Vault - FYI: Technical background of exploits

Vault › General › DDO-Specific Discussion › FYI: Technical background of exploits

(Moderator: Strakeln)

‹ Previous Topic | Next Topic ›

Page Index Toggle

Pages: [1] 2

Hot Topic (More than 35 Replies)

FYI: Technical background of exploits (Read 13893 times)

SweetKitten Waterworks Kobold Offline Meeow Posts: 125 Joined: May 23^rd, 2013	FYI: Technical background of exploits Jun 12^th, 2014 at 4:34am	Print Post
	Had the idea to write some words about the technical background of exploits, so here's my point of view. Nearly all exploits are based on the simple fact, that DDO does not have a transactional database management system (DBMS). Of course i can't prove this fact, but i worked a very long time in software architecture, specialized in distributed DBMS systems and had to fight similar bugs (exploits). I don't know what these guys are using, but it's surely not a SQL based system, it smells like a homebred OODBMS for object persistence, which means you have to code every single query, no easy scripts for fixes or reports. Further there are also no relation based structures, i'm sure the whole system is a hardcoded OOP hell without any second thought on a multi-tier architecture. To the core: A database transaction is generally atomic. That means, it is either done completely, or it is not done. To move an item from the bag to the shared bank you will have to modify two places (let's call them tables for simplicity) in the storage system. In table A (the bag) one record (the item) will be deleted, in table B (the shared bank) one record (the item) will be inserted. In a healthy DBMS you just start a transaction, do what ever is needed, fire a commit if all is ok and both tables are changed. If your connection will break between the operations, the DBMS will do an automatic rollback, no table is changed. Notice something? All exploits based on DC'ing interrupt the coded operations and leave one table in inconsistent state. The newest changes in DDO paint a disgusting picture about the DDO codebase. The devs have started to fix the exploits in the client ("exclusive windows"). This is terrible, since this will leave the DDO server system buggy and massacre the user interface to the annoyance of all players. This is terrible, since it proves that noone at turbine is brave or skilled enough to change the server code. This is terrible, since it leaves the system wide open for a "man in the middle" attack. This is terrible, the ultimate exploit tool just needs to capture and modify/resend messages from the client to the server. Be creative� And now for the Turbine readers: There is one simple solution to fix the given "move item" security hole: Remove the clientbased code sequences and implement a server based new function MoveItem(item, fromContainer, toContainer). No need to touch your barely running system, just an additional function. And now search for a developer brave and skilled enough to change your network api and remove the retarded exclusive window shit.
	« Last Edit: Jun 12^th, 2014 at 8:52am by SweetKitten »

	IP Logged

DropBear Dropbear Awareness Society Offline Don't forget to look up.... Posts: 4380 Location: Landdownunder Joined: Oct 11^th, 2013	Re: FYI: Technical background of exploits Reply #1 - Jun 12^th, 2014 at 4:54am	Print Post
	Nice summary Sweetkitten.... You trouble maker you.

	http://www.australianmuseum.net.au/drop-bear
	IP Logged

Rubbinns The Undeserving Fuckwit Offline I Love Drama! Posts: 10460 Joined: Sep 4^th, 2013	Re: FYI: Technical background of exploits Reply #2 - Jun 12^th, 2014 at 6:52am	Print Post
	SweetKitten wrote on Jun 12^th, 2014 at 4:34am: Be creative� I saw someone flying straight up into the air today in Meridia. That was after he duped ingredients.

	Mockduck wrote on Aug 30^th, 2010 at 2:20pm: I don't think naming names would be a good thing for me to do, but I'd pretty much add anyone who's a know-it-all dick on the list.� Even if they are sometimes intelligent with their opinions, the way they state them in long, "i'm a lawyer at trial"-type posts makes me want to punch them in the face.� They act like whiney babies with god complexes and then freak out if someone so much as breathes criticism in their direction.
	IP Logged

OneUpGamer Dragon Raider Offline Posts: 226 Joined: Mar 10^th, 2014	Re: FYI: Technical background of exploits Reply #3 - Jun 12^th, 2014 at 10:09am	Print Post
	SweetKitten wrote on Jun 12^th, 2014 at 4:34am: This is terrible, the ultimate exploit tool just needs to capture and modify/resend messages from the client to the server. Crunch 35 CoVs for Potion of Spellpower (+25). ..techy sorcery to find and open message.. Edit message to say 100 CoVs for Heart Seed recipe instead. Mmmmmm...

	~~~~~~~~~~~
	IP Logged

Dickbutt Titan Demolisher Offline Richard Butkus Posts: 386 Joined: Aug 18^th, 2011	Re: FYI: Technical background of exploits Reply #4 - Jun 12^th, 2014 at 11:00am	Print Post
	OneUpGamer wrote on Jun 12^th, 2014 at 10:09am: Crunch 35 CoVs for Potion of Spellpower (+25). ..techy sorcery to find and open message.. Edit message to say 100 CoVs for Heart Seed recipe instead. Mmmmmm... Not quite. Any of the exploits that were fixed by having x close when y opens can be reproduced by simulating the required interaction with x, while y is open. This assumes that the fix is entirely client side. i.e. If an exploit requires putting something in the bank, you can still send the necessary request to put it in the bank, without the bank UI open. This wouldn't work if the server keeps a state of whether the bank is open or not, appropriately flips the state when other things happen, and doesn't allow bank interaction while the state if off. That is very unlikely, however.


	IP Logged

Flav Vault Frog Offline One Frog to Rule them All! Posts: 10011 Location: Land of the Frogs Joined: Aug 29^th, 2010 Gender:	Re: FYI: Technical background of exploits Reply #5 - Jun 12^th, 2014 at 11:22am	Print Post
	Hmm, honestly, while there's some ideas in the opening post... I could do what occurs with the DC Exploits with Sybase. ( and that's a Relational DBMS with SQL and all the stuff ). I've done it because I had in my former job, I've seen it occurs naturally ( if you can call that natural ) in my former job and been called a Oh Indecent Hour to fix it. It can be caused simply by the fact that doing the action fires sequentially two different scripts that updates tables in two different databases... if the monkey that did the coding didn't know more than basic SQL.

	Yes my avatar is an Hermine eating a Greenland Lemming for brunch.
	IP Logged

eighnuss Epic Poster Offline ด้้้้้ ͩͩͩͩͩͩͩͩͩͩ ͩͩͩͩͩͩ Posts: 3532 Location: ด้้้้้็็็็็้้้้้็็็็็ ͩͩͩͩͩͩͩ Joined: Jan 30^th, 2013	Re: FYI: Technical background of exploits Reply #6 - Jun 12^th, 2014 at 12:02pm	Print Post
	disappointment

	ͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩͩDISCLAIMER: This post is provided �as is� for informational purposes only. The Department of Vault Security (DVS) does not provide any warranties of any kind regarding any information contained within. DVS does not endorse any commercial product or service referenced in this post or otherwise.
	IP Logged

wascally wabbit Korthos Resident Offline I Hate Drama! Posts: 41 Location: Marketplace Tent Joined: May 27^th, 2014	Re: FYI: Technical background of exploits Reply #7 - Jun 12^th, 2014 at 2:54pm	Print Post
	Flav wrote on Jun 12^th, 2014 at 11:22am: if the monkey that did the coding didn't know more than basic SQL You're implying that Turbine hires monkeys. This is an insult to monkeys since I've seen the results that are U22 and I 'm pretty sure monkeys would have done a better job.


	IP Logged

DoRayEgon Shroud Slacker Offline I Love Drama! Posts: 1042 Joined: Apr 4^th, 2014	Re: FYI: Technical background of exploits Reply #8 - Jun 12^th, 2014 at 3:04pm	Print Post
	wascally wabbit wrote on Jun 12^th, 2014 at 2:54pm: You're implying that Turbine hires monkeys. This is an insult to monkeys since I've seen the results that are U22 and I 'm pretty sure monkeys would have done a better job. Orangutans and chimpanzees, yes. But not this filthy stupid gorillas, marmosets or tamarins. Those things are awful.


	IP Logged

wascally wabbit Korthos Resident Offline I Hate Drama! Posts: 41 Location: Marketplace Tent Joined: May 27^th, 2014	Re: FYI: Technical background of exploits Reply #9 - Jun 12^th, 2014 at 3:19pm	Print Post
	DoRayEgon wrote on Jun 12^th, 2014 at 3:04pm: Orangutans and chimpanzees, yes.� But not this filthy stupid gorillas, marmosets or tamarins.� Those things are awful. I can almost see the resemblance...what on earth did they do to that gorilla? BEFORE: AFTER:


	IP Logged

Azog Ex Member	Re: FYI: Technical background of exploits Reply #10 - Jun 12^th, 2014 at 4:57pm	Print Post



	IP Logged

Viktor Vaughn Puppy Farmer Offline Eberron burns Posts: 1561 Joined: Mar 19^th, 2014	Re: FYI: Technical background of exploits Reply #11 - Jun 12^th, 2014 at 5:03pm	Print Post



	IP Logged

Meursault Horoluth Raider Offline I Love Freedom of Speech Posts: 2410 Location: Hartford, CT; USA Joined: Aug 22^nd, 2013 Gender:	Re: FYI: Technical background of exploits Reply #12 - Jun 12^th, 2014 at 5:43pm	Print Post
	Flav wrote on Jun 12^th, 2014 at 11:22am: I could do what occurs with the DC Exploits with Sybase. ( and that's a Relational DBMS with SQL and all the stuff ). He said Transactional, not Relational. But yeah, if you have transactions available and don't use them, you can get this with any database. But part of the problem is scale. Once upon a time, DDO had more than 20,000 players, and holding transactions open across the 15 seconds of the whole action instead of twice across 1 second halves of the action would have really added up. It would have made disk churning that sounds like a sausage grinder. Fortunately, Turbine has solved that problem. With our current populations, full transactions should be easily within the capabilities of modern hardware.

	Turdbin, keep changing the DDO rules, because McDonalds sold over 200 billion hamburgers by changing the recipe for their Special Sauce every couple of months to keep interest up.
	IP Logged

Flav Vault Frog Offline One Frog to Rule them All! Posts: 10011 Location: Land of the Frogs Joined: Aug 29^th, 2010 Gender:	Re: FYI: Technical background of exploits Reply #13 - Jun 12^th, 2014 at 5:44pm	Print Post
	the only certainty : They didn't hire any Hanuman Langur. They at least would have done some of U22 right. Now for me, usually Monkeys are Monkeys... Be they Apes, Gorillas, Chimps, or just plain monkeys.

	Yes my avatar is an Hermine eating a Greenland Lemming for brunch.
	IP Logged

Dr_tank2vich Puppy Farmer Offline I Love Darma! Posts: 1427 Location: Fort Collins, Colorado Joined: Aug 16^th, 2010 Gender:	Re: FYI: Technical background of exploits Reply #14 - Jun 12^th, 2014 at 5:48pm	Print Post
	Flav wrote on Jun 12^th, 2014 at 5:44pm: the only certainty : They didn't hire any Hanuman Langur. They at least would have done some of U22 right. Now for me, usually Monkeys are Monkeys... Be they Apes, Gorillas, Chimps, or just plain monkeys. ?

	"The court heard that Duffy has Asperger's syndrome and suffers with alcohol problems." Or as we call it here: Mod status.
	IP Logged

SweetKitten Waterworks Kobold Offline Meeow Posts: 125 Joined: May 23^rd, 2013	Re: FYI: Technical background of exploits Reply #15 - Jun 13^th, 2014 at 3:28am	Print Post
	Flav wrote on Jun 12^th, 2014 at 11:22am: I could do what occurs with the DC Exploits with Sybase. ( and that's a Relational DBMS with SQL and all the stuff ). I've done it because I had in my former job, I've seen it occurs naturally ( if you can call that natural ) in my former job and been called a Oh Indecent Hour to fix it. It can be caused simply by the fact that doing the action fires sequentially two different scripts that updates tables in two different databases. A healthy DBMS should have no problems with transactions over two databases, if both are running in the same DBMS instance. If you have to use some kind of distributed transaction mechanism to access two databases over different server boundaries, then it will start to be ugly and clumsy. Meursault wrote on Jun 12^th, 2014 at 5:43pm: But part of the problem is scale. Once upon a time, DDO had more than 20,000 players, and holding transactions open across the 15 seconds of the whole action instead of twice across 1 second halves of the action would have really added up. It would have made disk churning that sounds like a sausage grinder. Absolutely no need for a long running transaction in the given example. start tx, insert rec, delete rec, commit tx. (much better to call a stored procedure or a server function for this)
	« Last Edit: Jun 13^th, 2014 at 3:39am by SweetKitten »

	IP Logged

Overmind Korthos Resident Offline I Love Drama! Posts: 32 Location: Tl�n, Uqbar, Orbis Tertius Joined: Apr 23^rd, 2013	Re: FYI: Technical background of exploits Reply #16 - Jun 13^th, 2014 at 1:13pm	Print Post
	The exploits have nothing to do with data storage and everything to do with the protocol, thats why it matters if you move an item to the SB before of after you use it. ps: yay boobies


	IP Logged

Durk The Deranged Offline I've got a secret! Posts: 705 Location: The Harbor Joined: May 15^th, 2012 Gender:	Re: FYI: Technical background of exploits Reply #17 - Jun 13^th, 2014 at 4:32pm	Print Post
	SweetKitten wrote on Jun 12^th, 2014 at 4:34am: I don't know what these guys are using, but it's surely not a SQL based system. It is SQL for sure. Numerous cases and screenshots of SQL errors on My.DDO, Character Transfers, and Lotteries. [Specifically transfers, and errors regarding char/player data, not other my.ddo WordPress crap]


	IP Logged

Mr Titan Demolisher Offline Posts: 361 Joined: Apr 20^th, 2011	Re: FYI: Technical background of exploits Reply #18 - Jun 13^th, 2014 at 8:35pm	Print Post
	sweetkitten....


	IP Logged

Dark_Helmet Wielder of the Schwartz Offline I hate you! Posts: 1176 Joined: Feb 14^th, 2010	Re: FYI: Technical background of exploits Reply #19 - Jun 14^th, 2014 at 2:57am	Print Post
	I get the feeling that the same people who did the Database work for Turbine also worked on the HealthCare.Gov site. If only Turbine could follow the lessons learned from how they instituted a trauma team with people who actually cared about quality and turned around that disaster. "Many of the engineers who helped fix the site were private contractors who had helped create the disaster. All they needed was better management." Or, maybe not.


	IP Logged

DropBear Dropbear Awareness Society Offline Don't forget to look up.... Posts: 4380 Location: Landdownunder Joined: Oct 11^th, 2013	Re: FYI: Technical background of exploits Reply #20 - Jun 14^th, 2014 at 5:39am	Print Post
	SweetKitten wrote on Jun 12^th, 2014 at 4:34am: A database transaction is generally atomic. That means, it is either done completely, or it is not done. Hey Sweetkitten. Just curious, I've not heard this word used in this context before?� Is this a software development term, or did you just mean binary?
	« Last Edit: Jun 14^th, 2014 at 5:40am by DropBear »
	http://www.australianmuseum.net.au/drop-bear
	IP Logged

higgildypiggildy Stormreaver Piker Offline I just mock the world Posts: 664 Joined: Dec 8^th, 2011	Re: FYI: Technical background of exploits Reply #21 - Jun 14^th, 2014 at 6:39am	Print Post
	DropBear wrote on Jun 14^th, 2014 at 5:39am: Hey Sweetkitten. Just curious, I've not heard this word used in this context before?� Is this a software development term, or did you just mean binary? it means that the whole of the database modifications counts as one action, it's a transaction, and all parts happen, or none happen. begin atomic action (transaction) delete from one table add to another table update a third table end atomic action (transaction)

	I ain't got no mothafukkinsignature
	IP Logged

DropBear Dropbear Awareness Society Offline Don't forget to look up.... Posts: 4380 Location: Landdownunder Joined: Oct 11^th, 2013	Re: FYI: Technical background of exploits Reply #22 - Jun 14^th, 2014 at 6:42am	Print Post
	Ah, thanks for explaining. Was not familiar with the term. thanks bro.

	http://www.australianmuseum.net.au/drop-bear
	IP Logged

mystafyi Abbot Raider Offline I Love Drama! Posts: 836 Joined: Nov 10^th, 2010	Re: FYI: Technical background of exploits Reply #23 - Jun 14^th, 2014 at 11:06am	Print Post
	SweetKitten wrote on Jun 13^th, 2014 at 3:28am: If you have to use some kind of distributed transaction mechanism to access two databases over different server boundaries, then it will start to be ugly and clumsy. ddo has more then one database that values are stored. Tested while duping, back when we could crash an instance causing a rollback of that zone and toons in that zone. This facilitated duping non-bound items between 2 toons. Further testing showed that shared bank/tr cash and character bank were not the same save and could be manipulated.
	« Last Edit: Jun 14^th, 2014 at 11:07am by mystafyi »

	IP Logged

Ohfaq Titan Demolisher Offline Nubz morghulis Posts: 335 Joined: Apr 28^th, 2014 Gender:	Re: FYI: Technical background of exploits Reply #24 - Jun 14^th, 2014 at 11:30am	Print Post
	mystafyi wrote on Jun 14^th, 2014 at 11:06am: ddo has more then one database that values are stored. Tested while duping, back when we could crash an instance causing a rollback of that zone and toons in that zone. This facilitated duping non-bound items between 2 toons. Further testing showed that shared bank/tr cash and character bank were not the same save and could be manipulated. hmmm


	IP Logged

Page Index Toggle

Pages: [1] 2

‹ Previous Topic | Next Topic ›

« Board Index ‹ Board Top

Top

Vault » Powered by YaBB 2.6.11!
YaBB Forum Software © 2000-2025. All Rights Reserved.

Valid XHTML

Valid CSS

Powered by Perl

Source Forge