Jump to content


Photo
* * * * * 1 votes

Hacking Farmville


  • Please log in to reply
88 replies to this topic

#1 rehack

rehack

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 11 posts
  • Gender:Male

Posted 09 October 2009 - 08:27 PM

Hi all,

Since farmville has something like 10% of all of facebook's hits, that puts it at a rediculous 50 million per month.
and since its only been around for a few months at time of writing, I think its high time we hacked it.

I've allready noticed that they have an XML file containing rules; which plainly contains all the different xp levels
required to level up, etc. Different settings.

I created a server, and uploaded a modified version of the HTML which loads the SWF in, but passed it my modified
version of the rules file. Problem is, The flash loads, and then hangs in loading. must be checksummed.

Next step is to throw it through SWF decompiler and see if I can find any vulnerabilities that way.

Peace,

Rehack

#2 modusTollens

modusTollens

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 13 posts
  • Gender:Male

Posted 10 October 2009 - 12:31 AM

Hi all,

Since farmville has something like 10% of all of facebook's hits, that puts it at a rediculous 50 million per month.
and since its only been around for a few months at time of writing, I think its high time we hacked it.


I've actually been kind of amazed at the popularity of this game. I suppose it mirrors any other RPG that somewhat mirrors real life: put time into a skill, and it'll develop. It's just sad that the skill we want to put time into is making clothing in an online world etc. Or maybe it's not sad, I haven't decided yet.

Regardless, I've been tossing around scripting my own facebook game where people have to do laundry, take out the garbage, and vacuum the carpet. I figure, if they like everyday activity so much, maybe this game'll be a hit by association. Or maybe they could just do my laundry. Either way.

#3 Belial

Belial

    SUPR3M3 31337 Mack Daddy P1MP

  • Binrev Financier
  • 344 posts
  • Location:inter global mega web

Posted 10 October 2009 - 03:35 AM

Hi

Can you think of anything else more productive, worth while and possibly notable to do then a lame online multi player game on a social networking site like facebook ?

I would suggest you redirect your energy to more constructive hacking projects then this one.

Just my 2p.

B

#4 rehack

rehack

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 11 posts
  • Gender:Male

Posted 12 October 2009 - 09:09 AM

Hi

Can you think of anything else more productive, worth while and possibly notable to do then a lame online multi player game on a social networking site like facebook ?

I would suggest you redirect your energy to more constructive hacking projects then this one.

Just my 2p.

B


If its so lame, Belial, Then you won't have any problem getting your giant leet ass to level 70, without pumping any time or money into the hands of zynga.

#5 rehack

rehack

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 11 posts
  • Gender:Male

Posted 12 October 2009 - 09:12 AM

Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.

Edited by rehack, 12 October 2009 - 09:20 AM.


#6 modusTollens

modusTollens

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 13 posts
  • Gender:Male

Posted 12 October 2009 - 05:54 PM

Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.

It sounds like you have a problem with capitalism, which is fine, but cracking one of its manifestations isn't going to to do much as a retort. I don't see any other reason to attack any particular company.

You might also want to consider that this company wouldn't be in business if there weren't a demand (created arbitrarily is another issue) for such a game. Any particular company fulfilling this niche is arbitrary.

You want to attack a placeholder? I think your fight is better directed at capitalism.
You want to change patterns of demand? I think you want to fight human nature (aka culture?).

You want to do either of those things? I think you're wasting your time.

MT

#7 twirlz

twirlz

    Default Custom Title

  • Agents of the Revolution
  • 1,200 posts
  • Gender:Male

Posted 13 October 2009 - 09:57 AM

Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.

Why not make your own farming game and rake in the millions that Zyaga is making...

#8 rehack

rehack

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 11 posts
  • Gender:Male

Posted 13 October 2009 - 11:33 AM


Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.

It sounds like you have a problem with capitalism, which is fine, but cracking one of its manifestations isn't going to to do much as a retort. I don't see any other reason to attack any particular company.

You might also want to consider that this company wouldn't be in business if there weren't a demand (created arbitrarily is another issue) for such a game. Any particular company fulfilling this niche is arbitrary.

You want to attack a placeholder? I think your fight is better directed at capitalism.
You want to change patterns of demand? I think you want to fight human nature (aka culture?).

You want to do either of those things? I think you're wasting your time.

MT


So either you don't care or you can't.
I'll get round to having a look at it again, just as soon as I get off this damn forum..

#9 rehack

rehack

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 11 posts
  • Gender:Male

Posted 13 October 2009 - 11:35 AM

Why not make your own farming game and rake in the millions that Zyaga is making...

bindun; farmtown. 2nd most popular to farmville.

#10 decoder

decoder

    Very Friendly

  • Agents of the Revolution
  • 1,609 posts
  • Country:
  • Gender:Male
  • Location:New York

Posted 13 October 2009 - 03:19 PM

Farmville seems to be one of these things that comes up in my notifications every once in a while... then i promptly ignore it.

haxxxoring fayceboox ; so leet

You think "it's time we hacked it" ? Who are you?

Bye

#11 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 13 October 2009 - 05:36 PM

If this game is interesting to him and this is what he wants to hack, why bash him? I would like to hear how this works and turns out. Some people have different interests in hacking than others. You don't have to agree with them, but if it isn't utterly destructive (and I do not think that hacking an online game is that destructive...annoying maybe...but not destructive) why belittle someone with different interests?

And no, i don't know anything about this game and don't even have a facebook account.

#12 InPh3rn0

InPh3rn0

    Will I break 10 posts?

  • Members
  • 4 posts

Posted 13 October 2009 - 05:49 PM

Guys I'm on the side of rehack here. I know, as a flash game developer, I often wonder how games tick inside. I don't know anything about the game mentioned, as I don't have a facebook. If the game doesn't verify things server-side, the developer is asking for trouble.

#13 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 13 October 2009 - 09:58 PM

Guys I'm on the side of rehack here. I know, as a flash game developer, I often wonder how games tick inside. I don't know anything about the game mentioned, as I don't have a facebook. If the game doesn't verify things server-side, the developer is asking for trouble.


I have also noticed what rehack said about the xml config file used. I don't know if you've ever tried installing custom software on your U3 smart drive, but one of the steps involves tricking the update software into thinking that the U3 website is in fact localhost, so that you can then host your custom .iso on your local web server and install anything you want on it. Maybe something similar could be done with farmville: if you can redirect the url at which the xml file is hosted to your own server instead, you could probably do pretty much what you want. Just an idea.

Let's put aside the fact that Farmville is just a lame game. Yeah, it may be fun to try to hack it.

Here is the interesting part of the page where you can see farmville:

<div id="flashOuterContainer">
<object id="flashapp" width="760" height="594" type="application/x-shockwave-flash" name="flashapp" data="http://facebook.farmville.static.zynga.com/embeds/FV_Preloader.swf">
<param name="allowScriptAccess" value="always"/>
<param name="wmode" value="opaque"/>
<param name="allowFullScreen" value="true"/>
<param name="flashvars" value="type=&fb_sig_in_iframe=1&fb_sig_iframe_key=c51ce410e124b10f0db5e4b97fc2af39&fb_sig_locale=fr_CA&fb_sig_in_new_facebook=1&fb_sig_time=1255421271.2388&fb_sig_added=1&fb_sig_profile_update_time=1253414855&fb_sig_expires=1155579200&fb_sig_user=571685700&fb_sig_session_key=2._9Emw4Ulr6_rcwBD5mvSDQ__.86400.1255579200-571685560&fb_sig_ss=84uhZnBeM96WiXpwlzXQBw__&fb_sig_ext_perms=auto_publish_recent_activity&fb_sig_api_key=80c6ec0028efd9a465dd223190a65bbc&fb_sig_app_id=102452126776&fb_sig=786b966bb07ff8ff368f91f164f8efad&app_url=http://fb-0.farmville.zynga.com/current/&sn_app_url=http://apps.facebook.com/onthefarm/&asset_url=http://facebook.farmville.static.zynga.com/v5854/&swfLocation=http://facebook.farmville.static.zynga.com/embeds/FarmGame.5865.swf&game_config_url=http://facebook2.farmville.static.zynga.com/current/v5854/gameSettings.xml&fotd=http://facebook.farmville.static.zynga.com/v5854/assets/fotd/PreLoaderFarm12.jpg&localization_url=http://facebook2.farmville.static.zynga.com/current/v5854/flashLocaleXml.xml&flashRevision=5865"/>
</object>
</div>

Here is a sample farmville XML config file:

http://facebook2.far...ameSettings.xml

EDIT: pasting the entire XML file in this post made this thread load very slowly, so now I'm linking to it instead.

#14 Zapperlink

Zapperlink

    "I Hack, therefore, I am"

  • Agents of the Revolution
  • 951 posts
  • Country:
  • Gender:Not Telling

Posted 14 October 2009 - 09:07 AM

Hi

Can you think of anything else more productive, worth while and possibly notable to do then a lame online multi player game on a social networking site like facebook ?

I would suggest you redirect your energy to more constructive hacking projects then this one.

Just my 2p.

B


To be quite honest I see this as a productive method of learning. Look outside the box for a moment. He is developing skills at not only debugging a production quality game, he is taking the time, effort, and resources to tinker with something in hopes to overcome its natural boundaries. Unless he is all er33t and already knows how to get this to work... he will gain a variable of new information.

It's not what your hacking, its what you gain from the experience.

#15 Belial

Belial

    SUPR3M3 31337 Mack Daddy P1MP

  • Binrev Financier
  • 344 posts
  • Location:inter global mega web

Posted 15 October 2009 - 07:40 AM

If this game is interesting to him and this is what he wants to hack, why bash him? why belittle someone with different interests?

And no, i don't know anything about this game and don't even have a facebook account.


I didn't bash him and I didn't even belittle him. Please elaborate exactly where I did that in my post. I just have an opposing view of what he and others here find a constructive hacking project. So if you want to spend your time RE'ing a flash online game then knock yourself out. -: I just want to provide some alternative criticism, I am entitled to my opinion here like everyone else is right? . As far as learning is concerned then that's fine, learning is completely different but Rehack's agenda seemed to be a little different to just 'learning'

"Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk."

Fight the Farmvill! Fight the power!!

#16 Zeldo

Zeldo

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Gender:Male

Posted 15 October 2009 - 01:37 PM

public function init() : void
        {
            var _loc_5:* = this.stage;
            GlobalEngine.stage = this.stage;
            Global.stage = _loc_5;
            GlobalEngine.parseFlashVars(this.parameters);
            var _loc_1:* = Config.BASE_PATH + "gameSettings.xml";
            var _loc_2:* = Config.BASE_PATH + "flashLocaleXml.xml";
            if (parameters.game_config_url)
            {
                _loc_1 = parameters.game_config_url;
            }
            if (parameters.localization_url)
            {
                _loc_2 = parameters.localization_url;
            }
            if (parameters.visitId)
            {
                Global.setVisiting(parameters.visitId);
            }
            GlobalEngine.log("Init", "Base URL: " + Config.SERVICES_GATEWAY_PATH);
            GlobalEngine.log("Init", "Asset URL: " + Config.ASSET_BASE_PATH);
            GlobalEngine.log("Init", "Game Config URL: " + _loc_1);
            var _loc_3:* = parameters.skipFacebook == true;
            var _loc_4:* = new InitializationManager();
            new InitializationManager().add(new GameSettingsInit(_loc_1));
            _loc_4.add(new LocalizationInit(_loc_2));
            _loc_4.add(new FacebookInit(_loc_3));
            _loc_4.add(new TransactionsInit());
            _loc_4.add(new GlobalsInit());
            _loc_4.add(new MyLifeAvatarInit());
            _loc_4.add(new UIInit());
            _loc_4.add(new AssetLoadingInit());
            _loc_4.addEventListener(ProgressEvent.PROGRESS, onInitProgress);
            _loc_4.addEventListener(Event.COMPLETE, onAllInitComplete);
            _loc_4.execute();
            return;
        }// end function

Decompiled init script, not sure if that will help anyone :p

For some reason they have the flashVars send the config file location and then it compiles the location itself?

Edit:

I created a server, and uploaded a modified version of the HTML which loads the SWF in, but passed it my modified
version of the rules file. Problem is, The flash loads, and then hangs in loading. must be checksummed.

Next step is to throw it through SWF decompiler and see if I can find any vulnerabilities that way.

Peace,

Rehack


I don't think it's check-summed, but it uses some variables from facebook to see if its been loaded from the page or not... How these variables are determined I do not know.

Edit2:

What is the URL of this code?

<div id="flashOuterContainer">
<object id="flashapp" width="760" height="594" type="application/x-shockwave-flash" name="flashapp" data="http://facebook.farmville.static.zynga.com/embeds/FV_Preloader.swf">
<param name="allowScriptAccess" value="always"/>
<param name="wmode" value="opaque"/>
<param name="allowFullScreen" value="true"/>
<param name="flashvars" value="type=&fb_sig_in_iframe=1&fb_sig_iframe_key=c51ce410e124b10f0db5e4b97fc2af39&fb_sig_locale=fr_CA&
fb_sig_in_new_facebook=1&fb_sig_time=1255421271.2388&fb_sig_added=1&fb_sig_profile_update_time=1253414855&
fb_sig_expires=1155579200&fb_sig_user=571685700&fb_sig_session_key=2._9Emw4Ulr6_rcwBD5mvSDQ__.
86400.1255579200-571685560&fb_sig_ss=84uhZnBeM96WiXpwlzXQBw__&fb_sig_ext_perms=auto_publish_recent_activity&
fb_sig_api_key=80c6ec0028efd9a465dd223190a65bbc&fb_sig_app_id=102452126776&fb_sig=786b966bb07ff8ff368f91f164f8efad&
app_url=http://fb-0.farmville.zynga.com/current/&sn_app_url=http://apps.facebook.com/onthefarm/&
asset_url=http://facebook.farmville.static.zynga.com/v5854/&swfLocation=http://facebook.farmville.
static.zynga.com/embeds/FarmGame.5865.swf&game_config_url=http://facebook2.farmville.static.zynga.
com/current/v5854/gameSettings.xml&fotd=http://facebook.farmville.static.zynga.com/v5854/assets/fotd/
PreLoaderFarm12.jpg&localization_url=http://facebook2.farmville.static.zynga.com/current/v5854/flashLocaleXml.
xml&flashRevision=5865"/>
</object>
</div>

If I can get that URL and extract the code using a program I make every time we want to load the client, I can load it in the program and control the functions of the SWF...

Ahaha! That will work, I tried sending your keys to the client and watched the outgoing connections, and it gets stuck loading while asking api.facebook.com for permission, and obviously since those are your keys and well past expired it stops loading there.

Edited by Zeldo, 15 October 2009 - 02:19 PM.


#17 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 15 October 2009 - 08:50 PM

I wouldn't try to load the app out of facebook, but I would try using Paros Proxy to intercept the HTTP response in which the flash app parameters are sent, so that you can change them to whatever url you want. gameSettings.xml lists a lot of relative paths to files located at the path given in the asset_url parameter. To successfully mirror the game on your own server, you need to make sure that the game can load all those files successfully. The first thing you need to do is gather all those files, and I write a perl script just for that:

#!/usr/bin/perl

my $url;
my $file;
my $path;

my $app_url = "fb-0.farmville.zynga.com/current/";
my $sn_app_url = "apps.facebook.com/onthefarm/";
my $asset_url = "facebook.farmville.static.zynga.com/v5854/";
my $swf_location = "facebook.farmville.static.zynga.com/embeds/FarmGame.5865.swf";
my $game_config_url = "facebook2.farmville.static.zynga.com/current/v5854/gameSettings.xml";
my $fotd = "facebook.farmville.static.zynga.com/v5854/assets/fotd/PreLoaderFarm4.jpg";
my $localization_url = "facebook2.farmville.static.zynga.com/current/v5854/flashLocaleXml.xml";

if(not -e $swf_location) {
	system("wget -x " . $swf_location);
}

if(not -e $game_config_url) {
	system("wget -x " . $game_config_url);
} 

if(not -e $ftod) {
	system("wget -x " . $ftod);
}

if(not -e $localization_url) {
	system("wget -x " . $localization_url);
}

open("CFG", $game_config_url);

while($line = <CFG>)
{
	if($line =~ m/.+url=\"(\S+)\".*/)
	{
		$url = $1;

		if($url =~ m/(.+\/)([^\/]+\.\w+)$/)
		{
			$path = $1;
			$file = $2;

			if(not -e $asset_url . $url) {
				system("wget -x " . $asset_url . $url);
			}
		}
	}
}

close(CFG);

Run the script, wait a few minutes and voila... you got a backup copy of all the .swf, .xml, and .jpg files for FarmVille. This should help going to the next step.

#18 Zeldo

Zeldo

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Gender:Male

Posted 15 October 2009 - 09:14 PM

I wouldn't try to load the app out of facebook, but I would try using Paros Proxy to intercept the HTTP response in which the flash app parameters are sent, so that you can change them to whatever url you want. gameSettings.xml lists a lot of relative paths to files located at the path given in the asset_url parameter. To successfully mirror the game on your own server, you need to make sure that the game can load all those files successfully. The first thing you need to do is gather all those files, and I write a perl script just for that:

#!/usr/bin/perl

my $url;
my $file;
my $path;

my $app_url = "fb-0.farmville.zynga.com/current/";
my $sn_app_url = "apps.facebook.com/onthefarm/";
my $asset_url = "facebook.farmville.static.zynga.com/v5854/";
my $swf_location = "facebook.farmville.static.zynga.com/embeds/FarmGame.5865.swf";
my $game_config_url = "facebook2.farmville.static.zynga.com/current/v5854/gameSettings.xml";
my $fotd = "facebook.farmville.static.zynga.com/v5854/assets/fotd/PreLoaderFarm4.jpg";
my $localization_url = "facebook2.farmville.static.zynga.com/current/v5854/flashLocaleXml.xml";

if(not -e $swf_location) {
	system("wget -x " . $swf_location);
}

if(not -e $game_config_url) {
	system("wget -x " . $game_config_url);
} 

if(not -e $ftod) {
	system("wget -x " . $ftod);
}

if(not -e $localization_url) {
	system("wget -x " . $localization_url);
}

open("CFG", $game_config_url);

while($line = <CFG>)
{
	if($line =~ m/.+url=\"(\S+)\".*/)
	{
		$url = $1;

		if($url =~ m/(.+\/)([^\/]+\.\w+)$/)
		{
			$path = $1;
			$file = $2;

			if(not -e $asset_url . $url) {
				system("wget -x " . $asset_url . $url);
			}
		}
	}
}

close(CFG);

Run the script, wait a few minutes and voila... you got a backup copy of all the .swf, .xml, and .jpg files for FarmVille. This should help going to the next step.


Thanks for the script but there are hundreds of files that the game downloads when it needs, and as a side note, I am on windows :X

But I had another question, is there anyway to redirect just that one link to my server? (The config one) so that when I load it on facebook it loads everything from there server except that file which gets redirected to my server.

Thanks, Zeldo.

#19 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 15 October 2009 - 09:50 PM

Thanks for the script but there are hundreds of files that the game downloads when it needs, and as a side note, I am on windows :X

But I had another question, is there anyway to redirect just that one link to my server? (The config one) so that when I load it on facebook it loads everything from there server except that file which gets redirected to my server.

Thanks, Zeldo.


Here's a copy:
http://www.awakecodi...e/farmville.zip

At this time I don't know if it's possible, but I'll go for the "safest" way. I mirrored the files on my website, for but some reason requests to my website do not go through paros proxy... which causes problems.

#20 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 15 October 2009 - 10:15 PM

They updated the game while I was trying to tamper the HTTP response so that it loads my files instead of the original:

Posted Image

Check that when you're trying to tamper your config file you're in sync with the current version.




BinRev is hosted by the great people at Lunarpages!