10yr Old Hacker Finds Zero-Day Flaw in Games

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Whoa, what were YOU doing when you were ten?

A 10-year-old hacker who goes by the pseudonym CyFi revealed today at DefCon 19 a zero-day exploit in games on iOS and Android devices that independent researchers have confirmed as a new class of vulnerability. The girl from California first discovered the flaw around January 2011 because she "started to get bored" with the pace of farm-style games.
Click to expand...
 
So I thought, 'Why don't I just change the time?'" Most of the games she discovered the exploit in have time-dependent factors. For example, planting corn might take 10 real-time hours to mature in the game. Manually advancing the phone or tablet's clock forced the game further ahead than it really was, opening up the exploit.
Click to expand...

Really? This is like digging up a stone wheel and claiming it is something amazing and new.
 
Not to rain on her parade, because she is infact 10, but this type of "exploit" has been abused countless times before, primarily in the days of time-based shareware.
 
It's pretty awesome that she figured this out on her own -- she's 10yrs old, folks - cut her some slack.

However, it's extremely hilarious that such a simple 'exploit' was overlooked by the devs. Shame on them :p
 
This exploit is so retro that it's actually now again. What she did do is figure out how to use Google, but I can't deny mad props for being interested in this stuff at that age, that's the true accomplishment here.
 
I'm a horrible jerk and bypass numerous things by doing this.

Use VM -> disable time sync and save state right after you get everything installed -> back up anything to dropbox when it expires -> restore state, download shit

infiniteeee triallssss
 
Ive beend oing this since the early 90's with the demo games I got from PC gamers..

I cant believe this is even news.. And there have been TONs of programs that have teh same fault..
 
So is "Zero-Day" the buzzword to use when trying to make bugs in software sound evil or threatening when reading an article? "OMGZ.. it's a Zero-Day exploit! Grab the shotgun and get to the shelter, the bombs and zombies are coming!!!" :eek:

It's cool that a 10 year old found this out on her own, but yeah, this "exploit" has been around forever.
 
Where is my parade for modding cfg files to make games run without a cd back in the 90's?

Def not a hacker and that exploit is old (who hasnt done that to try get around some apps?)

Shamed us again [H]
 
How is it a zero-day attack when so many people know about this exploit? Unless i'm understanding the term incorrectly.
 
Jehuty said:
It's pretty awesome that she figured this out on her own -- she's 10yrs old, folks - cut her some slack.

However, it's extremely hilarious that such a simple 'exploit' was overlooked by the devs. Shame on them :p
Click to expand...

Exploit yes, but not a hack. When I was 10 I exploited netzero. How? When you logged into their service to sign up, just browse. What this little girl did was exploit a game. How many games have you exploited in your life time? All she had to do was disable her wifi to make time go faster.
 
she "started to get bored" with the pace of farm-style games.
Click to expand...
Boring games turn people into hackers. Idle hands are the devil's playground. This is why parents should make sure their kids are playing good games.
 
lathode said:
How is it a zero-day attack when so many people know about this exploit? Unless i'm understanding the term incorrectly.
Click to expand...

the only thing 'zero-day' about this is that it was an exploit that existed since the software came out. but I'm pretty sure everyone knew about it and didn't give two flying fucks because it's for farmville and shit like that.
 
Do you say the name "sci fi" or "ciffy"?

This isn't even anything sillybeans! When I was 10 (and younger) most of the computer type people I hung around with had "extended demo"ed lots of software. (mainly because it couldn't be bought, or was old old games).
 
So some girl discovered changing the clock to confuse webkinz so she can grow corn faster? My daughter has been growing webkinz corn on a machine running a copy of Windows 7which depends on such a "hack" since the OS came out even though I've got plenty of keys. Just too lazy to legitimize it. All this "news" means is that it will be harder for us to crack software in the future.
 
thought this'd be a little more exciting. but well done for a 10yo.. wait.. er.. 10yo seems the right age to get into haxoring.. probably the average age of script kiddies... rofl.
 
It's not so much that she found that changing the clocks would let her speed up in game time, it's that she found a method of doing it that avoided detection by the games that are affected.
 
No code involved and no resulting data loss, I would not call this a hack, I'd call it a cheat...
.
.
.
.
When I was ten I was building solid state amplifiers, rebuilding lawn mower engines and hunting with a 410.
 
Hmm, when I was 10 there were no personal computers. Our idea of a first person shooter was gather up all the toy guns and play "War". Come to think of it I had more fun doing that than some of the newer online games...
 
Uhhh yeah I did this many times on our family computer at that age (I am actually young enough to have had a computer with a GUI when I was 10 ;) )
 
I think it's great that a child is learning to push the limits of software. But I can't help to feel that this is just another whiny gamer wannabe cheating at games. I take this personal I guess, as I'm a big brother of one of the whiny gamer wannabe's... I try to guide him to the good side, but he can't stop exploiting games to give himself the edge. Call me old fashioned, but I believe in gaming integrity and using your own skill set to win.
 
Steve said:
Whoa, what were YOU doing when you were ten?
Click to expand...

When I was ~ten (I may have been 11) I received a free demo disk of the Game Lemmings by Psygnosis.

lemmings-2.jpg


The demo included the first level or two and I loved it.

I eventually saved up my allowance and bought the boxed version of the game. It came on 3.5" disks, and you were required to have the first disk inserted for a copy protection check when running the game.

At some point that disk got damaged, and I was very sad...

..until I figured out that all I had to do was overwrite the game executable in the full gmae install directory with the executable from the demo, and I wound up with a full version of Lemmings with no disk check :p
 
up, up, down, down, left, right, left right b, a, select start was the extent of my hacking at age 10.
 
Changing the time to cheat in a game... yeah, she's ten, and it may be a slight bit of a stretch for an average ten year old to link the passing of time in a game to the time on the desktop clock, but there's certainly no earth-shattering innovative quality at work here.

When I was around that age (maybe as old as 12 or 13) I hacked the IO.SYS file to replace "Starting MS-DOS..." with something else... don't remember exactly what it was now, probably something stupid like my name.
 
Zarathustra[H];1037609743 said:
lemmings
Click to expand...

If I remember right, you could do something similar with the shareware version of Doom, like replace the .wad files with the full version that you could find on a BBS. I could be remembering wrong though.
 
Wolfie said:
up, up, down, down, left, right, left right b, a, select start was the extent of my hacking at age 10.
Click to expand...

I started with Game Genie and finding my own cheats for NES games when I was 9. Then I picked up memory editing by age 11 when I got my own PC. Then C++ by age 13, I stopped getting into game hacking when I was about 16 and started to play legit. I still get the itch now and then but I resist.
 
This worked well in Plants vs Zombies when It came out.

I just did a batch file, assigned a shortcut then I could make the "zen garden" grow alot faster.
 
Druneau said:
This worked well in Plants vs Zombies when It came out.

I just did a batch file, assigned a shortcut then I could make the "zen garden" grow alot faster.
Click to expand...

Why not just hex edit the save file if you want lots of money :p
 
gaspah said:
thought this'd be a little more exciting. but well done for a 10yo.. wait.. er.. 10yo seems the right age to get into haxoring.. probably the average age of script kiddies... rofl.
Click to expand...

10 years old "hacker" reminds me of phishing AOL and Prodigy passwords. One of my favorites was how even multiplayer games would save settings in unlocked plain text .cfg files. Infinite health and armor just a notepad away...Actually, that was more like 12-13y/o, at 10 I wasn't using windows all that much, mostly DOS, and graphical MP games weren't really around. If you wanted MP, it was a MUD! If my main MUD were a person, she'd be old enough to drink now, yikes. Perhaps even more scary, I still log in occasionally.
 
You must log in or register to reply here.
Back
Top