Topic: The Conduit Vulnerable to Online Hacking

[NWR_pap64]

Hackers can exploit the gameÂ’s cheats in online mode.
 http://www.nintendoworldreport.com/newsArt.cfm?artid=19122

 In an interview with The Wiire, a programmer has confirmed that The Conduit can be easily hacked, giving players the opportunity to cheat their way into victory across the gameÂ’s various online modes. A coder named "hetoan2" was able to discover The ConduitÂ’s infinite health and ammo cheats, in addition to other online modifier hacks like online rankings, leaderboards, and "moon jumping".  hetoan2  discovered the codes with a device that dumps data from the Wii.    

  "The process is simple really, just using a bunch of searches on changes on in-game variables, and once you find where they're stored you can rewrite the code to make it do what you want, or you can write your own code to make it do what you want."    

  hetoan2 revealed the actual codes that activate the cheats in the game. There is also an Easter egg hidden within these codes: when translated into ASCII, they reveal a message that expresses hetoan2Â’s dislike of online cheaters.    

  He then explained how his discoveries might allow High Voltage Software (HVS) to create a better online structure.    

  "HVS has not told me exactly what they plan to do in their future games, but I have given them some suggestions for online checks and a couple of different banning methods (for future online hackers) that are different from Nintendo's."    

High Voltage is currently tracking MAC addresses of cheaters and reporting that information to Nintendo.    

When asked what else HVS can do to prevent this issue from becoming more widespread, and to what degree players might be affected, hetoan2 assured Conduit fans that there are very few online hackers to be found.  He also stated that that while HVS canÂ’t currently do anything to correct the code, they can log off the cheaters and report them to Nintendo.

[Mop it up]

Of course there aren't very many hackers right now because the game was just released. As soon as somebody creates a step-by-step guide on how to do it there will be an influx of hackers just like there was with Mario Kart Wii last summer.

[broodwars]

This is one of many reasons I have to shake my head at High Voltage's work with The Conduit.  It's such a well-intentioned game that really needed another development cycle or two by people more familiar with making good FPS games.  You'd just think making their game hack-free would be a rather high priority for a game that relies heavily on its online component.  Nintendo doesn't seem to make their games hack-free because they probably really don't care, but High-Voltage obviously does seem to care so it's just mind-boggling how they released it like this.  And like Mop_it_up said, it's only going to get worse until the hackers drive off everyone online who actually enjoys playing the game right.

[KDR_11k]

Pretty sure that's caused by a lack of experience. Neither Nintendo nor HVS have much experience with making online games, certainly not on the level of someone like Epic.

[Plugabugz]

This is just HVS's inexperience with a task like this. The game is still funs online but when i'm getting ready to play a match with 11 people, and everyone else's name changes to the same name - and then freezes - then it can really demonstrate poor netcode.

[Jonnyboy117]

So many apologists for High Voltage... there's no excuse for broken code or vulnerabilities. Standard practice is to test these things and find the problems before consumers do. It's hardly complimentary to say that Nintendo has the same issues. If Nintendo made more than one online game per year, maybe they would have accumulated enough experience by now to anticipate these problems and provide a better experience.

[ejamer]

So many apologists for High Voltage... there's no excuse for broken code or vulnerabilities. Standard practice is to test these things and find the problems before consumers do.  ...

You are halfway right - there is no excuse for broken code and bugs in the online play, especially for a game that is being touted as Wii's best online FPS!  HVS really should have found a way to improve that situation before release, even if it meant delaying The Conduit.  But I don't think it is reasonable to blame HVS for hackers that are modifying source code. 

Wii is supposed to be a closed system.  Nintendo's security problems that allowed hackers to open up the system for homebrew (and other more nefarious goals) aren't the fault or responsibility of HVS, as long as their game isn't the one that "opens the door" for hacking.

If you want to upset about hacking, then be upset with the griefing ass-pirates who actively look for ways to cheat the system so that they can ruin fun for others.

[AV]

I found one hacker and I emailed high voltage the username.

it's rookie mistakes.

I don't understand how they are powerless to fix it. I am not a super geek but can't they do a patch or something. I heard some games have done this for Wii.

[Ian Sane]

So many apologists for High Voltage... there's no excuse for broken code or vulnerabilities. Standard practice is to test these things and find the problems before consumers do. It's hardly complimentary to say that Nintendo has the same issues. If Nintendo made more than one online game per year, maybe they would have accumulated enough experience by now to anticipate these problems and provide a better experience.

I agree with Jonny.  Sorry but why should anyone put up with this when there are competing products that don't have the issue?  The only excuse I consider acceptable when it comes to videogame consoles is when a competing product came out later, so it would have been impossible to match a feature or hardware specification.  The Wii came out after the Xbox 360 so, sorry, but ANY advantage that console has over the Wii is unacceptable.  Nintendo knew what the competition had with ample time before releasing their own product.

In Nintendo's case especially why should any slack be given for online inexperience?  They COULD have gone online last gen.  EVERYONE else did and they chose not to (and outright lied to their fans about vague online plans as well) so should we all allow them to catch up?  **** no.  If they want to catch up they have to work harder to make up for their own wasted time.

[Flames_of_chaos]

I found one hacker and I emailed high voltage the username.

it's rookie mistakes.

I don't understand how they are powerless to fix it. I am not a super geek but can't they do a patch or something. I heard some games have done this for Wii.

Nope, Wii games don't support patches. The only patches you have heard of is the occasional virtual console game where a brand new version is uploaded.

So many apologists for High Voltage... there's no excuse for broken code or vulnerabilities. Standard practice is to test these things and find the problems before consumers do. It's hardly complimentary to say that Nintendo has the same issues. If Nintendo made more than one online game per year, maybe they would have accumulated enough experience by now to anticipate these problems and provide a better experience.

True, but Nintendo, Sony, or Microsoft isn't responsible for another company's broken netcode. If that was the case then we would see great netcode across all platforms. There are some games with terrible netcode on all platforms (the worst offender is games developed or ported by Backbone Entertainment).  If you want a good example read this.

[NinGurl69 *huggles]

I assume everyone else is a hacker and only play against Code Friends.

[BranDonk Kong]

Technically Nintendo is to blame here more than HVS. It's not HVS' fault that the Wii is so easily modded, and unsigned code can be run with practically no effort. I'm pretty sure Wii games do support patches. Call of Duty World at War's online multiplayer was patched, but I don't know if it was done server-side or console side, since I've never played it online.

[AV]

Technically Nintendo is to blame here more than HVS. It's not HVS' fault that the Wii is so easily modded, and unsigned code can be run with practically no effort. I'm pretty sure Wii games do support patches. Call of Duty World at War's online multiplayer was patched, but I don't know if it was done server-side or console side, since I've never played it online.

tell me more about that.

[MoronSonOfBoron]

Flashbacks of Metroid Prime: Hunters...

[JRNN]

Flashbacks of Metroid Prime: Hunters...

Havent played it online much only strange things i saw in there were players killing other from inside the walls

[BwrJim!]

Wow, okay I've said it before and I will say it again.  this sounds somehow  familiar..  here is the step by step guide to cheating.

Put DISC in computer,
Look into ROOT directory and find a suspicious config like .txt file.
Modify .txt file and re-burn CD
done.

Sadly, it seems that the it has become even easier too..   but I wont go into that.  cheating sucks in on-line, don't do it.

::edit::

just out of curiosity, does splash damage from rockets go through the walls like the explosions do?

[brian577]

hetoan2 does not like online cheaters, yet he freely gives out the codes to do just that.  Talk about a hypocrite.  He's no better than people who find security holes in software and think the best solution is to publicize those very holes. 

[ShyGuy]

Technically Nintendo is to blame here more than HVS. It's not HVS' fault that the Wii is so easily modded, and unsigned code can be run with practically no effort. I'm pretty sure Wii games do support patches. Call of Duty World at War's online multiplayer was patched, but I don't know if it was done server-side or console side, since I've never played it online.

tell me more about that.

I'm not sure about patches, but new gameplay modes were added to online some time after the initial release.

[Djunknown]

Uhh.. pap? This is old news.

Oh well. Live and learn. My experience with los H3x0rs are few and far between. If it ever gets overrun with them however, is the day it gets put away...

I would like to think there could be good hacks like fix the spawning issues that happen from time to time. You know what I'm talking about, you join a game, then you spawn in a wall and can't move, or spawn in a black area and die instantly. And fix whatever bugs, glitches, exploits that arise.

[Mop it up]

I would like to think there could be good hacks like fix the spawning issues that happen from time to time. You know what I'm talking about, you join a game, then you spawn in a wall and can't move, or spawn in a black area and die instantly. And fix whatever bugs, glitches, exploits that arise.

Apparently hackers don't have the discipline to create hacks which could benefit all players and instead use them to cheat. You know what they say, power tends to corrupt...

[Plugabugz]

I would like to think there could be good hacks like fix the spawning issues that happen from time to time. You know what I'm talking about, you join a game, then you spawn in a wall and can't move, or spawn in a black area and die instantly. 

I got that three times yesterday. On top of trying to get into a match for an hour. Regional games just don't work.

[EasyCure]

I would like to think there could be good hacks like fix the spawning issues that happen from time to time. You know what I'm talking about, you join a game, then you spawn in a wall and can't move, or spawn in a black area and die instantly. And fix whatever bugs, glitches, exploits that arise.

Apparently hackers don't have the discipline to create hacks which could benefit all players and instead use them to cheat. You know what they say, power tends to corrupt...

Which is sad that these hackers even think they have any real power. If you hack the game code so you can go online and "pwn n00bs" all day just to feel like you're awesome at a video game, and annoy honest gamers away from playing until its just you and other hackers.. well you must of had the shittiest childhoold EVER.

I would like to think there could be good hacks like fix the spawning issues that happen from time to time. You know what I'm talking about, you join a game, then you spawn in a wall and can't move, or spawn in a black area and die instantly. 

I got that three times yesterday. On top of trying to get into a match for an hour. Regional games just don't work.

I connected to add JRNN's friend code, and accepted a couple of pending friend request too.. but that was all that happened. I tried playing a regional game but was told no players were found. I thought it was a fluke, so i tried a worldwide match just in case. I saw at least one players username pop up, and everything else was that static image that displays when players are being searched. After about 5 mins i was timed out..

Tried another regional game and got the same message, so i gave up. All i wanted to do was see if i noticed any of this hacking for myself, but i couldn't even get that far lol. Oh well? Like i said, its better to play with "friends" anyway so i'll just stick to shooting you guys in the face.

[KDR_11k]

So many apologists for High Voltage... there's no excuse for broken code or vulnerabilities. Standard practice is to test these things and find the problems before consumers do. It's hardly complimentary to say that Nintendo has the same issues. If Nintendo made more than one online game per year, maybe they would have accumulated enough experience by now to anticipate these problems and provide a better experience.

Network security is a very difficult task. QA testers only verify (run scenarios and see what breaks), security needs to be validated (predict all possible attack vectors and develop methods to prevent them). Security is completely out of their league. Yes, HVS didn't have skilled staff to write secure netcode but I don't think that kind of lacking skill is uncommon among B-grade devs.

I'm not forgiving it but I'm saying it's not unexpected.

[broodwars]

So many apologists for High Voltage... there's no excuse for broken code or vulnerabilities. Standard practice is to test these things and find the problems before consumers do. It's hardly complimentary to say that Nintendo has the same issues. If Nintendo made more than one online game per year, maybe they would have accumulated enough experience by now to anticipate these problems and provide a better experience.

Network security is a very difficult task. QA testers only verify (run scenarios and see what breaks), security needs to be validated (predict all possible attack vectors and develop methods to prevent them). Security is completely out of their league. Yes, HVS didn't have skilled staff to write secure netcode but I don't think that kind of lacking skill is uncommon among B-grade devs.

I'm not forgiving it but I'm saying it's not unexpected.

Yep, as a once and future QA tester myself I can verify this, assuming that HVS runs their QA department similar to mine.  The QA tester's job is simply to break the game, and if we can find exploits great.  But those exploits lie completely within the boundaries of what a user can do just with the tools of the average player (controllers, ethernet cable, storage devices, in-game commands, etc.).  Hacking on this scale (actually rewriting code) is completely beyond anything that QA is equipped to deal with.  Even Online-oriented QA Testing is mainly concerned with things like crashes, disconnects, and stat-tracking.  No, this lies at the fault of the programmers at HVS who were in charge of the online code and servers, as it's there job to optimize and secure everything related to the online functionality.