SimCity Always-Online DRM Lets Hackers Play Godzilla With Anyone's Cities

from the go-go-godzilla dept

It seems that everyone is giving EA and Maxis quite a bit of grief over the SimCity debacle. The game's launch was, um, not great. The backlash against the game's producers was worse, all the more so once the lying began. But late last week, new evidence was uncovered that suggests perhaps we've all been a little bit unfair to EA and Maxis. What if I told you that the always-online game architecture enabled you to be what all of us have secretly wanted to be since we were very, very little children?

Godzilla
Well, hello, childhood fantasy o' mine. I didn't see you standing there.
Image source: CC BY 2.0


Yes, as Kionae alerts us, one (unplanned?) consequence of requiring online saves for your SimCity games is that anyone with a bit of hacking skill can visit your city, put some Blue Oyster Cult on in the background, and wreak the kind of havoc normally reserved for Japanese nuclear monsters. See, you can, were you so inclined, enter the save game city of another person, and then completely edit or destroy their loving creation like some kind of digital psuedo-god.


Pictured: Omnipotence


Just so we're clear, this is only possible because of the EA always-online requirement.

It's still awesome because this hack is only as destructive as it is because of EA's decision to make the game always-on. If the game hadn't had always-on DRM then this hack wouldn't be half as devastating as it is. Having EA delete these kind of topics from their forums is great damage control but don't be surprised if there's another furor when people start raging on the forums when some hacker decides to go through and Godzilla everyone's town. Enjoy.
Enjoy indeed, as long as that enjoyment happens outside of EA's forums. As noted above, the company is enforcing their TOS rules on their forums and deleting all topics relating to these kinds of hacks. Why? Well, because when a dingo is chewing on your arm, the best defense is to place your noggin lovingly into some sand to make it all just disappear. Or, if that doesn't work, you could always just apologize for what is becoming the greatest video game debacle this side of a Duke Nukem game, but I'm not holding my breath.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: broken, destroy cities, godzilla, hacking, simcity
Companies: ea, maxis


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 Mar 2013 @ 12:16pm

    figures

    ASSUMING DIRECT CONTROL.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2013 @ 12:28pm

    Should try and get an interview with EA's executives.

    Interviewer: Question #1, have you at any time in your life, played a video game?

    Exec: Well no, i can't say that i have.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2013 @ 12:29pm

    Uh oh, I suddenly find myself wanting very badly to purchase this game.

    link to this | view in chronology ]

    • identicon
      Lord Binky, 18 Mar 2013 @ 12:38pm

      Re:

      I don't know what it is about destroying other people's work that sounds like so much FUN. If this destruction couldn't be undone, it might actually be the first justification of always-online play and data storage that I would agree as being significant to everyone's gameplay.

      link to this | view in chronology ]

      • identicon
        anonymouse, 18 Mar 2013 @ 12:53pm

        Re: Re:

        No it would point to people rather having offline games files that nobody can hack into or change in any way, have you ever played a game? Seriously either you have never ever played a game or you are an EA exec trying unsuccessfully to con people into thinking EA has better server side security than people have on their own computers, you do know what security is don't you?

        The rate this is going i would not be surprised to hear that hackers have managed to setup a full server to service simcity and are making money from all the lovely loot they are selling to people that don't realise , or even do realize, that they are not logged onto official EA servers.

        link to this | view in chronology ]

        • identicon
          Lord Binky, 18 Mar 2013 @ 2:29pm

          Re: Re: Re:

          I... really want to think this is not a reply that is correctly place instead of a spectacular example of a failure in reading comprehension.

          In case of the latter : Destroying other people’s cities on the servers for them to log back into and try to fix the mess, would be the first non-trivial feature of the new SimCity that would make use of on-line play. Yes this is a hypothetical thing right now, downloading other people’s cities as described in the article is an unintended consequence of how EA set up the game (ie bad security design) and does not actually affect other players right now, but that mistake inspires people to imagine the greatest possible feature they could have included in the SimCity reboot.

          link to this | view in chronology ]

        • identicon
          Lord Binky, 18 Mar 2013 @ 2:43pm

          Re: Re: Re:

          And I don't see how what I first said can be taken as approving of EA's security practices,this whole thing being made possible by completely horrid security, but Origin apparently allows people to run malicious code on your computer by way of *drumroll*... unprotected link handler execution. Classics never die apparently.

          link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Mar 2013 @ 12:54pm

        Re: Re:

        You should fit right in to eve online.

        link to this | view in chronology ]

        • identicon
          Lord Binky, 18 Mar 2013 @ 2:31pm

          Re: Re: Re:

          Although I do like a good spreadsheet, I admittedly can't keep up with people that tap phone lines to win.

          link to this | view in chronology ]

          • icon
            ltlw0lf (profile), 18 Mar 2013 @ 4:27pm

            Re: Re: Re: Re:

            Although I do like a good spreadsheet, I admittedly can't keep up with people that tap phone lines to win.

            Spoken like a true Eve Online player...

            If you ever need to find someone truly afraid of shadows, all you need to do is find someone who's played the game within a player corporation (not run by themselves.) I played for a year and a half within an NPC/PC owned by myself, and 1 year in a player run corporation, and during that time in the player run corporation, I had the most fun and yet the least fun playing the game. Spies are everywhere! Even my best friends in the game were kept at an arms distance. I can't believe how paranoid I got in that game...gave it up because the drama was getting to me.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 18 Mar 2013 @ 9:58pm

              Re: Re: Re: Re: Re:

              As a roleplayer, that sort of intregue sounds amazingly interesting, if routinely frustrating. A delicious combination. X3

              link to this | view in chronology ]

      • icon
        Atkray (profile), 18 Mar 2013 @ 1:02pm

        Re: Re:

        "I don't know what it is about destroying other people's work that sounds like so much FUN."

        Figure that out and you can solve all kinds of problems, from vandalism to Minecraft raids.


        I don't get it either.

        link to this | view in chronology ]

    • icon
      Josh in CharlotteNC (profile), 18 Mar 2013 @ 12:44pm

      Re:

      SimCityPvP edition, now available from Origin!

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Mar 2013 @ 1:11pm

        Re: Re:

        they should make an official mod with one player getting points for disasters and the mayor getting points for avoiding them. Switch halfway through and you have got a game!

        link to this | view in chronology ]

      • icon
        Ninja (profile), 19 Mar 2013 @ 3:27am

        Re: Re:

        That's taking a sim game to a whole new level! I wonder if we can produce and throw nuclear weapons at the enemy city?

        link to this | view in chronology ]

  • identicon
    DS, 18 Mar 2013 @ 12:29pm

    Well, you can damage a local copy of someone's city that gets over-written when you connect back to the server... or at least that's what I understand from the non-fud version of the article.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 18 Mar 2013 @ 12:36pm

      Re:

      What "non-fud" version are you talking about?

      Here's quotes from the linked article:

      things have gone to the next level as a hack has been discovered that lets anyone invade any of the online cities and lay waste to them...permanently.


      and

      Modders have also discovered that it's possible to mess with files client-side to affect server-side activity.


      And more. The linked articles, anyway, back up what this posting says.

      link to this | view in chronology ]

      • identicon
        Noah Callaway, 18 Mar 2013 @ 12:48pm

        Re: Re:

        I disagree that the linked article actually provides support for the notion that these changes can affect the server.

        The first quote you cite appears to be the simply be the author's analysis (which appears to be incorrect).

        The second quote you cite is referring to a different situation where client-side files can affect server-side changes. However, these were players affecting things within their own city (such as city-size limits, etc). I imagine these things were always client enforced, and changing the client's rules had no effect on the server.

        The linked article also notes:

        "...however the modder notes that he turned off synching". This implies to me that an attack that caused the local-changes to be synched has not yet been performed. The quote from the modder further supports this:

        "I am worried about people that go deeper into the code and start spoofing the owner ID’s of cities and start doing this maliciously though. Hopefully there are server side safeties on this…"
        (from http://www.kotaku.com.au/2013/03/hacker-finds-a-way-to-destroy-other-simcities-hasnt-used-his-power- for-evil/)

        It sounds like there has not yet been an attack where someone changes another person's city and successfully syncs it. The modder has noted that more work would remain before such an attack would be successful (spoofing the owner's ID). I'm not arguing that such an attack is impossible, but until it occurs this is a total non-event.

        link to this | view in chronology ]

        • identicon
          anonymouse, 18 Mar 2013 @ 12:55pm

          Re: Re: Re:

          I think i would accept their word and video evidence above your comment, sorry.

          link to this | view in chronology ]

          • identicon
            Noah Callaway, 18 Mar 2013 @ 12:59pm

            Re: Re: Re: Re:

            You have every right to do so.

            I will note that I haven't disputed their word or their video evidence, though. In fact, I quoted the modder himself to note that server-syncing of these toys hasn't been performed.

            The video evidence (which I don't dispute) clearly shows the modder destroy a local copy of his friends' cities. What I dispute is the notion that this permanently destroys the friends' cities. In fact, the youtube video that this sources from says quite clearly:

            "IMPORTANT NOTE: I have NOT enabled syncing of data for this. All cities you see in this video remain UNHARMED - nothing got synced to server."
            http://www.youtube.com/watch?feature=player_embedded&v=ROy6VE5ZsZw

            link to this | view in chronology ]

            • icon
              Wally (profile), 18 Mar 2013 @ 5:39pm

              Re: Re: Re: Re: Re:

              That only means he gained access and turned off syncing as a courtesy to those whose games he hacked. Imagine if you will, if syncing was turned on while he hacked an account....the video shows it is possible to access another person's city.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 18 Mar 2013 @ 5:45pm

              Re: Re: Re: Re: Re:

              Now tell me,

              Do you seriously think EA and Maxis, after all this, has done the necessary server-side legwork to prevent players from uploading malicious save files to their server?

              The exploit that caused this, if you read into it, was just accepting that the client was exactly who it claimed to be. That is kindergarten level programming that shouldn't have left QA, much less be shipped in an actual game.

              I somehow doubt your supposition that just because the modder CHOSE to not ruin other people's cities because he values the hard work and fun of other players somehow means that he couldn't. Especially when we have three-stooges levels of coding practices at work inside Maxis and EA.

              link to this | view in chronology ]

        • identicon
          Anonymous Coward, 18 Mar 2013 @ 12:56pm

          Re: Re: Re:

          Saying you don't believe the source is different from saying the source doesn't say that.

          link to this | view in chronology ]

          • identicon
            Noah Callaway, 18 Mar 2013 @ 1:02pm

            Re: Re: Re: Re:

            I suppose this depends on who you consider the source to be.

            I consider the source to be the modder. His words, in comments on the youtube video:

            "IMPORTANT NOTE: I have NOT enabled syncing of data for this. All cities you see in this video remain UNHARMED - nothing got synced to server."

            and

            "There is still no city syncing at this most basic level, so you can wreak havoc on a friend's city, quit out, log back in, and it's back the way it was - great fun! I am worried about people that go deeper into the code and start spoofing the owner ID's of cities and start doing this maliciously though."
            http://www.youtube.com/watch?feature=player_embedded&v=ROy6VE5ZsZw

            I do agree that the linked article makes the claim that this means you can destroy the cities permanently. I disagree with that claim, I've provided my evidence to back this up.

            link to this | view in chronology ]

      • identicon
        DS, 18 Mar 2013 @ 1:50pm

        Re: Re:

        And n-o-b-o-d-y has ever written an article wrong to get more click views...

        /rolls eyes/

        link to this | view in chronology ]

    • identicon
      Noah Callaway, 18 Mar 2013 @ 12:40pm

      Re:

      "Well, you can damage a local copy of someone's city that gets over-written when you connect back to the server..."

      This is my understanding also. Many of the articles I've seen reporting this event suggest the person simply didn't sync his changes to the server; from my reading it is that the person can't sync his changes to the server.

      The fact that someone is able to do this locally is a non-event. If someone is able to do this in a way that persists to the servers, well, that's more interesting.

      As much as I hate EA, and as much as the SimCity launch was a failure, I don't understand why this particular story is getting widespread attention.

      link to this | view in chronology ]

      • icon
        Josh in CharlotteNC (profile), 18 Mar 2013 @ 12:57pm

        Re: Re:

        suggest the person simply didn't sync his changes to the server; from my reading it is that the person can't sync his changes to the server.

        It's unclear which is the case. However, which it is can be thought of as a security competence question - wether or not EA can design and build a robust server infrastructure to prevent PersonA making changes to PersonB's stuff. Let's take a quick look at EA's past competence level in regards to SimCity.

        1) Competence in allocating enough server resources to handle load?
        Fail.
        2) Competence in adjusting to unforseen load?
        Fail.
        3) Competence in designing software to meet their own goals?
        Fail (fudging population/simulation of individual agents).
        Fail (dumb as a box of dull rocks pathing AI).
        Fail (secure software, ie left developer mode in, leading to this possibility).
        4) Overall competence in admitting when they were wrong so they could salvage the situation?
        Fail.

        Since they fail at so much, what makes you think their server design/infrastructure is competently designed to disallow Godzilla-ing someone else's city?

        link to this | view in chronology ]

        • identicon
          Noah Callaway, 18 Mar 2013 @ 1:06pm

          Re: Re: Re:

          So, my understanding from reading the sources is that what we've seen so far is a local change that hasn't been sync'd to the server.

          I agree that it's totally possible for someone to develop an attack that breaks EA's servers. I definitely don't think EA's servers are perfectly protected and it's very possible that someone will be able to break their protection.

          As soon as someone does break their protection, I think it's a very news-worthy story. Until they do, I read this as an "here's something interesting you can do to your friends' cities if you're bored, and have the misfortune of having purchased SimCity".

          link to this | view in chronology ]

  • identicon
    S. T. Stone, 18 Mar 2013 @ 12:30pm

    Between this and Prenda Law’s…situation, this past month has just had ALL the entertainment.

    Hollywood couldn’t sell us better stories if it tried (and judging from its output so far this year, it ain’t tryin’).

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Mar 2013 @ 1:18pm

      Re:

      RIAA and MPAA has lost so much funding. They are barely able to deliver the money to politicians with the funding cuts they have recieved! No money, no laws. TAFTA is still far too far away in the distance to give any meaning lobbying for.

      link to this | view in chronology ]

    • icon
      dennis deems (profile), 18 Mar 2013 @ 2:16pm

      Re:

      Silly Rabbit. Hollywood isn't about storytelling, it's about demographics.

      link to this | view in chronology ]

  • icon
    John Fenderson (profile), 18 Mar 2013 @ 12:31pm

    It's official

    EA/Maxis has achieved maximum self-parody.

    link to this | view in chronology ]

  • icon
    radarmonkey (profile), 18 Mar 2013 @ 12:35pm

    Damn! I was hoping for the ability to unleash an actual, controllable Godzilla! How awesome would that be?! Now mayors would have to balance running a city with Civil Defense!

    *RAR!* *STOMP!* *RAR!* *STOMP!* *RAR!* *STOMP!* "Bring up the tanks! Call for support from another city!" *RAR!* *STOMP!* *RAR!* *STOMP!* *RAR!* *STOMP!*

    link to this | view in chronology ]

  • icon
    Yakko Warner (profile), 18 Mar 2013 @ 12:38pm

    Can't save it yet?

    In the video description on YouTube, he says it's not possible to actually sync your changes back to the server, so the "victim"'s city is unaffected.

    Though I fully expect that to be cracked soon. Maybe even by the time I finish writing this comment.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2013 @ 12:49pm

    The most basic level of security a multi-user environment must have is separation of privileges. This path has been beaten over, and over, and over...and over again. To fail at this shows complete lack of either knowledge or competence.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2013 @ 12:51pm

    Also, can we please stop with the SimFail articles?

    We've already had three of those today. We get it: SimCity 5 is a bust.

    Now, can we concentrate on real issues like Prenda Law? These popcorn won't eat themselves you know?

    link to this | view in chronology ]

    • icon
      RadialSkid (profile), 18 Mar 2013 @ 12:58pm

      Re:

      I doubt you'll see anymore Prenda articles until the 29th. That's when the fireworks are scheduled, anyway.

      Personally, I never tire of the delicious egg on EA's face. I've had a bone to pick with them for about 13 years, ever since they turned the very-promising "Need for Speed: Motor City" into "Motor City Online" and made it online-only when a large percentage of internet users only had unreliable dial-up connections.

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 18 Mar 2013 @ 1:03pm

      Re:

      Meh. This is a fun subject, too. Just skip the posts that don't appeal to you. I do that all the time here (and everywhere else I read).

      link to this | view in chronology ]

    • icon
      McCrea (profile), 18 Mar 2013 @ 1:15pm

      Re:

      Three! I only read 2, damn it.

      No it's not enough. EA sells this shit and their stock goes up. Unreal.

      This may not be precisely up TD's alley, but there's a real problem of customers not understanding that EA's business model of shit = profit is working wonderfully. Disposable consumers and, um, "liquidating" title loyalty.

      link to this | view in chronology ]

  • identicon
    Beech, 18 Mar 2013 @ 12:53pm

    Conspiracy

    What's that? Another problem pirates won't have to deal with? It's almost like EA is running some kind of conspiracy.

    1. Make game terrible for everyone but pirates.
    2. Piracy will be more rampant than ever
    3. ???
    4. Profit

    link to this | view in chronology ]

  • identicon
    pixelation, 18 Mar 2013 @ 12:57pm

    Brilliant

    This is brilliant on the part of EA. I too find myself wanting to play SimCity now. I normally don't have time for games. I may just find time. I hope Godzilla is available as an avatar.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2013 @ 1:18pm

    Yet another EA always-on DRM catastrophe

    In other news, EA's servers also facilitate the remote installation of malware on users' computers: http://arstechnica.com/security/2013/03/bug-on-eas-origin-game-platform-allows-attackers-to-hijack-p layer-pcs/

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2013 @ 1:25pm

    I really like the quote from Erik Reynolds - Sr.Dir Worldwide Communications - EA Maxis on the hacking problem

    "Hi - We don't have a hacker problem, we have very talented mod community who agree with you and disagree with our design choice"

    https://twitter.com/buzzspinner/status/312343408754700288

    link to this | view in chronology ]

  • identicon
    Tick Tock, 18 Mar 2013 @ 1:27pm

    Online Japanese Monster Simulator

    A sim game which allows you log on to someone elses on purpose and imitate old Japanese monster films? I better get to work.

    *Sits down and starts coding*

    link to this | view in chronology ]

  • icon
    Watchit (profile), 18 Mar 2013 @ 1:37pm

    This whole debacle is hilarious and I'm laughing my ass off about how much EA's screwed this up.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2013 @ 1:38pm

    MOTHER FUCKER! Why did I have to go and refund to tell EA to fuck off. :(

    I should have waited so I could play some Godzilla.

    link to this | view in chronology ]

  • identicon
    Troy, 18 Mar 2013 @ 1:40pm

    Please verify before posting inaccurate claims

    It's been confirmed that any edits done by someone else ARE NOT saved to the server. So this article is very misleading.

    link to this | view in chronology ]

  • icon
    Chuck Norris' Enemy (deceased) (profile), 18 Mar 2013 @ 1:48pm

    Next EA Statement

    EA Executive: "At the flick of a switch EA could destroy your online creation...so why not let anybody do it?"

    link to this | view in chronology ]

  • identicon
    Chuck, 18 Mar 2013 @ 1:51pm

    EA's CEO just stepped down. LAWL.

    link to this | view in chronology ]

    • identicon
      Lord Binky, 18 Mar 2013 @ 2:14pm

      Re: EA's CEO just stepped down. LAWL.

      Just read that on Engadget.
      Sadly they're just going to find another Sock Puppet for their board, the Chairman standing in for CEO right now is Larry Probst(the CEO before Riccitiello). Although slightly entertaining to see the issue they downplayed is actually bigger than they would admit.

      Until the board is done bashing their collective face into their finely crafted meeting room table, don't expect any changes. Boards select these CEOs then fight them to keep the board's interests as the primary concern, which happens to be stocks and not the health of the company.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2013 @ 2:08pm

    i dont suppose there's any chance of someone committing 'Duke Nukem' on EA, is there? now that would ALMOST be worth all the grief, the lies and the bullshit that they have put out up til now (but i doubt have stopped putting out. there has to be more on the way. after all, once you start lying, they just get bigger, broader and downright worse as time goes on!)

    link to this | view in chronology ]

  • icon
    Crashoverride (profile), 18 Mar 2013 @ 2:10pm

    Don't forget that once you do get logged in the game doesn't deliver as promised

    http://kotaku.com/5991077/your-complete-guide-to-the-simcity-disaster?utm_source=gawker. com&utm_medium=recirculation&utm_campaign=recirculation

    As one EA forum member points out, SimCity's sim-people use the same sort of AI-handling "agent system" that traffic and sewage and power uses. The results are not pretty.

    The problem is that, just as power can sometimes take a ridiculously long time to fill the entire map (because the "power agents" just randomly move about with no sense) traffic and workers can do the same thing. Workers leave their homes as "people agents." These agents go to the nearest open job, not caring at all where they worked yesterday. They fill the job, and the next worker goes to the next building and fills that job, and so it goes until all the jobs are "filled." So, when you have all your "worker" sims leaving their houses for work in the morning, they all cluster together like some kind of "tourist pack" until they have all been sucked into "jobs." They don't seem to care if the job is Commercial or Industrial, only that it's a job.

    "Scholars" are handled exactly the same way. As are school busses and mass-transit agents. This is why you see the "trains" of busses roaming through your city, and why entire sections of town may never see a school bus, despite having plenty of stops... Once all the busses are full, they return to school and stay there until school is done for the day.

    Now, here is where it gets really good... In the evening, when work and school lets out, they all leave and proceed to the absolute closest "open" house. They don't "own" their houses. The "people" you see are actually just mindless agents (much like the utilities agents, as I said earlier) making the whole idea of "being able to follow a 'Sim' through their entire day" utterly POINTLESS!!"



    -Instead of returning to their own homes, individual Sims would drive into the nearest home available.


    -Instead of driving on empty roads, Sims would take the shortest path available, even if that led straight into congestion.

    link to this | view in chronology ]

    • identicon
      Lord Binky, 18 Mar 2013 @ 2:17pm

      Re:

      What I wonder is if the 'sim' is even designated as an adult or child. Is the sim a reproductive adult one day, and then a prepubescent elementary school child the next?

      link to this | view in chronology ]

    • icon
      Wally (profile), 18 Mar 2013 @ 5:24pm

      Re:

      "The problem is that, just as power can sometimes take a ridiculously long time to fill the entire map (because the "power agents" just randomly move about with no sense) traffic and workers can do the same thing. Workers leave their homes as "people agents." These agents go to the nearest open job, not caring at all where they worked yesterday."

      Give me the days when all you had to worry about were budget, traffic problems, pollution, population, crime, and disasters. That is all I request..the simplicity of the original with the updated graphics of today.

      link to this | view in chronology ]

  • icon
    Richard (profile), 18 Mar 2013 @ 2:20pm

    Hitchhiker's guide

    Why? Well, because when a dingo is chewing on your arm, the best defense is to place your noggin lovingly into some sand to make it all just disappear.

    In other words - peril sensistive sunglasses

    link to this | view in chronology ]

  • icon
    Wally (profile), 18 Mar 2013 @ 5:21pm

    I wonder if EA used the Sony BMG Rootkit source code for the DRM contained in the game and in their servers....this sounds an awful lot like the Sony BMG Rootkit vulnerability.

    link to this | view in chronology ]

  • icon
    Christoph Wagner (profile), 18 Mar 2013 @ 5:59pm

    I didn't expect this from Techdirt

    To use an analogy, what we have here is essentially someone downloading saves of other players and doing stuff to them locally. That's absolutely it.

    It might be that someone finds a way to get the server to accept the changed save by spoofing the ownerid but considering that the trick has been in the open for two or so days now and there is no news whatsoever of that happening, it will, at the very least be non trivial to do so.

    Very sloppy article, highly disappointed.

    link to this | view in chronology ]

  • identicon
    Pete Austin, 18 Mar 2013 @ 11:37pm

    This is about damaging local copies of cities

    It's like photoshopping a moustache on a photograph of someone, funny but not harmful in any way. Nobody has damaged data on a server and nobody has any evidence that it's possible. Wish OP would fix the article.

    link to this | view in chronology ]

  • identicon
    Pete Austin, 18 Mar 2013 @ 11:37pm

    This is about damaging local copies of cities

    It's like photoshopping a moustache on a photograph of someone, funny but not harmful in any way. Nobody has damaged data on a server and nobody has any evidence that it's possible. Wish OP would fix the article.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 19 Mar 2013 @ 3:30am

    I think they'll have to give a few more "we-are-sorry" games now...

    This hack is the perfect allegory to what DRM is doing to the game =D

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Mar 2013 @ 4:10am

    I would personally suggest that if you fix the problem and delete the threads about said hack, it would probably blow over as well. (the important part being fixing the problem)

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Mar 2013 @ 5:19am

    And I still won't buy it.

    link to this | view in chronology ]

  • icon
    Tim Griffiths (profile), 19 Mar 2013 @ 8:27am

    This is somewhat misleading

    This is taking place on a local version of the map, the one you load up when you view some one else's city. A bug where you could place parks while viewing some one else's city has been in since launch.

    This changes are not and currently cannot be synced with the server, the modder was only talking about being worried that some one would be able to spoof other player ID's down the road and cause trouble. We don't know if that can be done and we don't know if there are server side checks that would prevent it if you could.

    In short I'm on the hate EA train as much as every one else but there is plenty of real issues that we don't have to start making crap up.

    What's happened here is some messing with the debug mode has allowed some one to mess around with the local data uses to allow viewing of other peoples cities in a region. This has nothing to do with the DRM and currently, and is frankly unlikely too, lead to being able to damage other peoples saves.

    I'd expect Tech Dirt to do better than this, even reading the youtube description rather than the sensationalist blog should make all the above perfectly clear.

    IMPORTANT NOTE: I have NOT enabled syncing of data for this. All cities you see in this video remain UNHARMED - nothing got synced to server. I would not condone any action which could actually harm another player's city without permission!

    So, this was done by editing the SimCity packages, tweaking some code, and getting the game to think that, when I visited a random person's city in a random region, I WASN'T in observer mode, and force enabling of edit mode so that I had full access to the city as if it was my own. There is still no city syncing at this most basic level, so you can wreak havoc on a friend's city, quit out, log back in, and it's back the way it was - great fun! I am worried about people that go deeper into the code and start spoofing the owner ID's of cities and start doing this maliciously though. Hopefully there are server side safeties on this... hmmm.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Mar 2013 @ 3:37pm

    dosent even matter alll of my games are PRIVATE

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Mar 2013 @ 11:50am

    I didn't buy Sim City and I have no intention of doing so, but holy hell has it given me hours of entertainment! Best game I never bought.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.