This week,
C0rg1 and I, got a bunch of humble bundle games and wanted to practice applied reverse engineering. These applications and exercises made for great, fast, and fun RE practice, so expect more posts like this in the future! Plus, these humble bundle games were perfect for target practice because they came in many formats, from Windows PE executable, Linux ELF binaries, OS X Mach-O binaries, and even Android APKs. This lets one practice with their select tools on the platform they want to get better on. We started with the smallest game,
You Must Build A Boat, and looked at the program a number of different ways, namely on Windows. We started with a static look at the binary, it's imports, symbols, strings, etc, but quickly moved to running the game and monitoring it's execution in a controlled sandbox. In this way we could see the game writing out several log files, and when we checked these logs files we found the game saving its state to a save file.
Editing this save file seemed trivial at first, for example we could see it had signing disabled (perhaps a feature of Unity (the platform we believe the game was written in)). However, we soon realized we could not increase the size of file without also editing 4 bytes in the header corresponding to the size of the save file. Once we adjusted these bytes accordingly, by adding the additional byte count to these fields, we were able to add any content we wanted (within reason to existing objects and values) to the save file.
Once you have this key, it allows you to edit your save file in anyway, advancing your stats, gold, or even progress in the game. You may also want to explore some of the other data files that the game loads its assets from, in this way you glean what game items are available to add to your save file :)
Happy hacking all! Hopefully more of these game hacks to come soon, after I finish building my super boat :D
