Reversing Who Has the Biggest Brain (Part 1)


Hi all,

Today I had nothing to do so I decided to reverse engineer this awesome Facebook application called Who Has the Biggest Brain 

Some facts about the game first:
It tries to measure the size of your brain by judging the player in four categories using 8 minigames. You get to play 4 mini-games in one game. Each mini-game lasts only 60 seconds. And in the end you get a comnbined score which tells you which brain type you are.

Now lets get into the technical details first. It seems like playfish decided to use the amozon’s Simple Storage Service (http://aws.amazon.com/s3) to host the game. This act can be confirmed by taking a look at the source of page to find out from where the swf file is getting loaded.

First thing to note is that this game can only be played while you are online. So this implies that there is some communication going on between the game and some server which happens to be on the playfish domain.

I tried to get hold of all the communication that is going on between them. And it seems like there are at some places where the game tries to communicate. First thing I noted is that there is no constant communication i.e., athe mini-games that are presented ar not ommunicated through the server. It is all coded in the swf file. There seems to be a communication before the start and at the end of each mini-game.

It has been reported that if you have slow clock the game notifies this as cheat and doesnt saves the score. It can be that this communication is related to the start and end time of each mini-game. So that the server can check the difference between start and end time is with-in a desired threshold othrwise it can be flagged as a cheat. So this rules out the slow clock cheat to get a good score in this game.

Good job done by the developers at playfish. But you can still squeeze out 3-4 seconds and remain in the threshold 🙂

Stay tuned for further analysis as I will try to rever engineer this communication to reveal more factsa abut this game.

Advertisements
Reversing Who Has the Biggest Brain (Part 1)

8 thoughts on “Reversing Who Has the Biggest Brain (Part 1)

  1. Fearoth says:

    3-4 seconds? I couldn’t “squeeze” more than 1 second using speederXP before getting my score refused. Please, share your secret :).

  2. faisalferoz says:

    Try SlowClock. I was looking at the back-end communication between the game and the server and in my case i was constantly getting 3-4 seconds extra and even then my score wasn’t rejected. Thisd suggests that there is some threshold at the server side. The clocks are usually not that accurate and having a difference of second or two is quite normal.

    Aprt fom the time check I there are other cheat detection mechanism also coded in the game. I will be discussing those in my next post. So stay tuned 🙂

  3. DiGiTaLiCa says:

    I already figured it did something like this to detect cheating by slowing the clock, and that it communicated with the server between every minigame. (That’s why even if you didn’t complete all tests, your profile gets updated if you got a highscore in every minigame you’ve completed)

    That being said, I thought the game checked the system’s internal clock. It was pretty smart of them to check the time on the server side.

    Anyways, I can’t wait for your Part 2! I wonder if disassembling the swf file woul lead anywhere.

  4. Mugen says:

    I tried using slow clock but it didn’t change the clock inside the game, just the clock in my computer, am I doing something wrong?, also it slowed down my pc’s clock by 10% so it’s 6 seconds per minute(even though it didn’t change the game’s clock), how do you get it to only slow it down by 3-4 seconds?.

  5. i began playin it recently and i figured out those suker can be really getting their scores without cheating so i watched the game files in the temporary internet folder and i noticed it creates files there with the scores but they are encoded and i duno wat to do with them coz im no engineer i know its hard to decode but if you had an idead contact me

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s