My family and I enjoy gaming together… and I mean, really… together. We’re geeks. Our favorite “family time” game is World of Warcraft… nothing says quality family time like developing character abilities and gear together, working out optimal ability usage (“rotation”) and team interaction, in preparation to mob up & go kill demons and monsters. It’s cheaper than a night at the movies, generally, and often more thought-inducing. (“For the Alliance! For Azeroth!”)
Other games pop up from time to time. Recently the kids started playing some Steam title… some cute little 8-bit thing. One thing that was unique about it was that, unlike almost everything out there, this game was entirely local… it’s a true single player game.
As they got into the finer points of this new game, they started to agonize over its limitations. It’s no Kobayashi Maru, but it’s designed to engage users and drag out their engagement over long periods of time.
Now I get that games have their points and lessons to learn, and it’s generally best to let kids work through and past them naturally. These guys are like most kids nowadays, solid gamer geeks, familiar with the gamut of games across phone, PC and Xbox, among others. They’ve been there. Done that. When they tell me they’re bored, I tell them to go outside and play, and they look at me as if I have two heads.
In today’s modern computing technology, “apps” (which most games qualify as being) are too secure and/or too distributed to consider operating outside of the original intent of the program. The save-file of the game is either stored in a “sandbox” that’s fully isolated from the user… OR the “save file” is not even stored on the device, it’s actually downloaded as needed from some cloud-based host somewhere in the inter-webs.
This game is just like dozens of others they’ve worked through “naturally”… I found myself thinking they might benefit from thinking outside the box a bit. Given this is a classic “low-tech” local PC game, no other players would be impacted, and… there’s access to the file system.
Frankly, it was easier than I expected. Initially, we started scanning the registry for clues, and found a silly ROT13 encoded string related to it that we decoded together, but not what we wanted. Eventually, we stepped back to the flat simplest solution. We found the game save files in c:\users\{userid}\AppData\Roaming\{Game}\ (how convenient!). Opening the files within that folder, we found good old NOTEPAD.EXE did the trick… the save file was an XML document, but that made for a nice, easy to grok (and search) structure… within minutes we’d multiplied their in-game gold amounts by 1000x (by just tacking a few 0’s on the end of their configured amount).
The full game save file was a long list of name-value pairs that were easy to identify. They could have easily added to their on-hand materials counts or any number of other hacks that would have been beneficial. In this case, everything they needed in game could be acquired with gold, so it didn’t make sense to dig much deeper.
Cheating? Well… Yes. And they definitely took advantage.
My two kids are into game design, and often say they want to build games when they grow up. This was an interesting opportunity to show them in concrete terms that data is data, and they can think much further outside the box than the average kid… this is especially important for them to understand the mechanics of app (and game) construction and architecture, peeling back the illusion of the game world.
In mechanical terms, it’s not much different than cracking the hood on a car and showing them how to beef up the engine.
What say you? Do the ends justify the means?