ad
ad
Topview AI logo

From Cheating to Hacking, This Discord Activity is Broken…

Science & Technology

Introduction

In the realm of online gaming, particularly within Discord's activities, vulnerabilities can sometimes lead to alarming consequences. A curious individual, known as Bob Dehaacker, embarked on a rather mischievous journey through Discord's "Death by AI." Initially a boredom-driven exploration, this adventure revealed alarming loopholes not just in a game, but in the infrastructure behind it.

The Game: Death by AI

"Death by AI" is a unique Discord activity where players craft survival responses to absurd scenarios generated by an AI. For instance, the AI might throw a prompt at players that says their grandma is threatening them with a knife. The players then submit a strategy to survive against the AI's wild narratives. Depending on the response, the AI narrates whether the player survives or meets their demise.

While engaging with the game, Bob Dehaacker grew curious about the technical components behind the activity. After musings about the game's structural functionality, Bob opened Chrome's console to probe into the networking requests transpiring between the game and their device. This exploration unveiled requests tied to gameplay results, suggesting that one could manipulate the outcomes.

Discovering the Exploit

Bob realized that in order to cheat within "Death by AI," it was crucial to be the game host. The game utilizes requests labeled as "reveal requests," which detail a player's actions and the subsequent outcomes, with the potential for modification. By employing the Chrome extension Requestly, one could intercept these requests and alter them—either to guarantee survival or craft absurd outcomes that never failed.

However, Bob, driven by more than just playful antics, sought to gauge the extent of vulnerabilities not merely in "Death by AI" but within its parent platform, Playroom. This platform functions as a backend service enabling multiplayer games on Discord, including “Death by AI.”

The Hack: Gaining Admin Access

With an inquisitive mindset, Bob created a developer account on Playroom, uncovering a series of requests that led to Firebase—a cloud-based platform used for managing backend services. After some navigation through the settings and network requests, Bob stumbled upon a Firebase key associated with Playroom's database.

By exploiting this key, Bob discovered the user management capabilities inherent in the platform. Bob's groundbreaking twist resulted in a change of their user role from developer to admin, allowing unrivaled access to the insights of various games, including "Death by AI."

The Potential for Havoc

With admin privileges procured, Bob had the power to significantly impact the platform. This access meant that they could modify Discord bot credentials, disrupt game functionality, or even upload their own game in place of someone else's. Even more alarmingly, Bob could send messages to users as if from the legitimate bot, effectively orchestrating scams under the banner of "Death by AI."

Through a series of requests, Bob unveiled critical Discord bot tokens and client secrets, revealing the potential for severe mischief—not just for “Death by AI,” but any game connected to Playroom. An opportunity for mass messaging surfaced, allowing Bob to reach and communicate with every player that had authorized the “Death by AI” bot.

A Responsible Decision

Despite the temptation to exploit these vulnerabilities, Bob opted for a responsible path. They notified the Playroom developers about the exploit, warranting swift action. Remarkably, within 20 minutes, the fix was patched, preventing further misuse of the vulnerability. Bob's actions exemplified ethical hacking, shedding light on security flaws for the benefit of the platform.

In collaboration with the known ethical hacker XYZ Eva, they discovered further vulnerabilities in a remarkably brief timeframe, raising questions about the security of other Discord activities.

Ultimately, Bob’s adventure not only unraveled a broken game but pointed the spotlight on the wider vulnerabilities residing within Discord activities and the systems associated with them.

Keyword

  • Discord
  • Death by AI
  • Cheating
  • Bob Dehaacker
  • Hacking
  • Playroom
  • Firebase
  • Admin Access
  • Exploit
  • Ethical Hacking

FAQ

Q: What is "Death by AI"?
A: "Death by AI" is a Discord activity where players respond to absurd, AI-generated survival scenarios to see if they survive based on their responses.

Q: How did Bob Dehaacker cheat in the game?
A: Bob used a Chrome extension called Requestly to intercept and modify network requests, allowing them to alter the game's outcomes in their favor.

Q: What vulnerabilities did Bob discover in Playroom?
A: Bob found that by altering their user role from developer to admin, they could access all games, manipulate bot credentials, and potentially send messages to all players as the official bot.

Q: What did Bob do after discovering the vulnerabilities?
A: Rather than exploit the vulnerabilities, Bob responsibly reported them to the Playroom developers, leading to immediate fixes.

Q: How does this incident reflect on Discord activities?
A: This case highlights significant security vulnerabilities in Discord activities and raises concerns about the overall security measures in place behind such platforms.

ad

Share

linkedin icon
twitter icon
facebook icon
email icon
ad