MMO databases don't need integrity checks!



  • So, MMORPGs are always a fertile ground for WTF coding.  Square-Enix's AAA title Final Fantasy XIV is, in many ways, TRWTF: a game so badly mangled at launch that it was actually shut down and rebooted two years later with a new code base.  Of course, there's no way that sort of thing could possibly go wrong.

    Right?  Oh, wait, no.  Things could go terribly wrong.

    Short version: there is absolutely no data integrity checking being made by the server. Data moves back and forth via a combination of JSON and LUA, without any evident encryption. Unhappy with your character's current level?  Tell the server that you just earned enough experience to level up, and, presto! that's just what happened.  Feeling sad that you're not a 1%er? Use JSON to hand yourself some gil (the game's currency). To Square-Enix's credit, I suppose, they did ban the guy who gave himself 200+ billion gil, in a game where more than a few million makes you comfortably wealthy. Even more fun, take a low-value item and tell the server it was kidding about the item ID.  It's more than happy to correct the error and make you the proud owner of whatever item ID you just suggested.

    Sure, yes, they probably have enough logging to fix this after the fact.  Probably.  But it's an amazing WTF that, in 2013, anyone would write any software with this sort of database vulnerability, much less one for a AAA MMO.  But I guess that's not surprising, since FF XIV also assigns "secure" login session IDs in plaintext, and apparently never expires them...



  • I fail to see where databases factor into this.



  • Wish I had known that, I could have been level 50 week one with like 999,999 gil.



  • While it is clear that these are major WTF's I would argue that this is not due to missing integrety check but rather to a much more basic WTF: not checking user input

    You'd think that MMO developers would have learned not to do that after a WoW exploit was found that could make your character go magnitudes faster years ago (by modifying the speed modifier in memory, the server blindly accepted the clients calculations)



  • Rule 1 of client-server programming:

    Don't trust whichever one you aren't in direct control of.



  • PlanetSide 2 is bad about trusting the client. So the clients can say "I just killed so-and-so" and the server accepts it as fact with no sanity checks. Somehow the moderators keep a good handle on things, but the game is really easy to hack because of that.



  • @dtech said:

    While it is clear that these are major WTF's I would argue that this is not due to missing integrety check but rather to a much more basic WTF: not checking user input

    You'd think that MMO developers would have learned not to do that after a WoW exploit was found that could make your character go magnitudes faster years ago (by modifying the speed modifier in memory, the server blindly accepted the clients calculations)

     

    This wouldn't even be a TDWTF-worthy WTF if it were just a case of not checking user input.  As one point or another, just about every MMO has fallen pray to speedhacks or teleportation bugs, because they put too much trust in the location data being sent by the client (a certain amount of trust is needed to prevent synchronization problems from lag).  Invincibility hacks happen when the server permits the client to dictate hit point totals and the like; that's an even stupider mistake, but at least hit point totals are supposed to change.

    The fact that this JSON exploit allows someone to change one item (a pail of Muddy Water, for example) into another item (like extremely rare and valuable Class IV materia, or even armor) reveals that the server is just taking whatever the client says at face value and updating database entries accordingly.  It is one thing to fool the server about where your character is.  Characters do move.  But there's no legitimate means in-game to transmogrify items into other items.  There should be no code which permits this!  Even item duplication bugs are more understandable, because items are, in fact, legitimately created.  The only rational conclusion is that the server actually trusts the client more than it does itself, and alters the database entry for that item to point to a different id in the master items table.  Which is, to be generous to Square-Enix, a ludicrous failure of proper coding practice.

     


  • ♿ (Parody)

    @InsanitizedData said:

    The only rational conclusion is that the server actually trusts the client more than it does itself, and alters the database entry for that item to point to a different id in the master items table.

    That's possible, but there are other reasonable conclusions. I figured they were either too lazy or liked the increased performance of not having to validate this sort of thing server side.

    Of course, Excel has been able to do this for ages. These guys are just ignorant.



  • An MMO that uses Excel for both the client and server applications. Some part of me is strangely excited by the thought.



  • @mott555 said:

    An MMO that uses Excel for both the client and server applications. Some part of me is strangely excited by the thought.

    Same here. Other parts of me want to murder that part, though.


  • Considered Harmful

    @mott555 said:

    An MMO that uses Excel for both the client and server applications. Some part of me is strangely excited by the thought.

    Maybe something like Progress Quest.



  • @mott555 said:

    An MMO that uses Excel for both the client and server applications. Some part of me is strangely excited by the thought.

    Excel is a powerful thing. According to a reliable source, it Might Be The Most Dangerous Software On The Planet

    @Forbes said:

    JP Morgan was running huge bets (tens of billions of dollars) in London. The way they were checking what they were doing was playing around in Excel. And not even in the Masters of the Universe style that we might hope, all integrated, automated and self-checking, but by cutting and pasting from one spreadsheet to another. And yes, they got one of the equations wrong as a result of which the bank lost several billion dollars


  • @dtech said:

    While it is clear that these are major WTF's I would argue that this is not due to missing integrety check but rather to a much more basic WTF: not checking user input

    You'd think that MMO developers would have learned not to do that after a WoW exploit was found that could make your character go magnitudes faster years ago (by modifying the speed modifier in memory, the server blindly accepted the clients calculations)

    It's actually a norm for a lot of games (not only WoW), that part of game logic runs on client and I would not consider that a WTF. It allows the game to run over much less reliable connections without jerking. The downside is other players see your lag. If the server was ultimate authority, the game would just snap you back when there is packet loss (think counter strike lags)



    Of course what FF did is just begging for a public execution by firing squad.


  • Discourse touched me in a no-no place

    @Ronald said:

    Might Be
    I love “Might Be”. It covers such a range of possibilities, and when it turns that — as usual — it isn't, you can just shrug and get away without an apology for totally wild inaccuracy.

    The NSA might be about to start acting in the genuine interests of the American people. Hell might be about to freeze solid. My team might be about to win the league.



  • @Ben L. said:

    Rule 1 of client-server programming:

    Don't trust whichever one you aren't in direct control of.

     

    The shitty thing about that is that when it's implemented as in Diablo III,  you get poor responsiveness when your ping exceeds 100ms, and unplayability at 200ms. Kind of bad for an action game. But I guess the implementation in D3 is just exceptionally bad, since online games in general work fine with many players interacting.

     


Log in to reply