Have you ever wondered how exactly, how an exploit is found? Rarely it's luck. More often, it's a trained mind. Someone who has the knowledge of what to look for - sometimes, even a team of minds is needed to figure out how to use a bug to our advantage. And using a bug to our advantage, is the definition of an exploit.
So to find an exploit, the first thing we need to recognize is that every game has them. Whenever a patch comes up, it will fix one bug, but likely create another, possibly several. How severe that bug is, can determine how severe the exploit is. For example, one the highest coveted types of bugs, is the dupe bug. A dupe bug, is an exploit, which is used to create a duplicate, either of items or gold. A dupe bug is created, with a combination of things, however it's usually server lag of some sort, a slow save system, and figuring out how to use an opportunity to our advantage. The longest running dupe bug in history, was just fixed in EverQuest. It ran around 15 years. The previous record, was 5 years, with Asheron's Call.
Finding Bugs
So again, to find an exploit - whatever kind that bug may be, we first need to find a bug. A bug is found when you do something, and an unexpected occurrence happens. If you do this, you may have found a bug. But now comes the hard part, repeating the bug. When we repeat the bug, we need to find out exactly what happened, and repeat the process over and over, until we are able to get at least a 20% repeat rate. So if you can do the same thing over and over, and 1 of 5 times, the bug occurs, you found the bug.
Creating the Exploit
But finding the bug is only half of the equation. Applying an exploit, that's the hardest part. It's a matter of finding how a bug can be used to our advantage. It's not unheard of for one person to find a bug, and another to find a way to use that bug.
For an example of creating the exploit, I am going to go way back here, back to around 1999. It was my first MMO, it was Asheron's Call. I knew the basics of how dupe bugs worked, but the hard part was creating server lag strong enough to lag it for others who were not looking at the same area, but still slowing the server to a crawl. So it was noticed that if you shot arrows within a nearby tree, the arrows were able to be retrieved. Shoot enough of them, and the items wouldn't decay fast enough. This created server lag. But it couldn't be done with just one person. Several archers needed to shoot the arrows into trees.
So that's the first part of the equation. The second part is knowing how the system saves. If you are able to transfer items back and forth fast enough, while creating server lag, then it's possible to dupe one or more items. In Asheron's Call, all we needed to do was drag and drop a pack full of items to another person, there was no trade confirmation. Whenever a person receives and another sends an item, then the server should save the transfer from one person to the other, but with server lag, part of the equation was missing. This introduced a major dupe bug, which took several months for Turbine to fix. Sometimes it's one person, sometimes it's more.
So to find an exploit, the first thing we need to recognize is that every game has them. Whenever a patch comes up, it will fix one bug, but likely create another, possibly several. How severe that bug is, can determine how severe the exploit is. For example, one the highest coveted types of bugs, is the dupe bug. A dupe bug, is an exploit, which is used to create a duplicate, either of items or gold. A dupe bug is created, with a combination of things, however it's usually server lag of some sort, a slow save system, and figuring out how to use an opportunity to our advantage. The longest running dupe bug in history, was just fixed in EverQuest. It ran around 15 years. The previous record, was 5 years, with Asheron's Call.
Finding Bugs
So again, to find an exploit - whatever kind that bug may be, we first need to find a bug. A bug is found when you do something, and an unexpected occurrence happens. If you do this, you may have found a bug. But now comes the hard part, repeating the bug. When we repeat the bug, we need to find out exactly what happened, and repeat the process over and over, until we are able to get at least a 20% repeat rate. So if you can do the same thing over and over, and 1 of 5 times, the bug occurs, you found the bug.
Creating the Exploit
But finding the bug is only half of the equation. Applying an exploit, that's the hardest part. It's a matter of finding how a bug can be used to our advantage. It's not unheard of for one person to find a bug, and another to find a way to use that bug.
For an example of creating the exploit, I am going to go way back here, back to around 1999. It was my first MMO, it was Asheron's Call. I knew the basics of how dupe bugs worked, but the hard part was creating server lag strong enough to lag it for others who were not looking at the same area, but still slowing the server to a crawl. So it was noticed that if you shot arrows within a nearby tree, the arrows were able to be retrieved. Shoot enough of them, and the items wouldn't decay fast enough. This created server lag. But it couldn't be done with just one person. Several archers needed to shoot the arrows into trees.
So that's the first part of the equation. The second part is knowing how the system saves. If you are able to transfer items back and forth fast enough, while creating server lag, then it's possible to dupe one or more items. In Asheron's Call, all we needed to do was drag and drop a pack full of items to another person, there was no trade confirmation. Whenever a person receives and another sends an item, then the server should save the transfer from one person to the other, but with server lag, part of the equation was missing. This introduced a major dupe bug, which took several months for Turbine to fix. Sometimes it's one person, sometimes it's more.