HTML5 games and GodMode: everything is simple!

"War War never changes". I think this phrase is familiar to many. Every PC user has ever run a computer game. A lot of computer hardware suffered in battles from the hot hand of a gamer who lost his last “life”. Sometimes there is a thought: and not to look for "cheats" and not to wind up your own lives or resources? .. So begins the way cheater.

In this article I will show you with two examples of how using improvised tools you can dishonestly play games on HTML5.

The core of any HTML5 game is javascript. The only, at the moment, protection of this kernel is obfuscation of the code. Agree, to see the “sheet” of 10,000 lines of obfuscated code without a new-line is scary at first. But if you dig a little bit, the logic and architecture of the application are in full view. The main thing - to determine the purpose of cheating (speed, resources, GodMode). We use Chrome and its Web Inspector as a tool. In the Sources tab, you can change the executable code "on hot".

Google doodles

I’ll begin with a simple example: http://www.google.com/doodles/slalom-canoe-2012 . Relatively fresh Olympic Doodle.
')


The main goal of the game is to pass the track as quickly as possible. Several tricks immediately come to mind:

• increase the speed of the boat;
• remove obstacles;
• remove the deceleration from collisions;
• “Straighten” the track;
• do something with the timer (reset, slow down).

Most often the best thought is the first. On it and stop. Open Chrome and its Web Inspector (the basics of the work - in a great article ).

We are interested in the JavaScript code of the game.



It is logical to assume that this is slalom_canoe12-2.js .

The source code is ... a bit scary, right? You can automatically arrange a new-line and formatted with JavaScript syntax. Readability is greatly improved and it will become easier to analyze. You can also break the entire code with breakpoints and try to restore the algorithms. But let's not shoot the S-400 at a quadrocopter ...

We begin to argue. By pressing the key or passing through the gate the boat is accelerating. Therefore, somewhere there is the parameter “speed” and it should (most likely) be incremented. We search by code for all operators “+ =” (since the volume and complexity of the code allow), there are only 12. In principle, you can turn on the “scientific spear” method and try changing all 12 ones in turn. And you can think.

1. t his.S + = b.duration - something related to the duration (thanks, cap!);
2. this.B && (e + = this.B * (Math.random () - 0.5), f + = this.B * (Math.random () - 0.5)) ... e + = this.o * (Math.random () - 0.5)) - random-0.5 somehow does not look like speed ...
3. R + = Qc * b - hm-m ... and the initial value, and some coefficient.

Stop and check. We update the page (just in case). Open Sources slalom_canoe12-2.js . Find R + = Qc * b. Suppose b is the acceleration factor. And replace it with 500 (do not forget to press Ctrl + S).



Click Play in the game and ...



Bingo! Our wonderful boat rushes to the finish. Now you can brag to your friends at the speed of your fingers :)

I note that the example given is a case in which it was possible to get by with little blood. And it did not require deep knowledge of JavaScript, architecture, debugging. Only arithmetic.

Let's turn to another example.

Spelunky

In this example, you need to know what if and what is =, as well as basic knowledge of English. Not so long ago, an article on Spelunky was published on Habré. The game certainly deserves attention. Good old hardcore! But there are several “jambs” with controls and collisions that prevent the game from passing. Let's try to draw our own lives, bombs, ropes and other joys.



Open the site with the game . In the inspector we find index.js , this is the game code . First thought: "What a nightmare."

But stop! There are also clear words. For example Bomb, Rope. This is already interesting. So you can try to find a piece of code that handles the receipt of the item. And there somewhere should increase the amount of this ...

We are looking for the word Bomb. A lot of results - 79. Let's try Bomb Bag. And here it is, the first result!

if ((qzb (hzb.lhc) .hjc == "Bomb Bag")) {
{global.loc + = 3; hzb.unc = ilc (qzb (hzb.lhc) .exb, (qzb (hzb.lhc) .fxb-14), 195); qzb (hzb.unc) .khc = 603; { var moc = uzb (hzb.lhc); for (var noc in moc) {var ooc = moc [noc]; {nlc (ooc);}}}; gg (hzb, izb, global.ync); hzb.lhc = 0; global.bnc = "YOU GOT 3 MORE BOMBS!"

Here we see that something is being compared with Bomb Bag and if this is it, then we do global.loc + = 3 and we write somewhere “YOU GOT 3 MORE BOMBS!” Accordingly in global.loc we have the number of bombs. We analyze the code located nearby, and find the variables in which the ropes and other joys are stored. Here is a short list:

• global.loc - bombs;
• global.soc - sticky bombs;
• global.woc - ropes.

Now we try to change the values ​​in the game itself. In the inspector in the Sources tab, click Pause Script Execution (F8).



Open the Console and enter the following.


Let us pause - and enjoy the result! I will not describe how to draw yourself lives. Let the reader try to deal with this variable.

Conclusion: smart uphill will not go. Changing the javascript code is a breeze. Obfuscation is not fatal. Try to think logically. And another thing: any cheating gradually kills the interest in the game (at least for me), be careful with this.

This article is informative.

Author: Alexander Polunin ( hekser ).