
Winning at Candy Crush - sokratisp
http://www.stavros.io/posts/winning-candy-crush/?
======
kens
My game cheat story starts way, way back, playing Wizardry on the Apple II. In
this game, you go through a dungeon, killing monsters and collecting treasure
and experience. Fun, but slow going. So I found out where in memory these
values are stored and started manipulating them, giving myself tons of
experience and new treasures.

Everything went fine until I put in an invalid treasure value which apparently
caused some random memory locations to be modified, corrupting the game.
Unfortunately, game state was written back to the same floppy disk that holds
the game itself, rendering the game unplayable.

Fortunately, I could borrow a second floppy drive, borrow an uncorrupted copy
of the game, and repair the game with a disk-to-disk copy. Unfortunately, I
plugged in the disk drive connector crooked, sending -12 volts into a chip on
the controller board that didn't want -12 volts. The result was a "pop" and a
disk controller that no longer worked. Needless to say, my father wasn't
happy.

Finding the problem was easy - it was the chip with a square hole blown out of
it where the silicon had vaporized. Unfortunately getting a replacement chip
wasn't easy when you live in the middle of nowhere. So I built a replacement
circuit on a solderless breadboard and wired it into the controller board, and
everything worked fine until I could get the proper replacement chip.

TL;DR: cheat at games and you will be punished

~~~
ChuckMcM
I guess its a half full / half empty thing. You wrote:

 _TL;DR: cheat at games and you will be punished_

And yet I would haver written it, "Cheat at games and you will learn all sorts
of cool things." :-)

~~~
etler
It is either scary or hilarious how many programmers were created by the
desire to cheat in video games.

------
chaz
In 2009, when Farmville was the New Hotness, I checked it out to see what all
the fuss was. After all, it was rumored to be minting $1 million per day. Soon
after, I saw that a lot of my friends were playing. Girlfriends were getting
boyfriends to tend their crops for them while at work. They were very
scrupulous with the design of their farm and tending their crops. But I wanted
to just be at the top of the leaderboard.

Unlike later games, it was possible to keep leveling up and making money by
farming only instead of inviting friends. Plow fields, plant crops, and then
harvest them hours later -- repeat as fast and as frequently as you can. TONS
of tedious clicking. Of course, I wanted to automate it, and I wasn't alone.
Searching around, I found a Perl script that someone had written and I adapted
it for my PC.

I just fired up Farmville, and here's what my farm looks like:
[http://i.imgur.com/nrtkitJ.jpg](http://i.imgur.com/nrtkitJ.jpg). It's almost
all crops (maximize $) and it requires the farmer to be trapped within hay
bales. Otherwise, he walks to where you're clicking and can sometimes get in
the way of the click. It would mess up every now and then, but was fairly
reliable -- just run the script and let it do its thing for a few minutes. The
trick was to flip the game into full screen mode, zoom all the way out, start
at a known (x, y) position on your screen's resolution, and then loop through
all crop positions by incrementing/decrementing (x, y). Only slightly tricky
because of the isometric view and avoiding clicking on some non-crop
positions. Picking the right crop was important too, to maximize yield. I just
wanted to do two runs a day: first thing in the morning and then in the
evening when I got home from work.

I moved up fairly quickly and quit when I beat all of my friends. Got some
jeers from those who thought I was actually playing Farmville so much, but had
a few requests for said script ...

~~~
tlarkworthy
[http://www.sikuli.org](http://www.sikuli.org) Is my GOTO GUI scripting
language for game scripting. Graphic templates are fuzzy matched. Actual
scripts are python. Inbuilt OCR. I can do that kinda thing very fast. Its
really awesome and put of MIT

~~~
babuskov
Cool. I used AutoIt for similar stuff:

[http://www.autoitscript.com/site/autoit/](http://www.autoitscript.com/site/autoit/)

Scripting is some dialect of BASIC and also has OCR.

~~~
jbrooksuk
Don't advertise that on the forums!

P.s. I have to say that as an MVP ;)

~~~
moocowduckquack
Militarised Volcano Police?

~~~
jbrooksuk
Just doing my bit.

~~~
moocowduckquack
You just keep nuking that lava into jail where it belongs. People said it
would never work, that you just couldn't police volcano eruptions with the
threat of massive nuclear retaliation, but they don't say that anymore, do
they? Not since they all died in the giant radioactive caldera, anyway.

------
Timothee
I had a somewhat similar story a few years ago with Bejeweled 2 (except that I
didn't seek a way to cheat, just came across it).

I wrote it up here: [http://timotheeboucher.com/on-writing-laconic-error-
messages...](http://timotheeboucher.com/on-writing-laconic-error-
messages.html) but the gist of it was that their score submission endpoint
required a checksum, but the error message if the checksum was wrong was:

    
    
        <Response type="error" reason="Checksum failed (ext_csm = cc7ae8d3d26d911f9d6e6178d93b9fc0, int_csm = c1f19e476622b8df7f830ee0c45df533)" server_ver="1.0"/>
    

Yes, the `int_csm` value is the checksum the server expected instead of the
one I had passed. It would tell you "you're wrong. But here is the correct
answer". I could then just re-submit with the proper value…

~~~
alexkus
Hmm, if that was me (as the server programmer) I'd return a purposely
different checksum[1] in the error message and then (internally) flag anything
that was then submitted with that 'incorrect' checksum.

What you do with these flagged entries is up to you:-

a) Delete the scores after an hour or so (giving the chance for the user to
check things)

b) Only display those scores to the user that logged in

c) Flag the entire account as 'cheat' and ban it after a few dodgy submissions

etc...

1\. i.e. expected hash is hash(real_salt+data), supposed expected hash
(returned to client in error message) is hash(cheat_salt+data). You obviously
never return the real expected hash.

~~~
basseq
d) Send the user to your careers website...

------
smartician
Maybe I'm overly cautious, but in today's world, where even simple URL
manipulation can be regarded as hacking, I would be very reluctant to post
exploits like this. It's crazy, but this can be construed as wire fraud or
computer crime:

18 U.S.C. § 1030(a)(4)

Whoever— (4) knowingly and with intent to defraud, accesses a protected
computer without authorization, or exceeds authorized access, and by means of
such conduct furthers the intended fraud and obtains anything of value, unless
the object of the fraud and the thing obtained consists only of the use of the
computer and the value of such use is not more than $5,000 in any 1-year
period . . . shall be punished as provided in subsection (c) of this section.

"Protected computer" in this context means any computer that is connected to
the Internet. And the value obtained would be unlimited use of the game, which
would normally be a limited. True, that last part is up for debate, as it is
possible to play the game without paying, but I wouldn't want to be forced to
argue this in court...

~~~
Volpe
When you say "today's world" I think you mean "today's U.S.A"... The rest of
the world, doesn't seem to have as crazy anti-hacking laws, as the US.

~~~
objclxt
Many countries have pretty aggressive anti-hacking laws. The UK, for instance,
has a very similar piece of legislation that _in theory_ makes URL
manipulation illegal.

------
sbov
I've worked on a few flash games in my free time. Ultimately since the game
code resides in the client, it will always be feasible to cheat. That, of
course, doesn't mean you can't deter some.

One of the things that kept people from snooping around was encryption. All
communication went to 1 vaguely named endpoint with 1 parameter, which was a
an encrypted list of the parameters and the action to take. This will deter
some, but not others.

At the start of a game, the client had to contact the server for a key. This
changed each time you played. Any score submission required this key - if it
was wrong I ignored it. Only 1 score submission per key.

Note that you have other useful information now: you know how long they were
in game to get their score. I flagged scores that were abnormally high for the
time it took to get them. I would then review them, and based upon their score
history hellban them - they could still play, but no-one saw their high scores
except themselves.

If Candy Crush did something similar, they would likely catch you. You
wouldn't even know until you gloated and your friends said they can't see your
score. Some people who got hellbanned would contact me, and I'd give them a
free pass.

Of course you could cheat and get a normal score in a normal timeframe, but I
didn't care as much about that.

Beyond trying to thwart cheating, I'm a big fan of cheating in games myself.
It's part of why I enjoy eve online so much, because they encourage the usage
of 3rd party tools more than any other game I've played.

The most extensive thing I've programmed for cheating is probably a custom MUD
client to facilitate multiplay. The clients report to eachother information
they know. All clients keep the state of the group and the things I'm
fighting. They also keep track of which client can do what, so I can type into
any client that I want to heal someone and the program will figure out which
client is able to do that, and tell it to do so.

------
egeozcan
Even though it doesn't have a winning / losing condition, I had coded an
automated bot[0] to draw for me in Doodle or Die[1]. Stopped using it when
people started complaining though. It was supposed to be quick and dirty,
that's why it's a windows forms application. But of course I kept improving it
for a while. After implementing a very basic plug-in system, I realized I was
spending too much time on it =) Here's an example drawing from a friend of
mine, using my tool:
[http://doodleordie.com/c/EGXBBJeMU45#2](http://doodleordie.com/c/EGXBBJeMU45#2)

[0]:
[https://github.com/egeozcan/DrawThatThing](https://github.com/egeozcan/DrawThatThing)

[1]: [http://doodleordie.com](http://doodleordie.com)

~~~
dc-tech-fan
Hi, I'm one of the creators of Doodle or Die.

The drawing tool in the game and the anti-cheating systems are both things I
created.

I'm impressed with your app. Instead of converting a bitmap to a pixel-by-
pixel rendention (which people have done and it looks obvious) it re-draws it
like a real drawing, picking one color at a time.

Paying users get a replay feature. It replays fairly realistically and that's
difficult to detect as cheating.

Nice work!

~~~
egeozcan
Hi,

Thanks, it's great to hear that from you. I was also going to implement the
brush changing logic which would enable it to draw on large areas of single
color with a big brush and further optimize other parts to make it even more
realistic (detect shapes and draw them completely and draw over them like
humans and so) but then I thought, that would ruin the fun. Actually I'm a
paying user of the game[0] and never had the intention of ruining the fun for
anyone, so I stopped. I'm a big fan of DoD and how it evolved.

Keep up the good work, and thanks for being nice =)

[0]:
[http://doodleordie.com/profile/egeozcan](http://doodleordie.com/profile/egeozcan)

------
rickdale
Back in the day I would log onto yahoo chess and beat everyone by
simultaneously playing expert mode in windows chess and just mimicking the
expert modes moves on yahoo as mine. Good times, never lost.

~~~
segmondy
I hate you. I'm sure I played people like you. I like long games but people
cheating forced me to play speed which I really hate.

~~~
gohrt
Isn't the rating system supposed to solve this problem?

Unless people intentionally griefed by creating new low-rating accounts to
cheat at.

------
edwhitesell
Step 1: ATT adds the 'infinite lives' interception/response to the proxy
servers for the Starbucks hotspots/WiFi.

Step 2: Starbucks Marketing advertises 'Unlimited Candy Crush lives at
Starbucks!'

Step 3: Profit! Well, assuming all of the squatters actually buy stuff.

~~~
bmohlenhoff
Step 4: Get DMCA'd for "circumventing" a "copyright protection system"

~~~
shawn-furyan
I'm struggling to come up with a way in which the lives system could possibly
be defended as a copyright protection mechanism (it's a mechanism to funnel
users into it's in app purchases, not to prevent use of unauthorized copies...
and in fact copies of the software are given away freely). This is basically
Gamesharking your game, which has been upheld in courts IIRC.

~~~
Guillaume86
I guess if you buy the game and then don't have to pay to play, it's ok, but
in this case you can buy playtime so it's a bit different.

------
togilvie
Awesome breakdown. I wrote a blog post in late September - based on some
industry rumors - that speculated on whether Candy Crush was "cheating" by
varying the random seed to generate monetization or retention events:

[http://blog.thinkgaming.com/is-candy-crush-cheating-will-
it-...](http://blog.thinkgaming.com/is-candy-crush-cheating-will-it-matter/)

Based on the "seed" going back and forth at the start/end of games, I'd have
to assume that they are doing something with it. Anyway to see if that's
happening?

~~~
StavrosK
They're probably generating the level with the seed. I don't think it's very
useful, other than testing on their end (so they can check afterwards what the
level was).

By the way, if you liked this, there are more posts in that series:
[http://www.stavros.io/series/winning/](http://www.stavros.io/series/winning/)

~~~
togilvie
Cool - will check out the series.

You could be right, but I think the seed is a lot more interesting. If you
simply wanted to generate the level, you could use a random number generator
on the device and wouldn't care about logging it.

As you showed by varying colors, the candy distribution determines how likely
the player is to win, whether they fall just short of clearing the level, etc.
This will have a significant impact on whether they pay to continue, buy
boosts, etc.

~~~
nacs
It is possible they do this.

They may not have done it at launch but as more and more people play and they
collect the stats for each seed, I'm sure they can track how easy / difficult
each seed is and send the seeds that they wish to do whatever objective they
have.

Most of these F2P play games collect and analyze an insane amount of player
activity and have sophisticated analytics that they then analyze to make the
game more addictive or to increase player spending.

~~~
bcjordan
You could have a few people collude to collect a number of incoming seeds on
the same level and compare for non-random seeming collisions.

------
hung
Awesome! I once wrote a boggle solver to beat my friends at Bogglific on
Facebook. It was loads of fun until I was banned from the game.

[http://www.hung-truong.com/blog/2007/11/07/banished-from-
bog...](http://www.hung-truong.com/blog/2007/11/07/banished-from-boggle/)

~~~
bouk
Nice! I did the same: [https://github.com/bouk/rumble-
solver](https://github.com/bouk/rumble-solver)

~~~
bouk
Also, my solution can easily do boards up to 30*30 or so

~~~
hung
Heh, I was mainly out to beat my co-workers, though if one of my co-workers
was a fellow programmer I'd probably have had to improve on my algorithm.

~~~
bouk
Yeah it's kind of unneccesary, I just wanted to see how fast I could get it :)

------
v64
I don't know how valid it is now, but in July of 2011 I reverse engineered
some aspects of Zynga's Words with Friends and put it up online:
[https://github.com/v64/fiend](https://github.com/v64/fiend)

The most interesting part was the way they decided to do the random generation
of letter tiles. At the start of the game, each client was given the same PRNG
seed (in the case of Words with Friends, the PRNG was a Mersenne twister), and
when tiles needed to be drawn from the bag, instead of having the server tell
you what tiles you received, you would use the preseeded PRNG to randomly draw
your tiles from the available pool.

Of course, as your opponent is also doing this with the same preseeded PRNG,
this also allows you to determine what tiles your opponent has, and what order
the tiles will be drawn in for the rest of the game.

------
KVFinn
F2P models are so strange.

Game piracy used to mean stealing the game. Now 'piracy' is getting extra
lives.

------
miguelrochefort
I used to cheat at SongPop using the multi-finger multitasking on the iPad
(pausing the game a fraction of a second after a song started playing, having
plenty of time to guess the song properly). I could beat anyone using this
technique, but it required manual work.

I expected a similar "hack" with Candy Crush, and was surprised by how "high-
tech" their solution is. Good stuff.

------
bouk
Remember Draw Something? That game that was sold for $180 million to Zynga? I
wrote an API library for that in Python
[https://github.com/bouk/drawsomething-
api](https://github.com/bouk/drawsomething-api) that allowed me to just add
coins (the currency they sell for real money) through simple API calls.

Good times

~~~
StavrosK
I think Candy Crush also sells gold for real money, and you can just add that
using my script too, although I am not sure.

------
Globz
I am sure they did this to offload the server.

I remember reading an article about some javascript games and how to find the
balance for game state server-side check.

source : [http://fugiman.com/blog/2013/08/17/on-click-fueled-
javascrip...](http://fugiman.com/blog/2013/08/17/on-click-fueled-javascript-
games/)

------
just2n
A long long time ago before I ever wrote a line of code, I'd just play all the
games I could. I was fascinated by how they worked. I later found a book on
BASIC that introduced programming by having the reader write simple word
games. After learning the basics, I then would wonder how FF1 managed to
change states from being in a tiled map and exploring the world into a battle
screen and back again, which led me to more learning and eventually I ended up
making a very shoddy Zelda clone that ran in DOS. I think I was 11 or 12 at
the time?

Anyway, one day a long time after that, I was playing this new mod for Half-
Life called Counter-Strike. It was fun, and I had started learning C and about
OpenGL to understand a bit more about how HL worked itself. But on this day I
saw a guy just running through de_dust getting tons of headshots. Watching his
camera, it seemed he had superhuman aiming. Comments about cheating flew, and
this was long before the game was infested with cheats. He also seemed to know
where everyone was. How?

A few hours later I discovered he was using a cheat called ViperG. It along
with another cheat called XQZ were the only known public cheats at the time.
ViperG was open sourced on a forum called clientbot at the time. Since I was
learning C, I was actually able to read the code. Back then, HL only imported
mod client function implementations using DLL imports, so you could write a
DLL that exported fake client functions while also importing the real ones
from a renamed client.dll, which let your cheat intercept all of the client
API calls. Most in ViperG were just pass throughs, but one would gather entity
information from a drawing API and another would draw some text on the screen
in a HUD update API, etc. It was almost no code but it rendered little '+'
signs on every player through walls and would let you automatically aim at
their heads. Crazy.

This is when I realized that I could actually take software people had written
and break it to make it do whatever I wanted, and that's when I feel like I
really started learning things. Understanding how programs ran on my OS and
learning how to reverse engineer came pretty rapidly. XQZ was closed source
but had some really nice features, so I'd reverse its gl function exports and
figure out exactly what it was doing so I could replicate them in my own
cheat.

Doing what the author did here for modern MMOs can actually be a very
difficult exercise, even for seasoned reverse code engineers. I've done it for
several games, essentially reversing the entire netcode to write cheats that
automate client actions, and there are all sorts of ridiculous traps I've seen
to prevent you from doing so. One game even went so far as to require you to
parse a terrain file and send the cell ID of your movement target in every
movement packet, along with the absolute coordinates. This was slow as an
iterative find process as a map had tens of thousands of triangles and you'd
be sending these quite often, so naively you'd just loop over each triangle
and check if your target coordinates were inside of it. This gave me a nice
introduction into quadtrees and other algorithms that can make this operation
asymptotically much faster. Yay learning.

To this day, I can only play a game so much before I get an overwhelming urge
to break it. I think that despite the stigma of cheating, it's a great way to
learn. It's comparable to taking something apart to see how it works and
change it around a bit. Just don't take it too far and ruin games for other
people.

~~~
jsmeaton
Cool story, and I can see the appeal. But as a (long ago) competitive CS
player, I hate(d) your kind.

~~~
invalidOrTaken
If you think about it, I bet what you _actually_ hate are the folks who just
downloaded the cheat and used it, without knowing anything about it. But what
if everyone wrote their own exploit? Eventually every game would devolve into
Core Wars, but this would be kind of cool.

~~~
jsmeaton
If everyone did write their own exploit, I'd still have hated it. Cheating in
those kind of games really does ruin the game for everyone else. Enabling
those people to do what they did was nearly as bad IMO.

------
sucrenoir
I built a small app to cheat at Landlord
([http://www.landlordgame.com](http://www.landlordgame.com)) to check and buy
venues from anywhere in the world. There was also a small script to get huge
amount of coins (through faking twitter and facebook sharing).

After 10 days i was number one in the rankings. Scores and amounts of $ was so
large that the iphone app was starting to bug... Of course it does not work
anymore.

[https://github.com/iesta/landlorder](https://github.com/iesta/landlorder)

------
benmanns
It looks like the author is decompiling the Flash SWF for the Facebook game.
Would there be an equivalent way to do this for games on an iPad/iPhone
without rooting the device?

~~~
pilif
Yes. Unpack the .ipa file (it's just a ZIP archive) and then use any ARM
disassembler on the actual binary.

It'll be harder, but not impossible to do (as we've seen by the twitter app
API secret leaking some time ago).

~~~
josso
Wouldn't you need to decrypt, on a jailbroken device, it to get something
useful out of the assembly? Or is that not needed for disassembling?

~~~
smackfu
The binaries are not encrypted, they're just signed.

~~~
pugz
The binaries are indeed encrypted, as evidenced by running "otool -l
<binary>|grep cryptid". Why do you think otherwise?

~~~
smackfu
Sorry was just wrong.

------
Yhippa
What's the best solution for this, managing game state server-side? Did they
do it this way to offload storage and processing for scalability reasons?

~~~
amitt
For FarmVille we sent the actions back to the server and then validated
against game state there. It's the only real way to protect against cheating.
However, if I were building the game again today, I'd just do what King does
and have the client manage the state. It turns out that the set of people that
would do this and the set of users that would convert into paying users has
very little overlap. The overhead of managing state on the server is that
you'd have to write your game logic twice (once in your client-side language
and once server-side, though with a scripting language you may be able to
avoid this). Second, we benchmarked this approach and found that you can
handle 10x the number of players with the same hardware by not doing any
server-side logic/validation and just having the server be a dumb pipe to
store player state.

Here's a talk I gave on the FarmVille approach:
[http://www.slideshare.net/amittmahajan/rapidly-building-
farm...](http://www.slideshare.net/amittmahajan/rapidly-building-farmville-
how-we-built-and-scaled-a-1-facebook-game-in-5-weeks)

and one on the king approach that we're using at my current company:
[http://www.slideshare.net/amittmahajan/gdc-2013-ditching-
the...](http://www.slideshare.net/amittmahajan/gdc-2013-ditching-the-server-
final)

~~~
kronholm
Very, very informative, thank you. I too have been wondering about this exact
thing - if it's worth the trouble in the end, to do server checks and whatnot.
Seems it's not, in these cases :)

------
squeakynick
Years ago, for fun, I wrote a Bejeweled Blitz player. As with others here, the
fun was about the challenge, not about 'beating' the game.

[http://www.datagenetics.com/blog/march2009/index.html](http://www.datagenetics.com/blog/march2009/index.html)

------
kin
Cookie Clicker:
[http://orteil.dashnet.org/cookieclicker/](http://orteil.dashnet.org/cookieclicker/)
This game is all client-side so it's easy to cheat. The cool thing is you
actually get achievements for cheating!

------
irfan
In 2007 I did the same level of digging with a facebook puzzle solving game.
Game used to post daily puzzles and top scorers (solving the puzzle in minimum
time) were shown on global leaderboard. At that time, the app was not using
any kind of hashing or validation. It was simply posting the score to the
server so tempering the data was easier. After staying on top of global
leaderboard for a few days (with impossible score of 1 second), the app
developer contacted me and requested to stop cheating the system. I suggested
him some changes and the game became much better

------
bayesianhorse
As long as using wget can lead to a conviction for hacking, it might not be
the best idea to admit such a hack publicly...

But luckily in the EU the European court for human rights should stop such
stupidity in its tracks.

------
btgeekboy
The only winning move is not to play.

------
aetimmes
A strange game.

The only winning move is not to play.

~~~
hmsimha
relevant xkcd: [http://xkcd.com/601/](http://xkcd.com/601/)

------
Cyph0n
Nicely done. Now I have to find the secret key...

~~~
StavrosK
You'll never find it, it's too well hidden! Muhaha!

P.S.: It isn't.

~~~
Guillaume86
I used a APK "decompiler" once to get API keys and urls (wasn't for candy
crush but for a music app using https).

I guess it should work here too.

~~~
pritambaral
I have a setup with my own WiFi, SQUID as a transparent proxy with self-signed
CA generating "legit" site certificates on the fly.

The CA is loaded into Android as trusted, internet is disabled on every app
except target to reduce noise (yay! UNIX users/permissions!) SQUID's built-in
logging spills all the magic beans.

------
chris_wot
I once lost a license key for a major enterprise system. It had to get a demo
up and running ASAP. Luckily, it was an ASP.Net app. I was able to use .NET
Reflector, find a code rewriting plugin, and I blanked out the function that
did the cert check (always made it return true) and I was able to login.

~~~
chazandchaz
This is one of my favorite exercises. I started out in a similar situation
where it was necessary to get an .net app to act differently. The feeling of
accomplishment was completely different than regular development. Now reverse
engineering is a hobby I am very passionate about.

It's also incredibly insightful as a developer to see how crappy code can
exist in very expensive software.

~~~
chris_wot
Oh man... when I opened the business rules dll in .NET, I got quite a shock!!!
Worst code I've ever seen.

------
thecodemonkey
Wow! I'm surprised to hear that their production servers output a full stack
trace.

~~~
simias
Agreed, it reminded me of how the BitKeeper protocol was reverse-engineered by
simply typing "help" in the TCP connection to the server:

[http://lwn.net/Articles/132938/](http://lwn.net/Articles/132938/)

 _Tridge noted that this sort of output made the "reverse engineering" process
rather easier. What, he wondered, was the help command there for? Did the
BitKeeper client occasionally get confused and have to ask for guidance?_

------
itakee
This guy did it faster using memory hacking:
[https://www.facebook.com/photo.php?v=308857235912631](https://www.facebook.com/photo.php?v=308857235912631)

------
mathattack
Great story. I think it's less about cheating and more about poking your way
around public software. I appreciate the spirit of adventure in searching
through the game.

~~~
StavrosK
That's true, I'm not interested in the game itself at all. I barely played it
enough to write this, really.

------
mrcactu5

      What’s this? It looks like we can just tell the game we finished a level, without any other hassle
    

the game insults players' intelligence on so many levels

------
ydesouza
You could also use a memory editor. Like this -
[http://www.ydesouza.com/crandy-crush](http://www.ydesouza.com/crandy-crush)

------
mnml_
NameError: name 'start_game' is not defined

~~~
StavrosK
Fixed, thanks!

------
Lionga
it is crazy that a game that makes multi million dollars every day has no
server side validation at all and just trust the client. crazy

~~~
VMG
Why spend unnecessary resources? People trying to cheat will find ways that
are very hard to prevent.

Which brings us to another question - besides hackers, who is interested in
cheating these kinds of games? Probably people who want to impress their group
of friends who also play the game. I smell a market opportunity here.

~~~
joosters
Surely there's a big market for cheats? You could sell Candy Crush powerups
for half price to all those people who are buying them now...

~~~
Anderkent
Then you're either out in public, and they can retroactively fix the bug, or
you're trying to sell them privately, in which case you're not gonna have much
impact anyway.

It's the same as with hacking in mmo games. No one cares until you start
publicizing your hacks, in which case they can just install your hack, see
what bug it's abusing, and fix that.

------
cycnusx
This is so much faster, I had been using CheatEngine to modify the values,
then play the entire level.

------
sengstrom
The best way to play this game.

