
How I Cheated Mozilla's New HTML5 Game - Browser Quest - Garbage
http://www.raymondcamden.com/index.cfm/2012/3/28/How-I-cheated-Mozillas-new-HTML5-Game
======
stcredzero
Neat! One can also just walk north without passing next to a monster, waltz
into the throne room and wait until the crowd there starts killing the big
boss. Chances are, you get to pick up the sword and armor in a matter of
minutes.

~~~
0x006A
might even be faster, but its an html5 game so you have to play with the html5
tech in it(i.e. localStorage).

------
arocks
As the author himself comments "To be honest, I don't think I would have done
it any better. There is no player on player fighting, so my cheating only
ruined the game for myself. It didn't really do anything else."

------
rprime
I don't know why this hit the front page, shouldn't that be a logical thing to
assume when it comes to HTML5 games? That HTML5 games are not secure and in
order to get what you want you just need to have some Google Dev tools skills.

~~~
nkassis
No that's not the problem. This is no different than what game such as World
of Warcraft have to deal with, you can't trust the client. The server should
be validating the players moves, gear etc.

Sure you can hack the javascript easier than you can a compiled program but
that never stopped modders.

~~~
starwed
>The server should be validating the players moves, gear etc.

Well, only if it matters. Here it just doesn't.

~~~
nkassis
That's true it's just a demo but it should be clear that this is not a fault
of using a browser&javascript.

------
vog
Is it just me, or do the graphics of that game look extraordinarily similar to
"The Legend of Zelda: A Link to the Past"? I'm not saying it is a rip-off, or
that creating a clone of a popular game is bad at all. But the extreme
similarity is very confusing. It's not only the graphic tiles, but also the
map, the characters, everything.

~~~
rprime
The use of pixel art is very common, and well, as far as I know they wanted a
Zelda like game, just because are similar dosen't mean is a copy. They weren't
trying to make an original game just demonstrate a point.

~~~
vog
It's not just the pixel art. It's the style of houses, grass, the color
scheme, and _the whole map_. It's not that I think they deserve to be sued!
But the similarity is so high, it is simply confusing to play this when you
have played Zelda a lot in the past.

~~~
derefr
I think I would disagree in the similarity to LttP--not that it's not
_somewhat_ similar, but because there are games that are _much, much_ closer
to LttP, and which I still consider "different." GraalOnline[1] is one
example.

In fact, I would sort of call "Zelda-style 2D top-down action-adventure game
with swords, shields, and various key inventory items that each serve an
overworld function" a _genre_ (a subgenre to Metroidvania games, in
particular), in the way that tower defense and DotA games are also now genres.

[1] [http://itunes.apple.com/ca/app/graalonline-
classic/id3432979...](http://itunes.apple.com/ca/app/graalonline-
classic/id343297938?mt=8)

------
capsule_toy
You can also do this with most Flash games. A few companies encrypt the data,
but in theory, the encryption key can still be reverse-engineered since it's
on the client side. It just usually isn't worth the effort.

------
why-el
Just curious, are there any good practices that would minimize the damage?

~~~
naeem
Just store it on the server. There was no reason for inventory information to
be hosted client-side. If the data was stored on the server and fed real-time
you wouldn't have the security issue. What you WOULD have is latency issues,
which is the primary issue with Node-based games (from my own experience), so
that's probably why they avoided it. In a real game, that's how you'd have to
do it.

~~~
troygoode
The reason it is stored client-side is that it is just a demo app - there is
no login, no truly persistent characters (I can't play the character I started
at work from home), and no PvP.

------
theunixbeard
Am I doing something really stupid, or is this not working anymore????

------
reustle
Every time I tried this, chrome would "oh snap".

------
necenzurat
Watch out, we got a local storage cheater bad ass over here. Now seriously,
people had cheats on games like WOW, Lineage etc witch are online (DB is
online) and could cheat. The best ideea is NOT TO TRUST the client. But still
is just a proof of concept and playing and not cheating was nice, 30 minutes
tops to finish it (all achievements)

