Modder Hacks Star Wars: The Old Republic MMO Client, Modifies In-Game Data, Changes The Game
When Star Wars: The Old Republic made news in September, it was for announcing that one of the mythos' most enduring antiheroes, the onetime Sith Lord Revan, would be making an appearance in the MMO. Now, a new bug could wipe some of that goodwill off the map.
Modder and TOR enthusiast SWTorMiner has created a video that shows him fixing a simple visual bug (introduced in one of the recent game patches) to make a character's eyewear render properly. (I've artificially lightened the screen cap below so that it's easier to tell the difference.)
Fixing a bit of character geometry might seem like a minor change, but the manner in which this particular adjustment was accomplished opens up a raft of security issues within the MMO. Generally speaking, MMO security typically relies on a server-side model in which most vital information is either stored on-server and communicated to the client when necessary. Since not every bit of important information can be streamed remotely, the client-side data files that do contain vital information must be checked and validated as well.
SWTorMiner doesn't claim to have discovered the bug himself, but he's drawing attention to it precisely because it allows for much larger hacks than just replacing a bit of cosmetic detail. In theory, this same exploit could be used to allow access to areas of the game that are currently locked out -- either because previous bosses haven't yet been killed, or because PvP battlegrounds are still in warm-up periods.
Bugs like this have been discovered from time to time in many games -- there were a number of flaws in World of Warcraft's various battlegrounds in the years I played that MMO, and more than a few players were banned for speed hacks or exploits that allowed players to bypass game geometry and gain access to the map. In this case, however, the flaw isn't just a client-side exploit that affects one specific area, but a fundamental problem with the game itself.
We've agreed not to reveal further details, but SWTorminer's stated purpose for drawing attention to the flaw isn't to punish Bioware, but to get the problem on their radar, addressed, and resolved. It's sufficiently powerful that it could be used to fundamentally give certain raid groups or PvP teams an unfair advantage. Whether Bioware can fix it (or how quickly) isn't clear; we'll update this story if the company makes an official statement. SWTorminer has said he's not the first to discover the flaw, implying that some exploits may be out in the community already. These are the kinds of problems that can rapidly balloon and challenge the fundamental nature of the game -- it's much easier to fix the issues before they become a problem than it is to rollback server changes or figure out which people to punish for willfully exploiting a flaw.
Modder and TOR enthusiast SWTorMiner has created a video that shows him fixing a simple visual bug (introduced in one of the recent game patches) to make a character's eyewear render properly. (I've artificially lightened the screen cap below so that it's easier to tell the difference.)
Fixing a bit of character geometry might seem like a minor change, but the manner in which this particular adjustment was accomplished opens up a raft of security issues within the MMO. Generally speaking, MMO security typically relies on a server-side model in which most vital information is either stored on-server and communicated to the client when necessary. Since not every bit of important information can be streamed remotely, the client-side data files that do contain vital information must be checked and validated as well.
SWTorMiner doesn't claim to have discovered the bug himself, but he's drawing attention to it precisely because it allows for much larger hacks than just replacing a bit of cosmetic detail. In theory, this same exploit could be used to allow access to areas of the game that are currently locked out -- either because previous bosses haven't yet been killed, or because PvP battlegrounds are still in warm-up periods.
Bugs like this have been discovered from time to time in many games -- there were a number of flaws in World of Warcraft's various battlegrounds in the years I played that MMO, and more than a few players were banned for speed hacks or exploits that allowed players to bypass game geometry and gain access to the map. In this case, however, the flaw isn't just a client-side exploit that affects one specific area, but a fundamental problem with the game itself.
We've agreed not to reveal further details, but SWTorminer's stated purpose for drawing attention to the flaw isn't to punish Bioware, but to get the problem on their radar, addressed, and resolved. It's sufficiently powerful that it could be used to fundamentally give certain raid groups or PvP teams an unfair advantage. Whether Bioware can fix it (or how quickly) isn't clear; we'll update this story if the company makes an official statement. SWTorminer has said he's not the first to discover the flaw, implying that some exploits may be out in the community already. These are the kinds of problems that can rapidly balloon and challenge the fundamental nature of the game -- it's much easier to fix the issues before they become a problem than it is to rollback server changes or figure out which people to punish for willfully exploiting a flaw.
