Dark or Light

Security Exploits Datamined, Endanger Licensed Projects

Suzie Ford Updated: Posted:
News 0

In its original incarnation, Aventurine's Darkfall was known to have more than a few exploits. Those exploits have remained in the code even after closing the game and licensing it to a pair of new developers to bring it back to life. Big Picture Games, currently working on Darkfall: Rise of Agon recently released the game to alpha where the same code being used by it and Ub3rgames' Darkfall: New Dawn has been datamined, thereby endangering the hack-free environment of both games.

We have reached out to both project teams and to Aventurine, all of which have been working to solve some of the issues that have cropped up as a result of the datamining of the RoA alpha.

Ub3rgames responded:

We have already released a statement about this story on our website. https://darkfallnewdawn.com/2016-05-24-about-the-security-breach/

The issue cannot be solved, the info is out there, but we can refactor aspects of the software to reduce the impact of it. An overhaul of more aspects will have to be made in order to improve security, and we are increasing the team's resources to that end.

We are also trying to get the community on board to help detect and experiment with hacks to solve the flaws faster.

There are a lot of people out there that would want to hack freely in a competitive game such as Darkfall, but we are sure there are even more that want it to be hack free and we hope we can reduce the damage in a timely manner.

The principle is that someone would warn us in advance of what they are going to do, and we'll see if we can detect/prevent it, then work out a solution with their explanations.

The Darkfall franchise took a blow, that is for sure, but New Dawn is definitely moving forward.

We are keeping our ETA of June for our stress test, for now, which we are using as a kind of soft launch.

We'll reward players for their involvement in testing and are kickstarting the diplomatic/conquest aspect of the game already: https://darkfallnewdawn.com/2016-05-18-indev-participation-rewards/

We have also compiled the changes that have already been done for what we call Patch 1, which is pretty much what is making New Dawn different from 2012 when we open the gates:  https://darkfallnewdawn.com/2016-05-24-patch-1-preliminary-notes/

We're not releasing in ideal conditions, but we are confident we can turn the situation around.

According to Dullahan's post here at MMORPG.com, Ub3rgames earlier said:

As some of you may be aware now, there has been a substantial security breach with the Rise of Agon client, and now that it was made public, we can address it openly.

Full disclosure, the Darkfall franchise itself has been dealt an heavy blow, but we will push through and we will do what is necessary.

New Dawn will happen and Darkfall will not merely survive but grow to its full potential.

Here is what happened:

We were made aware of the breach when BPG opened the server for the first time. The exact issue is that they did not follow the recommendations that were provided to them for client packaging and simply rushed to release.

Before you ask, Aventurine has done a great job at providing us licensees with all we needed to do these releases properly. They even answered questions and provided materials that were well beyond their responsibility. We are the ones in charge of the implementation, and any outcome positive or negative is on us.

So let’s make it clear: this whole mess was completely avoidable.

Since then, we have recommended a course of action to reduce the spread of the leak and improve BPG’s next release. We agreed to help because it was the only way to make sure this would be done properly, and it was under the condition that it would not reopen until all three companies would give a go.

BPG reopened without waiting on any approval, with an archive that is still defective.

Please understand that we could not say anything about it. Releasing security details such as these harms us as well, and we wanted to limit the impact to players of all three versions.

Our battle plan:

This will not delay our release further. It does not change our plans of how we will evolve or market the game and for us, it is mostly business as usual.

What it does change is that we will have to grow our team’s resources faster than anticipated. Right now this situation is costing us a lot more than it should, but we’ll manage.

Big Picture Games issued the following statement on the community forums:

Greetings. We regret to announce that we have taken our Alpha down due to security concerns. The server will remain offline until we have investigated and addressed all security risks associated with recently released information. As we are so close to the end of Alpha, this will mean the end of our initial testing phase. Security concerns such as these must be approached with great caution and investigated fully. We apologize if we have been unable to explain the situation to you until now, however we have been working tirelessly and with the full support of our licensor to get the facts on this matter. We regret the actions of some individuals to spread awareness of these exploits as this causes a considerable universal threat for both projects. This is directly responsible for the decision to suspend access to our servers. This is no small task, but one we were committed to from day one. For the Darkfall IP to be successful, these issues must be addressed to reach a launch grade product and we will continue to work closely with Aventurine and our friends at New Dawn to prevent hacking and exploitation in Agon. We fully expect to make serious headway in this regard before we enter our next testing phase and we will keep you informed on our progress every step of the way. This will also include implementation of our Improved User Interface and our Early Development Roadmap. Information on our next phase of testing will will be made available as we get closer! Everyone here at BPG would like to say a huge thank you all for your continued support and understanding. We’re looking forward to taking the next step on our journey with you.

At this time, and despite the datamined issues, it appears that both projects will continue and hopefully improve the game code to close some of the exposed exploits.

What do you think of the issue? Were you planning to play either or both of the new iterations? Leave us your thoughts in the comments.


Suzie Ford

Suzie is the former Associate Editor and News Manager at MMORPG.com. Follow her on Twitter @MMORPGMom