How I Defeated an MMO Game Hack Author
10 comments
·October 22, 2024Morizero
teruakohatu
The gaming industry makes a fortune from pay-to-win mechanics, which is just sanctioned cheating. The same people that buy in-game coins, gems, gold, stars etc. for cash are also willing to pay for third party cheats.
p2detar
Back in the days there was an explosion of MMO web games on Facebook and Google Plus. There was a sci-fi themed game that I played with several colleagues now and then. You would build bases, buy upgrades, weapons, join teams and then do PvP against other players.
One day a colleague of mine found he could use Cheat Engine to scan the memory of the Flash application and change some values in order to get an upper hand and win PvP matches. Turns out the devs neither did nor verified the PvP battles server-side. It was all done client-side and after the battle the client was sending the server info about who won. A fix would require a complete rewrite of the game logic.
We had several weeks of "fun" beating the shit of everyone in our game world. The devs attempted to make some fixes - make it harder to load the flash file, obfuscated (Base64-encoded) the JSON data sent to the client - this was a funny one, since it was irrelevant. In the end, as the author here says, it was no longer fun, so eventually we stopped playing.
joshstrange
Many years ago I played a silly game "Clash of Clans"-type game (it was a knockoff). The game itself wasn't super fun (build things, wait for them to finish or pay to speed up, PvP, clans, etc) but I played it for a few months on and off. Randomly one day I decided to hook up a network proxy to the game and look at what data the game sent/received.
It turned out that when you queried the map it returned a ton more data than it displayed (data you would normally need to scout for). Also a ton of endpoints, like the one to load your own town's info, would also work if you used an enemy's town id (but with your auth key still). There was little to no verification/authentication blocks that I ran into.
I spent the next 2-3 weeks writing little CLI tools to talk to the API cultivating in a small suite of web-based tools that used assets I ripped from the game to display info (using the currency icons, using the building sprites, etc) until I got bored of the game and the reverse engineering and just walked away. It was fun for a little bit operating with perfect knowledge and using some of that info to put my thumb on the scales for myself and my clan but in the end it become more work than fun and so I stopped.
ehnto
I appreciate your story, I am curious how you feel about exploiting in games today? I don't want to dramatize it too much since it's pretty contentious online, but obviously, your fun was at the expense of others. So I am curious if that is something you considered at the time or grew out of doing?
The engineering aspect of exploits has always been fascinating to me, and I sometimes mess with singleplayer games. But given how competitive and serious games get these days the idea of exploiting online feels a bit more than just silly fun.
I can see how this might read as a veiled dig but it's not. As one tinkerer to another, it's a rare opportunity to ask.
a_t48
This is very familiar. I spent a few weeks on a mobile game hiding various values in memory (using lua metadata magic to make it transparent to the designers!) Eventually it turned out the best thing to be done was just to ban all jailbroken iOS users and be done with it.
langsoul-com
The Web equivalent is to ban China, Russia, SEA, South America from being able to use your Web service.
Actually super effective
ok_dad
As effective as using an atomic bomb to kill flies!
ncr100
A fun story, making a wrong right.
WhereIsTheTruth
not every 'cheats' are equal, some lets you get an unfair advantage in PvP
but for most people, its because it provides some nice quality of life improvements, example:
- improved inventory management
- auto loot
- quest tracker
- enhanced HUD
I've never been a fan of "banning" users, make your server authoritative if you care about that kind of things, or better, listen to your players feedback
The process of modding a game and using cheats is the exact same: DLL injection, or MITM proxy for packets manipulation, so don't assume everyone has evil intentions only because of a open port ;)
Example of well intentioned modding community for Online games:
TrackMania: https://openplanet.dev/plugins
> I don't understand why some people feel the need to cheat in a game; I also think that cheating gets boring fast, and likely most people just move on. The whole point of a game, especially one based more on skill than luck, is the challenge; if you remove that, the fun rapidly vanishes.
My friends would bring their computers to my house and we'd hack/cheat online games not because we were interested in the games, but because we were interested in the social experience of what we were doing. We weren't focused on the game; instead, we were focused on teasing & laughing with & at each other.