Forum Settings
       
Reply To Thread

Warning: Possible exploit in FF14Follow

#1 Nov 08 2013 at 2:18 AM Rating: Excellent
Avatar
*
53 posts
http://www.reddit.com/r/ffxiv/comments/1q5s10/apparently_people_are_losing_gil_at_the_summoning/

I'm not sure on how right or wrong that information on reddit is, but just be aware of a possible exploit that could drain all your money

Here is a post on official forum by someone affected:
http://forum.square-enix.com/ffxiv/threads/116540-Market-board-forced-to-buy-an-item-on-the-board-while-not-at-the-market-board?p=1533847&posted=1#post1533847
#2 Nov 08 2013 at 3:36 AM Rating: Decent
Scholar
****
4,506 posts
Yeah, i saw that. Apparently the servers SE programmed are so incredibly trusting of whatever information gets send from the client that they blindly accept it. It's incredibly stupid and it's the first thing they should program.

Server: Hello "player 100000", would you like to buy that bonechip from "player 100000" for 3 milion gil off the marketplace?
100000: But i'm not player 100000, i'm player 100001.
Server: Alright then, i'll take 3 milion gil from player 100001 and add one bonechip to their inventory!
...
Server: Hello "player 100000", someone bought your Bonechip off the marketplace for 3 milion gil!

Eventually they're going to come across the ID with blind number guessing of a GM with infinite gil and we can all come back when 3.0 comes out.

Seriously, doesn't SE think about things before they code them into the game. People were already able to spoof false "Quest completed" prompts from the server, and they said they fixed it. This was the most logical step, but it seems SE's servers are as trusting as ever.

Also see:

"Hey server, i'm not standing over here, i'm standing over there" - Teleport hacking
"Hey server, my maximum run speed is actually X you know" - Speed hacking

Most likely things to follow:

"Hey server, this bonechip in my inventory is not a bonechip, it's actually a sack of Gold Allegan coins x99" - Inventory spoofing.
"Hey server, person X that came to take a look at me is actually a banned player. Didnt you know? Now you do" - Banning/Unbanning
"Hey server, player Y bought gil off my website, instantly add 3 mil to his Gil amount, would you?" - gil hacking

Seriously, i dont care if SE has to shutdown for a week over this. A server this trusting of whatever information the client sends it should be fixed ASAP.

If they get banned now, they'll just make a new account and do the same thing in seconds again. And it will be atleast a week of free-roaming before SE finds out again.

Edited, Nov 8th 2013 10:37am by KojiroSoma
____________________________
[XI] Surivere of Valefor
[XIV] Sir Surian Bedivere of Behemoth
http://na.finalfantasyxiv.com/lodestone/character/2401553/
#3 Nov 08 2013 at 11:54 AM Rating: Decent
Scholar
36 posts
I got a new gill spammer the other day.

Hello, my name is X and I have over 300 million gill I want to sell, please Skype me at X for more information.........
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 82 All times are in CST
Lyrailis, Anonymous Guests (81)