I’ve been seeing some posts regarding this add-on that it’s only useable in towns (which is still pretty fishy). My friend downloaded it through the add-on manager to try it and it turns out that you can actually repair and use storage even outside of towns (current map akmens ridge).

I’m pretty sure this goes beyond the line of “acceptable add-ons”. Now as far as I’ve dug up these add-ons were not supposed to be released, nevertheless that doesn’t change the fact that the author actually did these kind of add-ons in the first place.

I’m not shunning the use of add-ons as personally I like to use them more specifically the exp viewer and map fog viewer. I only hope that future releases do not end up like this.

There are also other add-ons out there that have crossed the line, an example would be auto-potion. IMC you have given us extremely vague answers as to whether or not add-ons are legitimate or not and always dodge the question. I do hope that future add-on releases (and some current ones) be looked into first before being released as to see whether or not its over-intrusive

@STAFF_Ethan @STAFF_Ines @STAFF_Max @STAFF_John

EDIT: the author released this and made more, tp / market / etc

Tbh, most addon maker probably had done these before but never released it because its game breaking.

What you probably don’t know is they did submit ticket for such bug.

Its more of a mistake for fiote to put them up accidentally, that’s why he removed it.

Mitstake? This looks pretty intentional https://github.com/fiote/ToS-Addons/releases

This post was flagged by the community and is temporarily hidden.

Not everyone is open minded enough to stay sane after being accused.

He is broken now.

This post was flagged by the community and is temporarily hidden.

I’m not sure what’s the problem with that. Fiote is a man. He found a hole - he abused it. Now it’s IMC’s turn to fix the hole. Why do we need those devs otherwise? To produce more loading screens?

My sarcasm detector is probably off the fritz because I have no idea what you’re trying to say.

Ok before you start ruining fiote’s otherwise stellar career in modmaking, he’s discovered OTHER people using this exploit using their own 3 second .lua scripts. This is his attempt to spread awareness and make sure IMC can completely fix this exploit for EVERYONE.

Pretty smart move too.
So without further ado,

Dear IMC. You game has serious vulnerabilities. Please fix them. This being of somewhat high priority.

This has been already reported yesterday (search is your friend) and staff replied saying he will foward that report to dev.

Greetings Savior!

Thank you for contacting us!

We apologize for the inconvenience this issue have brought. We highly appreciate your inputs and insights regarding to Tree of Savior. We will forward this ADDON problem to our proper department for further review.

If you have any other concern, let us know and we’ll gladly assist you.

Once again, thank you so much for your support and report.

Your Faithfully, STAFF_MAX

huzah our bots just became 100% more efficient!! great job IMC!!

tbh that was more of a shi-tstorm thread than a report, so I made this to make things a little cleaner.

@hadielx3 I didn’t drop any names so I’m not directly attacking anyone, my main concern is with these types of mods being created.

What makes you think that bots aren’t already using this?

FYI, the ability to open pretty much ANY frame including but not limited to: store (to sell things from anywhere), repair, market, storage, TP shop… has been known and reported by the end of iCBT2 - thats more than 6 months already.

IMC went with the korean release and then steam release without addressing the core issue. They only prevented calling those scripts with keybinds, but all the exploits are still there and abusable.

If you think this is something new to bot makers, I have a bridge to sell you.

My faith in IMC was already low. I didn’t start playing this game until it went F2P and I also didn’t watch the forums until 2 weeks ago.

I didn’t realize these issues existed since closed beta months ago. Any real MMORPG developer would RUSH to fix these issues long before the game is actually released officially.

Add-ons are wonderful things for a game and they add so much to people’s enjoyment but let’s face it, they also require proper coding and detection so that add-ons can’t exploit the game in the wrong way.

To be frank, I keep using this example because it’s just retarded:

IMC removed buyback from NPCs because it was exploitable, instead of fixing it and it was never fixed or talked about again…?

Now I’m not at IMC’s office to look at their code but I know for a fact that buyback is not a difficult thing to program. If IMC can’t handle fixing an exploit with something so simple, all hope is lost for patching security issues with add-ons.

I’m legitimately sad and frustrated.

This is very depressing. I want to defend the addon makers because i love their addons, but this truly is game breaking.

Fiote isn’t the only addon creator around , and I’m pretty sure most creators (if not all) have their own private addon. This “accidental” upload might be a sign that there are a LOT more game breaking addon that is being exploited by the creators themselves.

Bite me, but think about it. This might be just a fraction of what they have been using and making for their own. I’m not a programmer so I can’t really tell what are the limits of these addons.

I’m just scared for the game. I love ToS. In a short time that i’ve played this , I’ve met friends and had lots of fun. I know there are still a lot of problems but i’m willing to wait for IMC to make a solution for them all.

"Maybe it’ll be better for the game if addons weren’t there, until IMC is able to properly manage it. Hire the addon creators?"

I used the word "might" because it is actually possible. I’m not saying in any way that ALL ADDON CREATORS IN GENERAL are evil.

Fiote here. Here’s the full story:

I develop addons. To develop addons, since there is NO DOCUMENTATION whatsoever, you need to search and read almost the whole source code of the game searching for tips and functions that help you achieve what you want to. While you’re doing that, you might come across some functions that catches your attention. Like a function that open the game market window. If you’re like any developer I know or would ever know, the first thing you’ll do is try to call it. Surprise surprise, it works! Then you start writing down those functions. When I gathered a handful of functions like that, I decide to create a addon to help me call them with slash commands. cxAnywhere was born.

cxAnywhere is (was) a private addon. Since it do things that you’re not supposed to do, I realized I should NOT make it public. People are not supposed to be doing that, so they shouldn’t even know that can be done. And they didn’t know, until the fire nati— ops, until I mistakenly did a git add on the wrong folder and pushed it to my github repo. You don’t need to believe, and I can’t really force you to believe it, BUT THAT WAS 100% UNINTENTIONAL. Doesn’t matter what you think about ME using it. That’s not the point. It shouldn’t be made public.

As soon as I realized my mistake (unfortunately some 1~2 days later), my heart rushed in a OH-CRAP moment and I removed those addons from my repo. All cool then, right? NOPE.

No much time later someone came to my repo and opened an issue. Somethink like “oh, where is cxScanner? I can’t find it, seems you removed it”. cxScanner is another private addon, one that can scan all the market, simply automating the ‘next-page’ click and writing down all the results. With that data I can put the lowest 3 prices on the item tooltip and that helps me decide what’s really worth selling on the market without need to search for each one individually. Think Auctionner/Auctionator from WoW. Pretty the same idea (inspired by that, actually).

I replied that issue with something like “cx* addons are private and were uploaded by mistake. Sorry!” and closed it. THEN THE SHITSTORM hit. Someone lurked my commit history and found the folders (damn you git!) and start posting sh!t about it, like “OOHHH IMC WILL LOVE TO HEAR ABOUT THIS”… like they didn’t know it already, huh.

In a attempt to take it from the history, I even re-created my addon repo, but failed at understanding how the git history works, so the new repo still had the folders in the commit history and people kept forking my repo and re-releasing those cx folders. I was really pissed off, like REALLY. PISSED. OFF. because 1) yeah, of fcking course, I was afraid of being banned and 2) I know this is the internet, and I know the main thing of putting things on github is to let people copy/alter it, but it was my code that I decided to take it down but people insisted in keeping it online against my will.

We try our best to create awesome things for the community, and I take those private stuff like a little payment we get from investing so much time into the source code. It’s like our reward for improving EVERYONEs gaming life. People were bashing me SO MUCH for trying to ‘hide’ my cx addons, that I frankly said SCREW IT and release cxAnywhere, this time intentionally. Cry me a river, build me a bridge and GET OVER IT. You think I’m a hacker? Now everyone is a hacker too, weeee! (at the time of this post, cxAnywhere got 900+ downloads already in less then a day)!

I’m not pissed anymore. Neither I’m afraid. I’ll be sad if I get banned, because I really like coding addons for this game (more than playing, actually). And/or if IMC decide to ban all addons (instead of fixing their very insecure code) this will be a very very sad day for the whole player base. That’ll be the same as banning the addon devs too, because they’ll probably stop playing altogether.

Now you know my side of the story. Believe what you want to.

Peace!

Ps: cxScanner will be released soon.

Well at first I thought you guys were up to no good because I let my immediate paranoia get the better of me but now I’m placing the blame on IMC for not fixing security loopholes to better control how far add-ons can go.

Personally, this can go one of two ways:

1. IMC can wake up and finally start doing something about the issues with their game.
2. Or IMC can just take the typical lazy way out and remove all add-on support.

Your frustration is understandable though and we appreciate the work you guys put into making add-ons for the game. I’m a programmer myself but don’t typically use my time to make things for games like you guys do so really, thank you lol.

I’m looking at this from another perspective and that’s IMC’s lack of caring for patching issues with their game. It’s as if they want this game to fail. As if they aren’t taking it seriously at all. It is their job to protect the game from these issues. These issues exist due to their neglect.

So lighting torches and running an angry mob at a couple of add-on makers for basically displaying to us some very serious issues with the game isn’t going to help the situation.

In fact, who knows how far into illicit add-on production the actual botters are at this point? Who knows how far their cheating has gotten on their own efforts alone. If you think RMTers don’t have their own programmers making sh*t for them you’re wrong.

The issue isn’t fiote or any other add-on makers who have developed add-ons that help make our game experience more enjoyable, the issue is IMC.

That’s really all I want to say on this matter.