Gaming Signal: Exploits

Exploits

Recently there was an incident in the game World of Warcraft where a pretty big group of players had their account suspended for 72 hours because they found a certain NPC they could kill repeatedly for large amounts of gold. There are plenty of people on the one hand saying 'everybody knew this was a bug and deserve it' and on the other saying 'hey it's not our fault there is a bug - why should we be punished for using it?'

It made me think again about a subject that comes up quite often in online games like this - and that's the dreaded word exploit.

Imagine this - your in an online space game flying through the galaxy questing and killing. You happen upon a starbase where you're going to sell the various loot you've gotten. When you get there, you notice the merchant is selling very high level ship items for very few credits. 'Wow,' you think, 'I've found the secret smuggler who fences stolen goods on the cheap!' You buy him out, thank him, and you're on you way with great upgrades and a smile on your face.

But then imagine a couple of days later you get an email from the company telling you that you're account has been suspended, the high level items removed from your character, and a stern warning telling you not to do it again or you will be banned.

Welcome to the world of exploits. An exploit is defined as taking advantage of a bug or other unintended side effect in an online game that benefits you in some way. Every MMO that I have played contains rules against such behavior and there have been a few high-profile examples.

In the game Everquest 2 there was a bug that allowed you to duplicate items. It had to do with selling items on the in-game maketplace that you also had on display in your home. The game would sell it to the buyer, but leave the one in your house. A pair of players found this and proceeded to duplicate items that sold well to the NPC vendors allowing them to make a lot of in-game gold in a short period of time. Of course, they were caught, but not until they had made real-world dollars by selling some of that gold to brokers. You can read all the details here if you want.

This is one of those cases where the problem was clearly understood to be a bug and exploited intentionally by the player for (supposedly huge) personal gain. More than any other type, this is one of these cases where I can understand the game company's stance on the issue. This person had a pretty negative impact on the economies of several servers and thus negatively affected the play of thousands of paying customers. It ultimately led to Sony developing specific code to be able to look at how money was entering and leaving the economy of the game and allows them to spot quickly when an aberration occurs. They can't always find what it is automatically, but once you know there is an issue it's far easier to find it.

In the venerable Everquest there were numerous problems with pathing. Pathing refers to the path the enemy takes to get to you. In order to avoid obstacles like trees or rocks, the game has to be able to plot a path to you. Today's games generally have the paths determined in real-time (there are some high order mathematics required to get it right, but it's well known.) But back when EQ was created, they decided that they would try to build the paths into the maps - meaning that enemies would always take a certain predictable path once you figured it out. This often meant there were trouble spots where the monsters would take a very round-about way to get to you, often allowing you many free shots at them before they could retaliate. Of course this was flawed, and spawned many areas where you could jump off and on a step and have the enemy suddenly take a long circuitous route to get back to you when you had hardly moved. Move back and forth a few times while attacking at range, and ultimately you would kill the enemy without him getting a shot it. This happened so many times in so many places that every player saw it eventually, but Sony issued an edict that taking advantage of it was an exploit and thus punishable. Some players were banned for exploiting pathing issues with certain bosses, especially inside dungeons.

While it didn't seem they had any way of tracking this themselves, they instead relied on other players to blow the whistle on you. Or they found about it by accident - when an invisible GM just happened to want to watch a group attempt to take down a special boss only to watch them exploit a pathing issue. But this is a different class of bug. Sure, you probably know that the round about way the enemy is tracking to you is a faulty game mechanic, but to put all players in the position due to poor game design means this problem isn't entirely with the players. They also wanted the players to police themselves - always a dangerous proposition.

Another example in World of Warcraft involved a fight in the highest level dungeon instance, Naxxramas. There was a way to get one of your tanks a buff from the previous fight where he wouldn't take any damage from the bosses special attack. This pretty much made the fight trivial since other than the special attack, this boss was a straight up fight. Lots of guilds heard about this and took advantage of it, and ultimately Blizzard fixed the problem and didn't suspend or ban anybody (as far as I know.) Certainly this was taking advantage of an unintended side effect, and was an exploit. But at least in this case there wasn't any punishment handed out despite the gains that were made.

Ultimately for me, I think game companies have to walk a fine line here. Putting the player in the position of knowing if something they have uncovered is a bug or not is patently unfair. Certain things are obvious (like a dupe bug) but there are many other cases - like the Janus one described at the top - that isn't so clear. Is taking advantage of a pathing issue smart gameplay or an exploit?

As for me, I've found exploits in MMO's twice, and both times I kept them to myself. I took advantage of them, yes, but I didn't publicize them or push them so hard I made myself a target. The scenario I described above happened to me in Star Wars: Galaxies - I found an NPC who was selling gear for far lower than it should have been. It turned out to be even lower than that NPC would buy it back for (meaning I could have bought/sold over and over to make lots of money.) I didn't push it or exploit it too much - and ultimately there was never any action by the developer against me. I got away with it, probably because I kept it quiet or try to finance a trip to Europe with my gains.

If you've got a favorite exploit story, share it below!

Scott, I'm so glad you posted this article because I was tempted to do the same (though mine probably wouldn't have been filled with so many examples).

This issue have come up from time to time. Unfortunately for us, the gamers, the game publishers continue to behave like self-righteous gestapo when faced with this issue. I've always had a good opinion of Blizzard until recently. More and more, as they become victim of their own success, their customer service suffers. Alas, there's nothing we can do about it except share our mutual frustration until such time that we can extricate ourselves from their evil addictive grips.

I have not had the pleasure to find an exploit on WoW, but my exploits as an exploiter of EQ is well-known amongst my friends and need not be recounted here. In fact, some of you might even argue that it wasn't a true exploit -- but rather, it was an exploit of human nature (greed) helped by an otherwise inocuous game bug. So that's my claim to fame. As an acclaim to my "exploit," I dare say that it even endured several patches. It warmed my heart (well, at least gave me a giggle) each time they tried to fix the bug, they invariably miss the target over and over again.

Also known to my friends is my utter disdain for the people over at SOE for their ineptitude and outright fascism not unlike that which is currently displayed by Blizzard. I hope to find an exploitable bug, soon, that will leave me a legacy to tout the next time this type of incident occurs.

HEY BLIZZARD, IT'S NEVER THE PLAYER'S FAULT WHEN YOU LEAVE BUGS IN THE GAME TO BE EXPLOITED. THE ONLY FAULT LIES UPON THE HANDS OF YOUR INEPT DEVELOPERS/TESTERS. STOP PUNISHING PLAYERS FOR GIVING YOU QUALITY ASSURANCE AID FOR FREE (NAY! FOR PAYING YOU TO DO THE WORK THAT YOU'RE SO INCAPABLE OF DOING!) HOW ABOUT REWARDING PLAYERS FOR THEIR INGENUITY!?! HOW ABOUT GIVING THEM IN-GAME INCENTIVES TO REPORT YOUR BUGS?!? HOW ABOUT YOU STOP SCREWING US THE WAY SOE SCREWED US

Posted by Peter on Thursday January 18, 2007 at 7:18 PM

While I agree that maybe bounties will get these things reported, I will also point out that in such large software projects the idea that you can fully test and validate every single path, quest, mob, item, or other interaction is a pipe dream. I will also state that the problem is in customer service and not the developers and testers. I just finished a testing class for my masters degree and I have much more respect for those testers (considering that many of them do not have formal training.) Calling them inept or any other names does not magically fix the problem of bannings and other actions taken by the in game staff.

I would point back to the whole EULA and other agreements you click through when you first installed or after every patch. I am pretty sure that the terms of service do document (and we question if it is enforceable) things about exploits.

I am not defending the companies in question and I too wonder why they miss these things, but when you consider the compiled code and resources for games like WOW and EQ are in the multiple gigabytes - you have to understand they do the best they can. I will also throw the gauntlet back at the consumer and suggest that they look back to the phrase:

"If something looks too good to be true, it probably is."

And as for rewarding players, the exploit in question was not something that deserves a reward. It is a quest mob that was obviously broken, and the people engaged in that behavior knew that. But there are situations where that is not true and I agree that there should be something that is given to those folks who find it and report it.

Posted by Tim on Thursday January 18, 2007 at 9:38 PM

As a developer myself, I know there just isn't any way to test every possible scenario. So you're right Tim, calling them inept doesn't really help (except to vent my frustration). The main reason for this frustration is the fact that the EULAs are always written in such away that puts the blame entirely on the players in these situations and that's just plain wrong. I don't have a problem with the EULAs disallowing that 3rd party programs because that's not anything they have control over to maintain a consistent environment. But game bugs??

I can understand if the real world safety of the players is at risk -- i.e. gathering real information about players via hacks, etc. Then, there's cause for concern because that breaches the "fourth wall" (sorry to borrow a TV term) and touches the real world. But within the confines of a virtual reality game, there's no need for this type of heavy handedness, ever, because of they have total control over their product.

As I write this, I realize that this argument can also be made for gold farmers and their "cheating" techniques. While I've NEVER bought gold or will I ever (why should I? The other night, I quested for about an hour and got a blue drop that netted me 171g on the AH. Damn AH took a 8g cut from me!). The proliferation of gold farming is also Blizzard's fault -- now I'm getting in-game spam from farmers!!! (Ahem, Blizzard, make it a level 5 (or 10) requirement for sending mail to characters not on your own accounts!). There's nothing inherently wrong with farming, everyone does it except when normal people do it, they play by the rules, they're in it for themselves and on a much much smaller scale. I've seen videos of "big" farmers who use cheating programs to warp around and to kill an otherwise unsoloable mob to reap its rewards. These situations are very much in their control and they can make it so it's not profitable for the farmers by fixing the mob's behavior.

I see that I'm starting to ramble about farming which is a whole other topic. So I'll summarize...

For situations where Blizzard has control (game bugs), they should never blame their paying subscriber base for misbehaving. After all, we don't know if something is intentional (Is it intentional that the first 6 - 8 quests in the Burning Crusade that I've done are practically trivial that amounted to nothing be a series of FedEx quests that gave out really good rewards? Should I report all those are "exploits" so they don't ban me later for "taking advantage?") They should only legislate where they have no control in order to maintin a stable and consistent gaming environment.

Posted by Peter on Friday January 19, 2007 at 8:58 AM