Home > Articles

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

Score List Attack Tools

The following tools are all that a score list hacker needs to figure out how your game works. We'll look at each of these tools and discuss their associated roles. As a game programmer, you should be familiar with these tools and understand the impact they have on your game's security.


A sniffer is a program that allows its user to view all the data passed in and out over the network connection. Many sniffers are available for download; we used Ethereal because we feel it's the best—and it's free. Ethereal also includes a nice feature that ties related data together to re-create complete sessions, from email to chat, and even web pages. As a result, the hacker using Ethereal will have a complete picture of how your game communicates with the server. Since the hacker can see anything passing over the network, nothing unencrypted is safe from probing eyes.

Proxy Program

Proxy servers are a valuable asset to Internet users. Many businesses use them to monitor and manage employees' Internet connections, and privacy-aware surfers use them to maintain some form of anonymity online. Regardless of who uses them, proxy programs are all basically the same: They allow the administrator of the program to control the flow of information between the user's browser and the Internet.

In the case of score list hacking, many proxy programs can give an attacker full control over the data passing between the game's web site and the attacker's browser. We used WebProxy to capture and manipulate HTTP GET and POST variables and Charles to perform other, more advanced traffic-manipulation tricks that we'll discuss later.

Java Decompiler

Java is a wonderful programming language because it's platform-independent. Since the code actually executes in a Java Virtual Machine (JVM), the same Java program can run on either Windows or Linux. The catch is that the Java program has to be packaged in such a way that it can be understood by all possible clients. As a result, it's easy to decompile a Java package into readable code. In other words, all those secrets that the programmer thought were buried away at compile time are as easy to read as a Perl file.

For our testing, we used DJ Java Decompiler. This is a nice GUI-based program that includes numerous features. Another popular choice is JAD, but we found DJ to be more comprehensive.

Flash/Shockwave Decompiler

In recent years, Flash games have made a strong entrance onto the online gaming scene. The reason is that Flash includes an easy-to-program ActionScript language that can be blended with very sharp vector images to create visually attractive and responsive games. However, like Java files, Flash uses a virtual machine to process the compiled files. Again, this means that an attacker has full access to the ActionScript code that most programmers assume is hidden away inside the SWF file.

We found several SWF decompilers available for purchase. Our favorite at this point is SoThink's SWF Compiler, which includes support for both code and hex view. In addition, this program allows the user to export all the individual movies.

Flash Extractor/Compressor and Protection Remover

Flash files can be compressed and obfuscated, making it harder for an attacker to decompile and manipulate a Flash file. The problem with such protection is that there are programs that can strip away the "locks" with the click of a button. The only advantage of such protections then is helping to compress the game into a smaller package.

We found several extractors/protection removers, but the one that we used the most was flasm, a command-line tool that decompressed and re-compressed the latest Flash files. Older Flash games will require their own protection-striping programs.

Hex Editor

Many online games can be bypassed by altering the Flash file and then tricking the browser into loading the altered file instead of the original. To change the files, we had to use a hex editor and manipulate hex characters as required. This technique allows an attacker to get inside the program and essentially rewrite the code to meet his or her own goals.

Our favorite Windows-based hex editor is UltraEdit32, which is much more than just a hex editor. You might have your own preferred tool, but if not, UltraEdit32 has a free 30-day trial and we recommend you give it a try.

  • + Share This
  • 🔖 Save To Your Account