ibProArcade - Any player can cheat at ipb? or this is an exploit/bug?
 

One of forum member post a bug/exploit/cheat:

"Yes there is 1 bug, i discovered it myself, if u look at YetiSports 4: Albatros Overload, u will see my highscore 12681, which i did in 00:04. So what happend?

I was playing Yeti 1: Ridiculous Longshot, but cus it took so long to finish it, i deceided, that im gona put that game in background and im gona start playing Albatros Overload. Then when i wanted to submit the score in this game, i noticed that the other game was finished. So i submit that score first and heres the funny part. The score didnt go to Ridiculous Longshot, but to Albatros Overload. Both games got mixed somehow... So theres your bug... "

I was see 1 player do in 14 sec 270 points, but at game impossible to make more than 30 in a first minute. He is a cheater? Or buguser? How can fix that?
No other user have problem with impossible highscores?

I know, a flash game run at client side and post a score, and can hack a flash game, or a web parameters, etc...

IPB have a session handle bug too?

any ipb user?!

Mmmm... I'm having the same problem here! It's a Caos! Someone???'

hmm I do have a user with impossible scores. With weird score and time. I know about the cross submitting but that bug was fixed...
maybe this should be moved to the ibProArcade forum

That's the problem... I've read that the cross-scoring was fixed in v2.5.5, but I'm having problems with that in v2.5.6+ ... Maybe some problem with my V3Arcade to IbProArcade migration? I don't know... If someone can lend me a hand on this...

Thanks!

Just to let you know: there will be new type of games "called ibPro v3" which have complete cheat-protection integrated in the game itself.

Scores are crypted and combined with hashes ect. to make sure cheating is impossible.

First games are internally available and will be standard in the future, ibProArcade v2.5.7+ will be compatible to those new games

Anyway, I will have another look on this cross-scoring-thing for v2.5.7+ the next days

OK, thanks!

If I know as good: the old games don't will support a new cheat-protect scores, but will fixed a session handle bug?

Admin will see a games: this is a "new" or "old" version of score submitter?

And also if a player/member hack a flash game at client side the new cheat protect don't will help IMHO... the new cheat protection will helps to a game score will be submitted as secure, but cannot help who hack a game score before submit... :|

...but currently a "2 game in same time" is a biggest bug. I don't know if fixed at 2.5.5 how have a same bug in a full new install with a 2.5.6. I was installed vb 3.5.4, and this IPB plugin, readed the instructions, etc... and still have a bug.

Indeed, the cross-scoring bug is still at large on my forums. I've never once seen it prevented.. :/

www.xtracrispy.com/forum ...

vBulletin 3.6.0 GOLD is what I'm on at this point, but it existed in vBulletin 3.5.4 as well.

Cheating in a arcade game on a website is just sad....
Do the people have lives?

But yes ive seen it

Ok, I think I now have a final true fix for this, could please anybody who is able to reproduce this bug anytime, with any game, contact me via PM to test my new fix on my testforum ?

Thanks :)

Yes, can but post a game too what can make a very high scores, like
"Nanaca Crash" game. If you install this I can post a high score to other games...

any news on this bugfix zero?

I did a fix but nobody was willing to verify/confirm that it really works ...

I would test it for you but for some reason mine doesnt let me cheat.

I just got confirmation that with my new code in v2.5.7+ this cross-score-cheating is detected and no longer possible :)

why did it only work on some servers do you know?

no, I just extended the code to detect cross-scoring and now it seems to detect it all the time :)

very awesome I was thinking maybe it was only windows servers or servers running certain types of apache or php with different modules.

i've started to see this now as well... can get really annoying

if a fix is made, can a patch be released for 2.5.6? or will the first instance be released in 2.5.7?

no patch, because it needs several filechanges and adaptions to the DB

v2.5.7+ will come along with it

Ok this is happening on my board and I have 2.5.9

It is happening with pretty much any game. If it was fixed in 2.5.7 and is now broke in 2.5.9 can someone direct me to where I can get 2.5.7?

Anyway.. I think this is probably why V3Arcade had .php files for each game that way the score is submitted to the correct game all the time by going through that php file? Is that something that would be possible to fix this?

I'll look into it.. even though I don't know much.

no, the .php-files from v3arcade are just for the installation of that game, the games itself always call arcade.php itself :)

I now need one or two people that like to test v2.6.0+ where I try to change the score/session-store to avoid further cheating...

Please contact me via PM - and understand I will only work/test with 1-2 users, so if you don't get answer, you may be too late, please don't ask twice ...

Sorry to necromance, but this trick still works. I know because I have two hacked scores; one accidental and one deliberate (by me) because of it. For example 1, I was playing Ridiculous Longshot and it submitted a score of 7000+ to Mario Time Attack Remix, a game with only 40 levels.

Example 2 was my deliberate exploit just now. Managed to send a score of 3000 to 'Whack a Boss' using this trick, while the second one was only 45 for the score.

I am using the latest version (or possibly the slightly hacked version of the one before it).