World of Warcraft: Account Locked

Over the last 4 days my World of Warcraft account got hacked 5 times. I still don't know how it happened in the first place. As far as I can tell there's still nothing wrong with my email account or with my computer, and he only gets to repeat the account hack because Blizzard has done a poor job of securing my account on their end. This is a bit of a serious accusation, but I feel like I can back it up.

Hack #2, the attacker likely got in by using the SMS service he set up on my account during the first hack. Or by using the secret question he set up on my account during the first hack. Neither were removed by Blizzard when they restored my account the first time, even though I explicitly noted the SMS service had been added by the hacker. After this hack I made sure they removed the SMS.

Hack #3, the attacker certainly got in by asking nicely.

Note that before I could get my account back in the first place I had to provide photo ID. This guy did not need to attach ID. Heck, the GM who let him into my account didn't even bother to fill out the madlibs form properly, unless somehow my name is NAMEHERE and my issue was ISSUEHERE. This time the hacker changed my account email address.

Hack #4, the attacker likely got in using the secret question. The GM who helped me out this time couldn't do much, and had to leave my account locked while a restoration team guy worked on the account. He didn't have any new suggestions for securing my account, but what I did on my own was got my sister to let me use her cell phone as the SMS thing. I assumed this would be good enough, but it was not.

Hack #5, the attacker likely got in using the secret question. The GM this time suggested the secret question as a potential vulnerability and had me change it. They also had me change the email address associated with the account. Both of those changes seemed reasonable, and it surprises me in retrospect that none of the other GMs suggested it. Frankly, those seem like much more reasonable things to suggest than getting me to change my email password a second time. (The first time seems quite reasonable.) This GM was helpful in terms of helping secure my account but he failed when it came to restoring my account. He said he'd done it, but my character had no gear and almost all the money was still missing.

So tonight after getting Sceadeau and Elaine to start playing I went and opened another ticket, this time to get my stuff restored. The GM this time around took her sweet time looking into things, which is just fine. An earlier GM had just mailed me 404k to fix the problem and get me out of his hair and I'm more than happy to have someone sit down and restore what I should have. This GM did a restoration, but it was not anywhere near correct. I ended up with 114k total gold when it's obvious that at least 404k was stolen from the guild bank log. I'm pretty sure the total amount is more like 534k. Anyway, I explained a bit of the math behind how I arrived at my number. She went away for a while longer and then came back saying my account had to be locked because of how many times I was hacked.

JUH?

If this was standard policy given how many times I'd been hacked I'd be bitter but could understand it as a stance they'd take. Especially if nothing new had changed. Repeating the same action over and over is just feeding the hacker 534k gold every time and I can see not wanting to do that. So if that's what the guy this morning had said instead of offering 2 new things to try, so be it. But that's not what happened. (Especially if Blizzard can't track down the gold that gets stolen and just makes new gold to give to me, the hacker is making almost $400 each time he hacks me. I can see why he keeps doing it!)

I'm especially pissed because the number of hacks is being used against me when at least one and probably 4 of the 5 hacks can be attributed not to my actions, but to Blizzard's actions. If the first guy had removed the SMS the hacker added and also realized the secret question was added at the same time and had that changed as well we'd probably be free and clear. Certainly the time when a GM let the hacker in has to be on Blizzard! I feel like too many of these GMs have reacted in a way to speed up getting a fix out instead of making sure the fix was the right one and it probably sped up their individual call response times but is jamming the system in general.

This GM said the only way to unlock the account was to have an authenticator mailed to me and used. But she couldn't get them to mail one express before I move, so I'm looking at not being able to play for a couple weeks. And since now is when my friends have started playing that's not really a good option. I also wanted to use this time before the expansion hits to play. Oh, and I'd bought the expansion and the game time last week because I was going to play this month. So I asked for a refund and was denied.

I pressed some more, and eventually she caved. But not to unlock my account. Not to send me an authenticator quickly. Not to run a test to see if changing the secret question and the email address were good enough to secure the account. No. She refunded my expansion purchase. Not my gametime purchase, which I can never use because they locked my account, just the expansion. So they gave me back $50, but not the extra $42 for 3 months of gametime. I'm going to have to yell about that one way or the other too.

I fully intend to open a new ticket tomorrow morning to see if things won't change when I get a different rep. If this experience tells me anything it's that the reps are not consistently trained, so there's a decent chance I get someone else who just lets me in and mails me 404k again. Of course this all depends on not losing my Battle.Net account again overnight. We'll see if the question and email changes are good enough.

But if they aren't, or if Blizzard doesn't let me back in... I'm probably done with WoW. Which sucks, because I was having fun playing and because I'd convinced Sceadeau and Elaine to start playing too.

World of Warcraft: Account Hacked

So I've been playing WoW a fair bit lately, trying out all the raids I missed and digging up some artifacts and leveling my alt to 90. It's been fun. Then I woke up Friday morning to some odd emails. Apparently I'd paid to transfer off 5 of my characters and then Blizzard locked my account down for suspicious behaviour. This had happened about 30 minutes before I woke up. I was able to change my password to something else and log in, discovering that I'd stolen the guild bank and run off with the cash. Just like what happened to Stochastic a year ago.

I went to submit a ticket stating that I'd been hacked. In the process it asked me to enter my SMS phone number, which I couldn't do because I hadn't associated a phone number with my account. (And I actually can't do such a thing because Blizzard detects my phone as being 'prepaid' and therefore won't allow it to be used.) I clicked a link to remove it and it told me it had just pinged my phone and I needed to enter the code it sent to do so. Which meant it actually pinged the hacker's phone and let him know I was trying to do something about what he'd done. So he came back and changed my password on me, kicking me out of my account.

In the meantime I'd changed my email account password to be safe (though if the hacker had access to my email account he should have been deleting the emails letting me know what was up) and ran some malware scans on my computer. Spybot and Malwarebytes both turned up nothing, so I'm not sure how they got my password.

Blizzard is set up such that you can't call support until 10am and can't use the website chat until 9am so I got to sit around bitter for 6 hours until the website opened up. I got in and talked to someone on the website who was pretty nice about the whole thing but ultimately couldn't do much except send me to someone who could do something. Which is fine, I've worked support on a game before and I understand that not everyone can do everything.

A couple hours later I got emails indicating that the character transfers I'd paid for had been reverted, but before they'd give me access to my account again I'd need to send in some ID to prove I am who I am. Fine, I actually have a scanner now thanks to my mother buying me a combo printer thingy so I scanned in my health card and attached it to a new ticket on the website. I ended up having to go to bed before they got back to me about it, though.

I woke up to find they'd unlocked my account (presumably thanks to my health card), reverted the character transfers, and given me back my gold. They did not remove the SMS number the hacker added to my account. So while I slept he took my account back over, bought character transfers for my characters again, and tried to take off with the newly restored cash. *sigh*

It's not clear exactly what happened because the transfers kept getting denied. He ended up buying 16 all told in 3 waves trying to get my characters off of my server. He even had the gall to submit some tickets of his own trying to get access to my account at one point. Of course while my tickets all explained what was going on his only stated:

'My god!!Where are the characters in  realm Vek'nilash?I just left out for  a little while!'

I'd like to think that wouldn't have worked on them, but in their support website it actually got a response from a person letting them know they'd been helped and that my gold had been restored. Pretty sure this is when he took the account back over via SMS and tried to run off with the gold again.

Anyway, as soon as I got up I sent off a new ticket of my own spelling out that they'd need to remove the SMS from my account and do another restoration. At 9am I again went to the website chat and talked to someone who was able to remove the SMS for me and reset my password. So I got my account back and was able to log in and see what was up. 5 of my characters were flat broke, the other 5 had the maximum amount allowed for a character transfer, and the guild bank was still empty. So I had the website chat person look into that and after showing them the guild bank cash log (by having them log into my character?!?) they just gave me the full amount removed from the guild bank. I suspect this is pretty close to the amount of money I should have since the first time around the hacker deposited ~230k of my own money into the guild bank, presumably because the rest of my wealth was able to be server transfered on 5 characters. So I probably had 130k on those character, 230k added to the guild bank, and 170k from the guild bank itself. I still have the 130k on the 5 characters so giving me 400k should let me get things back to where they should be. I don't actually know how much money I had. 360k sounds like it's probably in the right ballpark? 170k in the guild bank sounds low since it was at 268k when Stochastic got hacked. But maybe he didn't put it all back in? Or maybe repairs are expensive? Or maybe people have been slowly embezzling? Who knows? Who cares? I mostly just want things to be right because I like when things are right. It's not like we actually need the money.

It also turned out the hacker had screwed up all my keybindings. Because he's a jerk. Or probably because he wanted to be able to run using WASD and I've set those to be other things. And Blizzard stores keybindings online now, so him changing them on his end overwrote what I had on my end. Thankfully my sister showed me a trick with Windows Restore and I was able to revert my settings files to what I used in 2013, so that was fixed pretty easily.

He also deleted all my Battle.net friends. Because he's a jerk. Oddly he didn't delete all of them... He left Randy and Jeff. Everyone else was removed. I thought I could use StarCraftII and the Facebook integration to find all my friends again, but I can't. So if you want to be my friend on Battle.Net again, well, send me a friend request (ziggyny at gmail.com)!

PSP Hacks

This weekend I decided to try to find a solution to my squeaky sound effect problem with Final Fantasy VI on the PSP. I couldn't find anything with regards to patching the PSOne game itself but did find some information on hacking a PSP to run a SNES emulator. This sounds like the best of all worlds... Portable so I can play on the bus and original game! Sweet!

I have a newer PSP 3000 which apparently is 'unhackable'. You can't run unsigned programs on it which shut down prior hacks. It does turn out you can run a 'game' which tricks the PSP into running hacked firmware until you turn the system off. From there it's a simple matter of getting the emulator and a ROM. It turns out I have all the ROMs because of my SNES project so I was partway there!

It took some fiddling but I got everything installed on my PSP and tried it out. The emulator loaded up! Woo! Unfortunately it turns out SNES emulators for the PSP are not nearly as advanced as ones for the PC.  They only know how to handle 4 of the 8 graphics modes, for example, and Mode 7 isn't one of them. FFVI actually makes a fair amount of use of Mode 7 which is a bit of a problem. I can remember playing FFV on an emulator without Mode 7 support and it was rough. In some spots you just had a black screen and had to use a FAQ to tell you exactly where to walk. If this happened in FFVI it would sorta negate the whole portable advantage.

Eh, I gave it a try anyway. The first thing I noticed was the pacing was off. Biggs and Wedge seemed to be moving too slowly at times and way too fast at others. I got into a fight and the sound effects, while a little better, were still not SNES quality. I guess the PSP itself can't handle the way the SNES did some sounds?

Test complete I went to put the PSP to sleep and found I couldn't. I don't know if it's the emulator or the firmware hack but the sleep function just doesn't seem to exist. I can't pause/power down while I'm at work. Presumably I could save state, exit the emulator, shut off the PSP, and then go through the firmware hack on the way home... But this sounds a lot like I'm spending 20% of my FFVI time hacking a PSP. This is a deal breaker for me. Even if the graphics and sound worked properly I don't think I could handle losing sleep mode.

So I'm back to my old dilemna. I can play on the SNES (and probably not play much with Mists of Pandaria coming out in two weeks) or I can play on the PSP and suck up the bad sound effects. I played the PSP both to and from work today and think I can probably get over the bad sound. The music remains awesome. I've completed Locke's scenario near the start of the game and am currently escorting Banon through the mines of Narshe.

Ethics of Cheating

Sky has been thinking about getting back into Diablo 2 (maybe he already has) and it got me to thinking about the last time I played D2 before they forced me to use my WoW account to log in to D2. The thing is I used to maphack; a bannable offense according to Blizzard. I didn't really want to play D2 legit so risking just my D2 CD key wasn't a big concern for me but I wasn't going to risk my WoW account. The last time I played, after I had to sync up, I played just user mods on private servers/single player. Probably also a bannable offense but since I wasn't going anywhere near Battle.Net the odds of getting caught were probably on par with actually figuring out a Zod runeword through trial and error.

I'm sure maphacks had all sorts of features that could be used to do all sorts of flagrant things. I know you could teleport hack in both WoW and FFXI so I have to imagine you could do that in D2 as well. I never did. I also never duped anything or really did anything that I felt was actually bad. I used the feature that displayed the whole map so I didn't have to explore Baal's castle every time I wanted to kill him. It also displayed all the monsters so teleporting around wearing entirely MF gear was a little less suicidial. (Only a little though since I just played riskier.) It displayed the immunities and special abilities of all monsters as well, which was a big help for a sorceress. I didn't have to careful inch forward and examine all the monsters to see what spells to cast or if I needed to avoid them. I could just walk in shooting lightning or frost as needed. Who am I kidding... I didn't walk at all. I teleported in. But with the spell, not a hack. It costs mana, see, so it's ok. I also think there was a loot filtering feature so I didn't see piles of garbage everywhere. Possibly the loot was always visible too so I didn't have to hold alt down to see it. There was an auto-quaff feature but I didn't use that. If I was going to die I'd need to stop it myself! There was an auto-disconnect feature if someone PvP hostiled you! I don't think I ever used that since I wasn't playing hardcore but I know it was a popular feature among those that did. Stupid griefers. 8P

So, am I a bad person? D2 was designed in single player such that you only had to explore the map once and then it was the same each time you entered the zone. In multi-player every time you zoned into a new world the map was refreshed from one of the very few templates and you had to re-explore it again. I did that for years and frankly it got tedious. I wanted to kill the A1-5 boss over and over for runes in a desperate attempt to get something vaguely resembling high on the rune list. Having the map reset each time probably doubled or tripled the time it took per run. Should I just suck that up and sink my time in as designed or was it 'ok' to have the map? Knowing immunities in advance also saved a lot of time, especially since the interface was not well designed for getting me the information I needed in a timely manner. And loot is just a disaster when you're killing screens of enemies at a time with chain lightning. I don't want to have to dig through piles of grey items in the hopes of finding the rare that dropped. By default you don't even know that it did and if there's too much loot on the screen you can't even see it all so you have to wander around with alt held down and hope you can see it.

Loot filtering is a feature I think the game should have had and I don't think it was excluded as an intentional design feature. If D2 was a living breathing entity then it would have a loot filter of some kind by now. (Like how FFI didn't have a run button but when Square re-released it on the PSX they included one. Playing FFI on an emulator with the speed turned up so you can run is 'cheating' but it doesn't make one a bad person, I don't think.)

What about having the map laid out in front of you? If the dungeons were always random I'd say hacking the map would make one a bad person for sure. But when it's always from a set of 3 possible maps and when single player mode does give you the same map every time, well, it's a little murkier. Seeing what monsters are behind walls is definitely cheating. And if I was selling ill-gotten gains on the battle.net market that would definitely be bad. But if all I'm doing is making a game fun is it all that bad?


Does it matter if other people are doing it too? I've been reading some FFXI fan forums lately and found some information about how many rare monsters spawn. Take Spiny Spipi for example. I did a hunt for this guy shortly after I started playing. The basic idea is 3 crawler mobs spawn around a river on the map. There's a chance when a crawler respawns that it will be Spiny Spipi. So I ran around for a couple hours killing crawlers until eventually he spawned and then I killed him. Woo! But no one cares about Spiny Spipi so I had no competition for killing him at all.

How it actually works is there aren't 3 of the same crawler at all. There are 3 different crawlers with their own mob ids in the database. One and only one of those crawlers is the placeholder for Spiny Spipi. You don't need to kill all 3 crawlers over and over. You just need to kill the one with the right id. Now, what you can do is edit the data files to change the name of that specific crawler on your computer. The game knows there's a difference between crawler1 and crawler3. It knows that crawler3 is the one you need to kill. If Spiny Spipi mattered then a bunch of people would already know which crawler to camping and which ones to ignore. I'm off wasting my time killing the other 2 crawlers and they're ready to jump Spiny Spipi.

Worse, the client actually knows the status of every mob in the zone. There's a program you can run to scan the client's memory and pull out the info for every mob in the zone. So while I'm running in a big circle killing crawlers and trying to see if Spiny Spipi has spawned the other people know instantly when he's spawned as he goes from no health to 100% in their program. So they're not spending a lot of time and effort camping him at all. They're killing the known placeholder and then checking back in 5 minutes to see if the placeholder or Spiny Spipi actually spawned again.

Ok, that's bad, right? Well... Two of the classes (Ranger and Beastmaster) actually get an ability called Wide Scan which allows them to see every monster alive in a huge circle around them. The mobs are all sorted by their internal id so if you've been meticulous enough you already know that you just need to kill the 3rd crawler in that list to spawn Spiny Spipi. You kill him, wait about 5 minutes, and then keep checking your scan to see if he's up or if the 3rd crawler is up. With only a little more effort you can pull the same thing off in game without cheating at all. You just made clever use of known game mechanics.

Pretty much someone using the hacks to mod mob names and see all spawned mobs in another window is going to kill the NMs almost every time if there's a competition. Anyone who is a ranger or beastmaster is going to kill them otherwise. And chumps like me who are a white mage get the leavings. I can camp the NMs that no one cares about (which really at this point in time is most of them) but I have no shot at a real one that other people care about.

Am I a bad person if I start using this program? (Hacking the client has all kinds of other benefits as well. Including seeing your party member's resource statuses to make weapon chains plausible without a lot of external communication and intelligently changing gear for different spells which you can do right now with their macro system anyway.) Am I a stupid person if I don't? Square has sporadically been aggressive about banning people for duping and position hacking but as far as I know never for just making the client more usable.


BMI: 22.25 (+.16)
Wii Fit Age: 33 (+2)

Pointers

Welcome to Ziggyny's Coding Emporium. Today we're going to be discussing pointers using the random encounter system of the video game Final Fantasy as a starting point and ending up with the rough idea behind linked lists.

First off, how would you imagine the random encounter system works? Me, I'd think that every time you took a step the game would make a check. 10% chance that you get into a fight every step, say. When that check returned true, randomly figure out what the monsters were based on where the fight was taking place. I'd be wrong. It turns out that when the game is turned on and again after every random encounter the game picks  a number and stores that value in a variable, and every time you take a step that value gets decremented. When it hits 0 or lower you get into a fight. So as soon as a fight ends you know exactly how many steps it will take to get into your next fight. (Or at least you would if you had access to that variable.)

Only it turns out that number isn't random at all, either. The first fight on the overworld takes place after 15 steps. The next one is after 24 steps. Then 32. Then 29. It turns out there's a list of 90 step number for the overworld and the game just loops through them all. There are similar lists for ocean and dungeon fights. (Ocean fights are much less frequent, dungeons are slightly less frequent.)

When the fight starts the game picks a fight for you, but there's actually no randomness involved here either. Every zone has 8 possible fights it could be. The game has a list of 256 numbers. The first fight you get when you turn the power on is the fight associated with the first number in that list, which it turns out is 3. Then a 4, then another 3, then a 6, and so on. People have actually used this deterministic nature to plot out exact movement patterns through dungeons to get specific random encounters. (You can't run from some fights in the game, so if you want to beat the game at minimum level you need to never encounter those fights!) The only way to change what fight you're going to do is to change zones. You'll still fight the 3rd fight, it will just be the 3rd one from a different list.

What does all this have to do with pointers? Well, how are those 256 numbers actually stored? You could have a variable for each one and use one gigantic module to track where you are in the list but that's really inefficient. A trick you can use is to use an array which lets you use one variable to store all 256 numbers and then a second variable to store an index into the array. The index is simply a number which tells you where to look in your huge array for the data you need. The programming language takes into account where the data actually is in memory. All you care about is the variable for your array and the variable for your index. But what is the language actually doing? It actually treats all of memory as one big array of its own. The variable you use to refer to your array is just an index itself into the gigantic memory array. Your array variable, in a sense, is just a number.

In C, it's more than just a number in a sense. It's a number period. This number is called a pointer because it 'points' to the specific section of memory the language set aside for you but all it is is an index into an array. The memory system doesn't know what you've stored there. It doesn't care in the slightest. An interesting thing about arrays in C is there's no actual array substance at all. If you allocate the memory for, say, 256 8-bit values you might think it's doing something specific to break up a 2048 bit chunk of memory into a bunch of 8-bit sections for you, but it doesn't. It just takes a contiguous chunk of memory sized 2048, sets it aside, and tells you where it starts. How does the index work then? Well, the system does know the size of the values you're storing so it can work out where it is. A[0] starts right at the start of the array. A[1]? It's exactly 8 bits ahead of A[0] because you're storing 8-bit values. So the system actually turns A[1] into A+8*1. A[200]? It's at A+8*200. (Ever wondered why arrays start at index 0?)

So our array solution was actually a pointer solution without even knowing it!


This is all well and dandy when we know our data isn't going to change, but what happens if we're writing a more dynamic data system? One where we might want to add or delete items from the middle of the list? If you think about it, in our array solution a given entry in the array implicitly  'knew' where the next item in the array was. It was at the location in memory 8 bits ahead of where the current entry is. A[151] obviously follows A[150]. But what if we want to delete A[151]? (Our subscribers whined that the fights referred to by A[151] were too hard and demanded we nerf the game by taking them out.) With an array and the implicit pointer to the next entry we're in trouble. Our best bet is to copy the value from A[152] into A[151]. And then A[153] into A[152]. And so on until we've copied them all. And then we have to change our check for when we hit the end of the array to loop back to the start to check for 255 instead of 256. It's all a big mess.

Even worse, what if the word came down from the president of the company that the users want super-rare fights to spring up. They want a 257th possible outcome, and they want it to come after A[180]. Following the idea above, we could copy A[255] to A[256] and then A[254] to A[255] and so on until we've made room for the new value. Hold on now! We only asked the memory manager for 2048 bits of memory and now we're using 2054. In some languages this would result in an error of some kind. In C the system just doesn't care. It'll let you write into that section of memory regardless of what it's actually supposed to be. (This is how many security flaws came about, by sticking something really big into a section of memory and overwriting actual code!) This is obviously a big, big problem. But we can't just tell the president to screw off or we'll get fired. So we need to allocate 8 new bits of memory somewhere and then remember somehow that we go from A[180] to the new value to A[181]. Probably we do this with a bunch of if statements and eventually end up with terrible, terrible code.

The real problem above is that we were relying on implicit pointers to the next value. What if we could assign an explicit pointer to the next value? That way if we had to add or remove values in our list we could change the explicit pointers and keep the right connections around. Well, we know pointers are simply numbers, so we could change our data from being an 8-bit number to being an 8-bit number AND a pointer. The size of the pointer variable depends on the operating system, but if you're on a 32-bit computer it'll be 32 bits in size. On the NES I'd imagine it would have been 8 bits. This will double the amount of space our data will occupy but it will let us add or remove items easily.

So, instead of allocating one big block of 2048 bits we'd get the system to give us 256 blocks of 16 bits. The first 8 bits will have our number. The second 8 bits will be a pointer to the next allocated block. Maybe it's the next one in memory. Maybe it's somewhere else entirely. We don't care. All we care about is the location of the very first number. After we're done with that number we don't even care about that anymore. So we could update our pointer variable to bits 9-16 of the section of memory it's pointing to! We can even get rid of our 'end of list' check by making the last entry point back to the first one. Now if we need to add an extra number we can allocate space for it and adjust a couple pointers and we're done.

Linked lists are often represented something like above. Pointers are represented with arrows and are made to seem more complicated than they are. The above picture (stolen ruthlessly from wikipedia) has 3 distinct blocks of memory. The circles are just numbers. Numbers that can be thought of as an index into the gigantic array which is memory. You can change the number in the circle to change the index of the array. Or you can follow the arrow and change the value on the other side to change the value stored in the array. Getting the syntax right can be tricky with all the *s and &s but the important thing to keep in mind is pointers are just numbers. There's nothing mythical about them and they're so useful because they can be manipulated as numbers.