Session #5 - Hacking Minesweeper The last part is a guided session to hacking Microsoft's famous Minesweeper game. You are welcome to check my blog-post where I told the story of solving this challenge. Also, you can download the patched version here. Play Minesweeper Online Hacked - The mythical Minefield returns with a more modern version and a little worse. Instead of flowers, dovretete place your banners on skulls and find all the mines. Hack Information: Hackbar: Press 1 Clicks - 2 Toggle Health - 3 Money - 4 EXP. Game Information Samurai meets Minesweeper! Defeat the Seven Daimyos and their Shogun, and restore peace to the land! As the Samurai, you will have to choose your battles carefully to overcome the enemies' forces.
Play beginner, intermediate and expert games of Minesweeper online. Custom boards, resizing and special statistics are available. Enjoy playing Minesweeper Online for free!
Recently, we came across an Android game of Minesweeper. The game has been nicely developed and was fun to play. Although it was very tough to win the game and even tougher to be in top ranks on the leaderboard. That’s when it struck us, why not “play” with the game some other way and figure out ways to hack minesweeper. So we started analysing the game.
What is Minesweeper game
Minesweeper has a very basic gameplay style. In its original form, mines are scattered throughout a board. This board is divided into cells, which have three states: uncovered, covered and flagged. A covered cell is blank and clickable, while an uncovered cell is exposed, either containing a number (the mines adjacent to it), or a mine. When a cell is uncovered by a player click, and if it bears a mine, the game ends. A flagged cell is similar to a covered one, in the way that mines are not triggered when a cell is flagged, and it is impossible to lose through the action of flagging a cell. However, flagging a cell implies that a player thinks there is a mine underneath, which causes the game to deduct an available mine from the display.
In order to win the game, players must logically deduce where mines exist through the use of the numbers given by uncovered cells. To win, all non-mine cells must be uncovered and all mine cells must be flagged. At this stage, the timer is stopped.
When a player left-clicks on a cell, the game will uncover it. If there are no mines adjacent to that particular cell, the mine will display a blank tile or a “0”, and all adjacent cells will automatically be uncovered. Right-clicking on a cell will flag it, causing a flag to appear on it. Note that flagged cells are still covered, and a player can click on it to uncover it, like a normal covered cell.
Minesweeper Game Hacked
Minesweeper Hacked: Introduction
Initially, our goal was to win the game irrespective of the time required. During the analysis we found that it was possible to reverse engineer the application and change values of some of the functions and win the game. We were able to achieve this task using two different methods.
Our next goal was to top the global leaderboards of all the difficulty levels, i.e. Beginner, Easy, Intermediate and Expert. In order to do that, we started analysing the application dynamically and checked the network traffic between the application and the server it was communicating with. We analysed source code of the apk even further and tampered the request accordingly to top the global rankings for every difficulty level.
Note: The name of the game has been redacted on purpose. The game has 1M+ downloads on play store.
How we did it
Find the package name of installed application and decompiling it
There are multiple ways to achieve this, whether with ADB or from playstore URL
https://play.google.com/store/apps/details?id=<app package name>
To extract the APK from the device, we used the adb tool.
Connect the device to the computer and make sure debugging is enabled. How to unlock sim card without puk code free. Start adb server and pull the apk using the following command.
To decompile the application, we will use apkx tool.
apkx is a Python wrapper to popular free dex converters and Java decompilers. Extracts Java source code directly from the APK. Useful for experimenting with different converters/decompilers without having to worry about classpath settings and command line args.
Reference: Download apkx here
Different methods we hacked the application
- METHOD 1: Hook the application at run-time and toggle return value of
- METHOD 2: Hook the application at run-time and print game board from
- METHOD 3: Hack the application by just sending a success message to server by tampering time required and the checksum.
Observation is the key to hack these kind of applications
Method 1 & 2:Frida
Method 3:BurpSuite or Curl (command line utility on Linux OS)
Observe what actions are performed when you click on a bomb. The following observations are helpful
- Game ends
- Timer is stopped
We look for functions that trigger these operations.
finishgame function expects a boolean argument. Print the boolean argument to see what is passed into the function.
The below commands spawns a new process
Now, observe what happens when a mine is clicked. A
false value is passed to
Maybe that’s how it knows, we lost the game. Instead we will try to toggle the value of
bl2 passed to
Execute the following command to start the application and hook Frida script
We can see that we won the game when we click on the bomb, instead of losing the game.
In the first method, we hooked the function that sends the message to finish game.
Now, we have to see where the bombs are located. Observe the decompiled java files to locate where the bombs are placed.We have to look for the function that places these bombs.
Open the game, start a new game and hook the above js scriptt to existing process.
Run the following command to execute app and hook our Frida script
How To Win Minesweeper
We can see that the entire board is printed along with the pints. The value 9 is the bomb!
After we finish the game, there the application provides us with a global rank. These requests to the server can be intercepted with a proxy tool like BurpSuite.
Note: The application had implemented SSL Pinning, which we were able to bypass using Objection. Since this is a blog showing how we hacked the app, we decided not to show how to bypass SSL pinning using Objection or Frida. We will write a new blog with step by step instructions on how to use Frida and Objection.
Upon intercpeting the request we realised,
simpleDbTime parameter contains the time we took to finsih the game. If we can intercept this request and send a fake
simpleDbTime to the server, we win. But its not easy. When we did that the result isn’t persistent, our scores weren’t reflected in global scoreboard. We realised there is a
checksum that validates the request.
We analyzed the code more and found the code corresponding to checksum.
We can see the implementation of the checksum algorithm. Parameters like
simpleDbTime have been used with dot separated to calculate the md5sum of the request.
We computed the value of
checksum locally that corresponds to our new
simpleDbTime value by using the same logic as performed in application code above.
Delphi Ds150e Software Crack Download Windows 10; Autocom/delphi 2015.3 Download software can work for delphi ds150e 2015.3 new vci. Delphi 2015 r3 software with no delphi 2015.3 keygen,need use delphi 2015 r3 license key for activation.Some customers may want the delphi 2015.3 Download link.Below OBD2Tuning.com sharing Autocom/delphi 2015.3 Download Delphi 2015 r3 download software. Mega Download Folders incl. Ford VCI Manager driver Mazda VCI driver Benz VCI Manager BMW ICOM Driver GM VCI Manager JLR VCI Manager VW ODIS VAS 6154 Driver VX. Vci manager ford download.
Let’s get MD5 checksum of the required parameters
We will now send request using Burp with tampered parameter values.
Send another request to check the leaderboard scores. We will see that we are ranked 1st on the leaderboard
Upon submitting this request, we can see that our data was successfully registered in the database and we can see it in the global highscores list as well.
Expert level challenge solved in 0.01 seconds without even playing the game!
These bugs are fixed in the latest version of the application.
|Bug Submitted||19 February 2020|
|Bug Triaged||25 February 2020|
|Bug Resolved||13 March 2020|
- Name: World of Minesweeper Hack;
- Cheats for Money, and more;
- Developer: Cogoo Inc.;
- Price: Free;
- Languages: English;
Description and tips
World of Minesweeper this game came to us from the 60s and is the equivalent of every famous sapper game. If you own perseverance and you have a great shutter speed, then bravely install the application on the phone. With his support, you will be able to pass the free minutes, and at the same time to train attention and develop logical thinking. Using for World of Minesweeper hack you will be able to pass the exciting game levels. For this, you will earn increased skill to open access to new locations and maps. On the playing field hidden a certain number of minutes. Every mine is surrounded by numbers that show how many mines are around a cell with a number. But be careful, incorrect pressing will cause an explosion of all mines. You will be able to add life using for World of Minesweeper hack.
World of Minesweeper Cheats and their features
World of Minesweeper is an exciting alternative to various puzzles and charades. It differs from the classic sapper with excellent graphics and various maps, which brings its own flavor to the game. Playing World of Minesweeper you will support the motto of the world without mines, and in order to achieve your goal you will need to discover all the hidden mines, this will help you for World of Minesweeper cheats. With them you will be able to spend unforgettable hours of logical thinking for the right move. At the same time, all your actions will have to be perfectly calculated, since the entire field may explode. This is very significant, exclusively on high tiers, here you can use for World of Minesweeper cheats. They will allow you to keep track of your statistics: skill, skill level, rewards and points.
Hacked World of Minesweeper, and game secrests
Using hack World of Minesweeper you will get double the skill and points for skill. Also, you will be able to apply hints, they will help you on the most difficult tiers. Owing to them, you will pass the whole minefield opening more than a hundred mines and not having suffered. In addition, you will be available periodic replenishment of your lives, if necessary, you will be able to reset all previous steps and start at the beginning. Hack World of Minesweeper will open for you the newest imaginary world of an exciting and tense game for spending a good and enjoyable leisure. Also, you will be able to choose the most different card sizes, this will allow you to both simplify the task and make it harder. Multiple forms of cards will allow to pass the game with interest. Install the game on your device and start doing.
View Dot to Dot Weapons Hack
World of Minesweeper Cheat Codes for free purchases (iOS and Android):
Price in the game
The prices in the table are crossed out, because after entering the cheat code in the game World of Minesweeper, you will get the things for free.
Other Codes for Hacking World of Minesweeper (iOS):
World of Minesweeper Hack Codes (Android):
In order to get all Cheat Codes for World of Minesweeper (Android and iOS) and guide for these codes, follow this link
To start using cheats, you need to download from GooglePlay or AppStore the original World of Minesweeper. Hack of this game works on all devices on which it is installed. World of Minesweeper Cheats work the same way as in other similar games, so if you have already used cheats, then it won't be hard to hack World of Minesweeper.
Incoming Search terms:
- World of Minesweeper Money Hack
- World of Minesweeper Cheats
- World of Minesweeper Hack iOS
- World of Minesweeper Hack Android
- World of Minesweeper Cheat Codes