the GPL'ed version of Quake led to some people creating hacked clients that gave them more capabilities than they should have had (like being able to see through walls, etc.)
You can't trust the client. End of story.
Torrey Hoffman (Azog)
call me silly... (Score:3)
My question - Will there be an official response? (Score:5)
What, if anything, will Blizzard do in the form of an 'official response' that acknowledges the cheats and lets the online community know how it will be dealth with?
As fellow slashdotters probably remember, I wrote an article on online cheating last june that was printed in Game Developer and posted to gamasutra.com [gamasutra.com]
I asked people at several companies if they would talk about exploits that had occured in their games. One of those requests went to Blizzard, asking if I could talk about what happened to Diablo 1. Now at that point in time (last spring), the cheats and exploits on Diablo 1 were well known and old news. Yet the response I got back from Blizzard was (this obviously is not the exact quote) "No - we can't talk about anything regarding any cheating on any of our games and if you did say something too specific we'd strongly discourage you as we might get mad". For the record, in the article, I discussed the various cheats in my own games (Age of Empires series) most of all.
Now, this was actually about par for the course - for every developer willing to talk, there were ten that were in public denial mode. And as you might have guessed, it's a peeve of mine. Wishful thinking won't make anything go away and it only can further hurt the honest players.
I do think the climate is shifting, and that users are becoming less tolerant of 'head in the sand' tactics by developers and publishers.
I'm waiting to see what happens next.
I'd ramble on, but I have to leave.
-Matt Pritchard
The crackers have no sympathy ... (Score:3)
-----
Blizzard may be taking action (Score:3)
Re:Interesting... (Score:3)
Re:The general flaw: server side data (Score:3)
I don't think that would go over too well at all. Players invest huge amounts of time on these games building up their characters. Imagine if an exploit existed for a week or more in EverQuest, and they rolled everybody back to their previous status, including the 250,000 players that just had an honest experience and item gain during that time. We wouldn't let Verant hear the end of it, and many of us (me included) would cancel our account.
I don't think any MMORPG maker would implement this if they wanted to stay in business.
--
SecretAsianMan (54.5% Slashdot pure)
illegal? (Score:5)
Re:ouch (Score:5)
And I guess lasting half a year without any cheating incidents is pretty good, compared to most other online games.
But there were other "cheating" incidents. Two major ones come to mind. In the first, characters were able to go "hostile" on another character from anywhere in the game. Normally you can only go hostile on another character if you are in town (where you can't attack) thus preventing a quick hostility + attack to surprise kill players.
The second hack increased running/walking speed tremendously by exploiting a feature in the game's frame rate code. This in general was not a major problem until people used it to go hostile in town and then run and kill someone.
The problem with the new hack is that it's not done in-game. The "hack" is just a bug in the server code that lets a player jump into another player's character, then join games and play as that character without ever typing in a password. At first all that happened was that characters were losing all their items (read a few threads at the lurker lounge or in the forums of www.diabloii.net [diabloii.net]) but then characters started dying. That's when the REAL uproar happened.
Frankly this disgusts me. It's one thing to use legitimate, in game features to attack, kill and steal, it's quite another to exploit a bug to do it covertly. And don't expect Blizzard to do anything about it, there have been lots of scamming and other Bad Things (tm) going on for awhile now, and even though they *could* disable specific CD keys from Battle.net, they apparently refuse to do so.
Stronger encryption isn't the answer either, incidentally, since it's a bug in the server code (or, so says the forums).
Re:The general flaw: server side data (Score:4)
And keep in mind that an attack can consist of something as crude as stealing a whole computer, lock, stock, and barrel. That's a lot more efficient than working across the network, believe it or not. I can't speak for all corporations, but most majors have their key servers in rooms with alarms and/or armed guards. I'll bet that your backups aren't stored in such safe conditions.
This is the same fallacy that leads people to be scared while the plane is landing, and then be blase when they pull out onto the freeway. Guess which of those is more dangerous?
Screw online, just play alone or w/ friends. (Score:4)
As if there wasn't enough about b-net to be pissed over already.
This is just UO-"Death of Lord British" all over again. Yet another blow to online gaming. How many more companies are gonna step up and offer this for free if this keeps up? And, boy, wasn't UO a colossal rip-off anyway? You pretty much HAD to treat it like a job to get your damn money's worth out of that dog. I'm glad that noone else has attempted to put out a purely ol game since.
We now have one more example of why parents should just buy their snotty little brats consoles instead of P5s. Better yet, just buy them a pack of playing cards and watch them crow about their superiority through cheating at solitaire.
My real point is that I don't play with anyone online anymore. It's ALWAYS a fucking mistake and a bad return on the investment(time/money/stress). It's been proven on every ol game that unless you have someone supporting you so you can play 16 hours a day, you might as well forget having fun with anyone you don't personally know. Unless you can track someone down and kick their ass physically as a means of enforcement, there is nothing preventing them from using any number of means to thumb the scales.
Actually, I've found that even hacks don't need to be employed. All you really need is Google and the time and seediness to want to learn the bunny-strafe or the x-unit rush or the gold-multiplyer exploit or the mystery-vertex-glitch camping spot. And if your opponent is just up for casual play, well, he wanted to be meat. If he was serious, he'd be scouring the web as well. Since when did I need to be serious about a fucking game?
And ol guilds as a response/defense is specious at best, due to its status as more of a symptom of the disease rather than anything close to a cure. I bet T-cells in an AIDS victim have similar conversation threads as the PKK-guilds and whatnot.
Realms was a puss-ass attemp at a gated community, anyway. Well, freaks can still ride in through the front gate if they are in the parent's back seat. Or if they're employed by the residents. Or if they just plain have the time/energy/malicious boredom.
Of course Blizzard hasn't said anything. This activity negates one of the promises that made me even buy their software. They can't respond until they can close the hole. And they won't be able to close the hole for a good while(the next 12 hours would qualify as that). Anyone want to lay money on the security of their CD-key system now? Anyone want to lay money on whether the crackers were using valid CDs?
In any case, this is one more reason why I don't factor online play into any of my game purchases anymore.
ol != fun^sum(players)
Wow, who didn't see this coming... (Score:5)
The only computer that can't be hacked over the internet is a computer that can't be accessed over the internet.
Dark Nexus
prosecute for what? (Score:5)
I'll admit I don't know what you have to agree to when you play on battle.Net, but I can just see the case:
Prosecutor:
Your honor, the defendant killed off a top 10 hardcore character after stealing a Bow of Major Virtue from him. He created a character by the name of Pokedin, who he obviously should have known was a high-level characters name, and tried to connect with this character name until he got in. After he connected, he then allowed this character be killed. Since our client was playing a hardcore realm character, he could then not reconnect as his character. We suing for lost time my client spent building this character up, damages in the amount of 834,342 gold pieces, one pair of Plate Boots with +40 to mana, and three dates he passed on to play the game.
Yeah...it sucks, but I doubt it'd fly.
Re:Teaches them a lesson (Score:3)
Not like that classic car you spent years and thousands of dollars restoring. That could Never get totalled in an accident afterall.
Or that house that you planned for half your life and had to have wood shipped halfway across the country from the mission church it used to be in. That could Never burn down.
Or that friend of yours you've known for a decade. He could never be in an accident or get a disease or be mugged or fall off a building or have a piano dropped on him..
Get a clue, everything in life is transient. How you choose to spend your time is Your choice. If you have more fun with games than with any of the other hobbies humans find to fill our meaningless little lives, then play on. If you don't, then go out and get wasted at a club or go to church or whatever other pointless activity you feel gives your existence a purpose. But if all that makes you feel worthy of living is telling people how pitiful they are for getting upset at having something they labored to create destroyed, go do it elsewhere.
The Craven (Score:5)
Once upon a millenium dreary, while I pk'd, weak and weary,
Over many a faint and furious game of DiabloII,
While I killed 'em, illiciting yapping, suddenly there came a hacking,
As of some one gently a-hacking, hacking at my character's door.
"'Tis some rapist," I muttered, "hacking at my character's door-
Blizzard: "Only a ladder quirk, and nothing more."
Ah, distinctly I remember it was in the bleak December,
And each separate dying hardcore wrought its ghost upon the floor.
Eagerly I chugged a bull;- vainly I had sought to mule
From my PC internet of lust- all my items turned to dust-
For the rare and radiant things with my Amazon bonded-
All were quickly by evil absconded!
And the anguished cries of all those that died & lost sweet things
Saddened me- maddened me with fantastic terrors never felt before;
So that now, to still the beating of my heart, I stood repeating,
"'Tis some hacker entreating entrance at my character's door-
Some late hacker entreating entrance at my character's door;-
Blizzard: "Only a ladder quirk, and nothing more."
Presently my soul grew stronger; fervently I sought of Schlonglor,
"Boy," said I, "or Madam, truly your assistance I implore;
But the fact is I was napping, and so gently it came a-hacking,
And so faintly it came a-hacking, hacking at my character's door,
That I scarce was sure I heard you"- here you (Blizzard) opened wide the door;-
Schlonglor replied, "Deal with it!".
Deep into that toilet peeing, long I stood there wondering, fearing,
Doubting, dreaming dreams no heroes ever dared to dream before;
But the silence was unbroken, and from Blizzard came no token,
And no word there spoken, all my characters lay dead & broken
Blizzard: "Only a ladder quirk, and nothing more."
Back into Bnet a-turning, all my soul within me burning,
Soon again I heard a hacking somewhat louder than before.
"Surely," said I, "surely that is something at my windows 98 Reg?:
Let me see, then, what the threat is, and this mystery explore-
Let my heart be still a moment and this mystery explore;-
Blizzard: "Only a ladder quirk, and nothing more."
Open here I flung the shutter, when, with many a flirt and flutter,
In there stepped a stately Craven of the saintly days of yore;
Not the least obeisance made he; not a minute stopped or stayed he;
But, with mien of lord or lady, perched above my character's door-
Perched upon a bust of Diablo just above my character's door-
Perched, and sat, and nothing more.
Then this ebony turd beguiling my sad fancy into smiling,
By the grave and stern decorum of the countenance it wore.
"Though my character be shorn and shaven",
Thou I said, "art surely a Craven,
Ghastly grim and ancient craven wandering from the Nightly shore-
Tell me what thy lordly name is on the Night's Millenium shore!"
Quoth the Craven, "You've been jacked, w h o r e."
Something kind of Ironic (Score:5)
good.. (Score:3)