Jump to content
Ch1ck

egoAPB - External Game Observer for APB: Reloaded

Recommended Posts

...I admit to being naive when it comes to coding but why is an email or password needed for account information which can be check in game even by other players inspecting.

I would of thought it's more on the side of the devs to make statistics accessible, Or is it a case of all account data or none? 😥

Share this post


Link to post
Share on other sites
21 minutes ago, Ch1ck said:

https://github.com/McSimp/APBWatcher

There you go. That's the source of will.io site also.

Thx~~

 

In the original code-example, the username & password are only used to login, since the server will ask for credentials before providing any service. The rest of the code shows what usually happens after a successful login:

unknown.png

 

Your code adds more information to what's originally given.

 

To protect one's account/privacy, the User can simply create a new account and login using that to a fresh-Trainee, but the code itself doesn't provide much use. If the code gets expanded to include population information or chat-functionality for example, it might become something of value to many. If you are able to expand the code in such a way, I recommend you first obtain Little Orbit's approval. You don't wanna get your entire work flagged as non-permissible when it is done.

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, Ch1ck said:

I don't know why my thread caused so much hate in you, my guy, chill a bit down, my plans are nowhere near malicious. I've been playing this game since RTW days, spent thousands on my account, but haven't been playing lately cause of a job.

It's not about having hate. Even if it was LO who created the application, and thus being official, and knowing my credentials are safe and encrypted on their end, i still would not use this application as it serves no direct purpose for me, as i have clearly stated previously. So i would in no way use your application, and therefore my concerns regarding the security and safety of your application would literally have no direct impact nor affect on me.

 

There's no hate and there is nothing to "chill a bit down" about. My issue however, which seems to go over your head with every post i make, and you are actively ignoring with every response you give me, is the fact that you are asking people to submit their account information to an absolute NOBODY, all under the pretence of "but guys i have no malicious intent" - oh well in that case then, here's my social security number while i'm at it.

 

Transparency of an applications code is irrelevant when in the hands of a third-party, whom, at any given point, could alter the applications code to begin taking note of peoples login information and credentials. In fact, you wouldn't even need to alter the code - the fact that you've created an access point through which people can log in to their APB account, through YOU, means you could simply use a a program like Fiddler to inspect all traffic going from your application to the servers, you can create a simple breakpoint by delaying the connection between when they input their information, and when the server receives the information, which you could then intercept and inspect, giving you all their account information ALL THE WHILE your applications code is completely transparent. The fact you are trying to create an application that will you give you the ability to act as an access point using other software, is the point at which people should realise this is easily exploitable.

 

And this is why NO ONE should ever submit personal or sensitive information into a THIRD-PARTY program. Simple as that. If it's not made by, or officially supported by, just don't.

 

AKA don't fucking use your bank information to log into an application just because it has your bank name and was made by someone who uses the same bank as you, because as transparent as the code for the application may be, as soon as you use me as an access point to submit your information to send traffic back and forth between the official server, i can intercept that traffic, create a breakpoint, and review everything that has been sent back and forth. You fuckers need to go and see how easy this shit is. Bunch of wanna-be coders talking out their asses, thinking this is safe because the code is opensource. You have to be fucking kidding me.

 

It's somewhat ironic though, how the very people I am trying to protect from getting their information stolen, are probably the same idiots who are commending you and down-voting me, not understanding how easy it is to jack their shit without them even knowing. Fuck it, good luck with your endeavour and may these poor sods get what's coming to them, ignorance is bliss afterall.

 

Here, for all you 1337 c0d3r5 out there who think this shit is safe, go watch this, literally watch 60 seconds, that's enough, but if it interests you, watch the full thing;

When they mention an IMSI Catcher, think of Fiddler as the software alternative.

 

 

Share this post


Link to post
Share on other sites
10 minutes ago, ShadowXS said:

And this is why NO ONE should ever submit personal or sensitive information into a THIRD-PARTY program. Simple as that. If it's not made by, or officially supported by, just don't.

 

...Do you have a Facebook account?

  • Like 1

Share this post


Link to post
Share on other sites
9 minutes ago, ShadowXS said:

Here, for all you 1337 c0d3r5 out there who think this shit is safe, go watch this, literally watch 60 seconds, that's enough, but if it interests you, watch the full thing;

When they mention an IMSI Catcher, think of Fiddler as the software alternative.

How about making a constructive suggestion how to enhance something instead of fanboying edward in a HBO video?

ps: thanks that was  quite amusing

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, ShadowXS said:

Transparency of an applications code is irrelevant when in the hands of a third-party, whom, at any given point, could alter the applications code to begin taking note of peoples login information and credentials. In fact, you wouldn't even need to alter the code - the fact that you've created an access point through which people can log in to their APB account, through YOU, means you could simply use a a program like Fiddler to inspect all traffic going from your application to the servers, you can create a simple breakpoint by delaying the connection between when they input their information, and when the server receives the information, which you could then intercept and inspect, giving you all their account information ALL THE WHILE your applications code is completely transparent. The fact you are trying to create an application that will you give you the ability to act as an access point using other software, is the point at which people should realise this is easily exploitable.

There's no access point or any data going through me. The app which would be started from your own PC (by compiling the open source code by yourself and making sure there is nothing in the back going on) is only and exclusively connecting to the APB: Reloaded servers - no more, no less. There is no middleman in this and no data sending to anything else other than lobby and world servers of the game. However, the APB: Reloaded's login functionality requires you to input the email and password to successfully login. If you have any suggestion how to handle logging in without username and password, I'm all ears.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, VickyFox said:

 

...Do you have a Facebook account?

Not since about 2012 because I'm not 45. But on-topic; if you make a Facebook account, that's not a third-party. You and that company have a direct agreement, your information and details are stored with that company, who you entrust. Now, if you log into an application that is asking you for your Facebook account information, and that application isn't Facebook - THAT is a third-party.

 

1 hour ago, Ramihyn said:

How about making a constructive suggestion how to enhance something instead of fanboying edward in a HBO video?

ps: thanks that was  quite amusing

Can't tell if trolling, or didn't read anything of what i wrote and missing chromosomes. What does being well-versed and educated in your own cyber security have anything to do with fanboying over anyone?

 

I have made the biggest and most important suggestion of all, throughout this thread; DON'T use any application that is third-party and requesting sensitive information such as passwords. I have also constructively advised OP to invest his time in another project, one that will actually go somewhere, since this one won't for countless reasons, but mainly because LO would never give a green light to something like this - and risk jeopardising the safety of the accounts of their playerbase/clients. If this guy values his time, he ought to focus on something that isn't entirely redundant to begin with. He wants to make an application for something that you can;

 

A) Determine by simply logging into APB via the official client

B) Determine by simply taking note of your own characters information, into a notepad, signature, or whatever other Offline method you wish, as i have shown on the first page of this thread, WITHOUT the need of submitting your login information at any point

 

So either he is wasting his time, or there is an ulterior motive. Either way my advise is constructive; invest your time in something more productive, or fuck off for trying to scam me.

 

22 minutes ago, Ch1ck said:

There's no access point or any data going through me. The app which would be started from your own PC (by compiling the open source code by yourself and making sure there is nothing in the back going on) is only and exclusively connecting to the APB: Reloaded servers - no more, no less. 

Exactly. Why would i need an application on my PC that does THE EXACT SAME JOB as the APB client? 

 

You're trying to back the concept for an application that has the most useless functionality. Absolutely redundant. You want someone to log into a third-party app, instead of the APB client, to have the exact same outcome - actually less, because by logging into the APB client i can actually then play APB, whilst via your concept for an application I can ONLY see my character stats. You are essentially trying to create a doorway to nowhere. Imagine it; There's a pathway with 1 door. You're trying to create a 2nd door on the exact same wall, on the exact same hallway, leading to the exact same place, except with restrictions. Redundant. Pointless.

 

Anyone who thinks this could remotely be useful must not understand what is being offered here. They think perhaps it'd be a good idea to see how many players are logged into APB without having to log in, okay that'd be pretty cool - oh but wait, that concept already exists over at https://will.io/apb/

 

So you've either got an ulterior motive, or you're too stubborn (or just thick) to admit that this is a redundant concept for an application. I mean there's people in this thread who really think they're gonna get District chat on their mobile devices, like that's what they're commending this thread for, for implementation of features that you know are impossible to achieve. Because what you're really offering is absolutely pointless. Something that can be done OFFLINE in minutes, without the need of an application. Or online, by simply just logging into APB instead.

Share this post


Link to post
Share on other sites
49 minutes ago, ShadowXS said:

 if you make a Facebook account, that's not a third-party. You and that company have a direct agreement, your information and details are stored with that company, who you entrust. Now, if you log into an application that is asking you for your Facebook account information, and that application isn't Facebook - THAT is a third-party.

 

When you sign up to facerecognitionbook you agree with sharing your details to a third party in a way even senior lawyers have trouble fully understanding the clause. This was intentional. The disruption of your privacy has been so extensive and in secret that Facebook faced (no pun intended) lawsuits over these privacy violations. Nothing is what you think it is, really. But, in the interest of a person staying sane in this digital golden your progress and denial of thoughts is understandable.

 

The CEO of facebook has been photographed several times covering up all microphones and camera's on his digital devices. Remember, this is a smart guy not a lowlife paranoid.

*digital golden age :P

  • Like 12
  • Thanks 2

Share this post


Link to post
Share on other sites
2 hours ago, ShadowXS said:

Not since about 2012 because I'm not 45. But on-topic; if you make a Facebook account, that's not a third-party. You and that company have a direct agreement, your information and details are stored with that company, who you entrust. Now, if you log into an application that is asking you for your Facebook account information, and that application isn't Facebook - THAT is a third-party.

I encourage you to google Cambridge Analytica and how this third party abused Facebook... Or not! Google will probably sell your browsing trends and activities to advertisers anyway.

The TL;DR of Cambridge Analytica is not only did they use their service user's information for "academic purposes" for research (political), But they also analysed their service user's friends personal details on Facebook without authorised consent... This third party app could then bypassed privacy settings on private accounts!

It was just as much on Facebook for not picking up on this loop hole and being too lenient with apps. 

This should be an outlying incident but this happens every week at various sizes and severity.
The offical site host SHOULD hold your personal information safe and securely but it's only as safe and secure as the weakest point of data storage or transfer. ...I can't help but think how wide spread Equifax was

I mean there is nothing to say that someone can't skim your credit card in person when paying for your dinner without realising it.

 

Feeling a strong parallel to the arguments of overly protective parents in regard to bacteria and viruses, to the point of being scared of their kids getting autism from vaccines. And then they wonder why their kids don't have an immunity when they don't play outside.

 

 

I guess what I'm saying is as long as the External Game Observer doesn't involve Armas, It's just a computer game account albeit with a lot of time and money spent on it.

At the end of the day, it falls upon LO to make sure it's coding doesn't allow for any flaws, while monitoring all service users (including third parties) for any potential abuse of host services. All service users are expected to equally do their part to not take advantage of potential exploitable issue and to report any abuse or flaws.

Edited by VickyFox

Share this post


Link to post
Share on other sites
10 hours ago, Ch1ck said:

As said, I have no malicious intents, plus the code will be open source and at any given time you'll know what would be going on with it.

I don't downvote any posts here, so idk what are you implying with that.

Of course no one needs access to someone else's account, but an information about some players and known clans could be generated with help of this.

https://github.com/McSimp/APBWatcher
There you go. That's the source of will.io site also.

Anyone can say " I  have no malicious intent" yet what happens when personal information is given out?

It is irrelevant if your coding is open source or not because YOU would have personal account information and have complete access to other peoples accounts and any g1 cash or g1c items on those accounts.

Furthermore you are trying to push against the ToS as if I am wrong for saying no.

 

Since you can not accept that you are not authorized to have access to my account let me spell it out for you.

 

#@$%  NO

NOT TODAY NOT TOMORROW NOT EVER !

Share this post


Link to post
Share on other sites
4 hours ago, Fortune Runner said:

It is irrelevant if your coding is open source or not because YOU would have personal account information and have complete access to other peoples accounts and any g1 cash or g1c items on those accounts.

You really have no idea how this works, do you? This is so funny! :classic_happy:

Share this post


Link to post
Share on other sites
1 hour ago, Saxtus said:

You really have no idea how this works, do you? This is so funny! :classic_happy:

 I refuse to give my account and pass to anyone

period

If you don't like it too damn bad

just because he says one thing does not make it true nor does it mean he or someone else  cant take/steal accounts later

your word and his word means crap

 

Share this post


Link to post
Share on other sites
1 hour ago, Fortune Runner said:

 I refuse to give my account and pass to anyone

period

If you don't like it too damn bad

just because he says one thing does not make it true nor does it mean he or someone else  cant take/steal accounts later

your word and his word means crap

 

It is a in general a good idea to not give out account + password indeed Open sourcing a tool would make it possible to run the sources on one of your own machines where you have control.

 

It's a free service offer. Somebody did offer you a free additional service, If you don't see the use or don't need or want it, fine - simply move on 😉 The creator invested work and presents an offer. Take it or leave it, but saying "omg the sky is falling, they are stealing your account" while there is zero proof of even an attempt here and actually quite the contrary, Considering the fact that the players who run apb, have to trust many thousand of anonymous people who where involved in creating the software they use (from windows itself,  through IO etc.) and trust thousands of people they never met and who never agreed to reveal their sources to the public, it's a bit weird to me - especially since i often see the same people blindly installing third party code like overwulf, ventrilo, skype, teamspeak, fraps, mirc, kvirc, etc etc without any problem.

 

It's a free offer. Take it or leave it.

 

Warning people about dubious offers that ask for personal/account info is a service indeed, but warning them "your account will be stolen!" while no evidence of any attempt has been seen (quite the contrary), is just scaremongering. It would really help if LO had an official way of dealing with third party tools. Even better, an official API to use and 3 new maps and free cookies to all apb players 😉

 

If those things will happen, depends on their resources though.

 

ps: brb - checking for cookies from LO in mail .....

Edited by Ramihyn
  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites

Ramihyn when people keep quoting and arguing telling me to do so the problem isnt me. so step off.

Only shady people would try to force me to to begin with otherwise they wouldn't keep pushing at me when I said no.

Anyone else wouldn't be quoting and arguing with me they'd just let me leave just like I  did.

Share this post


Link to post
Share on other sites
9 hours ago, Fortune Runner said:

 I refuse to give my account and pass to anyone

period

If you don't like it too damn bad

just because he says one thing does not make it true nor does it mean he or someone else  cant take/steal accounts later

your word and his word means crap

 

What are you talking about? Nobody is asking to learn your credentials!

 

Have you even read what the OP is offering?

Just the source code! Not even a pre-compiled binary.

 

You read the code and if you decide it's safe, edit the parts of username/password with your own credentials, compile it and use it.

 

Why it's so difficult to admit that you don't understand what is offered here and you just quickly jumped to conclusions?

  • Thanks 3

Share this post


Link to post
Share on other sites
7 hours ago, Saxtus said:

What are you talking about? Nobody is asking to learn your credentials!

 

Have you even read what the OP is offering?

Just the source code! Not even a pre-compiled binary.

 

You read the code and if you decide it's safe, edit the parts of username/password with your own credentials, compile it and use it.

 

Why it's so difficult to admit that you don't understand what is offered here and you just quickly jumped to conclusions?

and I said no I refuse and walked away yet you all keep harassing me daily and do not respect my decision

just because you make it look one way by talking making claims of "this is how it will be" does not mean thats how it will be done

I said no I don't want to be a part of this and here you are arguing saying I should (you wouldn't keep harassing me otherwise) and its fine its safe do it  blah blah....

#$$% off I said no

Share this post


Link to post
Share on other sites

Apologies then, as for a moment I genuinely believed that you didn't understand what was this forum topic about.

 

Now that you reveled to us that you were trolling and you kept posting here only to spam and derail this thread, I take back everything I've said.

 

I am sorry. :classic_tongue:

  • Like 1
  • Thanks 2

Share this post


Link to post
Share on other sites

LO should've already closed this topic. Imagine the security/privacy nightmare this program would be.

Share this post


Link to post
Share on other sites

What LO should do, is to provide some API access to user's, world's and clan's data for everybody to be able to utilize as they see fit using their own private API key.

Until that it's done, thankfully people like the OP are here to contribute with their coding skills.

 

Edited by Saxtus
  • Thanks 2

Share this post


Link to post
Share on other sites
On 11/18/2018 at 10:35 PM, Fortune Runner said:

and I said no I refuse and walked away yet you all keep harassing me daily and do not respect my decision

just because you make it look one way by talking making claims of "this is how it will be" does not mean thats how it will be done

I said no I don't want to be a part of this and here you are arguing saying I should (you wouldn't keep harassing me otherwise) and its fine its safe do it  blah blah....

#$$% off I said no

do you ever go into a bank and shout fuck you, you're not getting my money? just wondering.

Share this post


Link to post
Share on other sites

Hello Ch1ck, 

 

We appreciate your enthusiasm in creating tool to help players in APB but any 3rd party program that requires you to log in using your email address and password for Gamersfirst is against our Terms of Service and can not be supported by Gamersfirst. Thank you for reaching out to us about this program.

 

Selali

  • Like 1
  • Thanks 5

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...