WEBFISHING is one of the most interesting recent releases in the past few months, a noticeably simplistic game harkening back to the days of animal crossing, with a main focal point of online play.
Exploitation in-engine
Mostly being interested in mechanics and interactions, before opening any tools I was able to find an exploit now dubbed ‘equip swap’, by abusing what I’m assuming is an in-game flag that locks access to your inventory and active items, if you jump over a body of water and start any process that sets this flag to True, upon voiding out and respawning, the flag is set to False. This is a necessity due to how I assumed the game fundamentally handles specific operations, such as setting the value of a held object to 0, which is an empty hand, after usage. The most notable usage of this exploit is using infinite scratch-off tickets, as you can interrupt the deletion of the ticket via swapping hands to an already empty hand after usage.
Another interesting usage of this mechanic is voiding out to store text boxes, I’ve not yet done testing on the interaction of this mechanic with regular play, however, due to what I’m sure is a cacophony of mis-set flags, I’m positive something else can be found in this vector.
Exploitation via dynamic analysis
Understanding the functions of the game is crucial when performing dynamic analysis of the process, there are many variables in all games and processes that can be scanned for and pointed to for interesting results.
Using Cheat Engine as a framework to perform dynamic analysis is the safest go-to option, the program has been around for over a decade now, and has a myriad of tools at your disposal to dig into the portion of memory allocated by processes and poke around.
Obvious points of interest are money, experience and speed. However, hacking to win a game is cringe and pointless. More interestingly, there are many flags to scan for, as well as interesting variables tied to the characters’ animations and actions.
After doing some digging in the game, something of note popped into my head. The developer of the game has a very strong preference for using the double datatype for almost every variable in the game, so I could scan more concisely for data structured with this in mind. The first variable I wanted to get ahold of was the variable tied to the player’s size, there is a function in the game that modifies this by purchasing a drink from a vending machine. After poking around a bit more scanning for changes in variables based off of the size increments and decrements, I found a variable in memory that starts at 1, and increments 0.1 and decrements 0.1. Upon modification, this was indeed the culprit, as my player character ballooned in size to take up the entire map when changed to 200. This inadvertently crashed my game (whoops), so I had to re-find the variable and generate a pointer-map to consistently find it when I launched the game.
Taking the win in stride, the next variable I decided to search for was for modifying the pitch and speed of my character’s voice. There is a slider for this in the in-game menu that’s rather restrictive, scanning for this was extremely easy to do, upon modification, the pitch of my character’s voice sounded like an eldritch demon beyond my worst nightmares. Interesting. Pointer scan again to have it in the back-pocket.
The last thing I wanted to modify before I really dug into the game was a fish, fish that you obtain come in many shapes and sizes, from just looking at how the game functions, it probably picks between a range based off of your upgrades and stats. While you could modify the upgrades and stats to fish BIG, I instead decided to just modify the value of a fish I already obtained. This was a straightforward process, the data in memory is again stored as a double, however, there’s some code in the game that automatically converts fish size on the metric scale, the lowest value of this being CM. Me, in my not so infinite wisdom, thought the values would be stored as full-length double integers, this was incorrect, upon digging some more I found that values for fish are stored as CM measurements including the decimal point with two significant digits. Upon searching for this value, I found that I could make fish so giant that float to point imprecision started causing a virtual black hole and destroying my screen with flashing images of shrimp. This is cool, but I don’t want to be (that much of) a nuisance, so I settled on just making impossibly large shrimps instead.
Dynamic analysis is fun and cool, but there’s just a fundamental limitation to it, I also tried to modify the values for my characters selected clothing/facial expression IDs to limited success, however, I don’t want to just kind of break something, I’m more interested in really breaking something
Static Analysis and Decomilation
This is always the fun part. Looking around for save-files for the game, I was able to locate them in the %appdata%\godot\app_userdata\webfishing_2_newer folder. This was cool, however, the creator encrypted the saves. Boo.
However, something interesting about this is the game engine, godot. Godot is a free game engine people use, yadda yadda, there’s publicly available tools you can use to perform a full extraction of this game if you can find specific information on the specific version of godot used to compile it. The first tool I set my sites on was https://github.com/DmitriySalnikov/GodotPCKExplorer, this was a good way to gain some insight on files inside of the games main package file, however, it’s very limited. Poking around the game files using this tool I found information on the version of godot used for compilation, as well as other identifying information.
Using this information, I found a set of tools here https://github.com/bruvzg/gdsdecomp that allowed me to very easily decompile the entire game. After decompiling the game, I found many interesting things, the first thing I look for when doing static analysis of a video game is anything with the word dev in it, and there were in fact several developer options, as well as custom in game nameplates the developer had created for himself and his friends that were awarded via steamID, using these would be super lame, and a full-blown developer mode for the game that was very easily toggleable.
There is also beta-content, unused content, and more, however, this is an actively developed game, and I think data-mining is lame.
Modifying my client to allow for a few more things (voice ranges and pitches much larger than normal accessible from the slider, allowing more than 4 user accessories, enabling the developer menu, modifying the fish I fish to always be huge, allowing myself to equip any accessory in any slot (eyes where my mouth should be and vice versa), I recompiled the game, and after a very, very, very long delay, and several failures due to not knowing how to compile a godot game from scratch, I had compiled a modded client to use, and it was time to wreak havoc on the denizens of WEBFISHING (by being big and sounding weird because I’m not a monster)
After booting into the game, I accidentally unlocked every achievement for the game at the exact same time, and found great success in the modifications I had made. I logged into servers, used the in-game mailing system to give users fish so large they blotted out the sun, said things in the chat with a spooky voice, and surely will forever be remembered as a hero for solving world hunger in the virtual world.