Discussion: Facebook ID's and tracking.

LusciousFox · 02/18/2014, 12:02

Facebook apps require the use of your name and some basic information about yourself. When you are caught cheating this information is likely put into a table blacklisting you from playing said game.

My question is, how do these games know exactly who you are and how can we alter the code to essentially spoof our identities or potentially delete these entries from the database. It sounds farfetched I know but it's possible.

An example would be Leslie the famous backyard monsters hacker. I haven't heard about her doing anything since 2012 but there was one big hack she did.

UNBANNING, that's right. She could unban users with just a few Facebook details. So it's possible. I'm not claiming to know how, hell I likely know little compared to the actual engineers here coding the games hacks and exploits but this question has been bugging me for a while. Does anyone have an idea on how this is being done?

scharp · 02/18/2014, 13:18

Every facebook user has a unique facebook id. As soon, as you log into a Facebook app/game this particular app/game has access to your facebook id. Thus they can easily ban you from using their app by just banning your user id. And no, it is not possible to change the user id -> Unbanning is impossible
Maybe some badly coded apps do not ban the user id but the (also unique) username, which indeed can be changed. -> Unbanning is possible here

I hope this helped.

Morgs888 · 02/18/2014, 23:56

Quote:

Originally Posted by LusciousFox

Facebook apps require the use of your name and some basic information about yourself. When you are caught cheating this information is likely put into a table blacklisting you from playing said game.

My question is, how do these games know exactly who you are and how can we alter the code to essentially spoof our identities or potentially delete these entries from the database. It sounds farfetched I know but it's possible.

An example would be Leslie the famous backyard monsters hacker. I haven't heard about her doing anything since 2012 but there was one big hack she did.

UNBANNING, that's right. She could unban users with just a few Facebook details. So it's possible. I'm not claiming to know how, hell I likely know little compared to the actual engineers here coding the games hacks and exploits but this question has been bugging me for a while. Does anyone have an idea on how this is being done?

They generally ban you from the "said game" based on your IP address, your IP is like a fingerprint that identifies you. Only your ISP has your personal details like name, phone number etc. and cannot expose them unless subpoenaed by authorities.
The bottom line is.......Stay out of their servers and they will leave you alone, they can't touch you for modifying a client-side app, the best they can do is ban you.

So you get banned and want to play again? Well your best bet is to create another account but be sure to spoof your IP when you do, if you don't, they'll link you to your IP and ban you again and again.

Leslie1 who is still here under a new name of Dirty Steve managed to find a way to unban you from BYM, a few more methods were found by others on WC and BP too. Unfortunately they were eventually patched, that's what happens to everything that's posted here these days because the game developers spend more time here reading than they do coding their own games. This forum shows them how we hack their games and allows them to fix it.

neomam · 02/19/2014, 01:15

All I remember about Leslie is getting a lot of people banned and then throwing a tantrum and deleting her thread. I guess I missed the unban

kaptinboxxi · 02/19/2014, 09:10

i've found a few ways on games (mostly racing games where you have garages that store your cars and such) to spoof another user ID to load their garages and thats how i get around it

scharp · 02/19/2014, 11:14

Quote:

Originally Posted by Morgs888

They generally ban you from the "said game" based on your IP address, your IP is like a fingerprint that identifies you. Only your ISP has your personal details like name, phone number etc.

Banning an IP address would be quite useless, since most people are able to change their IP by just reconnecting the router. And the App may or may not have personal details from you depending on which permissions u granted the app. Those information are provided by Facebook...

Quote:

i've found a few ways on games (mostly racing games where you have garages that store your cars and such) to spoof another user ID to load their garages and thats how i get around it

I did not know spoofing the user ID is possible but this supports my idea. Maybe send me a PM about how u do it?

LusciousFox · 02/20/2014, 01:31

This is some solid information guys thanks. I know Kixeye has been checking IP's but they're definitely using more than just the IP. In that case it looks like you would need a different set of skills (exploiting the server rather than just dissembling the swf).

Knowing not all games are using the unique ID is promising though, for those games you could be proactive in submitting a fake ID in the event your hack is detected.

What are the sites WC and BP?

Morgs888 · 02/20/2014, 03:44

I was referring to the other Kixeye games, Battle Pirates (BP) and War Commander (WC)

Kixeye definitely ban you on your IP.

Most people don't realise simply rebooting their modem will renew their IP address.

LusciousFox · 02/20/2014, 13:16

Unfortunately a simple proxy or IP renew isn't enough. I was looking through some of Leslie1/DirtySteves old posts and she actually stated that at least one of her unban hacks aren't actually unbanning but work arounds to play the game, in this case BYM.

For some reason I find this quite hilarious. It's most likely patched but at the time Kixeye must have been using the Facebook unique ID to trigger the error message without actually denying a connection to the server beyond the initial query.