Hiyall360's vulnerability journey - Maguss hacks



  • Hello fellow testers and Maguss development team!

    I've started a journey to help improve the security of this spectacular game by offering my expertise in reverse engineering/hacking.

    I have no malicious intent. My hacks are made in order to make the Maguss team aware of the security flaws in the game so that they get fixed and future hackers will only fail :) I'll be posting my hack videos here, and I'd love to tell the devs exactly how they were done.

    Without further a due, my first hack:

    Unlimited reach. - this allows me to tap on things outside my radius.

    Video:
    https://youtu.be/SXsj-dwpnts



  • i think it's better to send those privately to the dev team :)



  • It doesn't show how to do it. Just it's possible. But i think too it's better send it directly to the developper.



  • I think it's a good idea to make players aware of exploits as long as there is no hint on how to do it.
    If developers really want to improve their game, they welcome players to report these cases and give feedback on these topics. Suppressing reports of exploits just decreases trust in developers. Open communication is the key to success for every game.



  • this is not an exploit, it's a hack. Players are not allowed to emulate hacks.

    Abusing a broken spell is an exploit, changing the client code of the app in order to be like Neo in matrix is a hack. Therefore it's advisable not to show the hack (even if not explained) because can give malicious people bad ideas

    Anyway, i hope Maguss team developed a good anti-hack system. Would hate to see hackers flying around



  • I actually have a similar view as TS. (though i may not support posting publicly)

    Nothing has been mentioned about security and anti-hack mechanisms since this game's launch.

    (and i already suspect there are auto walkers/gps spoofers around since early closed beta. saw one myself when a "person" just walked through a closed construction site and passed me - when there wasn't a physical person nearby.)

    It would be really shitty if 3 days into the game i see tons of auto walkers/collection/battle programmes which just brings people to max level in less than 1 week. not only would it be unfair, but it would also defeat the rpg/grind/social element of the game. making the game boring as hell really fast. Trading, in future, would be useless as well.


  • administrators

    @hiyall360 Hey, I am not sure how but I missed your comment. Can you please send me a private msg ? Either here or on FB. Thanks.



  • @ron-benvenuti said in Hiyall360's vulnerability journey - Maguss hacks:

    this is not an exploit, it's a hack. Players are not allowed to emulate hacks.

    Abusing a broken spell is an exploit, changing the client code of the app in order to be like Neo in matrix is a hack. Therefore it's advisable not to show the hack (even if not explained) because can give malicious people bad ideas

    Anyway, i hope Maguss team developed a good anti-hack system. Would hate to see hackers flying around

    We can discuss about definitions here but since he is using a vulnerability, I think exploit is also appropiate.
    "An exploit [...] is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability." -Wikipedia

    "Range detection" or how someone would call it, should not be handled on client side. It's just a security flaw.

    bad
    Client: I'm picking up resource X at coords yx:ab
    Server: ok

    good
    Client: I want to pick up resource X at coords yx:ab, my coords are ...
    Server: ok, done, you're in range OR error, not in range OR error, there is no resource etc.

    Of course this is still a problem due to gps spoofing.

    I think it's good to see what's possible and I even want to see hackers encouraged for 'bad ideas', because if they can realize this idea, there is a security flaw. If this happens way too often, I can consider quitting because I don't trust the developers anymore.



  • @hiyall360 I totally support your transparency regarding testing 'hacks' on this game.

    The fastest way to get an exploit corrected is by posting it on the public domain.

    Can't always guarantee it happens fast when it's kept on the 'down-low'.

    Plus, only players trying to take advantage of these exploits want them to remain hidden.



  • @lightangel Considering how young this game is, especially being freshly released in open beta, having hackers / exploiters running around freely AND they gather the hack/exploits from the official forum = bad for the product.

    I totally support putting such skills to good use, but I don't support publicly posting them at this point in this game's life.

    Think of it this way:
    Fill the world with exploiters / hackers now, and you'll see people leaving fast + encouraging others not to play because of those others who like to cheat. :)

    At least that's how I see this.


  • Global Moderator

    Hello, we would love to talk to you privately says a strange man, wearing a black suit, reflect glasses, while pulling out a weird looking pen

    Seriously though, contact us via FB messages @hiyall360 , please!

    As for hacking/GPS spoofing, countermeasures are being implemented and some are already in effect.

    This thread will be locked.


Log in to reply
 

Looks like your connection to Maguss forum was lost, please wait while we try to reconnect.