At the first meeting this year, somebody asked me about protecting games from being hacked. That is a very complex question, because there are lots of ways to hack a game, and equally as many ways to protect it. To understand this a bit better, let’s take a look at what it means to hack. Hacking takes advantage of some exploit in the target program to change it. This usually comes in the form of somehow getting at the source code, and being able to change it in full or in part. Sometimes, one tiny exploit can open up the whole game. Hacking could be likened to a war of sorts: someone produces a program that they think is hacker-resistant, but with time, effort, and sometimes newer tech, some exploit can be found in the program. This works similarly the other way around, as a programmer can come up with new ways to protect their program, especially after the advent of online updates. Once again, with time, new exploits can be found, and the process can repeat itself. A good example of this is the PSP, where every firmware update added a new layer of protection to the handheld. Once the barrier was first broken, though, no updates have been safe for long. To my knowledge, there is nothing that is not hack proof.

And so we come to our little experiment. At the first meeting, I mentioned First Fantasy having been hacked and put online, although I found it to be amusing more than troublesome, given how I didn’t think people would enjoy the game that much (someone requested it on the forums of the site in question). The hack affected two key things: it gave you 999,999,999 monies from the get-go, and also gave you enough experience to start at level 2829. I was pretty sure the only things that were changed were the starting values of the two respective money and experience variables in the beginning. Since I discovered the hack, I always wanted to try to see how it was done, although it took a while before I actually went and did it.

Before I go on, I’m going to say that this is not a how-to on how to hack a game, and I won’t be going into detail with what programs I used or anything. Those interested can search for that stuff online, as I assume it’s easy to find.

There seemed to be several programs that could do the job. I chose the one that looked like it had gotten the most attention on that certain site. That was not the only thing required, though – I also needed a browser plugin that could download media files from a webpage. After securing said browser, I traveled to a few of the sites that had my games on it. First, I tried Newgrounds. To my surprise, the plugin failed to work, which meant that they probably had some protection in place – good for them. However, judging by the spread of the game, there were definitely other ways to download the .swf file (.swf is a flash file. It cannot be opened or edited in Flash, but you CAN play it). So I came back to the hacking site, and tried getting the copy of First Fantasy from there. I succeeded, which made sense, after all – they wouldn’t have any reason to protect stuff there. I then went to Armor Games, which didn’t have First Fantasy, but had another of my games, The Outsider. I was able to download that with no problem.

The next step after the .swf was obtained was to use a program that could ‘break down’ the .swf and extract the code from it, utilizing the windows command prompt in conjunction with the program itself. Doing so generates a text file with all the code goodness in it. I did it to the already-hacked copy of FF from the hack site, and opened up the text file. I was surprised to see the game code not in ActionScript 2, but in a derivative of machine language!

^^^Comparison of machine code vs. ActionScript 2 (click to view in original size)

Machine language, for those who have not taken CSE 360, is a more primitive form of code that machines can read. When we compile our games using Flash or Visual Studio, our fancy C# or ActionScript code gets translated into this machine language. Knowing that, I shouldn’t have been surprised seeing the code for First Fantasy in an entirely different format, but it was still a odd experience. The complete text file, by the way, was 3.2 MB (of a 10 MB game – the rest of the .swf is compressed art, music, and other game assets). In Microsoft Word, it’s 136,992 lines and a whopping 2,539 pages long. YIKES!

From there, it’s a matter of finding the variable you want to change. In a text file this long, you’re pretty much forced to use the find function. All you have to do is find the lines that give the variables their initial values, and change them accordingly. Then, you can use the .swf extracting program to repackage the game, with your modified code. Again, the .swf is all that is needed to play the game (provided you have Flash Player, which nearly everybody does)

Taking this a step further, one could use a decompiler to change the .swf into a full-blown .fla, where they could actually edit the ActionScript, plus have access to all assets that were included in the .swf. However, if music or art were compressed in the .swf, I don’t believe the decompiler could un-compress them.

Tackling the issue of games today is a bit more complex for me. I used to use a Game Shark for the Game Boy Color to mess around with, and it allowed you to find places in the code where you could change. For example, to find out how you would gain a lot of lives lives in Mario, all you did was open the GS menu every time you gained a life, and specify that the value you wanted went up. The device would check the memory for what increased since the last time you did so, and over time, the number of available options would decrease, and eventually you would – hopefully – be left with one code that did what you wanted. Hacking custom Pokemon, though, took several codes, one for each thing (stats, moves, image, etc.) you wanted to alter.

But obviously, the Game Boy Color isn’t very modern anymore. The PSP has a relatively large hacking community, and they were able to find exploits early on in the handheld’s lifespan to allow them to run their own code – at least sometimes. After the full system code was put online, the floodgates broke open. Sony has been more on top of things with the PS3, taking the people who first cracked it to court, and defending their code more aggressively.

There are many ways to prevent hacking, but the best defense is knowing what can be done, and preventing it from happening in the first place. And that, if the past has been any indication, is a field of study all its own.