Wizard Tower Break-in -- Exploit Edition

I have detailed some of this here:
https://www.shroudoftheavatar.com/forum/index.php?threads/game-client-should-test-open-ports.15778/

Now here is a demonstration of what kind of thing can happen in the below video:



We're going to need to have some kind of check built into the game client, not just to give you a warning and or prevent a login, but maybe to disconnect the client from the server if it loses connectivity to those ports during play.

 

Good stuff, man. Can you test what happens if you attempt to buy a house that is already claimed (while the ports are blocked)?

 

Very well done. You have passed the test and are cordially invited into The Thieves Guild.

 

Not sure what you are exploiting here. Firstly there isn't a way to restrict people from entering a lot, at this point in time. Yes there is a permission called guest access which will lets you restrict access to only people on the list when access is set to Restricted. But the option to set access to Restricted doesn't seem to be in game yet. I could be wrong there but I'm going by what I see in permissions and what I've seen in game. Are you able to pick up items? Can you move items? Can you take items off the property? If you could do those things then I'd say you're going somewhere with this.

However, I can understand that checks for open ports should be done. Question is, since they can be shut down at anytime, when and how often should the checks be done? This opens the game up to a lot of what could be unnecessary traffic.

 

Cool video. I had some comments but it looks like jiirc has mentioned them. Something for the devs to look into.

 

There is a clear weakness in the game's system which allows me to block content download and walk through walls, at the very least. The player intentionally put walls up around his fence outside his house in order to keep people out probably due to that lack of a game mechanic which accomplishes the same thing. That player didn't want other players in his property, but I was able to get in. This is a griefing concern to start with, and I just don't think I should be able to walk through walls or prevent dynamic content from reaching my game.

I may have said I came across this by accident, and I did. I am not out there looking to exploit the game for my own benefit and am I going to take my happy little accident and try to exploit it further because that isn't who I am. The Devs are probably already aware of this kind of thing, they built the game, but just in case I thought I would post it. If you had the impression that I'm a mad hacker out to take apart the game code line by line and I'm now stroking my raging ego by posting this video of all my hard excellent work over the past year or something... Well, you've got the wrong impression

 

I think beyond the exploit of "getting past the walls" using the mechanics of the game as they were not intended, is a much more serious problem.

What if you have a dungeon with an unguarded treasure in room 27B, which just so happens to be on the other side of wall A1? Now you no longer need to go through the dungeon because you can just block a port and step right on through to the end rewards.

I could probably come up with several "what if" scenarios here. This was a very good catch. I'm glad he posted this.

Avataracid, I'd still like to know what happens if you try to claim the lot when the port is blocked. My concern would be that you somehow overwrite the owners home. That would be a rather bad problem to have after lot selection day.

 

Yeah, any dynamic content which could happen to be elsewhere in the game aside from the player towns/housing would also be at risk here.

I can clearly see for sale signs on all of the lots when I block ports and the houses go missing. However I would presume that since the port is blocked I would be unable to conduct the claim itself. I don't have the cash on hand to make a claim, so I'm not exactly sure

 

I don't think anyone so far has said anything negative about the discovery itself or about your intentions. In fact I think it's good that something like this was discovereda no brought to the dev's attention. Drocis brings up an interesting case regarding skipping past content.

And if you wanted to explore it further to determine the seriousness of the discovery, there's a few suggestions as to the direction you could take it.

 

We could get you the cash in order to try it. Only need a few thousand? Maybe worth adding this to the bug forum too, if you haven't.

 

Sure, if who ever would like to send me a PM and meet in Kingsport we can give it a try.

 

Sorry, just saw this. Still online? What's your character's name?

 

We tried, but no luck stealing someone else's house. Which is good news.

Apparently our money disappeared though.

In the pic below I was taking a before shot showing the original owner of the plot. I gave Avatar Acid 3000 gold to make the purchase. It failed, and took his money. While the house is safe, the loss of money could be a potential exploit and worth figuring out what happened.

Bug report due soon.

 

So does this mean that Portalarium is going to need to insist that certain ports stay open? And if that port is not open then they disconnect you?

 

I couldn't really answer that. (edit: currently they require 3 ports to be open. One for walking around and another 2 for authentication as AA explained it to me)

It looks like the game is safe from house stealing when those ports are blocked. That's all we can say from this test. The fact that we lost some money is mildly troubling though.

AA was explaining that the main port is for walking around only, not for loading content. Don't think he has tested dungeons yet.

 

If someone is using this as an exploit then 1) they deserve to lose the money and 2) they probably won't be reporting this. However, this might be disconcerting if the player loses connection right at the moment the transaction is being completed.

 

IF, then yes. Obviously we didn't know that was the case before the test.

The loss of money does suggest there is a weakness somewhere which could be exploited. I don't know how, but it does suggest there is a missing check. I'm sure you know that bugs and exploits can crop up in unsuspecting ways. Not necessarily from loss connection (but that is an issue), but it could be that a certain area of the map or a certain sequence of actions could result in the same problem.

A malicious player that knows the exploit might even be able to figure out a way to trick honest players into losing money. So it would be worth the devs looking into.

 

Because housing is finite and location is important. I'd really like to see an addition authentication method developed for home owners.

For example, let's say that I own a home in a high traffic area that is very profitable. I don't want to move, I don't want to sell my home, ever. I'd like to see some mechanics that allow me to "lock down" that location so that it's harder to sell or move the home (by accident or not). That way even if something happens and I log in one day to see my home is gone because of some crazy exploit. The devs can see that my home was flagged as being "locked down" and reasonably assume that the location still belongs to me and not some carpetbagger that logged in and said "hey this really popular spot just opened up, I think I'll grab it!"

 

Exactly. Which is why I was keen to fund this test.

AA managed to walk through walls. I could see him and the buildings, but he doesn't so he can walk straight through. The NPC buildings are loaded when the game loads, so they can't seem to be blocked. That means he can't enter the boarded up buildings in Kingsport. Although we can keen to try more.


Can anyone think of a locked door? Preferably not at the end of a dungeon.

 

Yes I immediately can think of one: Challenge Dungeon (accessed from Braemar Graveyard).

Good job on finding out about this!