ForumsGamesAn Intelligent Discussion of Hackers (Cheaters) in Colony

42 9205
Descartes
offline
Descartes
26 posts
Nomad

By request, I will copy and paste the email I sent to Krin just now discussing hackers and potential solutions when it comes to stopping them from wreaking havoc.

I will also answer questions about hackers and etc. However, I would appreciate that you do understand what you are talking about when you post. I don't want un-substantiated arguments. D:

Thanks, JT.

  • 42 Replies
Pacmanateyou
offline
Pacmanateyou
255 posts
Nomad

Thank You Very much VERY interesting I enjoyed reading it

Descartes
offline
Descartes
26 posts
Nomad

I wrote so formally. D:

Pacmanateyou
offline
Pacmanateyou
255 posts
Nomad

What Is you Were To Send me an E-mail with the Codes?

Pacmanateyou
offline
Pacmanateyou
255 posts
Nomad

Yes You Sure did It Was like reading The Passage of A book

Pacmanateyou
offline
Pacmanateyou
255 posts
Nomad

Which is not Necessarily a bad Thing

Descartes
offline
Descartes
26 posts
Nomad

I'm now assuming that Double-Posting is allowed. >.>
Well, I was trying to be formal for a reason. >.>

Pacmanateyou
offline
Pacmanateyou
255 posts
Nomad

Hahaha Double posting As in?

Descartes
offline
Descartes
26 posts
Nomad

Wel, you triple posted just now ._.

Pacmanateyou
offline
Pacmanateyou
255 posts
Nomad

Post as many times as you Want :P

Descartes
offline
Descartes
26 posts
Nomad

I will further enrich this topic by adding more to it! >:O

Descartes
offline
Descartes
26 posts
Nomad

The process for hacking, as I've said before, is simplistic; anyone who's willing enough to take the effort to hack can do it. (Decrypting by oneself, however, is not so easy.) Anyways, here's a step-by-step explanation of how hackers exploit code.
To gain access to the code, all "hackers" download the SWF, and decompile it.
The developer of the SWF that's being "hacked" may put encryptions, obfuscations, String-changers, etc. in an attempt to stop hackers from viewing the code (easily).
It is a simple matter, though, to search for a program online that can decrypt and remove these hindrances, and if one can not find one, he or she can most likely make it himself (once again, if he has patience and is willing to learn =P).
Once the SWF has been decompressed and is entirely unprotected, the hacker can simply run the SWF through a decompiler, and he now has complete access to the mostly correct code (the decompiler tries to re-create the code to its best ability. In Colony's case, the code is always "damaged" after a decompiling, but it is enough to view arrays as well as unit data, etc.)
However, the actual ActionScript itself is unnecessary. The real data-editing occurs with Hex Editors. Decompilers also provide a "Raw Data" option, which allows the user to view the Hexadecimal codes for all of the code (and the entire SWF itself).
Understanding the hex values can be tricky for some people, but it's relatively simple when all the hacker is doing is changing values. What hex-editing does, is it allows the hacker to replace a value with another (A boolean false, 27, would be replaced with 26.)
For example, the "Ground Zero" building data would look like this:
24 02 24 03 24 04 24 05 24 06 24 07 24 08 20 //20 is a null value
^ 24 is pushbyte. The main stuff is the 02, 03, etc. the building options.
Of course, changing Ground Zero would not do much, so a person seeking to exploit the code for himself would look for changing options within the "Main" building (which is unused), and changing all the resource gains to the best (4/3.) For example, changing the Outpost Resource Gain (normally 1 manpower per 3 seconds) by replacing it with 24 37, which would be 4 manpower per 3 seconds, which belongs normally to the War Sanctum.
That previous example leads me to my next topic of discussion. If your de-sync feature only calculates the income and subtracts the cost, then I can already think of a method to bypass that. It might help more if I actually explained why that's an ineffective way of trying to stop hackers. That method will only work if the hacker changes the amount of resources he has, or removes the prices. If a hacker were to simply gain more resources (like I mentioned in the example above) by replacing all the resource-gains by the best allowed ones (all 4 per 3 seconds, from War Sanctum, Treasury, etc.), then the de-sync process would not work. (I may be incorrect, but judging from what you said, I believe I could by-pass it that way).

Darkroot
offline
Darkroot
2,763 posts
Peasant

This isn't hacking is more exploting and being a script kiddie.

It's unlikely Krin is going to go through all the code trying a make it exploit proof. He has better things to do like make more games and money. The colony fad is almost passed over not as many people play it and those that do have formed groups and pratically ignore hackers.

Darkroot
offline
Darkroot
2,763 posts
Peasant

However, while I now perceive these to be simple tasks, the majority of all Colony hackers are not coders themselves, but simply people who use a pre-hacked SWF given to them or use Cheat Engine codes. Both methods of "hacking" are essentially hexadecimal byte editing.


A script kiddie, or skiddie, occasionally script bunny, script kitty, script-running juvenile (SRJ) or similar, is a derogatory term used to describe those who use scripts or programs developed by others to attack computer systems and networks


VincentPopp no he isn't hes changing disassembled memory to make alterations.
Descartes
offline
Descartes
26 posts
Nomad

I actually received an email back from him. =P I'm fully aware that there is a limit to how much Krin can do to stop hackers, but I feel that it can help him in the future when programming games so he can know exactly how hackers exploit his code...

In addition, on Colony (5.3), there are so many hackers it's impossible to ignore them =_=

Descartes
offline
Descartes
26 posts
Nomad

And many game hackers use Hex Editing, if not all.

Showing 1-15 of 42