2008-12-14

Exploiting in-game logic flaws

Another one of my favorite games of days gone by is Maelstrom. I first discovered this my sophomore year of high school. Someone had installed it on quite a few Macs in the computer lab. It's a 3D-looking Asteroids rip-off. When I finally built my first Linux system for home use in the mid-90s, this was one of the first games I found that worked well. It had been open-sourced.


It's got all the features you'd expect of an Asteroids clone: Shields, UFOs that shoot at you from time to time, and... asteroids. There are also comets (shoot for more bonus points), surprise packages (catch them with your ship to get different weapons or other surprises, some good, some bad), metal asteroids you can't destroy, and the occasional black hole (or Maelstrom, if you will)


One thing I noticed early on, is that if you ever blow your ship up on the last asteroid, you don't actually lose a life, but any special weapons you have will go away.


But, if you look, your shields get replenished back to new when you start the next wave (level)


This happened because there are some logic problems at play. Primarily, the logic to reduce your lives by 1 (or to end the game if you're at 0 like I was) does not run as part of the block of code that initializes the ship's options to default when it's struck, and is somehow missed because of the end of a level. Was it intentional? I have no idea without checking the source code. It's always possible stuff like this is actually an easter egg.

This is the kind of bug that slips through the cracks and is only noticeable during code audits or caught with fuzzing or other black-box testing methods. Often, by invoking conditions that happen rarely, you can get unexpected results. If you can leverage those conditions to happen easily, you can reproduce the results as frequently as you wish. In Maelstrom, it's as simple as sacrificing your ship to knock out that last asteroid, knowing you'll get rewarded with shields for the next round. The same applies to operating systems, the firmware running on your mobile phone and cable box, and pretty much anything else that's been programmed by a human.

Have you found any little game bugs worth exploiting?

blog comments powered by Disqus