Sunday, 4 December 2011

Bro! I haz a glitch 4 u!

Firstly: This is written in my opinion, if some info is incorrect please feel free to contribute the correct info so i can make changes. My spelling is not the best, nor is my puncuation or my recongisation of there, their and they're.


This article is going to be referencing exploits, glitches, hacking, white hats & black hats. SRSLY?!

A great many things over the last little while prompted me to write this article, but mostly people. I am not a "hacker" this game had a massive userbase that spanned all over the world and had unique players that their everyday lives and tradeskill varied.

I want to point out a few definitions, to clear opinions on what some people think, I have to thank Paul who is in Zynga Security for this info he gave it to me about this time last year, he also gave me quite a number of good reference points that can be used in things outside of MW ;) that have been mighty useful.

A hacker is someone who likes to tinker with electronics or computer systems. Hackers like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they weren’t intended to do.

White Hat – These are considered the good guys. White hat hackers don’t use their skills for illegal purposes. They usually become Computer Security experts and help protect people from the Black Hats.

Black Hat – These are considered the bad guys. Black hat hackers usually use their skills maliciously for personal gain. They are the people that hack banks, steal credit cards, and deface websites.

Script kiddies – These are the wannabe hackers. They are looked down upon in the hacker community because they are the people that make hackers look bad. Script kiddies usually have no hacking skills and use the tools developed by other hackers without any knowledge of what’s happening behind the scenes.

Intermediate hackers – These people usually know about computers, networks, and have enough programming knowledge to understand relatively what a script might do, but like the script kiddies they use pre-developed well-known exploits (- a piece of code that takes advantage of a bug or vulnerability in a piece of software that allows you to take control of a computer system) to carry out attacks

Elite Hackers – These are the skilled hackers. They are the ones that write the many hacker tools and exploits out there. They can break into systems and hide their tracks or make it look like someone else did it.

//Referencing white hats & black hats is now over*

Now having read the above how many can you say that you came across that jepodised your facebook account? sure theres some people out there but not as many as you thought. Also one more reference point, also from Paul.

Glitch - The term derives from the German glitschig, meaning 'slippery'

A computer glitch is the failure of a system, usually containing a computing device, to complete its functions or to perform them properly. In public declarations, glitch is used to suggest a minor fault which will soon be rectified and is therefore a euphemism by comparison to bug, which is a factual statement that a programming fault is to blame for a system failure.

Glitch = Random f***up nearly impossible to repro

Bug - an actual programming fault

So to get one thing straight, when people say they have a glitch, they actually have a bug. (I also swear, that Paul probably banged his head thru a wall (or several) over the number of times he tried to hammer the above two references across, But Thank you Paul i really did appreciate the above knowledge.)

Exploit - when we exploit a bug for our own greed
Also i want to include this: My personal dealings with the staff & contractors at Zynga have been good, they are infact human and are everyday normal good people. The problem is a systematic failure of management starting at the very top, Inwhich i can also state that my own personal dealings with the boss dog "CEO Mark Pincus" has been exceptionally good aswell. (He was pretty dam prompt in rectifying the problem too) But yes there are issues that others face and that are also quick to write off the whole place based on their experience.

Mafiawars from day one has been full of bugs, some good and some well... not so good. Who to blame? You can't blame one person, because when programming something brandnew and for the first time of something you have never done, how do you the programmer know that you are wrong? I personally can say that, I am my own worst tester for scripts i write/mod, i dont have every user environment possible and everything always works for me, because i wrote it so i "technically know what its meant to be doing" however a user doesnt know so therefore can run the code unintentionally therefore finding the bugs. It was said that Mafiawars was a copy of Mobwars, In my opinion and from what most will say, it looks very similar, but hey there was also the courtcase where Zynga payed them out...

I asked some "die-hard players" if they could remember the first bugs they stumbled across/was told about at the time. They shared ones like "once the job is finished keep clicking it and you get skillpoints for every click" this was speedup by the fact that the very first job in NY used to have a xp ratio of 2.0, If you know anything about making a super ceral account you know that for a brandnew account with that kind of payout will keep you leveling for quite a bit, and all the time you are getting free skillpoints. Alot of accounts that were in the know, had an instance increase of stats overnight to around the 5-10k combined mark, others went alot higher. I can go on about many of the begining bugs, but i won't however over the time that the game was released up untill now i have to admit that the number of bugs Zynga has actively worked on has shown, i remember when i could find 5-10 a week, now i struggle to find one a fortnight/month. New features and events theres always a bug, even if its instant mastery they usually get fixed fast so not to spoil, But remember its brandnew code, so even Zynga dont know what to expect untill its released, However the infamous copy and paste events that all had the same problems & bugs shouldn't of had the same problems that they did!

Poor coding: Poor coding contributes to bugs, however since you have a team of coders, you cant expect them to know every single peice of code or remember all of it, let alone having new team members. The classice example of this was with the reintroduction of robbing, the old formula was that if you won, you got a percentage of the total number of properties that, that person owned, During this Zynga had a lot of server side corupted accounts, One persons energy account had a large number (100's of thousands) of one property, So runing off there old formula if you robbed that one property and won, you got a percentage of 100's of thousands of it, which gave a payout that got most people the money achievement, it was a bug, not an exploit.

Queing 3rd party scripters: These guys (girls?) have contributed to some bugs been able to be replicated with ease, They have also contributed pieces of code and bookmarklets that have improved most peoples play.
What are you looking at? The above was written by Team Spockholm, as you can see by the pic they processed quite a few mysterybags and were well rewarded, imagine how many accounts that it was ran on. (My figures showed over 400) It was rather simple to set up and the pay off was beyond worth it, (P.s can i haz me some 10,000 smoothies? or maybe 10,000 red angels?)

Other scripts were made, i even modded one that opened invisible bags from the crimespree which speed the mastery up there greatly.

Another well known script stayed secret for nearly a year, its known as the cloning glitch, it was discovered in november of 2009 by a 13 year old boy, who then sold loot to the traders who then distrubuted it/traded/sold whatever on, on a side note the boy made over $40k USD and i applaude him, if ya still around and reading this, well done. A month before this glitch was known people started noticing that others were reporting not all items had been sent, or the trader would notice the person said they had all items even when the trader hadnt finished sending, Battles were held over this with accusations flying left right and center. Turbo gifter a trader tool (script) was exaimed and tested over and over. Finally rewritten and the cloning script went nuts, between myself and a few friends we had over 2000 lotto sets, which at the time were not quite as rare as hens teeth but may as well of been, we traded them off to get the best current loot before the cloning stuff was well known and fixed.

Their hasnt been in my opinion any good scripts to do nearly as good as the cloning script or the mbag one, some of the bugs being exploited dont always need a script, however the scripts are easier than having to walk people thru everything manually.

One script writer was allegedly chased down by Zynga for releasing a script that used nothing to upgrade propertys in whichever city.

Scripters/Script modifyiers in general can release/mod a script to perform what they like aslong as it is within the bounds of the game, IMO they have improved alot of players greater game experience and saved many from pointless overclicking. I wouldn't advise running to them and asking about the latest exploit or can they write a script for you that would exploit a bug, because the majority will turn you down flat. Do they know every exploit? I'm going to say no, but they do see the code so probably can spot the bugs to exploit far easier than most people, Do they bother to exploit them? Well i'm sure we all have our own little fun from time to time ;) From Bobby Heartrate (whos scripts i first started using) right thru to Arch-Angel Nemesis, Vern, Esa, Joyka, Arun, Spockholm, UnlockedMW & PS-MWAP i'd like to thank ya's all.

Got health?
I heard about there been a health glitch out awhile ago, but could never figure it, it dates back along time tho. How did someone gain this much? Upon being asked the person laughed and said "why would i pay for that much health, its just silly" the above person sent me the pic (thru others to remain hidden) for this blogpost they were only discovered when someone took them into a NY boss fight(and saw that persons health). I was reminded about this a few weeks back and tried unsuccesfully to find the bug. I found info about it purely by chance after i saw it posted somewhere (which was quickly deleted might i add). The method was simple and for a total of 65rps you could double your current health everytime permanently. Zynga have since patched this and stated that the big whales were rolled and were given a ingame msg. However as with all Zynga rollbacks (clawbacks) they overlooked some people.

Hacking: Knowing some of the backgrounds of the guys in the security team that stake out the Zynga servers with an iron fist. My advice is, if you tamper with things your not meant too, your bound to be caught, these are the guys that don't code MW, their jobs are security! and thats what their good at.

Overlookings: In the begining there werent any rollbacks, untill shivs bug. But it wasnt really mentioned or talked about anywhere. Many exploits that had a huge effect Zynga will get out the rollingpin and roll it backwards, They miss alot of people, and people started noticing this with the baht glitch. Zynga have players divided up into "grouplings" its what the players refer to as servers, Zynga states they only release to a percentage of people and never to one groupling, When Zynga is releasing a new feature (not event) its usually for a test run before releasing to everyone, just incase it has a serious bug in it. Some of the grouplings do get missed and have different code that is outdated, some people still have minipacks!!! others got stuck on permanent whitescreens for one period. IMO it would be nice if Zynga regrouped all the players again so we all had the same updated code, and new fight/hitlist people. Different grouplings, Different code. Some people can exploit certain bugs that you can't because their code is different due to them being in a different groupling.

Also it is well known, that some staff at Zynga do "miss" somethings. One person was credited with over 600,000 skillpoints of which they made themselves welknown by. Others later preyed on customer support and use it well to their advantage, One CS person pumped an account from having only 6000 of stamina to a new permanent total of 22,000 stamina, Others use CS for unreleased loot items and of course how can i not forget Reward Points.

Bitching: With the slower finding of bugs to exploit, people are getting a wiff of one from "a friend" or see someone "hint" at one written somewhere and are doing their best to find it so they too can benefit from it. Its getting to the point that people are posting "Theres a bug here, that does this! but i can't figure it out!! HELP!" I talk to Zynga, its a known fact. If i deem the exploit too great and over beneficial for the general playerbase i have no problem with reporting it, No i didn't pass the health one over, but yes i was going to. If it is a security issue i will without a question hand it straight over, A simple bug to exploit and have fun with is just that FUN, Messing with people and stealing credit card info etc is theft and is not funny or "cool" in anyform.

If you have a bug that is being exploited and you think its unfair, you can goto the Offical Zynga forums and either PM a Supermod, or post it in their bugs section. Zynga do fix things if they have enough info, sadly they dont have a crystal ball that tell thems the answer to "people are gaining 1000's of skillpoints from levelups" or "the slot machine is giving out free RP's" the info they need is "This is the bug that is getting exploited, and these are the steps on how to exploit it, and if you do it correctly you will get free skillpoints and RP"

Mafiawars has been well documented in nearly all shapes and forms, You can find info out about most things by searching, the most recent article i could find relating to this was posted here

No comments:

Post a Comment