Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Coin Exploit
ShiKage Wrote:What they SHOULD do is make you show proof of identity. Using social security numbers is a bit if a personal identification security risk. :|

When you sign up and play (and when you go to log in after they implement the thing), they should make you have a photocopy of your ID, proof of residency (to prevent foreigners outside the service region) and possibly birth certificate to prove you are who you claim you are.

It should be just like getting a driver's license or getting a job.

In with absurd signing up requirements, out with profits. Again, Paul's post is a perfect example of why none of this stuff will happen.
Reply
Kalovale Wrote:Jokes aside, you don't need to keep banning people. Just some serious PR that delivers the message should be good enough.
"People, we don't want hacking to continue, so if you, in anyway, are deemed involved with hacking, you will be dealt with accordingly."
With basil and whatnot out there, I'm sure that even a couple tens of cases of serious punishment would adequately educate the mass.
Surely, they WILL always want to exploit, but once the seed of fear has been planted in their mind, it's hard to actually not think twice.
I'd also LOVE to see people getting C&D letters together with some $5000 bills in the mailbox. But that's uh, rather far-fetched.

The general point is that most of the people we have to deal with, hackers and exploiters alike, are merely sheep. Once you've scared enough of them, the rest will follow suit.

The fact that Nexon has kept silent about their way of dealing with exploits in the past 6 years seems to suggest that they frankly don't care at all to me, which I have to admit is a pretty darn good reason in and of itself to exploit the f'uck out of this pomegranate for the sake of exploiting.

Any sort of letter in the mail will hit home quickly, whether its a C&D or a full lawsuit for the larger hacker names.

Viaje Wrote:That's unfeasible.
Going after individual script kiddies is a losing battle.
Cease and desist letters don't mean pomegranate and will just cost money to track down the accounts, locate the users, and send the letters.

What they can do is go after sites like GK and W8 that make money by selling access to the hacks.
The reason hacks are so prominent is because people have turned it into a pineappleing business.

Why is it unfeasible, it can be easily accomplished, just need a single staffed attorney the paralegals use a format to send those things anyways. Cease and desist letters are the warning, I do not know where you are getting they mean pomegranate from. If the hacking continues and the parents throw their computer out the window, then you turn up the heat. Besides it will not require a lot of them, just a few to spread the fear.

FoolsLove Wrote:I can't help but wonder why they continue to allow W8 and GK continue. They went after GameCheetah and got that place shut down, and they obviously have to know about W8/GK, since all it takes is a simple google search to find the sites.

I read somewhere that the server is based in Australia or elsewhere outside the US, which makes it harder to shut down than the others, but I do not know about that. It was a long process to shut down some of the bit torrent sites outside the US
Reply
ShanghaiDizzy Wrote:You sure about that? Giving your SSN to a a company with faulty database security like Nexon?

Well to be fair... there hasn't been a case that i know of where credit card using players have had their credit card information stolen through Nexon. That I am aware of.

ShinkuDragon Wrote:i know, however, this isn't USMS is what i meant, people from different places with different ways of assigning a SSN will try to play, if it was like KMS, which is korea-only, then i would see it ok, but seeing how it's global MS, not everyone who qualifies to play can have a SSN.

that's why i agree with shikage, provide proof of who you are to play.

THEN AGAIN, not like it's gonna be implemented.

I agree that we'd be better off with that method instead. Pipe dream it is i'll admit though... I remember hearing about the backlash WoW got for trying to force players to use real names on forums. Pretty sure hell would break loose at the thought of such requirements here then.
Reply
ShinkuDragon Wrote:i know, however, this isn't USMS is what i meant, people from different places with different ways of assigning a SSN will try to play, if it was like KMS, which is korea-only, then i would see it ok, but seeing how it's global MS, not everyone who qualifies to play can have a SSN.

that's why i agree with shikage, provide proof of who you are to play.

THEN AGAIN, not like it's gonna be implemented.

This hasn't been Global MS for quite some time.

While none of these methods will ever actually be implemented, ShiKage's method is far less viable. A far greater portion of the player base would be able to provide an SSN because everyone born in the US is given one, as well as other countries. To provide evidence like ShiKage suggested would mean people have to scan or take pictures of that information to send to Nexon, which most people are unable to do. Nexon already requires that to change the e-mail on account, and you can see threads on here of people saying that they're not able to do it.
Reply
shouri Wrote:Oh that's easy to figure out. It's just a function of your birthday, city, and real name anyways:

it's in the format of
xxx-xx-xxxx

((Note: to figure it out... you need to know how to do modular arithmetic. The easy explanation is with an example.

9 mod 6 = 3 because when you divide 9 by 6, you get three as the remainder.

So for example 15 mod 7 is 1. This is because 15, when divided by 7, yields a result of 1.

To find this number you can always just subtract the 7 from the 15 until you get a number less than 7. 15 -7 = 8 (keep going). 8 - 7 =1 (stop here) ))




You see:

the first three numbers are the last numbers in your birthday segments of MM/DD/YY, but then you do funky stuff with them.
So if you were born on jan 1st of 1980 -> 01/01/80

Then the first three digits are 110. You then raise this number to the power of the day you were born and take it mod 1000.

So you'd have 110^(1) mod 1000 which is still 110. There will be overlaps of course, but the next two parts take care of that:


The next two numbers are also a bit tricky: For that you have to take your hair color upon birth in RGB scale, which will then be converted to hex.

It'll be in the form of yy-yy-yy where y is between 0-9 and a-f. You take the month you were born in (mod 6) and the day you were born in (mod 6). And whatever numbers you get determine what position to use from the yy-yy-yy form for your two middle ssn's.

Ex: say your hex is fa-51-9a and your birth month is september, the 9th month. Well 9 (mod 6) = 3 thus you use the third number (5). ((if you were born in january you'd use f, but since f isn't a number you convert it to decimal and take it mod 10. In this case f = 15 in decimal (mod 10) = 5.))

Since your birthday is 1/1/80, you would use 1(mod 6) as your first number spot and 1 (mod 6) as your 2nd spot. Meaning you'd take that f twice which translates to 5 and 5.

So your SSN so far is 110-55-xxxx

The last four digits are done by gender. With a code: Male = 1, female = 2, other = 4. (done in powers of 2, so dont ask about why there's no three.) Basically you take your birth city's name. Take the total length of the city's name, raised to the power of your gender code then raise that to the power of your birth month + date and take it (mod 10000). In this example's case:


Let's say the city is 12 letters long. And the person is a female recall birth date is 1/1/80. We'll take 12 ^2 (which is 144).
Then we take 144 ^ (1+1) which is 20736. We mod this by 10000 to get 736.


So your SSN is:

110-55-0736




Hope this helped :3

Lol.
Reply
Seanny Wrote:Well to be fair... there hasn't been a case that i know of where credit card using players have had their credit card information stolen through Nexon. That I am aware of.

That's because player credit card information isn't stored in a database.

What they should do is use a phone confirmation system. A confirmation pin/text is sent to your phone where you must comply and return the correct pin/text to activate the account. Phone information is stored in the database. When people get banned, all accounts linked to the phone number are then shut down/banned. People may have access to multiple phones and they can change their numbers, but the difference here is, they have a very limited amount of chances to get away with hacking when actually caught.

Major problem I foresee with this is the difficulty to access non-US players.
Reply
They've done MAC address bans before and it's really the most effective way of dealing with this. If they did this each time there was an exploit to EVERYONE and not just a select few, you could be darn certain the general public would think twice before touching hacks.

What happened during the mesos exploit last fall was more or less any account he exploiter logged in prior to the exploit got owned, even if they logged in just once under the same computer. If they continued doing this, then you weed out all the leechers and leave only the actual hardcore hackers, which is fine by me, cause you probably won't get rid of them anyway.

They did similar bans for dupings recently, so I know they try, just people aren't always aware.
Reply
FoolsLove Wrote:This hasn't been Global MS for quite some time.

While none of these methods will ever actually be implemented, ShiKage's method is far less viable. A far greater portion of the player base would be able to provide an SSN because everyone born in the US is given one, as well as other countries. To provide evidence like ShiKage suggested would mean people have to scan or take pictures of that information to send to Nexon, which most people are unable to do. Nexon already requires that to change the e-mail on account, and you can see threads on here of people saying that they're not able to do it.

it's global MS in the sense that if a country doesn't have a MS of their own/designated to them, they are to play this one. if not, i wouldn't have been able to create a few accounts later on.
Reply
CautionSin Wrote:Lol.

At least someone appreciated it xD

I was REALLY bored. And I tend to do math when I'm bored. Otherwise I'm just lazy *points to user title*
Reply
Nexon don't need to limit or complicate the ability to create accounts. What they need to do is prevent hacks.

1) Don't trust the client. I mean, for crying out loud! Every single hack and exploit in this game is the result of the server blindly accepting whatever the client (perverted by hackers) tells it. They really should have learned better by now.

2) Limit NPC interactions. Allow one NPC interaction every 2 seconds. After 100 interactions, a 10-minute cooldown. This would mean that even if an exploit is found, it can't be botted too fast.

3) Keep an eye on the game. And the forums. Find some trusted community representatives and give them a phone number to call. It's absurd that when a hack goes public and *everybody* in the game knows about it, Nexon's own forums are full of hysterical messages, tickets are being logged left and right - and Nexon is oblivious because -Hime-'s not at her desk and nobody else is paid to care.

4) Code automated health monitors. Make things like an unusually big rise in total meso in the server, or number of people in towns, or characters created per hour, raise a red flag.

5) Lurk hacking sites. Pay for VIP membership. Keep developers whose #1 priority is to patch exploits. Make it so any hack that isn't kept strictly secret by its creator, has an expected lifetime of just a few hours.

I'm sure there are other measures that could be implemented. But first Nexon has to be made to care. Like, to understand hacking costs it money. Seems it doesn't.
Reply
Made a post on the nexon forums asking what would happen if a number of players decide to
keep their exploited scrolls from discussions/"protests" on basil and it was deleted rather than locked
along with two similar threads while the other duplicate topics remained.

Any other restricted subjects regarding the exploit on the forum?
Reply
 Spoiler

This doesn't work. My social security number is not the result that you claim it to be. In fact, it causes my first three digits to become two digits, which is an obvious indicator that it failed.

Also, you can't convert "black" to hex. Only a number can be converted to a number, and I'm pretty damn sure the government doesn't take a photo to determine the number value associated with some random shade of black.

Finally, the last bit also failed to predict properly. In fact, I tried every single number as the base up to 30 and it still failed to predict my social security number.

This fails.
Reply
2147483647 Wrote:
 Spoiler

This doesn't work. My social security number is not the result that you claim it to be. In fact, it causes my first three digits to become two digits, which is an obvious indicator that it failed.

Also, you can't convert "black" to hex. Only a number can be converted to a number, and I'm pretty damn sure the government doesn't take a photo to determine the number value associated with some random shade of black.

99 -> 099 obviously. And remember, I said your hair color in hex. Thus if your hair was perfectly black it'd be 000000. Since it's not perfectly back it'd be more like 030303 maybe. It's all done at birth. You're just not aware of it.
Reply
shouri Wrote:99 -> 099 obviously. And remember, I said your hair color in hex. Thus if your hair was perfectly black it'd be 000000. Since it's not perfectly back it'd be more like 030303 maybe. It's all done at birth. You're just not aware of it.

Explain, then, why the first three and the last four digits failed. I know my birthday and my birthplace. According to you I should be able to obtain the right numbers.
Reply
Because your parents lied to you and didn't tell you your actual SSN and your card is a fake of course. Don't diss the math :O

 Spoiler
Reply
I know all the info you asked for and crunched the numbers in the exact way you prescribed where I could. I wasn't able to crunch the middle two digits, but judging from the results for the other two calculations, I have high doubts that your calculation for the middle two digits is valid.

Obviously, you have no idea what you're talking about, so stop derailing the thread with your nonsense.
Reply
People in bera are selling bundles of 100 scrolls for a measly 7mil. What is this madness!!
Reply
2147483647 Wrote:I know all the info you asked for and crunched the numbers in the exact way you prescribed where I could. I wasn't able to crunch the middle two digits, but judging from the results for the other two calculations, I have high doubts that your calculation for the middle two digits is valid.

Obviously, you have no idea what you're talking about, so stop derailing the thread with your nonsense.

Haha, lols, STILL haven't realized that was all a joke? My god. lols.

Guess I'll apologize.

I'm sorry for posting something which was so ridiculous that I thought it would be obvious it was all a joke/ funny lie. Never thought someone would ACTUALLY take that seriously.
Reply
shouri Wrote:Haha, lols, STILL haven't realized that was all a joke? My god. lols.

Guess I'll apologize.

I'm sorry for posting something which was so ridiculous that I thought it would be obvious it was all a joke/ funny lie. Never thought someone would ACTUALLY take that seriously.

I realized half way in, somewhere around the hair color and hex value part.

That's Harrison for you, though.
Reply
Thugnificent Wrote:People in bera are selling bundles of 100 scrolls for a measly 7mil. What is this madness!!

Huh? Aren't they untradeable?
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)