Monday, March 4, 2013

Cheats (or gems) come free in Eenies at War

Eenies at War is a Gunbound (or Worms) style massively multiplayer online game for iDevice from SavySoda. Eenies can be played offline too.

And like most games that are playable offline, Eenies stores its save game, which is called profile internally, on the device itself. SavySoda is well aware that this design decision raises many issues with cheats and hacks. And so they try to thwart the hackers by building in some hack detection code.

Among many checks that Eenies performs is a checksum check. Some attributes in the save game are used in calculating a MD5 value. The code is similar to:

NSString* playerId = profile.playerId;
int xp = profile.xp;
int gold = profile.gold;
int gamesWon = profile.gamesWon;
NSString* s = [NSString stringWithFormat:
    @"Name: %@ Xp: %i Gold: %i Gems: %i Won: %i",
    playerId, xp, gold, gamesWon];
// and calculate MD5 value of s

Now, that code may not even compile, but that's not what I'm talking about. Hopefully you have spotted a real logic error in that code. Gold, gems, number of wins, player identity, and experience points are supposedly in the string to calculate MD5 for. Somehow, though, number of gems was missing in the stringWithFormat call!

What it means here is that you'd be able to freely change the number of gems you own (and everything else beside those attributes) if you were able to modify the save game. There are other minor hurdles to overcome on that front but I'm not going to talk about them. This particular bug is peculiar enough for me to write a post.

Leaving effectiveness aside, the fix is, of course, to put in the missing argument to that stringWithFormat call. Once again, security is unfunnily skewed.

No comments:

Post a Comment