# Exploiting games, guide to how you set about doing it.



## Alexander1970 (Apr 12, 2021)

After this great "Wall of Text" I wonder,why you do not have found some Exploits...
...you seem to have "Time"....


----------



## FAST6191 (Apr 12, 2021)

alexander1970 said:


> After this great "Wall of Text" I wonder,why you do not have found some Exploits...
> ...you seem to have "Time"....


A handful of those examples I did discover myself (did not have internet full time before about 2006) and I do far lesser things when reviewing games all the time. It is also not necessarily my thing, or if it is I don't care about speedruns and don't care about online competitive edges.

Equally this was more about providing some people with an in to it all. Too often when I go looking it is a few people that know about some of the map stuff but would be clueless in menus, much less code, and on rare occasions some even like to keep techniques for finding things almost super secret squirrel which I find odd.

Should have some more of these to come -- probably got a basic cheat finding thing to do (I like the etk guide linked but I reckon I can do more, especially for inventory and stats), and seen as people are having developers and decompilations reveal all sorts of hidden cheat menus and options I will have to do a guide to that (finding long input buffers where not needed, and seeing the program branches in multiple ways after entry of a password or something when reality you need "password correct, password incorrect" to do most things or if you have more than the number of entries on your chosen gamefaqs entry + one for failure then there are more in there. Theoretically there are other options but few will do them unless they are dodging some laws on sharing keys or password entry is actually just seed entry) before wandering off into the more technical weeds for some of the stuff above*.

*not including technical rundowns and reasons for much of the above made it one of the harder writing exercises I have done in years, however for every shot of a hex editor I figure about half of whatever remains of those reading it would be all "I am out".


----------



## MaxToTheMax (Apr 12, 2021)

The game exploiters manifesto.


----------



## Vila_ (Apr 12, 2021)

this is amazing!  (yes, I have way too much free time right now )


----------



## BitMasterPlus (Apr 12, 2021)

The all important guide every gamer needs to read.


----------



## Kwyjor (Apr 12, 2021)

FAST6191 said:


> In something of a crossover with UI we have the Zelda Link’s Awakening minigame. Get your sword and 10 rupees. Now you can go into the minigame in the main village (a sort of claw game). Move the shadow to the top left corner of the conveyor belt and wait. When the item you want gets to the tile before the top left then lightly tap the other button so it registers a press. Every time you will win a prize. As said prizes include a 30 rupee crystal and things reset by leaving the room and coming back in you now have infinite money (can buy some things in the shop a few screens up from there) and potentially access to a few items ahead of when you might get them in the story. Minigames like this are often exploitable and thus should be considered carefully when assessing a game, though also be sure they are not exhaustible or if they are if you can in fact win less and keep them alive longer.



In Super Mario Bros if you hold right at the start of the game you will run into a goomba and die.  If you do this several times you will lose all your lives and have to start over. However, if you press the A button, then Mario will jump. Do this at the right time and the goomba will die as it collides with Mario's feet, allowing you to continue and also scoring 100 points. Exploit!


----------



## Uiaad (Apr 12, 2021)

I have a test I do when I make a program. I sit down and think " what is this fucker going to do to break it " and I can spend weeks if not months trying to come up with any possible way a user can break it. I never get all of them but on the other hand, I never assume the user isn't gonna do something unexpected.

More companies should do what they do at large multinational firms do ... bug bounties, essentially paying the user for finding bugs and exploits - This is how I ended up with 3 years of free Xbox GamePass Ultimate


----------



## jt_1258 (Apr 12, 2021)

tbh, there is some guilt that comes with it...sure...I could abuse the living hell out of the wall and floor dupe glitch in DQ Builders but it takes out some of the fun of exploring for more of the resources and stumbling on new places...


----------



## HarveyHouston (Apr 13, 2021)

Wow, I am really impressed! This article shall be saved in "HarvHouHacker's Handbook for Unethical Hacking" for eternity! 

("Unethical" meaning messing with content that is in a gray area, i.e. abandonware or content that may or may not get you into legal trouble).


----------



## MarkDarkness (Apr 13, 2021)

What a weird post for the first page.


----------



## banjo2 (Apr 13, 2021)

MarkDarkness said:


> What a weird post for the first page.


How so?


----------



## MarkDarkness (Apr 13, 2021)

banjo2 said:


> How so?


Front page is usually scene news, major gaming news, reviews, and every once in a while some topics to stimulate debate. This is a guide on something incredibly specific.


----------



## James_ (Apr 13, 2021)

Alright thank you for all this information, time to exploit the entire universe


----------



## zoogie (Apr 13, 2021)

alexander1970 said:


> After this great "Wall of Text" I wonder,why you do not have found some Exploits...
> ...you seem to have "Time"....


Maybe the "Wall of Text" post was itself an attempt to overflow gbatemp servers with its huge size.
Who knows, FAST may already have server code execution as we speak 


MarkDarkness said:


> Front page is usually scene news, major gaming news, reviews, and every once in a while some topics to stimulate debate. This is a guide on something incredibly specific.


Oh cmon, this is an enthusiast forum for hacking/homebrew at its core. I've seen much more obscure and weird Front Page stuff than this. 

Don't forget this place started out in 2002 as a romsite and even sold flashcarts at one time. It wasn't until about 2012 that they even starting putting mainstream gaming news on the front page with any regularity. This was done to counteract reduced traffic due to a lull in current consoles being hacked (3ds pre-gateway) and an actual site hack that took the place offline for about a week, killing its SEO ranking. Fun times.


----------



## zxr750j (Apr 13, 2021)

Thanks for the post, figuring out things themselves is so much more rewarding then just downloading some codes or cheats.

I once (or twice) made a pokemon hatching "machine" using 3ds/raspberry/sensors/python/relays with lots of wires soldered to the 3ds , had lots of fun making, programming and tweaking it! I think this could qualify as a enhanced macro.
I bought a teensy doing basically doing the same thing for the swtitch : putting it in my switch lite and pokemon sword using prewritten code gotten via Google: the same outcome but far less fun... The wires of the old system made it look far more technical and homemade, and the clicking of the relay's gave it a sort of analogue feel to it.

I do have an idea to integrate a raspberry emulating a joycon and sysdvr to check for shinyness when an egg hatches but I'm working on another project which is more important (making a thing to control our homemade pool).


----------



## FAST6191 (Apr 13, 2021)

MarkDarkness said:


> Front page is usually scene news, major gaming news, reviews, and every once in a while some topics to stimulate debate. This is a guide on something incredibly specific.


While yes that is the usual fare the guides and FAQs section was opened up to that, I have put a number of my other guides/overviews (though others not so much) up before, and given we are seeing all sorts of hidden data revealed by hackers all the time then a guide to how some of it is obtained seems on topic as it were -- not like ROM hacking, speedrunning, "discovered in" and more don't happen every day around here.

That said other than "shorter" (I did consider splitting it, even if normally every time I see it done elsewhere then it sets of my "gaming the advert impressions" alarm) is there something that might have made it more fitting for front page purposes?



Uiaad said:


> I have a test I do when I make a program. I sit down and think " what is this fucker going to do to break it " and I can spend weeks if not months trying to come up with any possible way a user can break it. I never get all of them but on the other hand, I never assume the user isn't gonna do something unexpected.
> 
> More companies should do what they do at large multinational firms do ... bug bounties, essentially paying the user for finding bugs and exploits - This is how I ended up with 3 years of free Xbox GamePass Ultimate


They could also stop most of it by turning menus into state machines rather than using on[event], encoding variables in multiple places (presumably with all the nice invert and encrypted and location hopping mirrors that all your favourite cheat prevention methods employ), possibly do solid worlds and at least figure out no go zones to teleport people back to somewhere else and "this speed is ridiculous, reset to" bounds checking.

That however would take programming resources to solve a problem that does not overly bother many and could be used to push more polygons. Equally given few devs seem particularly inclined to balance things like game theory would dictate they probably should, and board game/tabletop game devs do all the time (often with greater numbers of variables) I am not necessarily expecting much.

That said I do also encourage defensive coding and conversely thinking like an attacker in all things. Can conflict with the "make it extensible" thing but done right you will wind up with an API someone wants to use rather than causes you drama when they have to hack job something together.



Kwyjor said:


> In Super Mario Bros if you hold right at the start of the game you will run into a goomba and die.  If you do this several times you will lose all your lives and have to start over. However, if you press the A button, then Mario will jump. Do this at the right time and the goomba will die as it collides with Mario's feet, allowing you to continue and also scoring 100 points. Exploit!


The real exploit there is how the devs mind controlled you into figuring that out.
Though seriously for others reading the first screen of super mario brothers is considered something of a master class in tutorial section. Much has been made of that one in contemplations of game design circles.




zxr750j said:


> Thanks for the post, figuring out things themselves is so much more rewarding then just downloading some codes or cheats.
> 
> I once (or twice) made a pokemon hatching "machine" using 3ds/raspberry/sensors/python/relays with lots of wires soldered to the 3ds , had lots of fun making, programming and tweaking it! I think this could qualify as a enhanced macro.
> I bought a teensy doing basically doing the same thing for the swtitch : putting it in my switch lite and pokemon sword using prewritten code gotten via Google: the same outcome but far less fun... The wires of the old system made it look far more technical and homemade, and the clicking of the relay's gave it a sort of analogue feel to it.
> ...


Nice. I occasionally see such things on sites like hackaday (did even reference one like it in the opening post for the side channel stuff), though most of those these days are "someone wired up a guitar hero controller to play halo, how wacky".


----------



## naed06 (Apr 13, 2021)

A good well written article... enjoyed reading it

I did however expect there to be a guide on how to find some of the said exploits and not just an overview of them

I was part of the game hacking scene, when game genie and action replays where widely used especially around the N64 era and a lot of the time is the thinking of “how can I exploit this” or “what exploit do I want” that stop people creating them

it’s great to see how the mind of someone who creates and seeks out exploits looks at things differently to how others do - and the huge amount of effort and work that goes into creating them


----------



## Kwyjor (Apr 13, 2021)

naed06 said:


> I was part of the game hacking scene, when game genie and action replays where widely used especially around the N64 era and a lot of the time is the thinking of “how can I exploit this” or “what exploit do I want” that stop people creating them


You may enjoy this recent Paper Mario video – though it's twice as long as it needs to be despite leaving out some of the more pertinent details. (I miss Stryder7x.)


----------



## MarkDarkness (Apr 13, 2021)

FAST6191 said:


> While yes that is the usual fare the guides and FAQs section was opened up to that, I have put a number of my other guides/overviews (though others not so much) up before, and given we are seeing all sorts of hidden data revealed by hackers all the time then a guide to how some of it is obtained seems on topic as it were -- not like ROM hacking, speedrunning, "discovered in" and more don't happen every day around here.
> 
> That said other than "shorter" (I did consider splitting it, even if normally every time I see it done elsewhere then it sets of my "gaming the advert impressions" alarm) is there something that might have made it more fitting for front page purposes?


Shorter for sure. More like "Community reporter Tom White creates guide on Exploiting games", highlight juiciest parts in front page, then make the guide even longer on the FAQ section.


----------



## FAST6191 (Apr 13, 2021)

naed06 said:


> A good well written article... enjoyed reading it
> 
> I did however expect there to be a guide on how to find some of the said exploits and not just an overview of them
> 
> ...



I would normally do worked examples (the main version of https://gbatemp.net/threads/gbatemp-rom-hacking-documentation-project-new-2016-edition-out.73394/ ) but was hoping the examples listed here for existing games and videos detailing things also linked would suffice for now. The more I have to explain matrix maths, floating point numbers, data types, 3d engine mechanics and the like the more people would have clicked off. This would have been less than ideal for me for while

is a thing in some games there are plenty more that can be achieved by sweeping a stick around next to a wall/junction, trying all the animations, spinning around next to a corner, spinning around holding something... and while I could cover deriving your chosen strategy game's equivalent of https://www.dragonflycave.com/mechanics/gen-i-capturing from assembly or maybe just memory viewing then you can also look at all the bonus perks from everything, derive some nuts strategy to achieve them (one that if you pulled back even a tad you would lose) and also consider more closely all the weird and wonderful stuff (jokes, references, silliness) the devs chucked in there that might have broken their otherwise careful balancing.

I also owe something to the N64. My gameshark had a little guide to making cheats (basic fire a bullet/lose some health/... search, repeat) and I did that. Was not my first dalliance with such devices (had peek and poke on the C64, trainers on the amiga, sort of something on the PC that barely worked and needed a parallel dongle and a game genie on the megadrive, something on the gameboy as well) but was the first time I properly got my hands dirty and awoke something in me there, though it was probably inevitable.

I am planning some follow ups that necessarily delve into engine design at the very least but was aiming to keep it light and maybe have those that wanted to go further have some jumping off points for it.



MarkDarkness said:


> Shorter for sure. More like "Community reporter Tom White creates guide on Exploiting games", highlight juiciest parts in front page, then make the guide even longer on the FAQ section.


That is something I often do (the ROM hacking and game journalism guide ones probably being main examples).
Will possibly make a full 90s "have you ever wanted to do this?" type deal as a frontload.


----------



## naed06 (Apr 13, 2021)

FAST6191 said:


> I am planning some follow ups that necessarily delve into engine design at the very least but was aiming to keep it light and maybe have those that wanted to go further have some jumping off points for it.



looking forward to the follow ups


And this topic reminded me of the super Mario flappy bird exploit, which is explained far better in this video than I could ever explain


----------

