Mittwoch, 23. Februar 2011

"Hacking" gnometris highscores

Where the hell does gnometris (a tetris game for GNOME) save his scores? I found out :-)

(Date/Datum: 080824-00:22, Hits: 2540)

I like these tiny challenges even if they -- like this one -- can easily be solved by a 10 year old comming-soon-nerd. Here is what I found out.

Before I start: Here you can see how this game looks like:

First, I tried to figure out what files were opened by gnometris. Because of this I tried to perform a syscall and library call trace of the binary, but gnometris changed its behavior and prevented this very first " attack" by disabling the "Scores" menu entry:
gnometris scores
Because of this (you can see it on the right picture) I tried to configure a keyboard shortcut for the scores menue by editing ~/.gnome2/accels/gnometris:

swendzel@steffenmobile:~$ cat .gnome2/accels/gnometris
; (gtk_accel_path "/MenuActions/NewGame" "n")
(gtk_accel_path "/MenuActions/Scores" "s")
; (gtk_accel_path "/MenuActions/About" "")
; (gtk_accel_path "/MenuActions/SettingsMenu" "")
; (gtk_accel_path "/MenuActions/Pause" "Pause")

The shortcut worked... but it worked only if I did not do any tracing ;-)

The easiest way would be to search Google for a hint or to read the source code but ... there must be a nicer way to find out were the scores were saved (and in which format!).

Because of this, I tried Gnome's minesweeper implementation. When you trace gnomines it shows a different behavior, it simply loads an empty scores table! Now I tried to figure out if all Gnome games make use of an equal or even the same highscore storage system.

Another idea was that all Gnome games seem to use a global highscore table for all users of the computer which means that they must be able to write to a system file that is not located in a users $HOME. Let's check that:

swendzel@steffenmobile:/tmp$ ls -l /usr/games/{gnomine,gnometris}
-rwxr-sr-x 1 root games 113056 2008-07-17 21:32 /usr/games/gnometris*
-rwxr-sr-x 1 root games  95168 2008-07-17 21:32 /usr/games/gnomine*
Yup! (Notice the 's'-flag). Hmm.. let's try the most easy possibility to find score files ...

sudo find / -name '*gnometris*'

It was SO EASY. Only a file search was needed. But the rest was more fun ;-)

$ cat /var/games/gnometris.scores
30841 1215191332 swendzel
6440 1219527400 swendzel
4780 1219527140 swendzel
4720 1218969234 swendzel
4240 1219258843 swendzel
2620 1214769614 swendzel
And yup, the editing worked find. But I still did not knew the meaning of the number in the middle of each line. Hmm.. WAIT!

swendzel@steffenmobile:/tmp$ cat <<>time.c
> #include
> int main(){printf("%i\n",time(NULL));return 0;}
swendzel@steffenmobile:/tmp$ gcc -o time time.c
swendzel@steffenmobile:/tmp$ ./time
It is just the UNIX time value (the number of seconds counted since 00:00:00 UTC, January 1, 1970). :)

Keine Kommentare:

Kommentar veröffentlichen