Server-Sided hacks can happen? +Question about WTFast

Hacking server-sided applications is not impossible, but you need access to the server.

The first step to reach the server, is to find a client-sided vulnerability and exploit it in order to get administrator controls. Generally, you can manipulate the client to misbehave the server, just like in SQL injection. When you fill a vulnerable and not filtered HTML form, the HTTP client will send the SQL query to the server. The SQL server will run the query as a naive machine. And, as SQL servers can create files, run commands, and do more stuff, you may also find yourself manipulating the computer itself. Game servers have HTML server running so that you can create accounts and download game client. Isn’t that so?

There are also other ways the server to be invaded, like password brute force or social engineering techniques, which are possible too.

It is also probable the game rates to be changed on client side itself. The game client is supposed to send a numeric value to the server, instead the client is faked to send greater values. See the challenges from Basic, Intermediate or Main Section. There is one where you manipulate your game score on the client. The server can’t always trusts the client and believe the client always act as it was programmed. If it does and the client is changed, you can do those sort of cheats. A naive server won’t compare values with its database.

Well, after all those words I said, what do you think?

Going through a web server seems like a big detour that requires a strong relation between the web servers and the game servers in order to manipulate these kinds of properties. It might be possible, but it’s pretty unlikely, I think.

It is much more likely that the client is sending the game server the values and the server trusts what the client is sending. This also matches the suggestion that CheatEngine is used, which only changes the behaviour of the client.

Regarding WTFast, there is no way to say for sure until you find a way to hack it.

@charcpde78 from what you told me, it seems highly possible for him to have this done. A friend who managed to get in their group for a long time now, sent me a convo of them saying that an acquaintance of them found out how to change slash rates. So it seems really high in possibilities. I only know a few codes from cheat engine but not quite sure how it happens, if you are willing to give me some tips on this matter. I still am not really too good with coding since I know only what I’ve been shown so far (which is not really this much – practically nothing).

@dloser Yeah from a convo I got it seems highly possible here check (hiding names for privacy reasons) http://prntscr.com/izavuq I am not sure if Cheat engine is used but I am not sure where to start, since they don’t really share anything

Alright thanks you so much both :D I owe you

Well, I’ve never used Cheat Engine before, but did you watch this Cheat Engine video?

Basically, Cheat Engine is capable of scanning allocated values in RAM memory and detect their changes. By doing this, you can search for variables used in applications.

So, a simple way to make a cheat for slash rate, given it is static, would be to do the first scan shown in the video and test each value if it changes or not your application. Manually, you change the value, if it changes the game the way you want, you keep it. Otherwise, return the value back to normal. Do it to all values.

As you may find many values to test, I suggest you to do kind of a binary search. Change half of those. If it changes the game the way you want, the variable is in the half you changed. Otherwise, it is on the other half. Keep halving the possible values until you get only one.

Actually, as the physical cost to change values might by high, because you have to move the mouse and enter the values on the keyboard. Change smaller groups of values like a third of a quarter and not half. Because if you miss the group you are checking you’ll have to change the entire group back.

As you say, there can be many many values and simply changing a bunch of them is not unlikely to crash the program. :p (You can however reduce the list by indicating that the value shouldn’t change over time and keep using the program a bit.)

I think it is more likely they first found things that are not static, like health or inventory counts, and then looked around those memory positions to see if there are recognisable structures. You might also be very very lucky and find that these values are close to string that indicate their meaning, giving you that way to find things.

Another approach is to disassemble the program and try to find it in the code.

Whatever method you use, however, your success greatly depends on a lot of variables. So there isn’t a specific approach that will give you success. (Except for having a lot of experience with this, I guess…)

@Charcode78 Yes I have seen this and thank you, I am kind of familiar with Cheat engine but I am not sure if it will help since I got told it’s a beginner’s tool for programming (not that I’m an expert hehe) I will try my best though and try everything in my book til I find it

@dloser I will try my best with cheat engine to see if it will work if it won’t I will reach out for other programs and take a similar turn and test the values til I find out or til I reach my breaking point and give up on trying.

Thank you both for responding to me, this actually gave me alot of motivation to try and search on the matter! Thank you :D

Let us know if it works!