Forum


Detailed Guide - Make your own Kdice Clone - Exploit Revealed
bcmatt wrote
at 10:41 PM, Thursday April 1, 2010 EDT
I got banned today and will take responsibility cause I've played around with it and it's a good thing to take a break from teh gaydice for a while. But before I go, I'd like to explain how easy it is to pull off the clone stunt.

The way the clone exploit works is by attacking a land that exists in kdice world but doesn't exist on the board itself. The result is you get one invulnerable land that no one can attack unless they also know how to do this exploit.

Normally every land on a board is given an integer and an attack is performed where land x attacks land y. This message is sent to the server in clear text. The original nuke played around with numbers x and y so that they pointed to nonsensical lands and resulted in the 0 attacks.

So how do you change what is sent to the server? Easy... use a program called webscarab which intercepts the message being sent from your browser to the server and allows you to tinker with it.

How do you set it up?

1. Start Web Scarab http://dawes.za.net/rogan/webscarab/WebScarab.jnlp
For documentation on web scarab -http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Download

2. Change your browser's proxy settings to localhost port 8008 You can only do this while webscarab is running otherwise you won't be able to properly connect to the internet.

3. When it's your turn go into web scarab and tick the box that says "intercept requests"

You'll see that any action in kdice will pop up a message with the document being sent to the server.

4. When you click attack you'll get a message like:
Long string.... 0[]1[]2[]3[]4[]5[]15[]25[]

The x and y values are the last two numbers in the above message so they would be the 15 and the 25. Where the 15 is the attack from square and the 25 is the attack to square
If you change the 25 to a 0 so that the message becomes
Long string.... 0[]1[]2[]3[]4[]5[]15[]0[]

Then you will attack and defeate the clone land and get the NaN message on the board.

Whoever attacks the clone land wins so if someone else attacks the clone land after you they will take it over.

I'll probably get perma-ip-banned or something for posting this but I don't really care... it's been fun playing. Ryan fixed the old nuke bug when it became more public maybe he'll decide it's time to fix this nuke bug since anyone can do it.

[Reposted to fix scrolling issue]

« First ‹ Previous Replies 11 - 16 of 16
Grumpfish wrote
at 11:35 PM, Thursday February 24, 2011 EST
easy fix... just encrypt the message
CuteKittens wrote
at 12:40 PM, Friday February 25, 2011 EST
I thought I heard this was fixed?

Haven't seen anyone do it in months.
mo chara wrote
at 6:28 PM, Friday February 25, 2011 EST
why bother playing if u have 2cheat to win
TheBetterYodel wrote
at 2:51 AM, Thursday May 9, 2013 EDT
Bump.

Can someone tell us how the new luck hack is working?

Many thanks.

Oh and don't forget to suck a dick and get herpes.
dasfury wrote
at 8:45 AM, Thursday May 9, 2013 EDT
I think we would all be better off if the above clown was banned from the forums.
dorkab wrote
at 10:00 PM, Thursday July 6, 2017 EDT
adam marshall dobrin should be mentioned here.

-rnd
KDice - Multiplayer Dice War
KDice is a multiplayer strategy online game played in monthly competitions. It's like Risk. The goal is to win every territory on the map.
CREATED BY RYAN © 2006
RECOMMEND
GAMES
GPokr
Texas Holdem Poker
KDice
Online Strategy
XSketch
Online Pictionary