|
PSA: Flaw Identified in Voidwatch Addon (Ban Risk)
Server: Asura
Game: FFXI
Posts: 1544
By Asura.Vienner 2019-11-21 06:42:22
I've been subbed for xiv but havent played in months...
Shiva.Thorny
Server: Shiva
Game: FFXI
Posts: 2861
By Shiva.Thorny 2019-11-21 06:57:50
For example, I would have happily reported this voidwatch one years ago if I could get a r/ex lv1 bugfinder crown, maybe with a signature for how many bugs i've found, and not get banned. I would not sacrifice an account over something this irrelevant.
When you claim a 6 figure income from this, what is $10 or $30 in the long run? (Even if it was monthly the year end total would be $120/$360.)
I really have no problem with you but what you said makes no sense to me.
Isnt about the $ cost but the time. Unique vpn, rank 3, lv75, even buying new codes is difficult at times(se store limits them by ip and payment method). New se accounts cant easily be made on a generic vpn either, iovation blocks most and wont send confirmation email. It isnt a ton of work, but its at least a few hours even with automation, which dwarves the actual dollar cost. This is all assuming I felt comfortable using a preexisting char to pop and kill the actual vw for the exploiter, which I probably wouldnt, and that raises the bar further.
Nobody is making massive gil off this, pulse cell demand is minimal and selling a lot would easily give you away as questionable. Not worth it to me. Some sellers might have been using it to get a little extra gil, but if not this, it'd be an extra account or another hour working or whatever. It isn't like medals, where people had a free ticket to print as much gil as they wanted and the only logical choice was to sell it, actively creating new sellers just by how strong it was.
Server: Asura
Game: FFXI
Posts: 5
By Asura.Snoctopus 2019-11-21 07:49:21
https://ffxivcensus.com/ Attempts to detail how many active FFXIV players there are. SE widely reported how many FFXIV accounts that had been created, but I don’t believe they’ve ever stated how many of those accounts are either active subscriptions or even active players. I’d say it’s very likely that tens of thousands of players only log in once every 45 days so square doesn’t demolish their houses.
This Reddit post indicates that as of June there may have been as many as a million active players https://www.reddit.com/r/MMORPG/comments/c08v1n/final_fantasy_xiv_reaches_1_million_active/
The post also shares that those numbers are the most active subscribers the game has ever had.
FFXIV does well for itself overall, but to the best of my knowledge it has never been confirmed that it surpassed WoW’s active player base. It certainly is nowhere close to the total WoW accounts.
Ragnarok.Ghishlain
Server: Ragnarok
Game: FFXI
Posts: 1081
By Ragnarok.Ghishlain 2019-11-21 08:37:25
Latest Lucky Bancho Stats there are 943,000 active subscriptions as of July 29th, 2019
Results are based on scrapping the the Lodestone (FFXIV equivalent to the FFXI Linkshell Community) and looking for a specific minion / achievement that indicates a milestone for the current patch so it's fairly reliable.
WoW supposedly has 1.7m subscriptions as of October of 2018 but I have no idea how they came up with that value. There is a meme on XIV where XIV keeps inheriting WoW refugee due to the lackluster reception of the latest expansion.
Take into account active subscription =/= accounts made. There are many bots that run around on XIV which will inflate the "account made" value compared to "active subscription".
/random2cents
Server: Asura
Game: FFXI
Posts: 5
By Asura.Snoctopus 2019-11-21 09:29:00
Yeah. Granted this is getting a little off topic, but when I woke up and posted the FFXIV numbers I was pretty lazy and on my cellphone in bed and didn't want to take the time to finish the rest of my post because grabbing links and ***from Safari is a pain in the ***.
As far as MMOs are concerned, FFXI is actually still in a pretty solid spot. I would be surprised if FFXI income is being diverted to funding FFXIV at this point. FFXIV is standing fine on its own, and Yoshi-P said even last year that the game is still running along fine: https://www.dualshockers.com/final-fantasy-xiv-interview-yoshida-soken/
I wasn't active at the time when Rhapsodies of Vana'Diel was new, but I remember that the discussion and PR line around that time was that the plan was to transition the game to life support where there would be no more updates to balance/content/etc. And that definitely hasn't happened - there's still changes being made. As someone who is in and out of the game, it's different now for me even from when I last tried to play 18 months or so ago.
Earlier in the thread, it was speculated that at any given time there are ~2400 or so active players on Asura, with other less populated servers maybe fielding 500 or so players active. Doing some fuzzy animal picture napkin math, that'd still account to a concurrent player count of around 10,0000 - 11,000 players, which isn't far behind the concurrent player count of say... Path of Exile.
FFXI likely has more than enough active players for SE to ban 1000 people for botting HMP and still be fine. And who are we kidding - most of the banned people just come back anyways. As I shared earlier in this thread though, it's probably not the best way to go about things, and maybe SE should make an effort to fix the design elements that encourage the botting. Make it easier for people to directly farm their pulse weapons, medals, plates, whatever the hell they want, and de-prioritize gil.
By fonewear 2019-11-21 09:30:55
My favorite part of these threads is the people who have quit playing this game yet, still come on this forum to whine about the game.
You made your statement of dislike for the game by quitting. What's the point in trying to make sure there are others who agree?
The anonymous nature of the internet tends to exaggerate people's attitudes. So this troll or whoever. If you saw them in real life. They probably wouldn't say the same things they say online.
Or maybe they are an *** in real life and there is no hope for them. I don't know.
[+]
By fonewear 2019-11-21 09:41:57
Yeah. Granted this is getting a little off topic, but when I woke up and posted the FFXIV numbers I was pretty lazy and on my cellphone in bed and didn't want to take the time to finish the rest of my post because grabbing links and ***from Safari is a pain in the ***.
As far as MMOs are concerned, FFXI is actually still in a pretty solid spot. I would be surprised if FFXI income is being diverted to funding FFXIV at this point. FFXIV is standing fine on its own, and Yoshi-P said even last year that the game is still running along fine: https://www.dualshockers.com/final-fantasy-xiv-interview-yoshida-soken/
I wasn't active at the time when Rhapsodies of Vana'Diel was new, but I remember that the discussion and PR line around that time was that the plan was to transition the game to life support where there would be no more updates to balance/content/etc. And that definitely hasn't happened - there's still changes being made. As someone who is in and out of the game, it's different now for me even from when I last tried to play 18 months or so ago.
Earlier in the thread, it was speculated that at any given time there are ~2400 or so active players on Asura, with other less populated servers maybe fielding 500 or so players active. Doing some fuzzy animal picture napkin math, that'd still account to a concurrent player count of around 10,0000 - 11,000 players, which isn't far behind the concurrent player count of say... Path of Exile.
FFXI likely has more than enough active players for SE to ban 1000 people for botting HMP and still be fine. And who are we kidding - most of the banned people just come back anyways. As I shared earlier in this thread though, it's probably not the best way to go about things, and maybe SE should make an effort to fix the design elements that encourage the botting. Make it easier for people to directly farm their pulse weapons, medals, plates, whatever the hell they want, and de-prioritize gil.
When they ban people it is just to send a message. They aren't going to ban 1000 people.
Also the people they ban will be back up in cheating very quickly.
VIP
Server: Fenrir
Game: FFXI
Posts: 750
By Fenrir.Niflheim 2019-11-21 09:57:43
Rooks posted an educated guess at what ffxi looks like to se in $$ here
He estimates the ffxi population using the number of unique characters using the AH. then provides a worst case value that that number of characters would be worth to SE.
[+]
Asura.Chiaia
VIP
Server: Asura
Game: FFXI
Posts: 1656
By Asura.Chiaia 2019-11-21 13:54:34
For example, I would have happily reported this voidwatch one years ago if I could get a r/ex lv1 bugfinder crown, maybe with a signature for how many bugs i've found, and not get banned. I would not sacrifice an account over something this irrelevant.
When you claim a 6 figure income from this, what is $10 or $30 in the long run? (Even if it was monthly the year end total would be $120/$360.)
I really have no problem with you but what you said makes no sense to me.
Isnt about the $ cost but the time. Unique vpn, rank 3, lv75, even buying new codes is difficult at times(se store limits them by ip and payment method). New se accounts cant easily be made on a generic vpn either, iovation blocks most and wont send confirmation email. It isnt a ton of work, but its at least a few hours even with automation, which dwarves the actual dollar cost. This is all assuming I felt comfortable using a preexisting char to pop and kill the actual vw for the exploiter, which I probably wouldnt, and that raises the bar further.
Nobody is making massive gil off this, pulse cell demand is minimal and selling a lot would easily give you away as questionable. Not worth it to me. Some sellers might have been using it to get a little extra gil, but if not this, it'd be an extra account or another hour working or whatever. It isn't like medals, where people had a free ticket to print as much gil as they wanted and the only logical choice was to sell it, actively creating new sellers just by how strong it was. Fair enough, you bought up some points I had not thought about or didn't know (se store part). Some of them I had and just figured you had that automated too.
Server: Shiva
Game: FFXI
Posts: 243
By Shiva.Tahngarthor 2019-11-21 16:26:54
You know, I'm really sick of the "FFXI funds FFXIV" argument. FFXI's income is a drop in the bucket to FFXIV, which is plenty capable of supporting itself.
Aside from that, unless you have access to SE's internal budget documents and can see where income is actually being routed, you have not one iota of proof and it is 100% speculation based on what you want to believe. FFXIV doesn't need FFXI's money- there isn't any reason to do this whatsoever.
While it's probable to almost certain that the money that FFXI adds tr SE's coffers is used for various non-FFI-development related purposes, nobody making this argument can in any way prove *exactly* where every dollar of income on the game is going, and it could all be going just about anywhere- but FFXIV specifically is very unlikely at this point. Years ago before A Realm Reborn, yes, maybe. But not today.
Aside from that, the goal of any such game like this is to make a profit. And income - administrative expenses - salary of workers on the project = profit. Profit is what's left after the people working on the game (and related systems) are paid. SE can do whatever the hell they want with this money and there is nothing at all wrong with that, so I don't know why people keep bringing this up like it matters. Profit is specifically what *doesn't* go back into the game- Money that goes back into the game is not profit, it's an expenditure.
Go ahead and show me the budget sheet that shows where the net profits from FFXI are going. I'll wait.
Server: Cerberus
Game: FFXI
Posts: 4415
By Cerberus.Senkyuutai 2019-11-21 16:28:47
Cerberus.Senkyuutai said: »The only issue with this method is that you have to hope that the players with the knowledge and/or skillset needed to report this properly have the morals to do so.
If last thread taught us anything, it's that the overwhelming majority of people exploiting this game have no business telling SE or anyone outside their clique about the exploit they abuse daily.
its just as much of a no brainer that the fast majority of folks discovering a significant exploit like the last two would much rather have fun with the infinite resources, sell it for 5k to russian RMT or start RMTing themselfs instead of handing it over for cosmetics, no matter how rare or pretty they may be.
I think you both are making the, somewhat odd, assumption that everyone with the skills to find an exploit is:
1) currently using that skill.
2) seeks to make profit.
In the current paradigm 1 is only true IF 2 is true. You dont look for exploits if you dont expect to make use of them, because you are just going to get yourself banned for reporting them so how do you benefit if you dont use the exploit?
Additionally people using exploits do best when they stick to SE's own philosophy, security by obscurity. If someone finds an exploit and keeps it to themselves it will likely be something they can use indefinitely, after all anyone else who finds it will likely do the same. BUT if there are people looking to report bugs to SE then you change the risks. Once you find an exploit you know it can be found, you know how difficult it was to find, and you know someone else could find it AND report it.
If you were both correct in the view you put forth, bug bounty programs would not exist anywhere, because no one would report exploitable bugs.
In the event your case it true, what HARM does a bug bounty program pose to the users? Why should SE not try and create such a program? You misunderstood. I mentioned it at some point in the previous thread but, a buttload of people found the dupe exploit LONG ago (the one involving lua, at least), but they chose not to exploit it because 1) they were under the assumption that it was actually monitored everywhere and/or 2) they simply do not want to go that far.
In fact, in a discussion about another addon over a year ago when I came back, I asked specifically if this function was possible and I was answered with 1), while 2) was on our mind the whole time so it was a given we wouldn't go that far from the beginning.
I personally believe that they should have come up with a bug bounty LONG ago.
But that's kind of beside the point. My point is that, bug bounty or no bug bounty, obscurity or not and so on, these people aren't willing to ever share their precious edge over others.
If I didn't know some of the posters from the previous thread from the side of someone who permabanned some of them at least twice, I wouldn't be so sure about what I'm saying.
Some people are HELP I AM TRAPPED IN 2006 PLEASE SEND A TIME MACHINE, they enjoy having an edge. They're the people that lick *** at work trying to get a raise or a promotion. They're people who simply, it's that simple, want to be above others. They don't need to flaunt it, or at least only rarely, knowing they are above get them off.
These people aren't willing to report exploits, period. They are the people I speak of.
Now, what SE is doing is indeed HELP I AM TRAPPED IN 2006 PLEASE SEND A TIME MACHINE and stupid and it gives the people I speak of a good excuse not to do so. But they wouldn't do it anyway, so while the excuse is very easy to pull for them, it's ***.
Last thread I offered to anonymously report the issue to the devs directly. The issue could have been raised with 0 backlash other than the destruction of those who did cheat. People aren't interested in solving issues, period. The proof is here and with this thread, the Windower team is pretty clearly in the same bag as those people when it comes to this specific point. There are other people than me who have contacts with devs at SE and who are part of the community nowadays, some of them are much closer to the exploits than I am (not hard). These people weren't contacted either.
TL;DR: while the obscurity bla bla from SE is indeed stupid and counter productive, let's stop with the *** that it is what is stopping people from putting an end to specific exploits. That's total hypocrisy.
Server: Shiva
Game: FFXI
Posts: 243
By Shiva.Tahngarthor 2019-11-21 16:35:06
He didn't say its the only thing funding XIV, just that it exists to put more funds into XIV. I'd probably say that is right, and the profits XI makes go directly to it. Also where are you getting those numbers from?
It was widely reported back around shadowbringer's launch. Xiv has/had a sub count of 14 to 16 million.
These numbers are blatant nonsense, they are total characters made since launch (including rmt + China + free trial and everything else).
These are not active player numbers, the only active player numbers they ever gave was less than 1 million for all of their mmorpgs combined.
The site below scapes the ffxiv account website and shows active characters, which is just over 500k CHARACTERS (not accounts or subs even though people always try to pretend characters = subs) and you can have multiple characters per account for the base sub.
https://ffxivcensus.com/
Taking those numbers as subs is like hitting the database button to the left and saying ffxi has 100k subs.
Yeah, that link and all of those numbers (both the ones you're refuting and the ones you're suggesting to be accurate) are BS. Nobody but SE has accurate data and they aren't releasing it, so there's little point in discussing it.
SE doesn't release any actual data and there is no reliable way to gather it and make a claim unless you work within SE. Any and all numbers, from SE or otherwise, are largely made up. The best you can do is scan a server's zones and add up how many are in each and multiplying by the number of servers to get a VERY vague picture.
Server: Cerberus
Game: FFXI
Posts: 4415
By Cerberus.Senkyuutai 2019-11-21 16:37:07
Shiva.Tahngarthor said: »You know, I'm really sick of the "FFXI funds FFXIV" argument. FFXI's income is a drop in the bucket to FFXIV, which is plenty capable of supporting itself. Absolutely.
People who mention subs or accounts in general are HELP I AM TRAPPED IN 2006 PLEASE SEND A TIME MACHINE. FFXIV's cash shop alone is enough of an argument, anything else is superfluous and lacks relevance in 2019 (also works for WoW).
Asura.Chiaia
VIP
Server: Asura
Game: FFXI
Posts: 1656
By Asura.Chiaia 2019-11-21 16:40:12
Cerberus.Senkyuutai said: »FFXIV's cash shop Haven't touched 14 since like 1-2 monthes after it's first launch... Do they have loot boxes too at this point?
[+]
VIP
Server: Fenrir
Game: FFXI
Posts: 750
By Fenrir.Niflheim 2019-11-21 16:55:04
Cerberus.Senkyuutai said: »Last thread I offered to anonymously report the issue to the devs directly. The issue could have been raised with 0 backlash other than the destruction of those who did cheat. People aren't interested in solving issues, period. the Windower team is pretty clearly in the same bag as those people when it comes to this specific point. ...
What issue are you referring too, the one from the OP of this thread? and it is unclear what "devs"(SE or Windower) you are referring to reporting it to directly?
What issues are people not interested in solving? Botting, RMT, exploits? its unclear if you refer to all or one in particular.
Asura.Chiaia
VIP
Server: Asura
Game: FFXI
Posts: 1656
By Asura.Chiaia 2019-11-21 17:04:20
Cerberus.Senkyuutai said: »Last thread I offered to anonymously report the issue to the devs directly. The issue could have been raised with 0 backlash other than the destruction of those who did cheat. People aren't interested in solving issues, period. the Windower team is pretty clearly in the same bag as those people when it comes to this specific point. ...
What issue are you referring too, the one from the OP of this thread? and it is unclear what "devs"(SE or Windower) you are referring to reporting it to directly?
What issues are people not interested in solving? Botting, RMT, exploits? its unclear if you refer to all or one in particular. TBF reading their post makes it quite clear they mean official(SE) XI devs. I'd still like more information on what they meant with other things.
By Draylo 2019-11-21 17:07:57
Shiva.Tahngarthor said: »You know, I'm really sick of the "FFXI funds FFXIV" argument. FFXI's income is a drop in the bucket to FFXIV, which is plenty capable of supporting itself.
Aside from that, unless you have access to SE's internal budget documents and can see where income is actually being routed, you have not one iota of proof and it is 100% speculation based on what you want to believe. FFXIV doesn't need FFXI's money- there isn't any reason to do this whatsoever.
While it's probable to almost certain that the money that FFXI adds tr SE's coffers is used for various non-FFI-development related purposes, nobody making this argument can in any way prove *exactly* where every dollar of income on the game is going, and it could all be going just about anywhere- but FFXIV specifically is very unlikely at this point. Years ago before A Realm Reborn, yes, maybe. But not today.
Aside from that, the goal of any such game like this is to make a profit. And income - administrative expenses - salary of workers on the project = profit. Profit is what's left after the people working on the game (and related systems) are paid. SE can do whatever the hell they want with this money and there is nothing at all wrong with that, so I don't know why people keep bringing this up like it matters. Profit is specifically what *doesn't* go back into the game- Money that goes back into the game is not profit, it's an expenditure.
Go ahead and show me the budget sheet that shows where the net profits from FFXI are going. I'll wait.
Nobody is saying it directly funds FFXIV, but take an educated guess. The game has long passed its point where it recovered the cost to make it. It has been pure profit for them since ROV finished because they literally put 0 effort into the game outside of the monthly updates which probably take very minimal hours. So where is the rest of the money going? Certainly not back into the game to create meaningful content or expansions. That announcement they have planned for TWO YEARS in the future, I can't imagine much is going to that either.
It is definitely a fact though that when FFXIV crashed and burned, they siphoned every bit of coin they could from any IP to repair that garbage to the barely passable that it is today.
By clearlyamule 2019-11-21 17:18:35
Shiva.Tahngarthor said: »While it's probable to almost certain that the money that FFXI adds tr SE's coffers is used for various non-FFI-development related purposes, nobody making this argument can in any way prove *exactly* where every dollar of income on the game is going, and it could all be going just about anywhere- but FFXIV specifically is very unlikely at this point. Years ago before A Realm Reborn, yes, maybe. But not today. Oh yeah well I'm always sick of the argument you can't say blank funds blank unless you can show physical dollars changing one hand to the other... that's unrealistic, impossible, and kind of dumb.
First off there wouldn't be record keeping of that detail
Second it's all just electronic going into pools unable to be differentiated under most circumstances
Third the reason why it's dumb is there is no difference between it going to some other project and "other" money going to this one vs "other" money going to other project and this to this project. All sources of net income go to all sources of net loss.
All that said pretty as long as more money is coming out of it than going in kind of hard to claim anything is really funding it other than itself and it's running a profit no?
Server: Asura
Game: FFXI
Posts: 7
By Asura.Tiergan 2019-11-21 17:29:39
Ugh, I created a fork of what I'm guessing is the 'contaminated' lua. Someone I know that used it woke up with 7 cells a few days back. I feel awful
Server: Cerberus
Game: FFXI
Posts: 4415
By Cerberus.Senkyuutai 2019-11-21 17:42:57
Cerberus.Senkyuutai said: »Last thread I offered to anonymously report the issue to the devs directly. The issue could have been raised with 0 backlash other than the destruction of those who did cheat. People aren't interested in solving issues, period. the Windower team is pretty clearly in the same bag as those people when it comes to this specific point. ...
What issue are you referring too, the one from the OP of this thread? and it is unclear what "devs"(SE or Windower) you are referring to reporting it to directly?
What issues are people not interested in solving? Botting, RMT, exploits? its unclear if you refer to all or one in particular. I'm referring to the dupe exploit of the previous thread (medals etc.).
I'm referring to SE devs, since I'm referring to bringing up the issue to have it fixed with as few casualties as possible.
I was specifically referring to the exploit of the previous thread, the dupe one. But then, I was also referring to a couple pages where other exploits were briefly discussed and it was acknowledged that they were still available and people felt at peace that they could keep going at it.
People who've been permaban'd several times for exploiting/openly cheating.
They don't want anything solved, they just want to keep enjoying their edge.
Server: Cerberus
Game: FFXI
Posts: 4415
By Cerberus.Senkyuutai 2019-11-21 17:45:05
It is definitely a fact though that when FFXIV crashed and burned, they siphoned every bit of coin they could from any IP to repair that garbage to the barely passable that it is today. They siphoned the employees, not the money.
The money came from Tencent. Your fantasies aren't facts.
VIP
Server: Fenrir
Game: FFXI
Posts: 750
By Fenrir.Niflheim 2019-11-21 17:58:06
Cerberus.Senkyuutai said: »Cerberus.Senkyuutai said: »Last thread I offered to anonymously report the issue to the devs directly. The issue could have been raised with 0 backlash other than the destruction of those who did cheat. People aren't interested in solving issues, period. the Windower team is pretty clearly in the same bag as those people when it comes to this specific point. ...
What issue are you referring too, the one from the OP of this thread? and it is unclear what "devs"(SE or Windower) you are referring to reporting it to directly?
What issues are people not interested in solving? Botting, RMT, exploits? its unclear if you refer to all or one in particular. I'm referring to the dupe exploit of the previous thread (medals etc.).
I'm referring to SE devs, since I'm referring to bringing up the issue to have it fixed with as few casualties as possible.
I was specifically referring to the exploit of the previous thread, the dupe one. But then, I was also referring to a couple pages where other exploits were briefly discussed and it was acknowledged that they were still available and people felt at peace that they could keep going at it.
People who've been permaban'd several times for exploiting/openly cheating.
They don't want anything solved, they just want to keep enjoying their edge.
Literally anyone can report an exploit with "0 backlash" to themselves to the STF if it is a known exploit, just go report it here:
https://support.na.square-enix.com/contacttop.php?id=20&la=1
Just scroll to the bottom of the page pick "other" and explain the exploit in detail, that is how we reported the one in the OP of this thread. Took me maybe 5 mins to find that link, wasn't that hard.
But this does nothing for reporting a well kept secret... which is what the bug program would address, BECAUSE it empowers "good" users to hunt exploits and report them. You cant look at some packets and be like "bet this can be exploited", basically all fixes SE makes to reported exploits are server side and we can not see how it is different from before or after the change. You have to test the interaction to see if it is flawed.
[+]
Asura.Chiaia
VIP
Server: Asura
Game: FFXI
Posts: 1656
By Asura.Chiaia 2019-11-21 18:11:21
I mean this would NEVER be done but setting up a new "test server" and handing us(the whole XI community) the packet handler code would pretty much fix almost everything. I know pipe dreams...
This morning (November 18th, 2019) we were contacted by an anonymous user who had discoverd a serious flaw in certain modified versions of the unsupported voidwatch addon that has been widely distributed throughout the community. Use of these modified versions of the addon could result in a ban. In light of recent events and the likelihood that users could unintentionally trigger this flaw we felt it was necessary to bring this to the community's attention.
We have contacted the author and confirmed that the original version distributed at the link below does not have this flaw. We believe this flaw was initially benign, but became exploitable following the emergency maintenance on November 13th, 2019; however, we cannot be certain of this. We will not provide details of how to exploit this flaw, and this issue has been reported to SE.
The original unmodified version of the voidwatch addon can be found at https://www.dropbox.com/s/ex1jtgqz4jtmxd8/voidwatch.lua?dl=0
This addon is not distrubuted by Windower, and is not endorsed by us in any way. Use at your own risk.
|
|