This
article has been written by Timothy for www.mess.be. For republishing please
inform timothy [@] mess.be
I will NOT respond to any mails asking about how-to`s or could you pleases.
Why ? Because I actually don’t like people cheating on games if they are
not capable of understanding what they have just done. I merely see finding
this "cheat" a game on its own rather then changing the score.
Timothy 07/07/03
One of the things gamers always want to do after they are getting bored of a game is to cheat. A problem with online games and cheating is that most times it means you need to “tap-in” through a back-door (which is more than illegal) or to decompile the online game to find out how it works.
In this case I’m going to provide basic information on how you can cheat on basically every MSN Messenger 6 embedded game. I will be using Bejeweled for example since you can also play and submit scores without playing against a buddy. I will NOT provide the total solution or a prog that does the trick. The last part I will leave to “creative” programmers.
The first thing you will have to do is locate were we have left bejewelled. The most simple way will be:
1. Clear your history cache
in internet explorer
2. Launch a game against one of your buddies
3. Open up your history cache and find the url : http://messenger.zone.msn.com/English/dimi/main.aspx
Now if you will open this link it will prompt you with a Javascript error. Internet explorer will ask you if you want to debug the site. Select yes, (if you select no you will not be able to access the right source). Now select your favorite debug application ( for example: Microsoft Script Editor ).
Now tell your debugger to pause the running of the script so you can have a proper look at the source of the page.
Now you have opened up the source you will find some information that can be useful if you want to try to create your own MSN based games. But we will scroll down to another part. Scroll down to line 174 with the following code:
//load all of the iframes.
document.all.PlayNow.src = "msngame.aspx";
document.all.Help.src = "help.aspx";
document.all.About.src = "about.aspx";
document.all.BuddyScores.src = "buddylist.aspx";
document.all.Tab1.src = "zonedeluxegames.aspx";
document.all.Tab2.src = "deluxe.aspx";
This small part of code reveilles that this game uses the page you have just opened up as the main shell. This means that the game runs in another page inside this page. And its not hard to guess witch page that is with a name like msngame.aspx. Now open up http://messenger.zone.msn.com/English/dimi/msngame.aspx and start the debugger again.
Now you will have to search for a while, but after a while you will find the following code on line 537
function ScoreSubmit(scoreXml) //SubmitScore(scoreXml)
{
if(!SessionStarted){ return; }
IClickedYes = false;
OpponentClickedYes = false;
UpdateYesText();
parent.Game_ScoreSubmit(scoreXml);
}
And voilla we have found that it communicates with the shell for submitting the score. So go back to the main page in your debugger. And lets find the function “ScoreSubmit”. You will probably find this one on line 791. Now lets take a look on what this one does. First note this line of code on line 794:
LastGameXml = scoreXml;
Your score has been renamed. To LastGameXml. Now we go further in this function. And will find on line 799 another code:
window.setTimeout('_SubmitScore()',1);
This one calls another function 1 second after your HTML hi-score list has been updated. So we scroll further again. To the function “SubmitScore”. This one is located right below the function your looking at on line 802. In this function we will find our final solution on line 805:
MessengerStatsClient.SendScore(LastGameXml);
The messenger Stats Client is an internal API inside MSN Messenger that is loaded from CAB files that MSN Messenger downloads from internet as soon as you start the game for the first time. This API initializes itself when you start playing a game. It has been limited for internal MSN usage only. MSN acts in this case as the external API shell for the game, and it gets information from it. (Like email, users, game type). The problem in this case is that MSN only accepts commands that are executed from inside MSN messenger (the internet page the game runs on). Statistical it will look about this:
MSN <-> Game Shell <-> Game
MSN = Your MSN client logged on.
Game Shell = main.aspx running inside MSN Messenger
Game = msngame.aspx
1) Start up a game
of Bejeweled, and start playing (to make sure you fool MSN you are actually
playing)
2) Because the shell uses iframes you can easily change the source of the iframe
the game runs it with some WIN32 API calls.
( IMWindowClass -> DirectUIHWND -> CtrlNotifySink -> MSNMSBLGeneric
-> Shell Embedding -> Shell DocObject View -> Internet Explorer_Server
)
3) Now let it change the code of the PlayNow frame into something like this:
<html>
<body>
<script>
parent.MessengerStatsClient.SendScore(‘999999’);
</script>
</body>
</html>
4) And if all went well, it should now have updated your score to 999999.
Written by Timothy for mess.be on 07/07/03.