Another exploit - Wholly Unsecured Database

[Kincard]

As far as insta-50/gil goes, I can see why people might be annoyed by it, but I guess I care lot less here than I would have in XI because in XIV, gil isn't used for much, and classes arn't super difficult to get to 50 or anything. I agree they should fix it ASAP but unlike in FFXI since it's relatively easy to be self-sustaining in this game without ever touching the market boards it won't be nearly as annoying, whereas in XI you pretty much lived and died by the AH.

The teleport and invincibility hacks are probably the more damaging ones.

[MrSamuels]

Assuming this works with Mythology this will need to be fixed pretty damn fast before everyone start using it to get full AF2. The worrying part about this, is this bug has been around for a pretty long time reading from the posts related to and people have brought it up and just got shut down and their posts deleted by SE, did they not say they would not let servers go live if something this game breaking was found? this issue seems more game destroying than game breaking...

[Carth]

I would say capping your Mythology and getting full AF2 would be a huge red flag for SE to spot, but considering we have people with Gobbue mounts on new servers...

[Anton]

Well, FUCK. After the third attempt to submit this bug - attempts 1 and 2 being deleted from the forums - a Dev moved it to the Insufficient Information forum and asked me to use the official bug template.

Just a little pissed off now? So I did
http://forum.square-enix.com/ffxiv/t...th-Template%21

I'm now banned from the official forums.

Square also deleted the non-descriptive thread about the original thread disappearing, which contained this information.

If anyone else wants to try reporting this, be my guest.

[The Blackrose]

Do we need another thread for this, or did I miss it being discussed somewhere: http://forum.square-enix.com/ffxiv/t...is-immediately

First of all, an apology on my part - I read this wrong.

Secondly, yes - new thread it. That's actually something important.

[Anton]

If anyone has that picture of the Roegadyn with all the money in the world, and mounts which aren't in the game yet, it belongs here too

[Raldo]

If anyone has that picture of the Roegadyn with all the money in the world, and mounts which aren't in the game yet, it belongs here too

Sadly, the Roeg on a non-legacy server with a Goobue mount and every minion including those we don't know where they came from seems to have disappeared.

The link just leads to a dead page now.

I haven't heard of any picture of anyone with all the money in the world.

[Eurell]

That's actually something important.

Already been debunked, unless I read all this wrong.

http://www.reddit.com/r/ffxiv/commen...s_are_useless/

[Anton]

Sadly, the Roeg on a non-legacy server with a Goobue mount and every minion including those we don't know where they came from seems to have disappeared.

The link just leads to a dead page now.

I haven't heard of any picture of anyone with all the money in the world.

Yeppers, that's the guy... He had something like 214,760,972,880 gil on his account too.

Well, this exploit is how you doooooooo that

[Bardicrune]

Already been debunked, unless I read all this wrong.

http://www.reddit.com/r/ffxiv/commen...s_are_useless/

It hasn't been debunked. There are still the two major problems of the session id not expiring on logout (ever?) and a secure credential being passed as a parameter on the command line instead of another route (secured by hash in a randomized memory buffer).

[Anton]

Just to be clear, this authenticator business has no relation to the exploit in this thread

[Damane]

so whats the point of playing this game when your achievements are null and void. this dupe bug has taken any desire to play 14 seriously on a competitiv lvl (may it be pvp or raid grinding). not that i am playing it competitiv now, just very casual but i had plans to focus on the when i could transfer to another server with friends, now i am not willing to even bother

[matic]

For the record, I got that pic of the forum post off an imageboard, so it wasn't even information given to me directly. Dunno whoever "the Core" or "the Elite" is

probly these guys*


*note plethora of teleport dungeon run request threads and "Elite Exploit donation only forum"

[Burningthought]

If SE is herp-derping on this someone can always submit it as a tip to a game news site and see if they can pull SE's attention. That's how AV/PW got nerfed at least.

[Meresgi]

From what I can understand, and I dont manage a server...but they should have logs of everything going on. So tracking down certain commands being sent from client to server shouldn't be that hard. I mean this is SquareEnix we're talking about, but I would hope they keep logs of any communication between client/server and can query the logs for certain things like "HEY SERVER GIMMMIE BILLION GIL PLZKTHX"

[Anton]

probly these guys

That mod moe reallllly doesn't like Kincard for some reason bahahaha

Which is odd because his own moron hacking constituency made the album picture public, and now it's everywhere. Kincard was responsible for nothing

From what I can understand, and I dont manage a server...but they should have logs of everything going on. So tracking down certain commands being sent from client to server shouldn't be that hard. I mean this is SquareEnix we're talking about, but I would hope they keep logs of any communication between client/server and can query the logs for certain things like "HEY SERVER GIMMMIE BILLION GIL PLZKTHX"

Yes.

However

should you identify the syntax that SE uses for legit server-client transactions, there will be no difference between a legitimate transaction and an exploit. If what I'm led to believe is correct, should a player use this exploit on the sly, a few gold pieces here, a few gold pieces there, only a thorough search through the log would reveal that you couldn't possibly have got a gold piece at that time/location.

The dev would be looking for a legitimate, common server command among bajillions. On a player-by-player basis.

This exploit is bad news bears

[TacoTaru]

First of all, an apology on my part - I read this wrong.

Secondly, yes - new thread it. That's actually something important.

No harm, no foul. I'll make a new thread for it seems up in the air whether or not this legit and the post on the OF seems to imply that it is.

[Anton]

My 3rd Bug report has been deleted by SE forum Mods.

Okay SE, you go have your fun then

[Meresgi]

should you identify the syntax that SE uses for legit server-client transactions, there will be no difference between a legitimate transaction and an exploit. If what I'm led to believe is correct, should a player use this exploit on the sly, a few gold pieces here, a few gold pieces there, only a thorough search through the log would reveal that you couldn't possibly have got a gold piece at that time/location.

The dev would be looking for a legitimate, common server command among bajillions. On a player-by-player basis.

This exploit is bad news bears

Yeah, though thankfully at least 99% of the people who will use this exploit are stupid as fuck and will blow their load quick.

[Azull]

Keep in mind that may mean they do know about it and are trying to keep it as much under wraps as they can while they work on it.

At least I hope that is the case.