Wednesday, March 21, 2007

The Final Entropia Exploit

I think Mindark does a good overall job of dealing with exploits that pop up in the system. In years past their response was sluggish, but that improved drastically. Such exploits' existence is inevitable in a game where the envelope is constantly being pushed. There's real money involved, and its a free download, so you can bet EU will host a good number of would be cheaters with nothing to lose. The only variable is how Mindark deals with them.

Last year we saw countless well known players locked, short term and long, for attempts to cheat the system. From the "101 Auction Bug" to hardcore use of hunting bots, Mindark made it clear that they would show no tolerance for those trying to cheat the system.

Mindark should be applauded for their crackdown. But this trend of behavior compels me to ask - why doesn't Mindark eliminate the final exploit that their software specifically enables?

I'm talking about Follow Bots.

Follow Bots are a simple exploit. A player logs into EU on a second PC with a secondary avatar (which is illegal). They equip an expensive FAP (med kit), turn on an autoclicker, and then command their secondary avatar to follow their primary avatar. Whenever the primary avatar gets hurt, the Follow Bot automatically heals them. One player is now driving a team of two.

At this point, the primary avatar can walk around and hunt without Armor, and without ever having to stop to FAP themselves. This technique allows those who use it the ability to leverage their $25k FAPs to exploit the system. How? By not paying armor decay. By not having to FAP themselves, reducing a mobs regen. By not having to employ the services of a medic.

Consider these screen shots. Here you can see one of the games most highly regarded players employing a medic. I am not implying that he is using a Follow Bot in these screen shots, but if someone were to do so, this is what it would look like.

Here you can see the scan of our player, blasting away without the need to wear armor (which decays at a high rate) or stop to heal himself (during which time he can't be firing, and during which time the mob's health regenerates). He is hunting the biggest mob in the game, the Daspletor, naked. You read that correctly, the games biggest mob does not require armor using this method.


And here you can see a scan of a low skilled avatar. Low, that is, in everything but his medical skills, which seem to be quite robust for such an inexperienced avatar. This avatar has also been entrusted with a $25k FAP, the most sought after item in the game. I'm sure that in this case it was just a friend who was doing the FAPing all day, but it does a good job of illustrating how the exploit could be used.

Follow Bots have existed in EU for quite some time. Their ability to track and follow the primary avatar's movements are quite sophisticated. The irony being, of course, that Mindark built this sophistication into Entropia. The Follow command is rarely used for any required activities, and it's removal would not be missed by many.

Hunting big game in EU isn't usually profitable. But when such an extreme advantage can be leveraged, you have to wonder when the proverbial dung is going to hit the fan. An ATH to a Botter is only a matter of time.

I can hear the objections already! Of course you can lend your FAP to your brother and make him follow you around for a 16 hour hunting session. (I'm amazed at how many EU players have patient, inexhaustable brothers) But if you find that without the Follow command he is no longer willing to mindlessly FAP you for 16 hours a day, put on some damn armor or hire a medic. Either of those options drive the economy and deny Follow Botters the benefits of this final Entropia exploit.

22 comments:

Jorael said...

Yep, autofollow really doesnt have any function ingame other then to put it on and be able to do other things while your avatar runs around or does things automatically, like Fapping.

In EU, if you do something for long enough, over and over again, that can mean big profits or big losses.

Hunting the most powerful mobs, without armor decay, using a super economical fap and shooting without breaks... if repeated for long, will give a player a supreme advantage over others.

Personally i don't want to see anyone burned, as if they are indeed using this exploit, its Mindark's fault for having an autofollow ingame.

If there's a solution to this, it would be Mindark removing this function.

Hanne said...

We managed fine without autofollow before it was implemented so I dont see why we can eliminate the problem by removing this feature.

Sure autofollow is great for following noobs or letting your avatar follow your huntingpartner while you go take a piss, but thats about it. It does allow beeing afk.

I dont really see why we need it tho, steering the mouse doesnt cause RSI, repeatadly clicking does. So thats not the reason.
Its just a implementation that rarely gets used exept for those who choose to exploit it.

-Skam

Anonymous said...

Hmm, I use autofollow all the time. Specially when teamed, or when I lead some noobs on TP runs they use it on me. I'd be sad to see it go, but then again, maybe it's for the best :) -CF

Matt Barlow said...

All MA need to do is disable actions whilst in follow mode.

haha Dub, I love all the implied guilt stuff.. of course I'm sure it's his brother too.

Come off the fence though and make your claims explicit :D
- VV

Anonymous said...

Jealous leeds to greed then leads to hate then leads to suffering, is true in this case.
Without the high end players in this game there would be no game. Besides its not like its cheap hunting those highends mobs even with good gear. All I see in this post is that there is alot of jealous people that has no way of getting close to some highend players even if they would deposit 500.000$, and there are just to many people playing EU without any sense or honor or dignity. I dont even wanna go into the "hiding who was scanning with black" Because its prolly another jealous friend of the person that posted this.

Master Bator said...
This comment has been removed by a blog administrator.
Dub said...

Should we not be able to discuss how to improve EU, anonymous? If it were perfect, it would be the most popular form of entertainment on the planet. But it's not. Yet. You can keep your anonymous head buried in the sand while the rest of us try to move the discussion forward.

Anonymous said...

All you are saying is that the rich and powerful should not be punished for their crimes like everyone else. You my nonfriend.. are the the kind of person that ruins the world. Broken rules = punishment.

Anonymous said...

Exactly, same rules for everyone.

Dub said...

There's no punishment needed for anyone, that's not the point. I'd just like to see a fix implemented.

Randy said...

LOL..I luv what Anonymous #1 said...yeah I'm soooooo Jealous!

Yeah Right!

I'm glad to see exploits like this going "viral" as at some point in time somethings going to get done about it.

Better watch out tho..no doubt a certain "influential" person will magically appear here waving the EULA in your face!

Cougar said...

Autoclickers, fapbotters, bug exploiters:
Ban'em all!!

Make cheaters fear cheating!

Xerogs said...

I have to agree with Matt here just remove the actions while in follow mode that way those who use it (just to follow other avatars) will still have that option and the potential to exploit that mode is gone.

Either that or have Mindark officially come out and say its a feature and implement an ingame autoclicking or batch mode device to compliment it.

Mindark has changed such things in the past like mob trapping so I don't see why they would not do it now. I am sure they can tell when its being used inappropriately I mean they did some how sniff out the people using bots to hunt.

Kipp Shives said...
This comment has been removed by the author.
Kipp Shives said...

Nice to see this on your blog, guys, since it would never, ever, not in a million years be allowed to be discussed elsewhere.

Of course, the autofollow should be fixed to not allow untiresome relatives to follow along and fap, fap fap.

No comment as to whether this was done in this example, but if it were, no player should be exempt from a lock down by MA.

- Skippie

jason said...

Your whole entry presents the screenshots as an example of what you imply quite clearly is a "fapbot" despite your weak disclaimer. You then show a screenshot of the HoF list with Skalman's name three times in succession. Very clearly your are implying that this avatar achieved those loots "unfairly". The manner in which you present your argument allows for no other conclusion.

This is the part I believe is unfair:
You, I or any other participant or observer has no way of determining from a simple static screenshot if the avatar fapping Skalman is being controlled by a human or not.

Also, a large part of your case relies on the argument that employing a fapper (whether human controlled or otherwise) allows for some kind of "unfair advantage".

Let's take a hypothetical example:

A highly respected avatar (let's use Optima as an example) hires another avatar (let's use me as an example) to fap her with a Mod FAP while hunting Daspletor Youngs. Does Optima not in this case gain the very same advantages you describe in your blog? Is this a case of exploitation? Very few would agree, and in fact it seems quite clear that Mindark envisioned some sort of Paramedic profession by allowing one avatar to heal another, and creating many medical related skills.

Thus, the debate seems to center not on the employment of a fapper, but rather on the use of multiple avatars while hunting. Such cannot be determined from a simple static screenshot, but rather can only be confirmed or disconfirmed by examining data logs relating to IP addresses, MAC addresses, avatar clicking behavior, etc. Only Mindark has such logs to make that determination, and of course they are the only entity with any authority to enforce the EULA in any case.

Therefore, posting this information in such a manner seems very irresponsible to me, because it unfairly casts a bad light on the avatar you "innocently" chose to use for your example. Your disclaimer does very little to affect the quite clear implication you are making in your blog. You really leave no other conclusion for readers to draw; the juxtaposition of the screenshots and your argument is in my opinion a clear case of irresponsible and politically biased reporting.

Patrikd23 said...

Well said Jason, you are head on to the point and very well written to so its understandable. Hanging out Skalman like they why the people in this posts did is not right, and then they say "I am not emplaying its him. And I agree with you Jason. Good post

Bazilio said...

In addition to this post, I would be glad to read your future post dub on also very controversial topic: auto clicking in crafting.

And let’s say you would use hmmm… Auktuma as your example..? Please pm him 1st and when he doesn’t reply, take a few screenshots black out your name and post here so we all can express our opinions.

Xerogs said...

While many have commented on this post and expressed their opinions and even suggested solutions about this potential exploit in Entropia Universe, I think we all need to ask ourselves the basic question this post has brought up. Do you feel that having a Second personal avatar(against the EULA <- Entropia Universe License Agreement) that Auto mouse clicks(against the EULA) and is put on auto follow mode(implemented by Mindark) is an exploit that should be corrected?

Myself see the potential exploit in a second personal avatar autoclicking a FAP that is set on auto follow. Do away with that potential and the exploit is nullified. I don't think Mindark needs to do away with the follow feature since many use it exactly how it was intended to be used.

I know this post has caused some controversy but I think it pales in comparison to the controversy that would arise if lets say someone was hunting a big mob(hard creature) got a really big loot(beyond #1 ATH level) and their Healer (fapper)kept Healing(fapping) and never said Grats or OMG great hof and in fact kept doing exactly what it was set up to do mindlessly fap and follow.

neomaven said...

Xerogs,

So in your mind that is a justification to unfairly and irresponsibly post an article like this, which essentially accuses a highly visible and recognized participant of fraud and exploitation, based on very shaky second-hand screenshots, assumptions and suppositions?

That's about as far from responsible and fair-minded journalism as one can get. Perhaps the name of this blog should be changed to EntropiaEnquirer then.

If an article like this were posted in a real-life newspaper, with such reckless disregard for rigorous fact-checking and standards of journalism, a defamation lawsuit would be filed so fast, the editor's head would spin. But alas, this is the wild, wild west of the internet, where any monkey with a keyboard can defame and slander anyone he likes, with little or no consequences. A shame, really. This could have been a very wonderful site, and a great way to increase the (postive) exposure of EU to the rest of the internet audience.

neomaven said...

Just to point out, the comment made by "Jason" above, is me. I have changed my Blogger usertitle so that people here will recognize my posts.

Dub said...

If I were in your position, I would come to the defense of the leader of my society as well. No doubt about it. I would ridicule the vehicle and the style with which the message was delivered. I would speak condescendingly about the discussion and anyone that takes part in it. I would offer up a variety of off topic anecdotes like "I can kill xyz without FAPing." I would relentlessly hammer home the point that screen shots prove nothing. All the while I would surreptitiously avoid the real topic at hand.

It’s a legit problem, it happens often, and you know it. Everyone knows it. Can it be proven? No. Never. Nothing can be "proven" by players. Fact checking? Are you insane? Guess what - we don’t have a forensics team descending on some guy playing EU in his boxers, either. In your world we should therefore suspend any semblance of common sense, dodge the issue, and throw up a snowstorm instead.

Follow bots have been used extensively in EU. The software needs to modified to prevent their continued exploitation. That’s the bottom line. No one has been "essentially accused" of anything other than providing the perfect illustration of how such tactics could be employed. We’re working to improve EU here, so if you want to continue to indulge in a self-posturing exercise, I kindly request you do it elsewhere.