Jump to content
  • 0
Sign in to follow this  
memet0asty

A possible security threat

Question

First of all,

hello to everyone.

This post is more targeted to the developers of PokeMMO, but if you have information or knowledge, that advances the discussion feel free to post here.

 

So now on to my concern:

I am a hobbyist programmer and was curious, how PokeMMO works, so I tried to get to the source (of course this game isnt open source).

On my way to that I noticed, that the PokeMMO.exe  was just wrapped with Launch4j, which means, that the .jar-File is directly unencrypted embedded in the exe. (Oh at this point I have to mention, that I only looked at the Windows version of the game, but because its Java, I thought, that the OS doesnt matter THAT much, therefore I hadnt checked in on other platforms yet).

I know, that some people hate me for that (obvsly devs as well), but curious how I am, I tried to:

- Decompile it

- Modify it

- Build the Artifact

- Run the modified game

 

I was able to decompile the game and I had a general overview of the project.

Then I modified the logger of the game (just some sysprints, I dont want to get unfair advantage with cheats etc...)

I was able to repack the .jar

But then it failed at running..

 

But other than my incompetence,

I think it might be a problem, that a beginner (like me) could get so ?!far

 

Hopefully some dev reads this and can give me some information (or even help :D)

 

I wish everyone a wonderful day,

memeToasty

Share this post


Link to post

4 answers to this question

Recommended Posts

  • 0

You got a look at the client there, yes, but I believe you wouldn't be able to gain any advantage since everything important _should_ be hosted server-side.

They are pretty good at getting people who tries to tamper with the clients as even looking at the ram footprint is -or used to be- not allowed.

In any case they will probably nuke your IP despite your good intentions.

Share this post


Link to post
  • 0

Forgive me if I'm wrong but this really looks like you're trying to get an idea on how you can circumvent security measures, I see no good intentions here. Anything that you would want to manipulate locally, and has no advantage,  is available with a simple rom edit. Sprites, music, UI, etc are available with mods or available to the public with edits to local files and even have guides to show you how.

 

To assume that the developers have no safe guards in place to prevent anyone, especially players, to come along and edit their game client as they see fit is pretty silly. Furthermore, expecting the developers to tell you how to succeed in manipulating something that you shouldn't be touching is insane.

 

There is no security threat. Anyone can decompile, disassemble or debug anything and it's probably the most common dead-end to learn that it won't function when you recompile without knowing what they've put in place to prevent this.

 

I would be happy to help point you in the right direction for contributing to the modding community here, but what you're attempting to do is a no no.

Share this post


Link to post
  • 0
45 minutes ago, Kole said:

Forgive me if I'm wrong but this really looks like you're trying to get an idea on how you can circumvent security measures, I see no good intentions here. Anything that you would want to manipulate locally, and has no advantage,  is available with a simple rom edit. Sprites, music, UI, etc are available with mods or available to the public with edits to local files and even have guides to show you how.

 

To assume that the developers have no safe guards in place to prevent anyone, especially players, to come along and edit their game client as they see fit is pretty silly. Furthermore, expecting the developers to tell you how to succeed in manipulating something that you shouldn't be touching is insane.

 

There is no security threat. Anyone can decompile, disassemble or debug anything and it's probably the most common dead-end to learn that it won't function when you recompile without knowing what they've put in place to prevent this.

 

I would be happy to help point you in the right direction for contributing to the modding community here, but what you're attempting to do is a no no.

Thank you for mentioning, or giving me this kind of information.

I just was curious, if and what kind of measures the devs have. I didnt want to make anything bad with it.

Just wanted to help. IF there is a security threat.

The modding community is broad, as I saw. But graphical mods arent my jam, cause sprite and Overlay editing is no fun for me.. I will inform myself on the modding possibilites and see, if I can do anything, in my eyes, usefull, that could increase efficiency

Share this post


Link to post
  • 0

We don't care about static analysis, it's not like anyone can stop you anyway. We frown upon posting decompiled information though.

p.s. Don't tamper too much, or you'll get banned regardless. If you find a gameplay-affecting exploit please report it at [email protected]

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.