Interesting exploit [DECA aware, claims they won't fix]

[zineguy]

So I had a situation leaked to me, and its a juicy one.

So the exploit itself;

DECA apparently has policies to produce items for players in certain situations. The example used for what was leaked to me was a situation in which DECA is generating items based on belief of players hitting a bug. That particular bug was related to a UI issue in which items could be made to be "un-interactable". So this lead to some players being unable to pick up items, and the interesting part is that DECA generated the items!

Now, part of the leak includes some special directives on how DECA perceives these situations. Specifically (and this actually makes it much easier to pull off), one must not die to the bug. Death is apparently a dis-qualifier (albeit a hilarious one), for item 'recoveries'. So if you see a bug where the screen freezes and it prevents you from picking up an item, this is a good bug to exploit. Just make sure that in whatever way you "reproduce" it, your character remains alive and DECA will generate the item.

The savvy here will immediately see that this can be exploited with photo editing/video editing or even a simple custom client that let's you select drops and "reproduces" the bug. In this way you can look like you "legitimately" got an item spawn that never existed, then open a support ticket and allow DECA staff to generate the item for you.

The leak also included that although this issue, as well as how to exploit it, but also that DECA specifically stated that they will not be fixing this. In fact they repeatedly used the phrase "we weren't born yesterday" to imply that they are able to tell a fake video about a random bug from a real video. They even had an example case where they could not tell that information and genned the item!

So if you've been trying to get some rare drops, just take a little bit of care and bug searching on exalt and profit! (The part they won't fix is the part where they have a policy under which they will happily generate the items, so there are multiple exploitable bugs now as well as many more to come in the future for this very purpose. )

Now, even though they clearly don't know how to protect themselves from this (or rather, they actually do but are unwilling to do it), do take all the same precautions you'd take when trying any other exploit. This is a social engineering attack, and the perception of what you are doing during the attack will make or break it. Because of that, it is safer to do this with a modded client than with photoshop or video editing (some people are very very good at finding edited videos, e.g. Captain Disillusion - though he'd never trust a video like that as evidence in the first place).

[P.S. No I am not willing to release my source on this fully, but can clarify a bit more information if needed. I just don't want this person to be attacked by DECA or their minions.]

[Riigged]

Pretty sure absolutely ANYTHING todo with Exalt wont be compensated as its in Beta, DECA themselves says that anything that happens on Exalt is fully the players fault (because of it being publicly announced that it will have a serious amount of bugs) and if they do not want it to happen, for them to continue playing on Flash until Exalt is finalized of all its issues.. This "method" worked forever and ever ago, I've done it whining to support claiming my hermit white bag was inaccessible providing a nearly perfect photoshopped picture, but yeah, this won't work if its an Exalt related issue they will just reply saying something along the lines "You should know the risks you are taking when playing Exalt blah blah blah its still in Beta blah blah blah"..

But who knows, maybe theres some cases where you can convince them that even though you are playing on a beta version of the game engine that they should still compensate your "lost item" :P


Also its nothing new that support would "generate" items for a player who was at a loss, they've been doing it forever, that's why support is there, also for a million other things, but yeah, support is there for support, experiencing a bug that wasn't your fault and losing an item falls under that category :P

A while ago this guy (https://www.realmeye.com/player/Ethan) had a Gentleman Skin in his weapon slot of his character, because support put the item onto his account and that was his first open slot and it ended up being put there automatically lol

Sorry if I missed something but I only glanced your text, seems like it was mainly just talking about tricking support into thinking you lost an item due to a bug on Exalt, which I don't think is true because of what I said in my first sentence.

[DIA4A]

This is some interesting info but as riiged said that probably wont happen, but it never hurts to try probably
https://streamable.com/au80pq

[Riigged]

This is some interesting info but as riiged said that probably wont happen, but it never hurts to try probably
https://streamable.com/au80pq

That's a good fake lol that is what I referred to by "some cases where you can convince them", something like what you just showed is perfect, you just innocently organizing your vault, losing an already owned item because of Decas screw-up, but something todo with an enemy dropping the item most likely won't get past their somewhat small brains even :P

Give it a shot though, if SE'ing works on Amazon I am sure it could work on DECA hehe (maybe excluding the mod menu ayy)

[Matthew]

I remember when that Nexus bug happened a few years back where you could lose stuff in your vault or something

Photoshopped an image and got a Crown, Tab, Gent skin and a legendary humanoid egg

[DIA4A]

That's a good fake lol that is what I referred to by "some cases where you can convince them", something like what you just showed is perfect, you just innocently organizing your vault, losing an already owned item because of Decas screw-up, but something todo with an enemy dropping the item most likely won't get past their somewhat small brains even :P

Give it a shot though, if SE'ing works on Amazon I am sure it could work on DECA hehe (maybe excluding the mod menu ayy)

I can also force bags to look like whites bags and force only first item slot to be a ogmur while other is junk, go onto a lottl and profit, theres almost nothing out of limit for an internal exalt cheat honestly

[Azuki]

I can also force bags to look like whites bags and force only first item slot to be a ogmur while other is junk, go onto a lottl and profit, theres almost nothing out of limit for an internal exalt cheat honestly

fix your menu please it looks like a 8 year old with adhd designed it

[DIA4A]

fix your menu please it looks like a 8 year old with adhd designed it

I don't work on Exalt that much anymore so haven't really been bothered to make it look any good, sorry if that somehow bothers you lol

[zineguy]

Pretty sure absolutely ANYTHING todo with Exalt wont be compensated as its in Beta, DECA themselves says that anything that happens on Exalt is fully the players fault .

Actually the main part of this exploit is that not only is DECA compensating players for Exalt bugs, but after it was brought to their attention that this equates to generating items for attackers they said that they will keep doing it anyways, because they "weren't born yesterday and can tell if someone deserves compensation". In fact the direct ask against DECA for the leaker was specifically that they stop "compensating" these items, and DECA refused to stop doing it as well as refused to believe that they could be tricked.

In fact here are some of the best lines from this leak:

"As mentioned before, there is no special treatment towards one certain player as we have recovered such items for other players who had this issue as well." <- This is where support confirms that not only did they compensate someone on stream, but they will continue to compensate players who hit this visual bug




Q: Are you aware it is impossible to tell fake evidence in this matter from real evidence, meaning an attacker is no different to support from a customer affected by the realm bug?

A: We weren't born yesterday. We know how to determine if a situation requires compensation or not.

Q: Are you aware this policy means that future bugs are also vulnerable to the same issue, under the same policies?

A: Our team makes decisions following the policy as a starting point but also using their heads. Like I said multiple times before - we weren't born yesterday.

Q: If not fixing, are you accepting that the exploit will be used by attackers, cost DECA money, and reduce customer satisfaction?

A: C'mon man, take this seriously, you are throwing things at the wall to see what sticks. There is no exploit. I've said it before, and I will say it again since most of your questions are technically the same. We. Weren't. Born. Yesterday. We know how and when to distribute compensations without leaving room for abuse. We're not banging rocks together here, it's our job after all.


__________________________________________________ ________________________________________

They have no intention currently in stopping these item generations, and they actually think they can tell a fake situation from a real one.

[Riigged]

Actually the main part of this exploit is that not only is DECA compensating players for Exalt bugs, but after it was brought to their attention that this equates to generating items for attackers they said that they will keep doing it anyways, because they "weren't born yesterday and can tell if someone deserves compensation". In fact the direct ask against DECA for the leaker was specifically that they stop "compensating" these items, and DECA refused to stop doing it as well as refused to believe that they could be tricked.

In fact here are some of the best lines from this leak:

"As mentioned before, there is no special treatment towards one certain player as we have recovered such items for other players who had this issue as well." <- This is where support confirms that not only did they compensate someone on stream, but they will continue to compensate players who hit this visual bug




Q: Are you aware it is impossible to tell fake evidence in this matter from real evidence, meaning an attacker is no different to support from a customer affected by the realm bug?

A: We weren't born yesterday. We know how to determine if a situation requires compensation or not.

Q: Are you aware this policy means that future bugs are also vulnerable to the same issue, under the same policies?

A: Our team makes decisions following the policy as a starting point but also using their heads. Like I said multiple times before - we weren't born yesterday.

Q: If not fixing, are you accepting that the exploit will be used by attackers, cost DECA money, and reduce customer satisfaction?

A: C'mon man, take this seriously, you are throwing things at the wall to see what sticks. There is no exploit. I've said it before, and I will say it again since most of your questions are technically the same. We. Weren't. Born. Yesterday. We know how and when to distribute compensations without leaving room for abuse. We're not banging rocks together here, it's our job after all.


__________________________________________________ ________________________________________

They have no intention currently in stopping these item generations, and they actually think they can tell a fake situation from a real one.

Im not saying you cant trick them into thinking you lost an item, what I am saying is that this isnt really news, and that if the loss happened due to a bug on Exalt, that DECA can easily say "Fuck you, you knew the risk you were taking when playing on our in-Beta game, we don't have to give you anything." or maybe they will say "Hey, it's just one item, we don't have time for this nonsense, here you go, don't think you're gonna get a pass next time though."


Where is the source of this Q&A you talked about and also pasted here? I assume the Q&A that DECA just publicly held? Seems to me like the "leaker" just started the game recently and thinks he stumbled upon the greatest scam method ever (Why label him a leaker when this method has been around since the start of games xD)

They obviously won't stop refunding items because there are people out there who experience real bugs that cause them to be at a loss, and they really don't care if a couple people manage to smooth-talk their way into getting a refund that they never had to begin with, not the end of the world.

TL;DR - This isn't news, well, I guess this is updated news since Exalt just came out, but yeah, tricking support isn't a new method :P

[zineguy]

Im not saying you cant trick them into thinking you lost an item, what I am saying is that this isnt really news, and that if the loss happened due to a bug on Exalt, that DECA can easily say "Fuck you, you knew the risk you were taking when playing on our in-Beta game, we don't have to give you anything." or maybe they will say "Hey, it's just one item, we don't have time for this nonsense, here you go, don't think you're gonna get a pass next time though."


Where is the source of this Q&A you talked about and also pasted here? I assume the Q&A that DECA just publicly held? Seems to me like the "leaker" just started the game recently and thinks he stumbled upon the greatest scam method ever (Why label him a leaker when this method has been around since the start of games xD)

They obviously won't stop refunding items because there are people out there who experience real bugs that cause them to be at a loss, and they really don't care if a couple people manage to smooth-talk their way into getting a refund that they never had to begin with, not the end of the world.

TL;DR - This isn't news, well, I guess this is updated news since Exalt just came out, but yeah, tricking support isn't a new method :P

Well, again, the thing here is the vulnerability itself, not the how to of using it.

And yes, the COULD say "Fuck you" to those generations, but they aren't and that's the vulnerability here. Instead they are saying "Fuck you" to the people telling them to stop generating items. As for the leaker, no they don't think they came across the greatest scam ever. They just know that they came across a very real security problem, they opened a support case to address and fix this problem as they have spent a lot on the game and weren't happy with seeing support generating items for hackers. DECA refused to fix the exploit after multiple confirmations of the problem and seemed okay with the information being leaked which was discussed in the ticket. The leaker was just angry that they feel they are wasting their money on a dev that spends it genning items for hackers. And it's not so relevant but the leaker is a heavy supporting white star who has played the game for over 8 years, definitely not new to the game.

One example mentioned in the ticket was that of streamer OhSquirtle who was affected by one of these bugs and had DECA gen an item for him (A QoT) publically - this was the first indication the leaker had on the problem, yet they confirmed with DECA that DECA will keep on doing it. So this is not a situatoin of hypothetical "if they will generate items", it's pointing out that they are actively doing it, actively refuse to stop and probably most humorous is the idea that they think they can tell a fake report from a real report (that idea that they are more intelligent than anyone in the world while actually not understanding the issue they think they do)

Should be noted that nobody wants you to test anything for them, this is just information sharing so that others can take advantage of it if they want to as well.

[ZoominFX]

Pretty sure absolutely ANYTHING todo with Exalt wont be compensated as its in Beta, DECA themselves says that anything that happens on Exalt is fully the players fault (because of it being publicly announced that it will have a serious amount of bugs) and if they do not want it to happen, for them to continue playing on Flash until Exalt is finalized of all its issues.. This "method" worked forever and ever ago, I've done it whining to support claiming my hermit white bag was inaccessible providing a nearly perfect photoshopped picture, but yeah, this won't work if its an Exalt related issue they will just reply saying something along the lines "You should know the risks you are taking when playing Exalt blah blah blah its still in Beta blah blah blah"..

But who knows, maybe theres some cases where you can convince them that even though you are playing on a beta version of the game engine that they should still compensate your "lost item" :P


Also its nothing new that support would "generate" items for a player who was at a loss, they've been doing it forever, that's why support is there, also for a million other things, but yeah, support is there for support, experiencing a bug that wasn't your fault and losing an item falls under that category :P

A while ago this guy (https://www.realmeye.com/player/Ethan) had a Gentleman Skin in his weapon slot of his character, because support put the item onto his account and that was his first open slot and it ended up being put there automatically lol

Sorry if I missed something but I only glanced your text, seems like it was mainly just talking about tricking support into thinking you lost an item due to a bug on Exalt, which I don't think is true because of what I said in my first sentence.

Why should your Hermit whitebag be inaccesible?

[Riigged]

Why should your Hermit whitebag be inaccesible?

Glitched tentacle, bag stuck. Lots of ways to manipulate em.