Access to Joymax main PC

the website doesn't really have direct access to the database. instead, it has an API that calls SP (standard procedure) that does the checking on the database. if the hacker is able to manipulate the calling of API's then he might be able to retrieve all the data from the database. but i doubt that this hacker is able to do so by himself ;)

*just my 2 cents*

lets think, if Sony gots lost of users, even more than Silk; that play at their network for money, well, allow me to say it
Sony is WAY better protected and I guess the hacker that stoled their database had med experience.
Silkroad server files are a fortune, but i really doubt it compares with the money Sony has invested

I think it's like when I meet my cousins.
Let me explain:
-They see my tattoo which is an spider with its web on my arm
-I start telling them I'm spiderman at night
-They just believe it xD

I agree in the part that this kind of persons who has an incredible "gift" wouldn't ever in their life try to hack an mmo's database... as you all said they would go after credit cards, real money... not 32 (whatever) billons or x amount of items.

I'd do that too if I had that gift (who agree? xD)

But, there is something that you all have to take into account: server topography.
It was in one of pushedx posts at gamedev.net I think... so I'm pretty sure if you want to get access to their database you've to go through tons of other servers and yeah, I'm pretty sure each hosts they have, have their own security (look at server speeds and latency).

To sum up! he was high or he just wanted to "show you his tattoo". xD

Quote:

Originally Posted by bootdisk I think it's like when I meet my cousins. Let me explain: -They see my tattoo which is an spider with its web on my arm -I start telling them I'm spiderman at night -They just believe it xD I agree in the part that this kind of persons who has an incredible "gift" wouldn't ever in their life try to hack an mmo's database... as you all said they would go after credit cards, real money... not 32 (whatever) billons or x amount of items. I'd do that too if I had that gift (who agree? xD) But, there is something that you all have to take into account: server topography. It was in one of pushedx posts at gamedev.net I think... so I'm pretty sure if you want to get access to their database you've to go through tons of other servers and yeah, I'm pretty sure each hosts they have, have their own security (look at server speeds and latency). To sum up! he was high or he just wanted to "show you his tattoo". xD

L0L, i like your reply.
Also, from what I know, most databases are on a different VLAN. It's either this so called hacker was able to penetrate the specific server which has direct access to the DB or the hacker had VPN access to RDP into the DB. hahahahaha

Finding database shouldn`t be that hard for a experienced hacker. You can just use the sro_client.exe and reach it :)
But i can`t say its something easy to hack into it

Quote:

Originally Posted by evrenoguz Finding database shouldn`t be that hard for a experienced hacker. You can just use the sro_client.exe and reach it :) But i can`t say its something easy to hack into it

Im not very experienced when it comes to these things but how the fuck would the client be able to do that ?
i can just think of exploiting, tricking the server (youre connected to) into changing stuff in the database
Or did i missunderstand you completely ?

That could work if he would be able to send packets via client to the server. Packets with code that will add his account and will give him remote acces to server so he hack do things like that.

Quote:

Originally Posted by Zarielos That could work if he would be able to send packets via client to the server. Packets with code that will add his account and will give him remote acces to server so he hack do things like that.

Not possible :/

This is a cool discussion :D

actually im not sure if the guy was able to do that^^

bump for the guy that make the Thread :P
well i can see most of u say´s its impossible, i agree to, im sure ppl with enought skills to do that wont hack a noobie game like this one.

Calm down i know a guy in ZSZC had 2 chars with that nicknames "|||||" ||||" he got acces to zszc db :P i saw a pic he got sos sword 11dg ... with stats at mag and phy "-1" ... So that is possible !

@evrenoguz You do know that the sro_client only connects to the gateway/agentserver right?

I'm pretty sure you can't "hack" the database with the sro_client since it only uses a service which is provided by joymax. I bet that the login server doesn't use the database directly but goes trough a few layers of security first to filter anything which isn't correct and the same for the agent server.

But I guess that there is a better chance at hacking the remote access things or some other backdoor at a server or locate the actual database server which is probably not available for the outside. So you have to gain access to a machine which is able to get data from the database logon to that database make a little rip of that thing steal all their files.

About that gold thingy which you could change at the website is that really what happend:S cause it doesn't sound like very likely since they have those databases completly separate from eachother at least that's what you want if you're hosting such game.

well anyway good luck hacking joymax but it would be very unlikely if you just walk trough their front door and steal their database you really have to find a backdoor mabye it is in the login server which has a secret packet who knows mabye their webserver software is outdated and has a backdoor.

Quote:

Originally Posted by kevin_owner @evrenoguz You do know that the sro_client only connects to the gateway/agentserver right? I'm pretty sure you can't "hack" the database with the sro_client since it only uses a service which is provided by joymax. I bet that the login server doesn't use the database directly but goes trough a few layers of security first to filter anything which isn't correct and the same for the agent server. But I guess that there is a better chance at hacking the remote access things or some other backdoor at a server or locate the actual database server which is probably not available for the outside. So you have to gain access to a machine which is able to get data from the database logon to that database make a little rip of that thing steal all their files. About that gold thingy which you could change at the website is that really what happend:S cause it doesn't sound like very likely since they have those databases completly separate from eachother at least that's what you want if you're hosting such game. well anyway good luck hacking joymax but it would be very unlikely if you just walk trough their front door and steal their database you really have to find a backdoor mabye it is in the login server which has a secret packet who knows mabye their webserver software is outdated and has a backdoor.

To get back at your webserver statement.. hmm maybe it is outdated, you know after all these years they still dont support chrome.. well i know thats code wise but im sure they didnt update their webserver for a long time...
But on the other hand Joymax seems to know how to protect their files soooo good, only 2 people got the files so far maybe 3 or 4 but not more then 10 people got their files by hacking them or something.

I think their Database/files are far away.. by far away i mean; just a few servers before you can even get close to them, but it shouldnt be impossible to acces it since like people said.. : Sony's PSN got hacked so why cant we get into Joymax' servers?
It's just that people here don't wanna work together, the hacker which got PSN data is in bigger trouble then the guy which would hack JMX and ohh it should be possible to do it the same way like they did on PSN... Get Amazon cloudserver thing and attack from there.

But this story... I don't think he has any acces.. he just bought gold ;P

yeh if all hackers work together they will get the db/sf but they dont wanna to do that i dont know whay !!!!

what im saying is every movement you make in the game is recorded by database so you can access ip`s or some adresses i`m saying. Im not just telling that you get some hack program and click on sro_client.exe then wuhoo you are in!. To find your server adresses you have to use client