Forum
Detailed Guide - Make your own Kdice Clone - Exploit Revealed
bcmatt wrote
at 10:41 PM, Thursday April 1, 2010 EDT
I got banned today and will take responsibility cause I've played around with it and it's a good thing to take a break from teh gaydice for a while. But before I go, I'd like to explain how easy it is to pull off the clone stunt.
The way the clone exploit works is by attacking a land that exists in kdice world but doesn't exist on the board itself. The result is you get one invulnerable land that no one can attack unless they also know how to do this exploit. Normally every land on a board is given an integer and an attack is performed where land x attacks land y. This message is sent to the server in clear text. The original nuke played around with numbers x and y so that they pointed to nonsensical lands and resulted in the 0 attacks. So how do you change what is sent to the server? Easy... use a program called webscarab which intercepts the message being sent from your browser to the server and allows you to tinker with it. How do you set it up? 1. Start Web Scarab http://dawes.za.net/rogan/webscarab/WebScarab.jnlp For documentation on web scarab -http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Download 2. Change your browser's proxy settings to localhost port 8008 You can only do this while webscarab is running otherwise you won't be able to properly connect to the internet. 3. When it's your turn go into web scarab and tick the box that says "intercept requests" You'll see that any action in kdice will pop up a message with the document being sent to the server. 4. When you click attack you'll get a message like: Long string.... 0[]1[]2[]3[]4[]5[]15[]25[] The x and y values are the last two numbers in the above message so they would be the 15 and the 25. Where the 15 is the attack from square and the 25 is the attack to square If you change the 25 to a 0 so that the message becomes Long string.... 0[]1[]2[]3[]4[]5[]15[]0[] Then you will attack and defeate the clone land and get the NaN message on the board. Whoever attacks the clone land wins so if someone else attacks the clone land after you they will take it over. I'll probably get perma-ip-banned or something for posting this but I don't really care... it's been fun playing. Ryan fixed the old nuke bug when it became more public maybe he'll decide it's time to fix this nuke bug since anyone can do it. [Reposted to fix scrolling issue] |
MadHat_Sam wrote
at 10:43 PM, Thursday April 1, 2010 EDT Given this simple exploit can we expect that it is possible to manipulate the game in more subtle ways?
|
leekstep wrote
at 10:55 PM, Thursday April 1, 2010 EDT ryan first tried to fix the altering of client info (like you describe) by making the hacked rolls attack at value 0, to prevent people from using their own dice to attack nonadjacent territories.
people were exploiting last month to make opponents roll 0 value failed attacks and lose dice from their big stacks. in response ryan added a server-side logic check to invalidate hacked responses from the client (no more webscarab nukes). the "invisible territory" (value 0) exploit was not fixed at that time, and ryan has known about the 0 value exploit for a while and unable or unwilling to fix it. |
im not a cheater wrote
at 10:58 PM, Thursday April 1, 2010 EDT happily it seems like most of the rest of kdice is secure.
|
Mikeypoo wrote
at 11:06 PM, Thursday April 1, 2010 EDT Also Know As the Shangrila clone exploit im not a cheater: couldnt people just call it shangrila
im not a cheater: clone exploit |
leekstep wrote
at 2:05 AM, Friday April 2, 2010 EDT and what ever happened to stormlord?
|
derivative wrote
at 7:18 AM, Friday April 2, 2010 EDT leek visit the advisorlog, he's been on xsketch
|
leeeroy jenkins wrote
at 9:08 AM, Friday April 2, 2010 EDT meagles, take care bro.
i guess storm's xsketch clone can draw any picture that he's already seen? that's pretty sick actually... |
fcuku_ wrote
at 9:51 AM, Friday April 2, 2010 EDT yeah, i want to see stormlord's clone in action, it seems like it would be pretty sweet, and would invalidate most of the xsketchers lives, which is always a plus
|
StormLord wrote
at 10:07 AM, Friday April 2, 2010 EDT what you guys talking about
|
Boner Oiler wrote
at 6:30 PM, Thursday February 24, 2011 EST so this still works right?
|