We write bot for browser game agar.io

Everything is probably in the know about such a great web game like agar.io.
Once again, having lost a more lucky opponent in it, I silently cursed to myself and decided to somehow hack this toy in order to get an advantage in it at last! As a result, I managed to create a squad of gaming bots for myself, which are trying to find me on the map in order to join my game cell.

We get into the game client

At first it was necessary to understand how everything works.
The game is written in javascript and communicates with the game server via a web socket.

The main game script is in the main_out.js file.
The code there is of course obfuscated and in every way tries not to let itself be run from where it should not be:
')

if ("agar.io" != h.location.hostname && "localhost" != h.location.hostname && "10.10.2.13" != h.location.hostname) h.location = "http://agar.io/"; 

Expanding the file into a readable form through Chrome's debugger, the question arose: how to get into the logic of the game?

At first, I decided to create a local copy of the files and connect to the server by turning off the cross-domain check in the browser:

 #  /css/bootstrap.min.css /js/jquery.js /index.html /main_out.js /quadtree.js #   same origin policy chrome.exe --disable-web-security 

This worked for AJAX requests from gaming regions, but further attempts to connect using a web socket were rejected. A different approach was needed.

We replace url files

The working solution was to download a real game client, but replacing the browser with the necessary files for your own. To do this, install the wonderful program Fiddler Web Debugger and specify the necessary paths in the AutoResponder tab:



This approach obviously requires keeping Fiddler running during a game session.

Trying to trick the server

I want to praise the authors of the game - nothing is sent to the server that could be changed in its favor (for example: its size :)). The client sends only the coordinates of the mouse, where he would like to move his cell and reports the desired actions (for example: split).

The server, in turn, does not send “extra” data to the client. For example, when I increased the scale of the game map, the server would still send only the window of objects that I should have seen within my cell:



It would seem that all ways are closed: the server does not trust clients with any important information and calculates everything on its own.

But then you can deceive the server within its rules: create a flock of bots that will constantly sacrifice themselves, increasing my mass. But how can bots find my cell on the map? Rescued the server API itself: if you constantly send for example coordinates (0, 0), then the game cell will always follow this part of the map without stopping until it reaches the goal. Instead of zeros, you just need to send the bots my current coordinates and they will come to me for dinner!

We write bots in the current window

Client code simultaneously receives data and redraws objects on the screen. It would be possible to open 20 tabs managed by bots and one of my game tabs. But then it would be necessary to somehow transfer my coordinates to neighboring tabs. Plus, drawing each tab would slow down the entire browser (I tried it - it does). Therefore, it was decided to create new game sessions directly in the current tab, but turn off the link with the display for them:

 //    var isBot = true; for (i = 0; i < botsCount; i++) { //     , //       setTimeout(function(){ game(window, r, isBot, botsUrl, M); }, 500); } //       function paint() { if(bot) return; //... } 

It was also necessary to add the code so that when the bot dies, it automatically starts a new session.

Work results

Bots are created. And find me on the map!



However, things are not so bright.

First, the server throws players around the game rooms. Therefore, with me on the card of 50 bots fall 2-3. The rest "play" in other rooms, following the coordinates from the neighboring Universe.

Secondly, bots can be eaten by someone else! Therefore, they manage to come to me somewhere a couple of times a minute.

And finally, third, the bots are small. Going to me, they do not gain a special mass. Therefore, from a certain stage, their contribution to my victory becomes minimal.

findings

The authors of the game managed to create a wonderful network code that does not break from banal hacking. However, the game is not protected from botovodstvo and a little by understanding the client's code, you can create yourself a slight technical advantage over the others.

If, however, the issue is resolved so that the bots connect to the correct card, then there is an opportunity to seriously press down their less technically-savvy rivals.

I reached my small goal:


Maybe thanks to bots, maybe I was lucky myself.

[ Client's total code ]

Thank you for your attention and good luck in the game!