Token Pull Exploit (3/27/17) *Updated (4/12/17)

Brigby

Hi Everyone,

We are aware of an exploit that allows players to take advantage of a mobile device's built-in feature to manipulate token pulls.

We are able to detect accounts that have utilized this exploit, and are deliberating what action to take to correct the matter. We strongly advise players not to purposefully participate in this exploit as we consider correctional matters, as measures may be taken against those who do choose to use it.

Thank you!

Edit: Thank you for everyone's patience! The development team has been hard at working addressing this issue, and we are anticipating the fix to be implemented in the upcoming R125 patch.

The rockett

THANK YOU!!! Hopefully the ban hammer comes out again like the original LT token exploit. Just so money spent doesn't determine if they get banned or not.

huktonfonix

I suggest a free cookie for everyone who hasn't used it. Peanut butter please.

You can give the cheaters oatmeal raisin.

Bondidude

huktonfonix wrote:

I suggest a free cookie for everyone who hasn't used it. Peanut butter please.

You can give the cheaters oatmeal raisin.

Peanut butter would literally kill me.

I'll take oatmeal raisin.

astrp3

Brigby wrote:

Hi Everyone,

We are aware of an exploit that allows players to take advantage of a mobile device's built-in feature to manipulate token pulls.

We are able to detect accounts that have utilized this exploit, and are deliberating what action to take to correct the matter. We strongly advise players not to purposefully participate in this exploit as we consider correctional matters.

Thank you!

I take it you're not going to post what exactly this exploit is, but I am concerned that it is something people may have done inadvertently and are going to get sandboxed for "cheating" when they aren't actually cheating (like when you jumped the gun and sandboxed people who were using Thanos for seed nodes).

I play on an iPhone and an iPad and sometimes I will finish a session on one device, pull my tokens, and quit. Then when I switch to the other device, I find that it hasn't registered the token pulls and I have to pull them again . I've even had this happen after I went back to the main screen before quitting (I've also lost money this way when I buy something on one device then switch to the other and find it didn't register my purchase).

JVReal

I've heard whispers of a way of knowing pulls in advance, but not a way of manipulating... unless you consider waiting an entire season for pools to change as manipulation. I've not participated in this, only heard theories on it. It did not sound like a reasonable exploit for people to attempt.

Stax the Foyer

astrp3 wrote:

Brigby wrote:

Hi Everyone,

We are aware of an exploit that allows players to take advantage of a mobile device's built-in feature to manipulate token pulls.

We are able to detect accounts that have utilized this exploit, and are deliberating what action to take to correct the matter. We strongly advise players not to purposefully participate in this exploit as we consider correctional matters.

Thank you!

I take it you're not going to post what exactly this exploit is, but I am concerned that it is something people may have done inadvertently and are going to get sandboxed for "cheating" when they aren't actually cheating (like when you jumped the gun and sandboxed people who were using Thanos for seed nodes).

I play on an iPhone and an iPad and sometimes I will finish a session on one device, pull my tokens, and quit. Then when I switch to the other device, I find that it hasn't registered the token pulls and I have to pull them again . I've even had this happen after I went back to the main screen before quitting (I've also lost money this way when I buy something on one device then switch to the other and find it didn't register my purchase).

FYI, you can play a node to force a communication with the server to save your progress. Even retreating with a junk team on a trivial node should accomplish that, if you don't have a PvP node to play

I wouldn't worry, though, it would be impossible to inadvertently use this exploit to any meaningful degree.

For some players who have been intentionally utilizing this exploit, the results are glaringly apparent. (Almost laughably so) It will be just as glaringly apparent if no meaningful action is taken, especially for serial exploiters.

I'm very glad that this post went up, Brigby. Thank you.

Many players are watching this carefully, as it's frustrating to play honestly and compete with serial exploiters.

Brigby

astrp3 wrote:

I take it you're not going to post what exactly this exploit is, but I am concerned that it is something people may have done inadvertently and are going to get sandboxed for "cheating" when they aren't actually cheating (like when you jumped the gun and sandboxed people who were using Thanos for seed nodes).

I play on an iPhone and an iPad and sometimes I will finish a session on one device, pull my tokens, and quit. Then when I switch to the other device, I find that it hasn't registered the token pulls and I have to pull them again . I've even had this happen after I went back to the main screen before quitting (I've also lost money this way when I buy something on one device then switch to the other and find it didn't register my purchase).

Based on the information I know of the exploit, it's something that takes a conscious effort to perform, as there is normally no reason for a player to utilize this mobile device feature when playing the game. Having said that though, we do understand that there is always the possibility of extreme edge-cases, and we will be sure to address those on a case-by-case basis.

JVReal wrote:

I've heard whispers of a way of knowing pulls in advance, but not a way of manipulating... unless you consider waiting an entire season for pools to change as manipulation. I've not participated in this, only heard theories on it. It did not sound like a reasonable exploit for people to attempt.

I use the word "manipulate" loosely, primarily to convey the severity of this issue, but still maintain vagueness.

astrp3

Stax the Foyer wrote:

FYI, you can play a node to force a communication with the server to save your progress. Even retreating with a junk team on a trivial node should accomplish that, if you don't have a PvP node to play

Thanks for the info. This usually happens to be because I have only set up my iPhone to make purchases - I haven't set up my iPad for purchases and don't want to. It usually happens when I am buying HP for roster slots. I now fix it by actually buying the slot and rostering a character before quitting.

I was thinking that someone could pull a token, then quit (or turn off their device) if they didn't like what they got and either restart or switch to another device and re-pull, repeating over and over and over until they got something they liked (of course, they would have to do it several times in a row, which would seem to indicate obvious cheating - though I am always loath to draw such conclusions as there may be legit reasons for doing so).

GurlBYE

I guess people really wanted those vaulted characters

vinsensual

Punishing people for using 'Sploits? I knew I was gonna regret rostering Gwenpool!

alphabeta

Are you going to cross reference those utilising this exploit with the previous one and consider the pattern of behaviour in deciding how to proceed?

For those who play clean the integrity of the game is important and a pattern of cheating deserves severe treatment not the light touch the previous issue got.

Magic

Shame on players for cheating. Hopefully they will be punished regardless of how much they have spent on the game. There should be no policy of forgiveness like last time.

sza

Kudos on this! It's great news.

However, unclear whether the "deliberating what action to take to correct the matter" statement is alluding to action against the player or a technical correction to fix the exploit. If it's the former, isn't it quite straightforward per what you've stated in your FAQ - player removed from the game, full stop. No deliberation necessary

From your FAQ:
What is your stance on cheaters?
Cheating is not tolerated and is easily uncovered. Because cheating negatively impacts all players, we are diligent about removing those who break the rules.

A player caught cheating will be removed from the game. No previous purchases will be reimbursed.

DapperChewie

sza wrote:

Kudos on this! It's great news.

However, unclear whether the "deliberating what action to take to correct the matter" statement is alluding to action against the player or a technical correction to fix the exploit. If it's the former, isn't it quite straightforward per what you've stated in your FAQ - player removed from the game, full stop. No deliberation necessary

From your FAQ:
What is your stance on cheaters?
Cheating is not tolerated and is easily uncovered. Because cheating negatively impacts all players, we are diligent about removing those who break the rules.

A player caught cheating will be removed from the game. No previous purchases will be reimbursed.

Big difference between an exploit and a cheat. An exploit manipulates in-game systems in your favor. I think what they mean by cheating is using cheat programs for millions of free iso and HP, or stuff like that.

alphabeta

DapperChewie wrote:

sza wrote:

Kudos on this! It's great news.

However, unclear whether the "deliberating what action to take to correct the matter" statement is alluding to action against the player or a technical correction to fix the exploit. If it's the former, isn't it quite straightforward per what you've stated in your FAQ - player removed from the game, full stop. No deliberation necessary

From your FAQ:
What is your stance on cheaters?
Cheating is not tolerated and is easily uncovered. Because cheating negatively impacts all players, we are diligent about removing those who break the rules.

A player caught cheating will be removed from the game. No previous purchases will be reimbursed.

Big difference between an exploit and a cheat. An exploit manipulates in-game systems in your favor. I think what they mean by cheating is using cheat programs for millions of free iso and HP, or stuff like that.

Not really - as a Noun exploit means to take advantage of a vulnerability for malicious or nerferious purposes.

That's a fancy way of saying cheating to me.

Plus what people are having to do to benefit from this exploit you know you are doing something outside the way in which the game is supposed to work and via the previous LT exploit it's known this type of behaviour is considered to be outside of the rules of the game.

People spend a lot of money and time on this game playing legitimately it's integrity took a huge blow the last time this happened with the equivalent of being told you'd been naughty and not to do it again to those involved - if they've been found to do it again following the FAQ answer should be the only expected outcome.

Devorer

could someone explain the benefit people got from using the exploit without telling people how to use the exploit.
As a fair playing person I would like to know if people using that exploit had additional pulls or more pulls than the tokens they had (like a 10-üack instead of a single pull or something) or just straight up better pulls, like a 5 star every legendary pull or sth?
Thanks you.

DrDevilDinosaur

alphabeta wrote:

Are you going to cross reference those utilising this exploit with the previous one and consider the pattern of behaviour in deciding how to proceed?

For those who play clean the integrity of the game is important and a pattern of cheating deserves severe treatment not the light touch the previous issue got.

Pretty sure this will get cross referenced to their sales logs, just like before.

ClydeFrog76

Not condoning it in the slightest, but I wonder if the number of people utilising said exploit increased when 4* vaulting was introduced.

zipo24

They would have to ban everyone cheaters

DaveR4470

astrp3 wrote:

I play on an iPhone and an iPad and sometimes I will finish a session on one device, pull my tokens, and quit. Then when I switch to the other device, I find that it hasn't registered the token pulls and I have to pull them again .

iPhone to Kindle Fire here, but the same thing occasionally happens (albeit never with LTs -- I always make sure they're locked and loaded before quitting out!). And I have noticed that the second pull has always, without fail, been the same cover as the first pull, which leads me to believe that for standard, elite, and heroic tokens, what you get is determined when get the token, not when you open it.

Buuuuut... I wonder if this isn't the case for LTs, because they have to query who's in the latest legends pool before determining the award, and somewhere in there is where the exploit occurs. But I can also see an easy way to get around this programming-wise -- just have the "reward" be a slot from a pull table; that way, when you need to change the rewards, you just change the pull table, and the token still pulls the "right" level cover. Buuuuut... I can also see how that wouldn't work if you want to randomize both the cover and the particular color. But this is already getting too complex and tl;dr I hope I haven't accidentally done something wrong, but I don't think I have, and eve if I have, I certainly have been doing a terrible job at it....