88 replies to this topic

[Caesurus]

It seems the server keeps everything in sync anyway. However, using memory editors such as CheatEngine it seems to be possible to find values and edit them. Search for your current amount of coins, for example, and replace with 999,999. However, most people have trouble making this stick, undoubtably because the server doesn't really accept anything from the client.

I propose another approach: have a look at what the client does to communicate with the server, and see if any of these methods could be vulnerable to attack.

If anyone else has any ideas, please share.

The server does keep everything in sync. Editing the amount of coins doesn't help because the client never sends that back to the server. I have been looking at the communication between the client and server and the client never transmits how many coins it has to the server. It only does transactions and the server maintains count of whether you have enough money to do that. EG, if you hack the memory location for coins to 100 coins, but actually have 5, then the client will let you plow a section of land. But the client will send a indication that it has plowed land to the server. The server will then respond with a success or a failure message, and will automatically deduct the cost of plowing from your account balance. If the server's coin count is 5 and you try to do an action that costs 10 coins, then it will send an error message that you don't have enough money to do that.

So cheatengine is not the way to go here. The communication between the client and server is probably the best way, but you probably won't get it to update the coin count on the server unless there is a command to do that that we don't know about (since the client never does this).

I have had some success modifying the requests and responses to and from the server, but most of that also only modifies the local variables of the client, so that doesn't really help anything.

I have found something that's fun (but mostly cosmetic to the client), but don't really want to advertise what it is on here. The problem of finding something and posting it here is that this will inform the game's developers that there is yet another hole that they need to patch. This is probably good for them, not so fun for me if I'm doing stuff that the client isn't supposed to allow.

[StankDawg]

I have found something that's fun (but mostly cosmetic to the client), but don't really want to advertise what it is on here. The problem of finding something and posting it here is that this will inform the game's developers that there is yet another hole that they need to patch. This is probably good for them, not so fun for me if I'm doing stuff that the client isn't supposed to allow.

If everyone had that attitude, no information would ever get released or shared. The fun is in finding it and sharing it. Let them fix it and then find something again! The fun isn't the destination, the fun is the journey.

[Caesurus]

I believe that the fuel for the harvester/planter/tractor is just an internal variable to the client. It may be susceptible to modification via cheat engine.

[dschu012]

I believe that the fuel for the harvester/planter/tractor is just an internal variable to the client. It may be susceptible to modification via cheat engine.

Wouldn't that mean that if you exited the game the fuel you bought would disappear?

[Caesurus]

I believe that the fuel for the harvester/planter/tractor is just an internal variable to the client. It may be susceptible to modification via cheat engine.

Wouldn't that mean that if you exited the game the fuel you bought would disappear?

The fuel stats are sent to the client from the server during initialization. And every time you buy fuel from the market that transaction lets the server know you bought more. I think that every time you plow/seed/harvest with a machine the server will know whether to deduct fuel just to maintain it's own count. I need to track this down and try it, but I just don't have time right now.

[Darren]

I believe that the fuel for the harvester/planter/tractor is just an internal variable to the client. It may be susceptible to modification via cheat engine.

Wouldn't that mean that if you exited the game the fuel you bought would disappear?

The fuel stats are sent to the client from the server during initialization. And every time you buy fuel from the market that transaction lets the server know you bought more. I think that every time you plow/seed/harvest with a machine the server will know whether to deduct fuel just to maintain it's own count. I need to track this down and try it, but I just don't have time right now.

I'm not sure about using cheat engine, but I've been changing the "energyCost" to "0" in gameSettings.xml and it will let me use equipment all day long.

[StankDawg]

I just got some app for the iphone called "iFarm" by "playmesh". Is this the same game? Or a knock-off? I don't get the fun here...you plant shit, wait for it to grow and then come back to fucking pick it. I mean, WTF? how boring is that? It makes me want to just write a script to play it for me. I am not seeing the fun.

[Swerve]

Voice from the masses:

Time at work playing farmville > time at work working.

[Caesurus]

I just got some app for the iphone called "iFarm" by "playmesh". Is this the same game? Or a knock-off? I don't get the fun here...you plant shit, wait for it to grow and then come back to fucking pick it. I mean, WTF? how boring is that? It makes me want to just write a script to play it for me. I am not seeing the fun.

Not sure if it's the same thing, but it sure sounds like it. You plant then come back and harvest. I had the same impression, extremely boring, but it's extremely appealing to the masses out there. In my opinion it gives a sense of accomplishment to people who otherwise don't feel they get much accomplished in their lives. It can be highly addictive for people like that. Farmville has 40Million+ registered players, that's just insane! It also lets you have a virtual life where you can arrange your house and farm just the way you feel like it (and nothing bad ever happens). It's a massive time drain, but it's got mass appeal. An escape from reality.

[themonkey]

I know I am most likely going to be of no help, since I do not know much about hacking and code, but through a glitch in the game I think I might have an idea. Someone who is good with code will have to do all of that stuff, but here is my idea. From what I can understand so far you are having trouble since the server keeps being out of sync and the hack will only work on your farm, but will not updated back to the farmville server. There are two glitches I have found that might be of use. There is a limit of 1 chicken coop, bur there is a way around that. If you have no coops and leave the buy screen open on your farm and then accept a coop as a gift from a friend you can have two coops. When you accept the gift your farm updates and it goes in your gift box, but the farm you have open in the other window is the version of the farm before the update. This allows you to buy the coop and then place the coop onto your farm. Another glitch I found was items that are locked can be sent as a gift. The only problem is those items are giftable=false in the game settings. So if that was changed somehow, we could gift to other people for free and it would not matter if our farm went out of sync or did not update the change. I think that could also work with items you find on your farm and post on the feeds to share with your neighbors.

I hope someone who knows a lot about code and hacking can use my suggestion. I hope this helps in some way. Good luck

[themonkey]

I have been changing the game settings file and not had much luck. Only thing that I think does not cause out of sync is changing fuel consumption for vehicles, crop harvest time, and speed. There might be more, but I have not found any. One thing I need help understanding is

<item name="chickencoop" type="building" className="ChickenCoopBuilding" subtype="animal_pens" buyable="true" giftable="false" placeable="true" code="CC">
<requiredLevel>1</requiredLevel>
<cost>5000</cost>
<limit>1</limit>
<substituteItem>chicken</substituteItem>
<sizeX>5</sizeX>
<sizeY>3</sizeY>
<harvestItemChance>0.015</harvestItemChance>
<storageSize>1</storageSize>
<capacity>20</capacity>
<storageType itemClass="animal">
<itemName>chicken</itemName>
<itemName>chicken_brown</itemName>
<itemName>chicken_black</itemName>
<itemName>chicken_gold</itemName>
</storageType>
<defaultItem amount="1" name="chicken" />
<actionText>Eggs</actionText>
<growTime>1</growTime>
<image name="built_1_0" url="assets/buildings/building_chickencoop.swf" loadClass="mc" />
<image name="built_1_1" url="assets/buildings/building_chickencoop.swf" loadClass="mc" />
<image name="built_1_2" url="assets/buildings/building_chickencoop.swf" loadClass="mc" />
<image name="built_1_3" url="assets/buildings/building_chickencoop.swf" loadClass="mc" />
<image name="built_1_4" url="assets/buildings/building_chickencoop.swf" loadClass="mc" />
<image name="icon" url="assets/buildings/building_chickencoop_icon.png" />

If you change limit, grow time, or capacity you get an out of sync error. I have tried changing the <harvestItemChance>0.015</harvestItemChance>, which is all I really want to do, but it does not seem to be working. Can someone please help me figure out how to change the harvest chance so that it is 100% guarantee that each harvest gets a mystery egg. Also one more question. Each time you put a new coop down it comes with a chicken in it and a white mystery egg to share. I changed the white chicken to gold, which made it go out of sync. I want to change the white mystery egg found in new coops to a gold one, but I do not know what to change to get that to happen.

[Caesurus]

I have been changing the game settings file and not had much luck. Only thing that I think does not cause out of sync is changing fuel consumption for vehicles, crop harvest time, and speed. There might be more, but I have not found any. One thing I need help understanding is

...

If you change limit, grow time, or capacity you get an out of sync error. I have tried changing the <harvestItemChance>0.015</harvestItemChance>, which is all I really want to do, but it does not seem to be working. Can someone please help me figure out how to change the harvest chance so that it is 100% guarantee that each harvest gets a mystery egg. Also one more question. Each time you put a new coop down it comes with a chicken in it and a white mystery egg to share. I changed the white chicken to gold, which made it go out of sync. I want to change the white mystery egg found in new coops to a gold one, but I do not know what to change to get that to happen.

Don't waste your time with the chicken coop, The server again maintains the stats. Things that you can do by modifying the gamesettings.xml file (and not getting a sync error) are:

Fuel costs,
Harvester/Seeder/Tractor grid size,
Avatar size/walkspeed etc...
Zoom sizes

I have messed with just about everything in the file. I use Privoxy for search and replace rules eg:

FILTER: farmville_scale Do avatarScale modification
s/avatarScale="0.5"/avatarScale="0.8"/g

FILTER: farmville_walk Make walking faster
s/walkSpeed="120"/walkSpeed="10"/g

FILTER: farmville_energy Do energy mod
s/<energyCost>1/<energyCost>0/g

FILTER: farmville_SizeXY Do Size mod for Tractor/Seeder/Harvester
s/<actionSizeX>2/<actionSizeX>40/g
s/<actionSizeY>2/<actionSizeY>40/g

Now, I just got locked out of my farmville account I have one additional hack that isn't as easy. It lets you farm way outside of your normal farmland boundaries. The messaging between the client and server are AMF. I did some man-in-the-middle packet modification to modify the amount of land the server tells the client it has. My land was 256x256, each plowed land square takes up 4 'steps', so that's a farm land of 64x64 farm-able land. I think I made a mistake by planting outside of the 256 boundary and now the server won't initialize my user anymore (error 500, internal server error) :S (LOL, it's pretty comical).

So, here it is. I've attached the hacked proxy. <edit>Also here:
http://rapidshare.com/files/315021798/privoxy-3.0-Farmville.zip.html

It's a recompiled version of privoxy to do the hack. Uncompress the zip, run privoxy.exe, setup your browser to use proxy settings 127.0.0.1 port 8118. And load farmville

I'll share the code with whoever wants it, it's modified GPL code and so I can't keep it to myself anyway.

Word of caution. If you increase your harvester/tractor/seeder to something very large (like mine: 40x40), then be prepared to wait a while for the client to finish syncing with the server. The client sends 10 actions to the server at a time, and can take a couple of seconds between messages, so that it can take a couple of minutes to farm the 1600 squares .

Also, don't expect this to work too long. I expect that they will fix this fairly quickly. It's a simple fix on the server side of things.

Edited by Caesurus, 01 December 2009 - 08:19 PM.

[R4p1d]

Fuck Farmville. It's re-re-re-re-ra-ra-ra-ra-re-ra-retardeddddddddd duh

[themonkey]

Fuck Farmville. It's re-re-re-re-ra-ra-ra-ra-re-ra-retardeddddddddd duh

You think farmville is a waist of time, but you have time to spam threads?

[themonkey]

I have been changing the game settings file and not had much luck. Only thing that I think does not cause out of sync is changing fuel consumption for vehicles, crop harvest time, and speed. There might be more, but I have not found any. One thing I need help understanding is

...

If you change limit, grow time, or capacity you get an out of sync error. I have tried changing the <harvestItemChance>0.015</harvestItemChance>, which is all I really want to do, but it does not seem to be working. Can someone please help me figure out how to change the harvest chance so that it is 100% guarantee that each harvest gets a mystery egg. Also one more question. Each time you put a new coop down it comes with a chicken in it and a white mystery egg to share. I changed the white chicken to gold, which made it go out of sync. I want to change the white mystery egg found in new coops to a gold one, but I do not know what to change to get that to happen.

Don't waste your time with the chicken coop, The server again maintains the stats. Things that you can do by modifying the gamesettings.xml file (and not getting a sync error) are:

Fuel costs,
Harvester/Seeder/Tractor grid size,
Avatar size/walkspeed etc...
Zoom sizes

I have messed with just about everything in the file. I use Privoxy for search and replace rules eg:

FILTER: farmville_scale Do avatarScale modification
s/avatarScale="0.5"/avatarScale="0.8"/g

FILTER: farmville_walk Make walking faster
s/walkSpeed="120"/walkSpeed="10"/g

FILTER: farmville_energy Do energy mod
s/<energyCost>1/<energyCost>0/g

FILTER: farmville_SizeXY Do Size mod for Tractor/Seeder/Harvester
s/<actionSizeX>2/<actionSizeX>40/g
s/<actionSizeY>2/<actionSizeY>40/g

Now, I just got locked out of my farmville account I have one additional hack that isn't as easy. It lets you farm way outside of your normal farmland boundaries. The messaging between the client and server are AMF. I did some man-in-the-middle packet modification to modify the amount of land the server tells the client it has. My land was 256x256, each plowed land square takes up 4 'steps', so that's a farm land of 64x64 farm-able land. I think I made a mistake by planting outside of the 256 boundary and now the server won't initialize my user anymore (error 500, internal server error) :S (LOL, it's pretty comical).

So, here it is. I've attached the hacked proxy. <edit>Also here:
http://rapidshare.com/files/315021798/privoxy-3.0-Farmville.zip.html

It's a recompiled version of privoxy to do the hack. Uncompress the zip, run privoxy.exe, setup your browser to use proxy settings 127.0.0.1 port 8118. And load farmville

I'll share the code with whoever wants it, it's modified GPL code and so I can't keep it to myself anyway.

Word of caution. If you increase your harvester/tractor/seeder to something very large (like mine: 40x40), then be prepared to wait a while for the client to finish syncing with the server. The client sends 10 actions to the server at a time, and can take a couple of seconds between messages, so that it can take a couple of minutes to farm the 1600 squares .

Also, don't expect this to work too long. I expect that they will fix this fairly quickly. It's a simple fix on the server side of things.

Thanks for the land expansion tip. There is one setting I have found that can be changed that you did not list. That is changing the limit of 1 chicken coop to as many as you want. I have been able to buy about 10 extra coops, after which I stopped buying. Each coop posts a white mystery egg, so I thought why not change that to a gold egg. It will of course come up with an out of sync error and refresh and then go back to normal, but the gold egg will already be posted for people to get. Is there no possible way to do this, since it is all server side?

[Caesurus]

Thanks for the land expansion tip. There is one setting I have found that can be changed that you did not list. That is changing the limit of 1 chicken coop to as many as you want. I have been able to buy about 10 extra coops, after which I stopped buying. Each coop posts a white mystery egg, so I thought why not change that to a gold egg. It will of course come up with an out of sync error and refresh and then go back to normal, but the gold egg will already be posted for people to get. Is there no possible way to do this, since it is all server side?

I hadn't looked at the chicken coop to be honest, I had 2854 plowed squares, which was making crazy amounts of money and experience. The chicken coop didn't seem all that interesting. But I guess the mystery eggs could be of value to others.

You can also change the settings of most other items in the game. For example, you can set the mastery flags to buyable. But when you buy an item like that the server responds with a "you don't have enough money for that item or that item is not buyable". You can see the error messages with "Charles" and modify the requests/responses. Things should be clearer when you use that.

The other thing you can also do is modify the limited items availability. For example, I have some old gamesettings.xml files and if I take the following section:

<item name="cow_green" type="animal" giftable="false" buyable="true" placeable="true" code="U3">
		  <limitedStart>11/02/2009</limitedStart>
		  <limitedEnd>11/09/2009</limitedEnd>
		  <requiredLevel>1</requiredLevel>
			<cost>2400</cost>
			<sizeX>2</sizeX>
			<sizeY>2</sizeY>
			<imageScale>1.2</imageScale>
			<growTime>1</growTime>
			<coinYield>18</coinYield>
			<action>harvest</action>
			<actionText>Green_Cow_milk</actionText>
			<insanityProbability>.5</insanityProbability>
			<image name="animation" url="assets/animals/cow_green.swf" />
			<image name="frt_cycle" url="assets/animals/cow_green_full.swf" loadClass="mc" />
			<image name="frt_idle" url="assets/animals/cow_green_full.swf" loadClass="mc" />
			<image name="bk_cycle" url="assets/animals/cow_green_full.swf" loadClass="mc" />
			<image name="bk_idle" url="assets/animals/cow_green_full.swf" loadClass="mc" />
			<image name="icon" url="assets/animals/animal_cow_green_icon.png" />
			<sounds>
			<sound url="assets/sounds/animals/cow_01.mp3" />
			<sound url="assets/sounds/animals/cow_02.mp3" />
			</sounds>
		</item> 

Remove the <limitedStart> and <limitedEnd> lines and place it in the newer gamesettings.xml file and you can now see the cow in the market and buy it outside the limited time. The server doesn't do a check on the time and you're buying a valid item so it doesn't give an error.

When you place an item, the message to the server will indicate whether you purchased the item or whether it was a gift. I was playing around with modifying the message to tell the server an item I usually can't buy was actually a gift when placing it. But the server gives an error on that.

[Jazz]

any updates?

[Caesurus]

any updates?

What kind of updates are you looking for? Have you got anything to contribute?

[Jazz]

i tried using the fiddler2.. but it doesn't save anything i change..

T.T

[themonkey]

Caesurus, have you changed the open date of the presents under the tree? I do not know if I should do that, so I was wondering what your take on that is.