Final Fantasy XIV

FFXIV Database Exploit

I honestly didn’t know what to say when i heard about this on Friday.  At first i thought it was just a joke or someone screwing around with us.  There’s a thread over on Bluegartr forums discussing the entire issue since all of the official forum posts seem to have been deleted.  It’s sad, depressing, and i can’t say I’m all that surprised looking back on SE’s history with FFXI.
Essentially there are no security measures in place protecting FFXIV’s database and anyone can go in and do as they will.  I’ll quote the image i have linked in case it’s difficult to read to give a better idea of what’s really going on.
Apparently by simply sifting through the Lua scripting that FF14 uses, people were able to figure out a JSON query that would retrieve your character’s information from the character database.  Further, any commands you send to the database are simply… not checked at all, and the database just takes the input commands and MODIFIES YOUR DATA DIRECTLY.
That means it was/is possible to simply tell the server “make me level 50 and give me six billion gil” and the server will…happily do it.
you can simply send a javascript request to SE’s servers and give yourself billions upon billions of gold.

 You can literally convert any item.  I found a video of someone buying 99 potions from the store, then converting them to 99 Allagan gold pieces and selling them right back.

This has been known about and going on for over a month, since beta phase 4.  People that figured this out obviously exploited the hell out of it to give themselves whatever items and gil they wanted.  They turned around a made bank selling to RMT sites and actual players as well.  Now, most if not all of these players were banned in the recent crackdown, but the damage has been done.  Who knows how much of the economy is basically duped items or gil at this point and since this is still going on, how much worse it’ll get before SE decides to do something.

What can actually be done at this point other than a rollback, which would no doubt piss everyone off?  Personally, I’d take that over playing in a world where i don’t know what’s what anymore.  Either way, SE is in crisis mode.  SE has managed to make the Salvage dupe bans of ’09 seem tame in comparison.

Advertisements

4 comments

  1. Wow..that's an absolutely huge issue. I've never heard of anything that game breaking and freely exploitable actually making it through.

    Like

  2. i was thinking of that one but this seems worse in many ways since it isn't just about a gold exploit it's items, levels and who really knows how far you could take it if you knew the right inputs

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s