Hack the HyperNet?

This post was flagged by the community and is temporarily hidden.

Just to clarify:

I’ve submitted this bug just now to the CAD. [EBR-212343]

If this exploit works, it can be used to absorb wealth from other capsuleers
If this exploit doesn’t work it means that there is some underlying hidden mechanics to the HyperNet that doesn’t make it a “fair” investment and will probably scare off HyperNet users or the outcome is really random with no patterns to measure, which would be the best case.

  • Why would you need capsuleers’ ingame money for this?
  • If you ever manage to find a pattern, it’ll definitely be classified as an exploit and anyone using it will be banned from the game.
  • It’s obviously pseudo-random, not really random. It all comes down to what algorithm CCP uses to generate these codes, what seed they use, if they alter the result by anything, etc.

I have read someone managed to crack the random algorithm from a betting site by doing exactly what you describe, going through all previous results - so what you say may be doable - just a story from the internet so it could be a lie too.

However, it’s very likely CCP is not going to be very amused at your exploit attempt. I would be wary about stating I would be going on on such exploity shenanigans in the forum. It may not be very healthy for your EVE accounts.

2 Likes

There’s also this. CCP will be using some randomness algorithm in place but they also may be skewing the result based on anything else they want to be part of their algorithm - that does not make it any less “fair”. This is not a crypto app after all. Just a videogame.
What would make it less fair is if the devs used this knowledge to gain an advantage in the game they play, or pass this knowledge on to another player.

I think it’s my duty as a law abiding citizen of the republic to inform the authorities about this potential hazard. Since there is no public database, I don’t know if my assumtions are true. But with project discovery there is proof that methods like these are used in other ways already.

Here

https://www.youtube.com/watch?v=feB9OrMui14

I have stated this multiple times to the authorities, and I will not stop until I get clear statements. Like I have stated to the University of Caille, that their Corona-Datasets can be easily abused, not only by exploits, but by lazy scientists drawing triangles.
We have researched the Hypernet as a potential source of income, but we will not invest in it, if it’s flawed.

If the DED wants to punish me for asking questions and pointing out problems, it’s my personal problem.
This time, I’m not even requesting a bug bounty like:


I’ve learned my lesson

OOC
FYI komi is speaking in character and CCP is to not be used IC speak. If you noticed she hasn’t used it once

2 Likes

OH.

Sorry, did not notice that.

Seriously, how hard is it for you to acknowledge the ToS?

You may not exploit any bug in EVE Online to gain an unfair advantage over other players. You may not communicate the existence of any exploitable bug to others directly or through a public forum. Bugs should be reported through the bug reporting tool on our website.

It really makes it hard to trust you as a potential CSM to keep your mouth shut about what you would learn under NDA if you can’t even avoid posting about possible exploits on the forums.

Edit to add: at the point where your bug report is closed with ‘it is not an exploit’ this would be fine to post about - but while your bug report is pending, that’s a huge ‘do not post about this’ indicator.

2 Likes

Well, the Problem is that there is no public information about the HyperNet. The marketplace is regulated by the CAD and the data is public.
With the HyperNet the data is not released to the public. I just want to make sure they are aware of this to prevent abuse of the system, if such an attack would be possible.
The HyperNet is marketed as this fair “gambling” like marketplace, but how do we know if it’s really fair without some limited access to the data?

You are not entitled to data about the HyperNet.

Wait for your bug report resolution. If it is an exploit, don’t post about it.

If it is not an exploit, feel free to engage investors but don’t refer to it as a possible exploit - get properly in-character and leverage the language of a gambler and write about having figured out how to beat the odds and take the House for all it is worth.

‘Exploit’ is a term that should not be bandied about freely - and if you genuinely want people to view you as a potential representative for us to CCP, you need to recognize that and not create the impression that you are willing to break the rules to make some quick ISK while waiting for CCP to rule on a bug report.

1 Like

It’s not about personal gain or making money. I am just sharing my thoughts on a potential attack on the HyperNet that came to me today while eating Matigu Sushi. I don’t even know if this would work (probably not) and I do not have the time to invest more energy into this. I’m running a corporation and we have enough business atm.

So you are not really role playing. Ok, then what I’ve said still stands. You are just asking for it. :rofl:

  1. How would these exploiters actually gain enough datapoints?
  2. It’s not possible to count the amount of random numbers calculated in any given time-frame?

Can you please add some substance?

Sure I can. The idea is that we have absolutely no idea if there are any patterns to the hypernet node-selection process. We can use a neural network to find those patterns if they exist.
They should not exist if the HyperNet is secured properly.

And this should results in every node having the same chances of winning which means there should be no deviation. I simply want to find out if this is the objective reality or of the system is flawed, because like I said we are thinking about using the HyperNet service to sell some Dunk Salvage Drones :wink:

Ignoring that you didn’t actually answer my question…

No, we can’t. For that we’d need millions of data points, which aren’t gatherable. It’s not just that, though, because you’d also need to be able to syncronize your own algorithm’s results with CCPs. You can’t.

1 Like

Many many issues here:

1- You don’t have access to the entirety of the historical hypernet result data to feed to your hypothetical “neural network”.

2- Many people who are frequent winners of the raffle, are it because they buy almost 50% of the tickets. How do you factor that in? How can u take that into account if you dont have item 1?

3- “Deviation” from what? Each raffle is unique in its own way. Would you assume there is a “pattern” because a letter repeats in a few winners? Remember, you also lack item 1.

4- The random algorithm would use a seed. Unless the seed is guessable and the algorithm is known (which was the case of this betting site guess I read about), how would your neural network account for that? Do you expect CCP to open that for you? There’s a reason there are no neural networks predicting lottery results in the real world.

5- You dont know how the algorithm and its output gets transformed into the raffle winner.

6- Your neural network would be guessing/learning from a small data set, and even if it had the entirety of the historical data to go through, it’d at most be a guild guess as it cannot predict the next seed that will be used or whatever other shenanigans CCP uses after using the result.

CCP is never going to open their algorithm and historical data set to you, especially when your intention is finding an exploit.

The samples to train the AI must be generated by using the HyperNet. Probably some hundred samples should be enough to get enough info for an 8/8 Node thingy.
It doesn’t matter who buys the stuff. Only the input and the result matters for prediction.
Typing in by hand should be fine for such a small amount.
Deviation from 1/n success rate per node where n is the number of nodes.
Any capsuleer that would have a deviation from this would be cheating the system.

I expect to see a distribution like a bell curve or something else. If you take your Jade Dice for example, the average value would be 3.5/throw.
If you generate random numbers that consist of a complicated construct there might be some values that while random, will behave in a predictable pattern.

If you for example create a random value throwing 2 dice and add it together, while both values are totally random they will more likely add up to 7 than any other number.

The neural network will like I said find these patterns if they exist. And this could be used to rate the nodes. This is why it’s important. Because if nodes are not the same value it’s flawed

Just a hundred samples. To train a neural network. Right. So it’d not even be by characters in the nodes. Just by index from 0 to 7 in case of a 8/8 raffle. You’d count the frequency each nodes is picked as the winner. However

  • You dont even know if they randomly generate an index number from 0 to 7, or if they pick an index per distinct value for each character position (for example, position 0 gets chosen by picking a value from 1 to n where n is the total number of distinct available character for that position in the raffle, etc).
  • You dont know if the pick this at the moment the raffle is generated or when the raffle ends or any moment in between, basically u dont know the seed.
  • You dont know the algorithm they use.
  • You dont know if they carry out additional changes to the algorithm results(s) before picking the winner.

You are saying any capsuleer who wins more than your calculated success rate per node out of just a 100 samples is cheating the system? What about the randomness of being lucky? What if node index 0 gets picked 17 times in a 100 samples? Would that be a pattern? What if node index 0 wins only in 4 raffles out of a 100 in the next batch?
Whatever ruleset your hypothetical code finds will yield a very partial and skewered result. And you’d end up with the very wrong assumption that someone who stroke lucky is gaming the system and the system is rigged.

And I still dont understand why you would want ingame money from players to develop such a thing (even when it will fail miserably). Sounds scammy.

It takes a lot of research and participation to get the samples you need for training the AI. that will probably be 300mil ISK and hours of time. Then there is just a lot of effort with developing this method. It’s too much for me alone to handle, because I need to take care of other business and I’m not that invested into the HyperNet yet. Without the funding there is just no intentive for me to do this just to prove a point, since the main part (submitting the report) is already done.

I never said that and of course I mean this with the background of a large database with thousands of nodes and not a small amount like 100

No, that is not how this works. The 4 digit nodes are created by an algorythm. one node will be picked as the winner. So the goal is to find patterns there that could be used to rate those nodes. For example: maybe for some strange reason nodes that start with an “F” have a higher percentage of being picked.
Or nodes that have an “F” following a “8” or basically any pattern possible.

The neural network will in the end be an approximation of the algorythm they use, if there is one. Even if the success rate is pretty low limited by the architecture of the network or the number of test samples.