Wednesday, January 12, 2011

Zombie Rampage and other crazymonkey games hack --- step by step tutorial

First of all, sorry for the lame self advertisement, but hey, its good for all of us. I get reputation, you learn something. If you dunno what I'm talking about then never mind (you will find out soon).

So let's get into it. This is one of the simplest attacks that you can do out there, so even the total beginners should be able to do it. We wont hack the game itself (maybe one day I'll show you how to do that), we will only hack the web request the game is sending to the server and manipulate it for our own need. This type of attack is so simple it doesn't even have a name, at least I don't know any, maybe its URL SQL Injection, but this wont inject any code, and it's not done in the URL either, so lets name it request forgery instead.

What you will need:
  • Firefox: in IE should be almost the same but in this tutorial we'll be using Firefox. Maybe other web browsers are good too, but it complicates it a bit, and I won't get into it.
  • Fiddler Web Debugger: it's a free web debugging tool, I think the best out there. Installation should be easy so I wont get into that either
How you can do it:
  1. After installing Fiddler restart Firefox, so the Fiddler add-on can start up itself. Do not disable the add-on, we will be using it
  2. Visit the game, play and die (hope you won't find any problem doing that). When the game over screen comes up do not touch anything.
  3. Start Fiddler if you haven't already
  4. Force traffic to Fiddler. You can do that in Firefox, at the right bottom of the screen. Theres a "Fiddler: Disabled" text. Click it and select "Force traffic to Fiddler". As you can see in the image is a pretty decent score, so I'm not JUST a hacker. I played this game a lot and topped the score for a few days now (under the name of Dexx)
  5. Now every request is monitored by Fiddler. But we need more than monitoring. We want to manipulate it. For this we will block the request from going to the server. Go to Fiddler, and there go to Rules -> Automatic breakpoints -> Before request or simply press F11
  6. If there are any entries in the panel below the menus select them and press Del. This is not mandatory, but it will help keep it clean. Also close any other websites opened (like a mail or YouTube videos, Internet radios etc.), they'll just confuse you, because these websites also make requests in the background that will show up in the request browser.
  7. Submit your score. Go to the game and hit Submit score. You don't even need to fill the name or anything just submit it. If you done it right, wont happen anything, but Fiddler will start blinking
  8. Go to Fiddler. Notice the new entry, which has popped up. It's sent to the host scores.crazymonkeygames.com, there's also the URL, using HTTP protocol and so on. In the column labeled # (first one) you should see this same red logo, or you've done something wrong. Select this entry.
  9. A bunch of stuff will show up on the right. You can see that it's separated into 2 parts. The upper one is about the request, the lower one is about the response. We don't have a response yet, there's just a request for now. Because it's not sent, Fiddler will allow us to modify it. It's a POST request which means it has a body. These kind of data is generally in the body, so is in our case. Select the Inspectors and WebForms tabs. You can use other's too, but in our case the web form view is the most user friendly.
  10. As you can see, there's your name and score with some other parameters we don't care about. In other cases you might care but not here. I already said this hack is pretty easy, in other cases here is the part were it could get really hard. So all you need to do is modify some parameters then hit Run to Compilation marked with green. I will modify it to bit.ly link pointing here and make it maximum: 10000000. I will ask you not to use this same value (use 9999999) so you won't push my score down, thus others will also find this tutorial.
Don't forget to disable breakpoint in Fiddler and disable Fiddler in Firefox before closing. Otherwise you will get proxy not found messages or other funny stuff. Thx for reading and have fun learning. Also I do know that hacking is not nice, but it's cool and really fun.

No comments: