Cheat Engine

[CryptoPrime]

Hi, I have been attempting to hack a game on FB called data worm (mostly just because I can). I have tried the simplest approaches, such as scanning for values until you narrow it down, but nothing seems to work. If I do narrow it down and edit the values, nothing happens...Or I eliminate all possibilities. I tried searching when the score was 0 because that is the same no matter how bytes you're using. Then I used the increased value function until I eliminated everything. Because of this, I believe the value is changing in some way such that after I scan it changes and so is no longer included in the next group of increased values?

Can anyone give me some pointers about how I might approach this problem? Also, I am not entirely sure I understand what data type to scan for. Is there a way to know 100%? I know that each is used to store larger values, but, for example, if I scan 4bits will that still include all 1bit values too or do I have to perform and ALL search or each one individually?

The debugger seems to be working, but I am not sure exactly how to exploit it. For example, when I get a powerup it displays a message saying viruses are deactivated. Maybe I could just disable viruses and death by running into myself, although I would suspect that would be more complicated than just finding the memory location of the score and changing it.

Well, I will check back here and try to update this post if I make any progress. Thanks.

[CryptoPrime]

Ok, from dabbling around this site I think I have came to the conclusion that there is a possibility this game cannot be hacked in real-time? I can pause the game and scan it, but I am not sure if the score is stored locally and then submitted to the server, which would be my guess? Can anyone confirm this claim? On the scoreboard, several people have practically impossible scores (e.g. 500 X's higher than my highest score after playing for 4hrs). I don't care about the scoreboard too much...mostly I just want to be able to put my score exactly over my friend's just to piss her off a bit- we've been having a vendetta with this game for quite some time and our scores are beginning to plateau.

I also have a few questions if someone might be able to elaborate? I read about using javascript to extract the .swf file from the website, which I was able to do. I am guessing it is an executable, as like a .jar and must be decompiled to view the source code? Could this be done with the .swf too and so I could study and try to exploit it? (e.g. find the command that adds to your score and inject code that executes that command or change the value of the data bits you are suppose to collect in the game?) As of yet, all of my basic memory scans have failed. I tinkered around for a couple hours, crashed firefox about times and didn't really make any evident progress. Ok...well, hopefully someone will read this and attempt to help me learn all this! Either everyone on here is too busy/uninterested or I am too hasty? Probably just me being too anxious and wanting to learn everything RIGHT NOW! lol

[Fantasy]

Read up on "Server Sided" and "Client Sided"

[donutvampire]

Yeah u can hack it u just got extract the .swf and take a peek at the RAW code.

[CryptoPrime]

Ok, thanks! That should hopefully narrow down my focus and put it more in the correct direction.

Update (because I can't double post apparently):
I tried downloading the .swf and decompiling it, but that was a failure and still currently is. I think the problem is that Flex was used and I do not yet know how to properly decompile something like that.

I was able to do the aforementioned things with "The Hardest Game Ever." I used the decompiled data to locate the necessary variable names, then use javascript to inject some code and change the value of the variable. The funny thing is that since it does it injects in real time even if you set the level to 30 (the last one) or the last frame it screws everything up because you are really on level 1 but it believes you're on 30. Changing deaths was easy since you just set it to -1 and then when you die and it increments, then you are simply back to 0 again.

Besides getting to change to action flow of the program at the right time via variable modification I am stuck with the whole Flex issue. The game I am really trying to hack seems to have been written in a Flex variant of Flash or something? Anyone know how to get this to decompile right so I can view the action script? (and no, it doesn't seem to be encrypted. I even tried decrypting it using a program to be sure thats why I couldn't see the action script, but I am fairly certain its some sort of compatibility problem).

Yet another update:
Ok, so the worlds hardest game is now officially the worlds easiest game! I was just playing around and used javascript to call the isPlaying() method and it returned false, so I was like: "well then...I guess we had better change that, eh?!" I simply changed that to true and then the game jumped to the end and voila, I had the best score possible! Now to crack the game I had originally set out to utterly destroy, muhahah! lol Ok, happy moment over. Humility arises and I beg for any help regarding the whole flex issue discussed above. Also, I can't seem to access the game purely using the http:/xxxxx.swf for some inexplicable reason, when on Facebook, so I am wondering if I will even be able to inject the code I want to, assuming I can discover the variable name that keeps track of the score...hmmm?

Here is a link to a question I have posted about one of my issues on stackoverflow with the title: use-javascript-to-call-method-within-a-flash-swf-file (cannot yet post URL's either, curses). I decompiled the .swf I downloaded off facebook and discovered a method setValue() that I suspect changes the score. If I can just get Javascript to access that method, then maybe I will be able to change that and other things according to my will!?

[Tom331]

Sorry that I cant help you but could you explain how you edited the flash variables using javascript please?
Assuming you did it while playing it in the browser

Thanks

[CryptoPrime]

Yes, I was just using javascript through the browser. I have a whole conglomeration of javascript code, roughly compiled in a text file that I have copied and mutated to my like.

This is probably the most useful one I found (I can't remember who wrote it):

Javascript:
var str = "";
var x = 0;
while (x<document.embeds.length)
{
str +="Embed#: " + x + " Movie: " + document.embeds[x].src.substring(0,document.embeds[x].src.indexOf(".swf")+4) + "\n";
x+=1;
}
var xmovie = document.embeds[parseInt(prompt("embeds:\n" + str + "Choose the corresponding embed#:"))];
var command = "";

while(command!= "exit"){
var lst1 = new Array("getVar","setVar", "loadMovie");
var lst2 = new Array("GotoFrame", "isPlaying","play","stop","rewind","zoom","SetZoomRect","totalFrames");
var lst3 = new Array("exit");
command = prompt("Choose a command: ID \n" + lst1.join(",") +"\n"+ lst2.join(",") +"\n"+ lst3.join(","));
switch (command)
{
case "getVar":
var xxx = prompt("Enter var name:");
alert(xxx + " = " + xmovie.GetVariable(xxx));
break;
case "setVar":
var xxx = prompt("Enter var name:");
xmovie.SetVariable(xxx,prompt("Enter var value:"));
alert(xxx + " changed to " + xmovie.GetVariable(xxx));
break;
case "GotoFrame":
xmovie.GoToFrame(parseInt(prompt("frame number:")));
break;
case "isPlaying":
alert("is Playing = " + xmovie.IsPlaying());
break;
case "loadMovie":
xmovie.LoadMovie(parseInt(prompt("level:")), prompt("src:"));
break;
case "play":
xmovie.Play();
break;
case "stop":
xmovie.StopPlay();
break;
case "rewind":
xmovie.Rewind();
break;
case "zoom":
xmovie.Zoom(parseInt(prompt("enter zoom %:")));
break;
case "SetZoomRect":
var pTT = 20;
xmovie.SetZoomRect(pTT*parseInt(prompt("left:")), pTT*parseInt(prompt("top:")), pTT*parseInt(prompt("right:")), pTT*parseInt(prompt("bottom:")));
break;
case "totalFrames":
alert("total frames = " + xmovie.TotalFrames());
break;
case "exit":
alert("bye bye!");
break;
default:
alert("Error, wrong command entered.");
}
}