exclamation-circle Lackey Vulnerabilities

26 Apr 2021 02:22 - 26 Apr 2021 10:29 #102149 by Katricz
Greetings folks.

I found 05 vulnerabilities in Lackey that I share with all of you.

First, I would like to emphasize that the goal is to make it public for everyone and look for a solution for this application and for our beloved game.

01 - Cancel Draw

The Cancel Draw button returns the leftmost card to the library, if the cards are changed order in your hand, Cancel Draw will return the wrong card.

02 - No Shuffle

In the main folder of the plugin, which is at:
(...) \ LackeyCCG \ plugins \ vtes \
has a file called plugininfo.txt with the settings for shuffling the deck, marked as Yes. If you switch to No, the decks will not be shuffled when imported, allowing the user to choose the order of the cards he will draw (order that was placed in the deck creation).

03 - Disconect and Load Game Offline

the user can disconnect in a match, go offline and use the Load Game. With that he restores the same game table online.
That user will be able to see his hands and all his library before resuming to the online game, giving them an unlawful advantage.

04 - Cain Mode

When passing the turn, Lackey generates an autosave file in the \ LackeyCCG \ plugins \ vtes \ saved \

This file contains all the information of the table, such as hand, libray, crypta, pool of all players.
Although the card is in code, it is easily possible to make the corresponding name for that code.

It is not need to map all the cards to have extraneous advantages, just know that the X, Y, Z codes are deflection cards and the T card is Archon, to be able to use that bleed of 07 without worry.

I mapped all cards ID and Names to show how this work, and I will gladly show you.
After start a game and pass turn, I can tell all hand, livrary order, crypt for all players.


05 - Revert to Autosave

The Autosave file can be changed before using Revert to Autosave. It is possible to change the pool, the cards, the library before using Revert to Autosave.



This information is already known to several people from different countries.
I can't say that anyone used that in games, but I'm sure they know it.

Rather than trying to solve the problem, people that knew tried to hide these flaws to prevent users from using it.

I prefer to divulge to everyone about them and ask the community for help in finding solutions.

No further.

Katricz


 

File Attachment:

File Name: LackeyID-Library.zip
File Size:55 KB
Attachments:
Last edit: 26 Apr 2021 10:29 by Katricz.
The following user(s) said Thank You: Lönkka, Joscha, Vlad, ResurrectioN, Tadori, Kilrauko, donhawk

Please Log in or Create an account to join the conversation.

More
26 Apr 2021 08:49 #102152 by Lönkka
Replied by Lönkka on topic Lackey Vulnerabilities
More reason, besides the horrible interface, for me to continue NOT using Lackey!

I HIGHLY recommend that Lackey should NOT be used for any National Championships or higher level games!

NC, Finland
Finnish :POT: Politics!
The following user(s) said Thank You: Vlad

Please Log in or Create an account to join the conversation.

  • Lönkka
  • Lönkka's Avatar
  • Away
  • Platinum Member
  • Platinum Member
  • War=peace, freedom=slavery, ignorance=strength
More
26 Apr 2021 09:32 - 26 Apr 2021 09:33 #102153 by Tadori
Replied by Tadori on topic Lackey Vulnerabilities
Thanks Katricz for taking the time to check this. But honestly Im not surprised at all. Lackey was never intended for competitive play so solutions used in it are as simple as possible.
Last edit: 26 Apr 2021 09:33 by Tadori.

Please Log in or Create an account to join the conversation.

More
26 Apr 2021 10:32 #102154 by Katricz
Replied by Katricz on topic Lackey Vulnerabilities
I know. My point is, if you wanna use Lackey (for fun or champs), you need to know its vunerabilities.
The following user(s) said Thank You: Vlad, ResurrectioN

Please Log in or Create an account to join the conversation.

More
27 Apr 2021 07:17 - 27 Apr 2021 07:21 #102162 by Vlad
Replied by Vlad on topic Lackey Vulnerabilities
Do you know if BCP is aware about those cheating techniques ?

Whatever the answer, the Lackey tournaments MUST be either unrated or rated specifically...

Pentex Board of Directors

Prince of Oye Plage
Alastor Grand Nord

:gang:

:ani: :cel: :chi: :FOR: :PRO:
Last edit: 27 Apr 2021 07:21 by Vlad.

Please Log in or Create an account to join the conversation.

More
27 Apr 2021 08:39 #102165 by beslin igor
Replied by beslin igor on topic Lackey Vulnerabilities
Hey Katricz I want to ask about this:

02 - No Shuffle

In the main folder of the plugin, which is at:
(...) \ LackeyCCG \ plugins \ vtes \
has a file called plugininfo.txt with the settings for shuffling the deck, marked as Yes. If you , the decks will not be shuffled when imported, allowing the user to choose the order of the cards he will draw (order that was placed in the deck creation).

So if player switch to No,what happen if you use to shufle his crypt/library,can you shufle it?

Please Log in or Create an account to join the conversation.

More
Moderators: AnkhaKraus
Time to create page: 0.137 seconds
Powered by Kunena Forum