Lackey Vulnerabilities
26 Apr 2021 02:22 - 26 Apr 2021 10:29 #102149
by Katricz
Lackey Vulnerabilities was created by Katricz
Greetings folks.
I found 05 vulnerabilities in Lackey that I share with all of you.
First, I would like to emphasize that the goal is to make it public for everyone and look for a solution for this application and for our beloved game.
01 - Cancel Draw
The Cancel Draw button returns the leftmost card to the library, if the cards are changed order in your hand, Cancel Draw will return the wrong card.
02 - No Shuffle
In the main folder of the plugin, which is at:
(...) \ LackeyCCG \ plugins \ vtes \
has a file called plugininfo.txt with the settings for shuffling the deck, marked as Yes. If you switch to No, the decks will not be shuffled when imported, allowing the user to choose the order of the cards he will draw (order that was placed in the deck creation).
03 - Disconect and Load Game Offline
the user can disconnect in a match, go offline and use the Load Game. With that he restores the same game table online.
That user will be able to see his hands and all his library before resuming to the online game, giving them an unlawful advantage.
04 - Cain Mode
When passing the turn, Lackey generates an autosave file in the \ LackeyCCG \ plugins \ vtes \ saved \
This file contains all the information of the table, such as hand, libray, crypta, pool of all players.
Although the card is in code, it is easily possible to make the corresponding name for that code.
It is not need to map all the cards to have extraneous advantages, just know that the X, Y, Z codes are deflection cards and the T card is Archon, to be able to use that bleed of 07 without worry.
I mapped all cards ID and Names to show how this work, and I will gladly show you.
After start a game and pass turn, I can tell all hand, livrary order, crypt for all players.
05 - Revert to Autosave
The Autosave file can be changed before using Revert to Autosave. It is possible to change the pool, the cards, the library before using Revert to Autosave.
This information is already known to several people from different countries.
I can't say that anyone used that in games, but I'm sure they know it.
Rather than trying to solve the problem, people that knew tried to hide these flaws to prevent users from using it.
I prefer to divulge to everyone about them and ask the community for help in finding solutions.
No further.
Katricz
I found 05 vulnerabilities in Lackey that I share with all of you.
First, I would like to emphasize that the goal is to make it public for everyone and look for a solution for this application and for our beloved game.
01 - Cancel Draw
The Cancel Draw button returns the leftmost card to the library, if the cards are changed order in your hand, Cancel Draw will return the wrong card.
02 - No Shuffle
In the main folder of the plugin, which is at:
(...) \ LackeyCCG \ plugins \ vtes \
has a file called plugininfo.txt with the settings for shuffling the deck, marked as Yes. If you switch to No, the decks will not be shuffled when imported, allowing the user to choose the order of the cards he will draw (order that was placed in the deck creation).
03 - Disconect and Load Game Offline
the user can disconnect in a match, go offline and use the Load Game. With that he restores the same game table online.
That user will be able to see his hands and all his library before resuming to the online game, giving them an unlawful advantage.
04 - Cain Mode
When passing the turn, Lackey generates an autosave file in the \ LackeyCCG \ plugins \ vtes \ saved \
This file contains all the information of the table, such as hand, libray, crypta, pool of all players.
Although the card is in code, it is easily possible to make the corresponding name for that code.
It is not need to map all the cards to have extraneous advantages, just know that the X, Y, Z codes are deflection cards and the T card is Archon, to be able to use that bleed of 07 without worry.
I mapped all cards ID and Names to show how this work, and I will gladly show you.
After start a game and pass turn, I can tell all hand, livrary order, crypt for all players.
05 - Revert to Autosave
The Autosave file can be changed before using Revert to Autosave. It is possible to change the pool, the cards, the library before using Revert to Autosave.
This information is already known to several people from different countries.
I can't say that anyone used that in games, but I'm sure they know it.
Rather than trying to solve the problem, people that knew tried to hide these flaws to prevent users from using it.
I prefer to divulge to everyone about them and ask the community for help in finding solutions.
No further.
Katricz
Attachments:
Last edit: 26 Apr 2021 10:29 by Katricz.
Please Log in or Create an account to join the conversation.
26 Apr 2021 08:49 #102152
by Lönkka
Replied by Lönkka on topic Lackey Vulnerabilities
More reason, besides the horrible interface, for me to continue NOT using Lackey!
I HIGHLY recommend that Lackey should NOT be used for any National Championships or higher level games!
I HIGHLY recommend that Lackey should NOT be used for any National Championships or higher level games!
Finnish Politics!
The following user(s) said Thank You: Vlad
Please Log in or Create an account to join the conversation.
26 Apr 2021 09:32 - 26 Apr 2021 09:33 #102153
by Tadori
Replied by Tadori on topic Lackey Vulnerabilities
Thanks Katricz for taking the time to check this. But honestly Im not surprised at all. Lackey was never intended for competitive play so solutions used in it are as simple as possible.
Last edit: 26 Apr 2021 09:33 by Tadori.
The following user(s) said Thank You: Rémi
Please Log in or Create an account to join the conversation.
26 Apr 2021 10:32 #102154
by Katricz
Replied by Katricz on topic Lackey Vulnerabilities
I know. My point is, if you wanna use Lackey (for fun or champs), you need to know its vunerabilities.
The following user(s) said Thank You: Vlad, ResurrectioN
Please Log in or Create an account to join the conversation.
27 Apr 2021 07:17 - 27 Apr 2021 07:21 #102162
by Vlad
Pentex Board of Directors
Prince of Oye Plage
Alastor Grand Nord
Replied by Vlad on topic Lackey Vulnerabilities
Do you know if BCP is aware about those cheating techniques ?
Whatever the answer, the Lackey tournaments MUST be either unrated or rated specifically...
Whatever the answer, the Lackey tournaments MUST be either unrated or rated specifically...
Pentex Board of Directors
Prince of Oye Plage
Alastor Grand Nord
Last edit: 27 Apr 2021 07:21 by Vlad.
Please Log in or Create an account to join the conversation.
27 Apr 2021 08:39 #102165
by beslin igor
Replied by beslin igor on topic Lackey Vulnerabilities
Hey Katricz I want to ask about this:
02 - No Shuffle
In the main folder of the plugin, which is at:
(...) \ LackeyCCG \ plugins \ vtes \
has a file called plugininfo.txt with the settings for shuffling the deck, marked as Yes. If you , the decks will not be shuffled when imported, allowing the user to choose the order of the cards he will draw (order that was placed in the deck creation).
So if player switch to No,what happen if you use to shufle his crypt/library,can you shufle it?
02 - No Shuffle
In the main folder of the plugin, which is at:
(...) \ LackeyCCG \ plugins \ vtes \
has a file called plugininfo.txt with the settings for shuffling the deck, marked as Yes. If you , the decks will not be shuffled when imported, allowing the user to choose the order of the cards he will draw (order that was placed in the deck creation).
So if player switch to No,what happen if you use to shufle his crypt/library,can you shufle it?
Please Log in or Create an account to join the conversation.
- beslin igor
- Offline
- Antediluvian
Less
More
- Posts: 677
- Thank you received: 133
Time to create page: 0.111 seconds
- You are here:
- Home
- Foro
- Online Play
- LackeyCCG
- Lackey Vulnerabilities