Tobold's Blog
Thursday, October 09, 2014
Hacks and money

The first game I ever hacked was Manic Miner, back in the days of the ZX Spectrum. Save games or check points hadn't been invented yet, and you just had 3 lives to jump & run through 99 levels. After realizing that I saw the first levels a lot and the later levels never, I hacked the game. That consisted of finding the address in the hex code where your lives were reduced by one after death, and doing a POKE at that address to change it to 00 "do nothing". Voila, endless lives, and I could finally see the later levels of the game.

The latest game I hacked was the new XCOM. I wanted to play at higher difficulty for the tactical battles, but not worry about losing the game due to lack of satellite coverage, because it is random where those aliens land. Now that the code is much bigger I can't read it any more, but I can use a hex editor to add money and buy more satellites. That leaves me to play the tactical part of the game I'm interested in without having to worry about the randomness of the strategic / economic part.

But those are single-player games. Hacking multi-player games is far more problematic because it affects other people, so I never even tried. An early MMORPG experience was people having found out how to dupe credits in Star Wars Galaxies: To hide in the crowd they then used the /tip command to give some of the fake currency to total strangers, and that ended with a lot of innocent players finding themselves on the wrong end of the ban hammer. MMORPG developers learned that "the client is in the hands of the enemy", and put most important transactions server side.

But while virtual property is server side, it appears that in ArchAge your location is handled on the client side. So now there are people using that to hack the client to be able to teleport. For example they have programs that alert them when a building slot becomes vacant anywhere, then they teleport there immediately, buy the slot, and sell it for much more to other players desperate for space. Or they do trade runs, which become a lot faster and easier if you don't have to actually "run".

The problem is that in this day and age real money pervades virtual worlds. ArchAge for example has APEX, which work like PLEX in EVE: You buy them for real money, you can trade them for virtual currency, and you can exchange them for a month of (optional) subscription. As these APEX are worth real money, somebody able to hack himself into virtual riches is able to convert that hacked virtual currency into real money. And they only use flaws in the program code to do so, they don't have to hack into other player's passwords and steal stuff, or use stolen credit cards.

Virtual property has a perceived value, so it can be traded for real money. But virtual property isn't subject to the same laws of physics as real property. Virtual currency isn't subject to the same level of safeguards as your digital bank account is, nor is there a central bank to control the amount of virtual currency in circulation. Which means that criminal minds have an easier time hacking virtual online worlds and transforming their hacked virtual goods into real money than they would have trying to hack a bank. As an added advantage there are laws against hacking a bank, but not against duping virtual currencies. So we need to expect more of this stuff to happen in the future.

Comments: Post a Comment

<< Home
Newer›  ‹Older

  Powered by Blogger   Free Page Rank Tool