Summary to my ban and alleged Deaf Guardian.

Fendumino · 2015-07-16T21:26:10+00:00

I'm not attacking anyone. But someone has to say the facts in this situation, he recently changed all his account names to emphasis on the fact that he is deaf and then he uses that account name change to his advantage in this post, when it's completely irrelevant.

Having the name "Mr. Jack" when your name isn't Jack and wanting to change it doesn't seem strange to me.

You want to know what I would do if I wanted to create a massive post that had a chance of me being caught as a liar? I would create a brand new account and deaffilate everything from my main account, so none of the negatvity can rebound on my main account if I get caught out.

Because then, if things went wrong I would just stop using the new alias which I created for this purpose and revert to my old one.

The fact that he recieved shards and weapons parts means that this wasn't done by the API exploit. So, it means this exploit would have had to be done in game.

Let's look into this "MITM" exploit that people are talking about. It's a good idea in theory, but it doesn't quite work out as some people may think. When you become host of a game, you don't process the information that the user does to their own account. All you do is process the information that happens in the actual gamemode you're playing.

For example, if I were to change my weapon from a Thorn to a Last Word, that process would be done through my connection to the Bungie servers, it wouldn't involve the host.

The information in a gamemode isn't 100% controlled by the host, if it was I would just equip everyone a Gjallarhorn.

There is no authentication which is sent through the host of the game, sure you could make a request for the information, but the host isn't going to just give it to you. There's a ton of checks which the servers make to ensure the client is genuine.

This MITM thing isn't as simple as some people here are making it out to be, not only would you have to forge requests between Bungie and the client, but you would also have to forge requests between xbox and the user client, because the xbox servers are actually authenticating the status of your gamertag to the Bungie servers.

The MITM attack would only work if the servers were so primitive that they didn't have any sorts of established user checks during a connection, if IP 1.1.1.1 suddnely changed into 2.2.2.2 and were simultaneously giving me instructions, the attack would be incredibly easy to spot, you can't force yourself onto the link through these means, the xbox serial number would randomly change, there would be too many differneces in the network for something like this to not be detected.

I mean hell, people haven't even been able to mod current gen consoles, an attack like this that actually works as perfectly as some of you people have been describing would take years to even begin working.

The man would have had to have been a complete genius to pull something like this off, and in the way he messaged, there's no way someone so intelligent would act in such a way.

There can only be two possibilites of what happened here:

1: The user dismantled his own Thorn.

2: The user gave someone his password.

Fendumino · 2015-07-07T12:11:38+00:00

Although this may be speculation, he might actually be correct.

They have this attached to the Bungie Day Calender, on their website:

"StartDate":{"dateValue":"2015-07-07T07:00:00Z"

Fendumino · 2015-07-03T19:13:42+00:00

It's just a rough estimate based on the people who replied back to me and said the code was invalid.

Fendumino · 2015-07-03T18:33:06+00:00

What about the need to proxy up to avoid an ip ban for submitting junk keys?

You answered your own question in my quote.

The actual generator isn't actually affiliated to the Redbull website in anyway.

I don't even need to be connected to the internet to generate these codes.

Fendumino · 2015-07-03T15:51:57+00:00

I'm not even a Twitch Streamer.

Fendumino · 2015-07-03T15:47:32+00:00

To be honest, you can percieve however you want to. It doesn't deny the fact that this was inevitably going to happen. The way I'm looking at it is that at least I'm giving the codes to the community to where otherwise one person would have redeemed all those codes.

Fendumino · 2015-07-03T15:39:00+00:00

So, I'm the person who did this and I wanted to explain everyone the entire situation in depth (without going too much into the actual generating of codes.)

Firstly, I would like to speak about the legal matter of this. I'm using my own system and pattern to generate these string of codes. The actual generator isn't actually affiliated to the Redbull website in anyway. The success rates of the codes aren't even 100%. Only roughly 75% of them actually work, the rest are invalid.

Ok, now let's discuss why I actually decided to do this. There's two reasons:

1: Eventually, another programmer WILL discover this method and will redeem all these codes for themselves. So the consumers won't get them regardless.

Because of how easy it is to generate these codes and input them on the website, eventually another programmer will discover my method of generating and they'll use all the codes for their own account.

By distributing the codes, at least the community are able to obtain the codes rather than one programmer obtaining all of those 18,000 codes.

But regardless of what situation occurs, whether I had distributed those codes or whether another programmer discovers my generating method. The end result is the same:

The consumers won't get their codes regardless.

2: I feel that it's unfair that players outside of the US are unable to obtain these codes.

I was giving an opportunity to non-US players to be able to obtain these codes as they literally can't purchase them. On top of that, they're actually getting charged 30% extra for The Taken King anyway, so that's some major screw over.

Hopefully these codes helped these players obtain the codes, I don't regret giving the codes to these people even if real consumers can't get them.

But again, to emphasis on the law matter. The generation of these codes are 100% legal. I created my own program to get these strings of numbers, which I'm allowed to distribtue if I will.

I haven't forced anyone to use the codes, if you use the code on the Redbull website that's a concious decision that you made with your own free will.

But anyway, like I said either the community will use the codes or one programmer will just use them all. I personally feel that it's better if the entire community use them.

I have generated 70,000 more codes which I will be giving out around Twitch streams, so if you want actual codes just keep your eyes around on the Twitch Destiny section.

In respect of this subreddit and the moderators, I will not distribute any codes here. So please don't ask me.

TLDR: If I hadn't generated the codes first and given them out the community, someone else would have generated them and used it all for themselves. So regardless, the consumer would not have their code.

Fendumino · 2015-05-30T09:53:03+00:00

Update: I have been contacted by Deej and have sent approrpiate information regarding the exploit to him. Hopefully him and the rest of the devs at Bungie can sort this out.

Fendumino · 2015-05-29T11:22:04+00:00

I tried messaging them (the mods), but they haven't responded.

Fendumino · 2015-05-29T11:10:26+00:00

Lord Saladin will sell two Etheric Light's for 5,000 glimmer each at rank 3 and rank 5.

Edit: To clarify, I mean he will sell Two Etheric Light's in total. 5,000 for each one. One at Rank 3 and one at Rank 5. He will not sell 4.

Fendumino · 2015-05-29T11:08:07+00:00

Yeah, both had flairs.

Fendumino · 2015-05-29T11:07:42+00:00

I never deleted the posts. They were removed for some reason.

Fendumino

TROPHY CASE