remix logo

Hacker Remix

How I Defeated an MMO Game Hack Author

29 points by thunderbong 18 hours ago | 3 comments

p2detar 16 hours ago

Back in the days there was an explosion of MMO web games on Facebook and Google Plus. There was a sci-fi themed game that I played with several colleagues now and then. You would build bases, buy upgrades, weapons, join teams and then do PvP against other players.

One day a colleague of mine found he could use Cheat Engine to scan the memory of the Flash application and change some values in order to get an upper hand and win PvP matches. Turns out the devs neither did nor verified the PvP battles server-side. It was all done client-side and after the battle the client was sending the server info about who won. A fix would require a complete rewrite of the game logic.

We had several weeks of "fun" beating the shit of everyone in our game world. The devs attempted to make some fixes - make it harder to load the flash file, obfuscated (Base64-encoded) the JSON data sent to the client - this was a funny one, since it was irrelevant. In the end, as the author here says, it was no longer fun, so eventually we stopped playing.

joshstrange 15 hours ago

Many years ago I played a silly game "Clash of Clans"-type game (it was a knockoff). The game itself wasn't super fun (build things, wait for them to finish or pay to speed up, PvP, clans, etc) but I played it for a few months on and off. Randomly one day I decided to hook up a network proxy to the game and look at what data the game sent/received.

It turned out that when you queried the map it returned a ton more data than it displayed (data you would normally need to scout for). Also a ton of endpoints, like the one to load your own town's info, would also work if you used an enemy's town id (but with your auth key still). There was little to no verification/authentication blocks that I ran into.

I spent the next 2-3 weeks writing little CLI tools to talk to the API cultivating in a small suite of web-based tools that used assets I ripped from the game to display info (using the currency icons, using the building sprites, etc) until I got bored of the game and the reverse engineering and just walked away. It was fun for a little bit operating with perfect knowledge and using some of that info to put my thumb on the scales for myself and my clan but in the end it become more work than fun and so I stopped.

ncr100 17 hours ago

A fun story, making a wrong right.