[Some colleagues and ]I have been doing some research on Letterpress for the past couple weeks (expect a HN story about us later this week… I hope). We independently discovered this hack last weekend. Here's some information:
- the client is trusted; the opponent's client does not validate a played word
- Game Center is a naïve carrier for turn-based games; no validation is done on the server side
- Game Center is naïve by design; this is the beauty (and one of the drawbacks of GC—another major drawback is that your client only works with GC, which means you can't easily port to other platforms, and if you do port, you can't play cross-platform games because non-iOS devices can't use GC). The real beauty here is that Loren/Atebits doesn't need to run any server infrastructure. Apple does it for him. This is a huge benefit to games like this.
- We contacted Loren; he was really cool about it, and doesn't seem to care that Letterpress is cheatable in this way. I'm with him on this. It doesn't matter.
- There's no leaderboard, nor even a long-term score in Letterpress. This cheat doesn't matter.
- As far as we could figure, there's no way to fully validate both clients without 1) adding a server component, or 2) losing the ability to port Letterpress games between devices (from iPhone to iPad, for example); I'd love to hear ideas about how this could be possible if you think we're mistaken
- The dictionary files live in the application's `o/` directory, as a series of text files, named by the word's first two letters. e.g. "imbecile" would be in `o/im.txt`
- The app will re-read dictionary files on launch (or maybe at word play); either way, the dictionary can be changed during a game; it's even possible to start a game with a person and immediately play the winning 25-letter word, before the opponent even gets a game-state notification from Game Center
- There are 271377 words in the Letterpess dictionary.
- The longest words in the Letterpress dictionary 21 letters long. There are three of them: `counterdemonstrations`, `hyperaggressivenesses`, and `microminiaturizations`
- There are 124 two-letter words
We'll try to outline some of the other Game Center research in the article we publish. We welcome future upvotes. (-:
... I'd love to hear ideas about how this could be possible if you think we're mistaken
(The following probably isn't what you had in mind by "fully validate", but I think it puts it considerably closer to the challenge of defeating binary validation. Assuming everything has to happen in the app, infallible validation is impossible anyway.)
You would get pretty far by introducing internal data validation routines and making them compare the output of these routines based on challenges they issue to one another. That would require any attackers to introduce new code paths to defeat it. I've no idea if this can be negotiated practically over GC, but I can only assume so.
Also, I take issue with this:
There's no leaderboard, nor even a long-term score in Letterpress. This cheat doesn't matter.
I don't really care about leaderboards. I do care about the experience I have when I'm actually playing the game. I know this was probably meant in the sense that the incentive is lacking, but I disagree. Some people enjoy ruining other people's fun. The worst experience I've had was hack-enabled griefers in a cooperative game.
I haven't tested it too much, but I believe the dictionary is read at each turn not at start.
I think you're right about the constraints for client validation, but it's probably possible to raise the bar for cheating a bit without leaving the GameCenter architecture.
Not that I'm an advocate of security through obscurity, but it is after all just a game.
[Some colleagues and ]I have been doing some research on Letterpress for the past couple weeks (expect a HN story about us later this week… I hope). We independently discovered this hack last weekend. Here's some information:
- the client is trusted; the opponent's client does not validate a played word
- Game Center is a naïve carrier for turn-based games; no validation is done on the server side
- Game Center is naïve by design; this is the beauty (and one of the drawbacks of GC—another major drawback is that your client only works with GC, which means you can't easily port to other platforms, and if you do port, you can't play cross-platform games because non-iOS devices can't use GC). The real beauty here is that Loren/Atebits doesn't need to run any server infrastructure. Apple does it for him. This is a huge benefit to games like this.
- We contacted Loren; he was really cool about it, and doesn't seem to care that Letterpress is cheatable in this way. I'm with him on this. It doesn't matter.
- There's no leaderboard, nor even a long-term score in Letterpress. This cheat doesn't matter.
- As far as we could figure, there's no way to fully validate both clients without 1) adding a server component, or 2) losing the ability to port Letterpress games between devices (from iPhone to iPad, for example); I'd love to hear ideas about how this could be possible if you think we're mistaken
- The dictionary files live in the application's `o/` directory, as a series of text files, named by the word's first two letters. e.g. "imbecile" would be in `o/im.txt`
- The app will re-read dictionary files on launch (or maybe at word play); either way, the dictionary can be changed during a game; it's even possible to start a game with a person and immediately play the winning 25-letter word, before the opponent even gets a game-state notification from Game Center
- There are 271377 words in the Letterpess dictionary.
- The longest words in the Letterpress dictionary 21 letters long. There are three of them: `counterdemonstrations`, `hyperaggressivenesses`, and `microminiaturizations`
- There are 124 two-letter words
We'll try to outline some of the other Game Center research in the article we publish. We welcome future upvotes. (-:
S
[edit: auto-paragraph fail, tyop]