test content
What is the Arc Client?
Install Arc

How could the AH exploit have been possible?

cinteccintec Member Posts: 8 Arc User
edited May 2013 in General Discussion (PC)
A simple question. I've read in numerous places that the same exploit was encountered in STO which is run by this company. Think about this for a second - In a game where the economy means so much to the developers because a stable economy = profit for them how could they not have a rock solid auction house system in place. Think about how stupid/crazy it is that you could enter a negative number for a bid, or in any currency related text field in the game... How could the developers of the game miss this exploit?? Especially when they have had it happen before in another game?

Intentional? Weed out the exploiters, make examples of them? Generate publicity for the game? Initially negative publicity, but it's still publicity. Once things settle down it may lead to more players possibly? Is there someone at Perfect World/Cryptic crunching the numbers from previous games and seeing "that exploit generated a lot of publicity, and although it was negative publicity we actually have seen a surge in new accounts in the aftermath." If the numbers consistently showed something like that I bet they would manufacture such an "exploit" just to get more accounts, and more potential paying customers. (conspiracy theorist in me)

I'm just trying to wrap my mind around how such a simple exploit could make it past the development team. Why would "-" be allowed to be attached to any number in this game by a player? Unless it was actually a complicated process to begin these negative auctions, I don't know, I wasn't part of it.
Post edited by cintec on

Comments

  • terradraconisterradraconis Member, Neverwinter Beta Users, Neverwinter Guardian Users, Neverwinter Knight of the Feywild Users Posts: 17 Arc User
    edited May 2013
    Easy it was in the web to game engine database conversion. One dropped symbol can break key bits of that.

    [SIGPIC][/SIGPIC]
  • bookwyrmmbookwyrmm Member, Neverwinter Beta Users, Neverwinter Guardian Users Posts: 94
    edited May 2013
    I am not a coder by any stretch of the imagination, but I have worked on more than a few database designs, and the sheer volume of code that something like this would encompass is massive - hundreds of thousands of lines of code just for the AH alone. And yes, one tiny little error on one innocuous looking line of code could have been enough to make it happen.
    "Not all those who wander are lost." J.R.R. Tolkien
  • terradraconisterradraconis Member, Neverwinter Beta Users, Neverwinter Guardian Users, Neverwinter Knight of the Feywild Users Posts: 17 Arc User
    edited May 2013
    exactly with this all it takes is one typo or one slip of a finger and if it compiles and otherwise works perfectly there is no indication of a problem unless you do the specific action that is broken.

    [SIGPIC][/SIGPIC]
  • bluedarkybluedarky Member Posts: 1,232 Arc User
    edited May 2013
    The code was updated from when STO had the exploit as it wasn't possible ingame, however someone missed it when debugging the gateway and it's inter-connectivity.
  • clockwerkninjaclockwerkninja Member, Neverwinter Beta Users, Neverwinter Guardian Users Posts: 0 Arc User
    edited May 2013
    This is very simplistic flaw in the web code. The real magic would be in the making of those AD and good disappear into the ocean of toons. Off the top of my head, I give myself a 80% chance of success should I decide to exploit a game in this beta state and profit . I would rather be a beta tester given he option tho, feels less sleazy to me.

    You can not blame some people for trying to eat. It falls on Cryptic to secure their **** before taking in money,and failing that they better **** well do all they can to make it right.

    I let myself get comfortable with spending on open beta for f2p games because I felt it helped cover development. I have been an advocate of open source software for a long time,and the f2p market has been a keen interest of mine for a few years now. I have taken to beta testing as a hobby. I let NWO get personal however because of my love for the license and I grew up on Ad&D.

    As it stands right now, my next venture into beta I will probably be a bit tighter on my wallet.
    [SIGPIC][/SIGPIC]
    Quote Originally Posted by roents
    It's an "open beta" that can't be wiped even in the midst of multiple economy destroying exploits. FUN
  • crystylcrystyl Member Posts: 0 Arc User
    edited May 2013
    Software can often have unexpected results from tiny mistakes. In reality what difference does it make "HOW" it happened. It was not deliberate. What was deliberate was it's exploitation by players who didn't care that it was wrong. When it was discovered it was addressed as soon as possible and the dev team kept us all informed of their findings. If you know people who took advantage of it they were cheating not playing the game. Ask them "WHY?"
    "pay to WIN"? Ok you win! now go away and let the rest of us "Play in Peace" without your whining!
  • knightfalzknightfalz Member Posts: 1,261 Arc User
    edited May 2013
    cintec wrote: »
    A simple question. I've read in numerous places that the same exploit was encountered in STO which is run by this company. Think about this for a second - In a game where the economy means so much to the developers because a stable economy = profit for them how could they not have a rock solid auction house system in place. Think about how stupid/crazy it is that you could enter a negative number for a bid, or in any currency related text field in the game... How could the developers of the game miss this exploit?? Especially when they have had it happen before in another game?

    Intentional? Weed out the exploiters, make examples of them? Generate publicity for the game? Initially negative publicity, but it's still publicity. Once things settle down it may lead to more players possibly? Is there someone at Perfect World/Cryptic crunching the numbers from previous games and seeing "that exploit generated a lot of publicity, and although it was negative publicity we actually have seen a surge in new accounts in the aftermath." If the numbers consistently showed something like that I bet they would manufacture such an "exploit" just to get more accounts, and more potential paying customers. (conspiracy theorist in me)

    I'm just trying to wrap my mind around how such a simple exploit could make it past the development team. Why would "-" be allowed to be attached to any number in this game by a player? Unless it was actually a complicated process to begin these negative auctions, I don't know, I wasn't part of it.

    The simple answer is, some people screwed up.

    Not the first time in history, and not the last.
  • clockwerkninjaclockwerkninja Member, Neverwinter Beta Users, Neverwinter Guardian Users Posts: 0 Arc User
    edited May 2013
    crystyl wrote: »
    Software can often have unexpected results from tiny mistakes. In reality what difference does it make "HOW" it happened. It was not deliberate. What was deliberate was it's exploitation by players who didn't care that it was wrong. When it was discovered it was addressed as soon as possible and the dev team kept us all informed of their findings. If you know people who took advantage of it they were cheating not playing the game. Ask them "WHY?"

    This is not true however, the exploit was reported to Cryptic as early as closed beta. It was also present in STO at launch. This was a major oversight ...I mean epic..
    [SIGPIC][/SIGPIC]
    Quote Originally Posted by roents
    It's an "open beta" that can't be wiped even in the midst of multiple economy destroying exploits. FUN
  • bluedarkybluedarky Member Posts: 1,232 Arc User
    edited May 2013
    You can not blame some people for trying to eat. It falls on Cryptic to secure their **** before taking in money,and failing that they better **** well do all they can to make it right.

    The issue wasn't that people were trying to eat, it was that they found out how to get paid for eating and rather than tell Cryptic and move on, told everyone how to do it too.
  • skylia120410skylia120410 Member Posts: 123 Bounty Hunter
    edited May 2013
    @crystyl love the signature had to say that and yea I am with everyone here one tiny tiny mistake in code is all it took most likely
    [SIGPIC][/SIGPIC]
    Character handle:@skylia120410
    (www.gwfnw.weebly.com)
    GWF GUIDE SITE: Still being worked on not 60 yet
    Divine Misfits (one of the Guild Leaders)(Guild Site Manager)
    www.divinemisfits.guildlaunch.com
  • bluedarkybluedarky Member Posts: 1,232 Arc User
    edited May 2013
    This is not true however, the exploit was reported to Cryptic as early as closed beta. It was also present in STO at launch. This was a major oversight ...I mean epic..

    The gateway wasn't in closed beta, if it was reported in closed beta then it would have been through the ingame interface which was fixed.
  • clockwerkninjaclockwerkninja Member, Neverwinter Beta Users, Neverwinter Guardian Users Posts: 0 Arc User
    edited May 2013
    bluedarky wrote: »
    The issue wasn't that people were trying to eat, it was that they found out how to get paid for eating and rather than tell Cryptic and move on, told everyone how to do it too.

    No, I literally mean Asian gold farmers trying to eat..IRL..If I lived in that condition, knowing what I know now...You **** right..

    Check this link for an insight into gaming underground.
    http://www.youtube.com/watch?v=ho5Yxe6UVv4
    [SIGPIC][/SIGPIC]
    Quote Originally Posted by roents
    It's an "open beta" that can't be wiped even in the midst of multiple economy destroying exploits. FUN
  • cinteccintec Member Posts: 8 Arc User
    edited May 2013
    This is not true however, the exploit was reported to Cryptic as early as closed beta. It was also present in STO at launch. This was a major oversight ...I mean epic..

    This is where I'm coming from. I've heard the same rumors that it was reported early on in two diff games and yet still surfaces now after they have opened up the real money portion of the game. I don't mean to be harsh but I view Cryptic/Perfect World with a dose of skepticism as to their ability to properly manage this game and safeguard our time investment in the future. Don't get me wrong, I'm not jumping ship, just... wary.
  • clockwerkninjaclockwerkninja Member, Neverwinter Beta Users, Neverwinter Guardian Users Posts: 0 Arc User
    edited May 2013
    bluedarky wrote: »
    The gateway wasn't in closed beta, if it was reported in closed beta then it would have been through the ingame interface which was fixed.

    The gateway exploit , correct..but many of the rest were...my post shoulda read "the exploits" ..Sry about that.
    [SIGPIC][/SIGPIC]
    Quote Originally Posted by roents
    It's an "open beta" that can't be wiped even in the midst of multiple economy destroying exploits. FUN
  • varkhus2013varkhus2013 Member, Neverwinter Beta Users, Neverwinter Guardian Users Posts: 30 Arc User
    edited May 2013
    Another thing that irks me is, when we post an auction, the deposit comes out of our stored astral diamonds. When we place a bid on an item, the diamonds come out of our stash. In either case, the actual diamonds are moving from one place to another. This exploit allowed diamonds to be created out of thin air! They weren't real diamonds that someone had someplace...the system decided (incorrectly) that X player was owed 2 million diamonds (or whatever) and so it just conjured them up from nothing??? Jeezus.
  • bluedarkybluedarky Member Posts: 1,232 Arc User
    edited May 2013
    No, I literally mean Asian gold farmers trying to eat..IRL..If I lived in that condition, knowing what I know now...You **** right..

    Check this link for an insight into gaming underground.
    http://www.youtube.com/watch?v=ho5Yxe6UVv4

    You do realize that people from the majority of Asia can't play this game right?

    https://support.perfectworld.com/app/answers/detail/a_id/1635/kw/region%20block
  • thehalostrikethehalostrike Member Posts: 63
    edited May 2013
    its what happen when your lazy and copy STO AH code.
  • bluedarkybluedarky Member Posts: 1,232 Arc User
    edited May 2013
    This isn't the STO bug, this is an entirely different bug that had the same effect (yes this is possible).

    The bug in STO was through the ingame Exchange window, the bug in NW was through the gateway and couldn't be done ingame.
  • clockwerkninjaclockwerkninja Member, Neverwinter Beta Users, Neverwinter Guardian Users Posts: 0 Arc User
    edited May 2013
    bluedarky wrote: »
    You do realize that people from the majority of Asia can't play this game right?

    https://support.perfectworld.com/app/answers/detail/a_id/1635/kw/region%20block

    Your point? Anywhere their is opportunity, and a decent exchange rate you will find the same practice. Who could blame poor nations from proffiting of American video games..honestly, its a video game...Still does not mean I do not want to prevent it as much as possible..

    check you mail box a few times a week and I am sure you will find evidence of their strong presence in NWO.
    [SIGPIC][/SIGPIC]
    Quote Originally Posted by roents
    It's an "open beta" that can't be wiped even in the midst of multiple economy destroying exploits. FUN
  • hatey0hatey0 Member, Neverwinter Beta Users, Neverwinter Guardian Users Posts: 22 Arc User
    edited May 2013
    For anyone interested in a technical theory:

    The bug probably arose when converting the game engine code (written in C++/c#/whatever) to a server based language (php/whatever). This bug could originate from a data-type problem. In C++ you can use unsinged integers (data type which only allows positive values) in a situation where you would not want negative numbers (such as an auction house bid). The problem comes when you tell someone to convert the AH to a web app, since PHP doesn't support unsigned ints the person converting it probably missed what seems like a small problem. They figured that since they already did a QA on the ingame one, that this one must be good to go.

    What amazes me is that they actually never did any QA on it. The first thing you do in QA is try all types of inputs (min-1, max+1, max, min, max-1, random, etc). How a "professional" company could skip something like that is just insane.
  • bluedarkybluedarky Member Posts: 1,232 Arc User
    edited May 2013
    hatey0 wrote: »
    For anyone interested in a technical theory:

    The bug probably arose when converting the game engine code (written in C++/c#/whatever) to a server based language (php/whatever). This bug could originate from a data-type problem. In C++ you can use unsinged integers (data type which only allows positive values) in a situation where you would not want negative numbers (such as an auction house bid). The problem comes when you tell someone to convert the AH to a web app, since PHP doesn't support unsigned ints the person converting it probably missed what seems like a small problem. They figured that since they already did a QA on the ingame one, that this one must be good to go.

    What amazes me is that they actually never did any QA on it. The first thing you do in QA is try all types of inputs (min-1, max+1, max, min, max-1, random, etc). How a "professional" company could skip something like that is just insane.

    Someone handed off the web test to a new hire or intern who wasn't fully briefed on what to test it with it seems.
  • estsuestsu Member Posts: 0 Arc User
    edited May 2013
    bluedarky wrote: »
    Someone handed off the web test to a new hire or intern who wasn't fully briefed on what to test it with it seems.

    I think more likely no testing was done at all.
  • bluedarkybluedarky Member Posts: 1,232 Arc User
    edited May 2013
    estsu wrote: »
    I think more likely no testing was done at all.

    I doubt that, there had to be at least some basic testing otherwise it wouldn't have worked at all.
  • drinnthdrinnth Member Posts: 227 Arc User
    edited May 2013
    It was likely due to something along the lines that the scripting language for the Gateway does not allow for unsigned integers or an normal integer was used in place where an unsigned integer should have been used. This allowed for negative entries and ended up in disaster and is likely why the AH is down until they can code a fix. And just changing the existing variable has horrible consequences when used throughout the current code, it may take a while to track down all the bad references and verify the repair. So give them a little time, this is not a 1 hr job. Yep, me getting my computer geekism on.

    EDIT: Bah need to learn to read someone already beat me to the explanation. Sounds like unit testing failed on the web side or was overlooked. Or it was tested and worked but an older version of the web code was uploaded by mistake where it was bugged. I've seen crazier stuff happen during software validation esp when dealing with multi-vendor code updates that love to break the basics.
  • xilinearxilinear Member Posts: 140 Arc User
    edited May 2013
    Reason for bug is that the devs are all graduates of the University of Phoenix
Sign In or Register to comment.