Game Hacking
redpwnCTF
Hack The Box
Pwnie Island
What is Pwnie Island?
Pwn Adventure 3: Pwnie Island
Pwn Adventure 3: Pwnie Island
Pwn Adventure 3: Pwnie Island is a MMORPG game designed to be hacked. Download the Windows version. Hackers don't hack Linux games, pls.
Setup
GitHub - LiveOverflow/PwnAdventure3: PwnAdventure3 Server
GitHub
We set up the client on Windows. The
/etc/hosts file is at C:\Windows\System32\drivers\etc\hosts.Binary Ninja
Binary Ninja
Binary Ninja
Binary Ninja
We are interested in
GameLogic.dll and GameLogic.pdb:
Load
GameLogic.dll with Binja and select "Tools > PDB > Load" to load GameLogic.pdb, which is a Program DataBase file that contains debugging information about GameLogic.dll.Information Gathering
First, let's conclude the architecture of this game:
- It is based on Mono, which is a cross-platform .NET framework.
- The underlying game engine is Unreal 4, but we don't attack the engine itself because net code and game logic are completely custom.
- The game logic is written in C++.
- The game client communicates with the game server for computation. There are two servers:
- Master server:
master.pwn3-> port 3333 - Game server:
game.pwn3-> port 3002
First Thing First: Speed Acceleration
We really need speed acceleration to save some tme. By searching on
Player in the symbols, we find a Player::GetSprintMultiplier function:
Player::GetSprintMultiplier
At address
0x10078b34, we find a number 0x40400000, which is 1077936128 in decimal:
Address
0x10078b34To get accelerated speed, we can change this number to 1977936128, which is
00 e9 e4 75 in little-endian format. Why this number? Recall that 32-bit max signed int is 2147483647. Anything larger than it will be negative.Make this modification in the built-in hex editor:
Hex editor
Save it. Enjoy your speed hack and let's get to the challenges.
Reference
Pwn Adventure 3: Walkthrough
CharonV
Pwn Adventure 3: Walkthrough
Last modified 2mo ago