|
|
Wednesday, October 29th, 2003
|
|
|
Anyone familiar with the game AcroChallenge? It's a knockoff of the game Acrophobia which used to be really amazing. AcroChallenge is decently decent though, and lately I felt the urge to play it again. The problem? There's no linux (or mac) client to it.
My first response was to try to run it through wine (wine is not an emulator), but that not too surprisingly failed horribly. My next response was to go to my brother's room and run it under windows... but not exactly for the reasons you might expect. ; )
What I did was setup a program to capture the network traffic on the network card sharing with my brother's computer and then set to work on analyzing the network protocol used for the game. To start, I worked on is the login protocol. I saw that it sent (in plain text) the login and password in a string that had strange data appended to it. I thought I would have to figure out their authentication scheme so I could properly encode logins. Then I tried to login in as a different user and realized that it was the same string and that my work would be much easier than I expected.
Last night I managed to pretty much figure out the protocol and can now play the game using only telnet as a client. The next step is to actually make something that shows pretty pictures and lets you click things instead of typing lots of nonsense.
I did make some very interesting observations however. It seems their protocol is rather broken. Before I explain how it's broken, I suppose I should give a brief description of the gameplay for those who are unfamiliar. Essentially a series of letters are displayed such as IRBAMTHAMBM. You then need to come up with what this acronym stands for, such as: I'd rather be a monkey than have a monkey be me. They're also generally not that long. Finally, after everyone has entered an acro and the time has run out the acros are revealed and people vote on which acro they like best and you score points depending on how many people vote for you.
Anyways, the problem with the network protocol used for this game is it depends on a trustworthy client. As soon as someone types in an acronym, the game server *immediately* sends it to you. This means that you can see everyone elses acronym before the time runs out. If you want to, you could easily copy the best one, or better still just slightly improve on it. As well, during the voting round it tells you who everyone voted for as soon as they vote. The game awards bonus points for voting for the winning acro, so you could easily get these bonus points every single time!
So basically: yes I can make a game that connects to and plays AcroChallenge. Yes, I can also make it so it lets you cheat quite easily if I wanted to. And overall... the guy who makes AcroChallenge needs to learn that any protcol that sends out information early will eventually be abused. I don't plan to abuse it, but it took me a few hours to figure out how. Someone else could easily do the same.
|
|
|
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
andukar's journal