Changing the clock is hacking now? Really?
A 10-year-old hacker has won the admiration of her adult peers for finding a previously unknown vulnerability in games on iOS and Android devices. The young girl, who has adopted the hacker handle CyFi, discovered the timing related bug after she got bored with the slow progress of a FarmVille-style games. For example, crops …
Yes, setting the clock forward to gain an advantage in online gaming is a (simple) hack. If you can make the program behave in an unintended way, you are hacking it. It is hacking as is setting the clock backward to fool "trial" software into a "forever trial" status, for example. Easy, stupid, but still a hack.
Yeah, it kinda is.
1) The game is not working as intended. It was intended to, after a set amount of real time, set the crops to be at the next level of growth. They didn't have access to real time, so they used system time, which will be close enough. When you change the system time you are changing how it is intended to function. If they wanted you to be able to fast forward time, they probably would have given you a fast forward button.
2) Cars are not built with hard-coded rules that would deny them from going 71mph, in almost all cases. However, if they were, but you found out that it only prevented you from going above 70 in the top gear (which makes sense, nobody could possibly go above 70 in a lower gear!), but you then realized you could drop it down a gear, rev the engine (much too hard, admittedly, for a low gear) for a second, and then pop it back into the top gear and be clear of the prevention scheme... now that's hacking! Breaking a rule outside the system by hitting a button or stepping on a peddle isn't hacking, but finding a way to bypass a lock that prevents you from hitting the button or stepping on the peddle could be.
3) Your penis wasn't designed to be unable to receive blowjobs (I'd hope, but you had better clean off anyways just in case).
4) Because the system has to trust input from the system time, and there's no technical way to avoid this, any hack involving changing the system time isn't really a hack? No! That just means that the system time is an easy attack vector that is hard to defend against!
5) While it might not be clever for you to change the system time, a child who is but 10 coming up with it is rather clever for her or his age.
Why should we be admonishing this child as not "really hacking" the system. Encourage it is a great starting point and a simple example of game-breaking, hacking, and lateral thinking, so that we can continue to encourage this child to develop these skills into the future, so that when they are 20 they are able to understand the hundreds of different ways to protect, penetrate, or game a computer system to get a desired effect outside of the standard procedural bounds.
It all depends on the meaning of "hack". I think that changing the clock is still a hack, expecially when dealing with internet-connected, part-server and part-client-side software. If the programmes is a fool and trusts the client's clock, then it's a hack. An easy, stupid hack, but still a hack.
Then there are really clever hacks, like takign control of the firmware of a NIC remotely and use it to mess wit OS memory using DMA.
I unserstand that changing the clock is easy and messing with NIC firmware is a truly cool hack, buth I still stand that both are hacks.
It is a hack, in the true meaning of the word.
What it isn't is a "crack" - This is a tech site - it's expected readers know the difference between the two.
If the word 'hack' was on a tabloid news site, it would appear misleading, because of the 'laymans' mis-use of the term.
You don't have to believe me, just check a dictionary:
hack [very common] 1. n. Originally, a quick job that produces what is
needed, but not well.
"You don't have to believe me, just check a dictionary:
hack [very common] 1. n. Originally, a quick job that produces what is
needed, but not well."
Yep, and the dictionary says a window is a hole cut in a wall to allow light in so I don't know what you're talking about windows on a computer for.
Not sure if you're trolling or just really unintelligent.
Since 'hacking' origionally referred to changing the function of something in a useful (to the haker) but unintended (by the creator) way, but these days it means a specific form of hacking more correctly called 'cracking' to the exclusion of the rest, I think you are a bit late - the 80's called and all that!
"Yes, setting the clock forward to gain an advantage in online gaming is a (simple) hack. If you can make the program behave in an unintended way, you are hacking it. It is hacking as is setting the clock backward to fool "trial" software into a "forever trial" status, for example. Easy, stupid, but still a hack."
No, it is a "bug exploit". Alternatively it is a "clever yet unintended use of game mechanics".
Hacking involves gaining unauthorized access and/or inserting your own code.
Repeatedly changing the clock in small increments so as to circumvent a programmatic method implemented to stop the abuse, yes. Just because it is simple doesn't mean it isn't a hack. In fact, if you go all the way back to the earliest definition as in "an elegant hack" the simpler and more obvious but not thought of, the better.
Taking advantage of any implementation glitch in a game would be a hack. Changing the system clock to gain advantage in Farmville is not all that different from skipping most of Ravenholm in HL2 with physics tricks or taking advantage of disappearing sprites in Duke Nukem 3D -- something around when I was ten -- to beat the Cycloid Emperor with very little effort. It shows that you've spend plenty of time playing the things, are reasonably intelligent or at least observant and inquisitive, and have some vague idea of how they work. It is a hack in the sense that you are playing the game in a way unintended by its creators, but it hardly makes you a hacker or your "hack" news. Nonetheless, good going for the ten-year-old and good going for DefCon. Maybe their outreach will interest at least a few more kids in considering careers which are vaguely useful.
Previously unpublished perhaps, along with a lot of other trivial things. It's a bad programmer who trusts the user's system to tell the truth about such things as the system time.
Having said that, I have a number of instant messages sat on Skype which appear to be from the future because I reset my PC's BIOS and failed to notice that the clock setting was in 'merkin format (mmddyyyy) until I'd been using it for a few hours. I mean seriously, who came up with that? It's like telling the time with the seconds between the hours and minutes. And honestly, why does Skype not timestamp messages with a server time?
This is not a new discovery. The wife and her family have been doing this for yonks to cheat this kind of game. Saying a 10 year old discovered it seems a bit late.
Also, this isn't a "vulnerablility". It is a flaw in the game to prevent cheating, but i can't see it as an attack vector.
On the BBC it was implied that this would let arbitrary code be run on the system...
(As for the comment above that it indeed is "hacking" in an online game -- note that its obviously NOT an online game here, as that kind of trickery is checked against... it only worked "if shutting down wifi" etc.)
It's because Merkins say a date as "January first" while we Limeys says "The first of January".
The irony of course is that Independence Day is "The Fourth of July".
El Reg readers know that the Americans are right to put month before day, it's just that they have the year position wrong.
"Us 'ere Limeys also say "ten past five" for a time, but we don't write it as "10:17""
<sarcasm> I would hope that we don't write "ten past five" as "10:17". I'm kind of hoping that we write "ten past five" as "5:10". </sarcasm>
Of course, I might have just been doing it wrong all these years.
don't bitch at me for your own idiocy.
Whether this means just blocking the postings like a geek, or unfriending the people who send you the messages is entirely up to you. Or perhaps you should go in and remove yourself from the game settings. Because the last time I checked, I'm limited to 50 messages to people for a given session, and I sure as hell try to make sure I'm getting something back for the messages I'm sending. Which means they only go out to people who are listed in the game as playing the game.
Ah yes... At the same age I was rewiring the joystick port of my TI-99/4A to connect it to under carpet pressure pads I had made from tin foil, bubble wrap and bin liners, so that my intruder detection program could sound the alarm and log entry and exit from my bedroom for when my horrible little brother came to nick stuff off me. lol.
I also "invented" a new limitless power supply for street lights for my toy cars, using bell wire, 1.5v torch bulbs and a mains power cassette recorder lead... this was slightly less successful, as shoving the bare ends of bell wire into 240v mains had the effect of vaporising said torch bulbs instantaneously. You live and learn. Kids eh!? :-D
...but a few years later on an amiga. changed all the planet names etc on frontier:elite2 to humorous words. also the intro credits. that was pretty cool
deksid got me into "hacking" (worked fine as long as the CRC was unchanged), which i very rarely see anymore in my professional life as a contractor. hit the hex dude!!!!! :)
i 'hacked' a football manager game on the spectrum 128 so I had a limitless cash to build my team.
More recently (10 years ago) i created a champions league patch for the PSone emulator on PC playing one of the first versions of PES, using hexedit, I altered all the players, and built new 3d stadia by directly editing the hex to move the 3d polygons around, remember doing a new Villa Park.
Biting the hand that feeds IT © 1998–2019