This is a guide on account hacking, how it works and how to avoid it. My old thread is not a guide, more of an explanation so this is a new one, more information and more of a guide. I hope this to be pinned so that less people get hacked. I will improve this by adding more parts and tips. Ask me to explain anything and I will. You can buddy me on Windia also, my IGN is econac.
This thread generally explains how hacking works so you know how to better protect yourself. It explains how hacking has happened and what you can do to stop it. Not knowing is not the answer.
As many of you know, there have been many people hacked lately. There are many threads about people being hacked for what they say is no reason. I am making this thread to explain the truth about hacking accounts and how you can avoid that. I will also talk about how many people have been hacked and provide an accurate percentage of people who have been hacked.
First of all, I want to clear up some lies that foolish people here have been telling you. First of all, accepting trades, party invites and chats is completely safe and you cannot be hacked as a result of it. The free market is safe and a great place to go to merchant. You are completely safe if you take the proper steps.
When you are a target for getting hacked, the hacker will do one of two things. One thing he may do is contact you somehow, and talk to you normally. He will seem nice, and you may know him for a few days if not weeks. This is what we call social engineering. That is the act of ‘playing’ someone. The people you know on maple story that you do not know in real life, you do not really know them. All you know from them is what they tell you. You do not know if they want your password.
The other thing a hacker will do is wait for you to disconnect. If the hacker doesn’t want to try to get your password from you, he will try to key log you. I tell you the truth basilers, if you buy a computer and only have one program on it, maple story, you will never be hacked. If a website other then the official maple story website asks for any information, do not use the information you usually use.
So you people must be wondering how you get hacked, it is one of the two ways I listed above. If they can get to know you, they can play you until you like them and give them your info. They can also plant programs inside your computer to see what keys you press.
Here is another truth, the hacker cannot hack any account he wants to. If he did, the top 100 players would go down, he hacks the people that come to him. The top 100 players are the same as all of you; they do not have extra protection. If they can protect themselves then you can also.
Now I will explain how hacking works, and how you cannot hack someone from in game. To do that I need to explain how the program maple story works. To do that, I will explain how the internet works.
The internet and your computer communicate via data packets. Data packets are small pieces of data that contain information. These travel from one place to another. The maple story server and your computer send data packets back and forth. Each data packet has a header that tells where the data packet will go to. A hacker cannot re-direct these data packets to their computer, easily. You would need to give them a little something before they could do that, hackers are not Gods.
As I said before , maple story sends packets to your client and your client sends them back, when you log in with your username and password, the client sends the username and password to the server, that is the only time that the username and password are send between them.
One other player here on these forums claims that the hacker takes your player on screen, that is false. To do that, he would need to tell the server to stop accepting his clients packets for his character and start accepting them for the player that he wants to hack, basically impossible in programming as each player would have an object to themselves, but that’s just programming.
If the hackers gained access to the database, then they would be able to do whatever they want. The character data, account data and the notices/news/events on the maple story website are all in that database; they would do a lot more, and would hack better accounts.
Also, for databases, there is a neat feature that lets you only allow a connection from certain ip. You cannot change your ip to their ip because you need a unique ip to connect to the internet, technically.
Ok, so you think a lot of people are getting hacked, right? No, at the time that I made this thread, there were 34637 people online in global maple story. On max, you will only play for 5 hours a day at most, and over two 5 hour periods, it is reasonable to say that the number of players online would be steady, meaning around 70000 people play maple story. If you say that around 300 people got hacked so far, that is a 0.5% chance of you being hacked. I took into account the minimum people that play, not everyone plays every day. The 0.5% would be the minimum, I estimate to around 0.01% of the total population of 2009 to be hacked.
I am a computer programmer, I know my stuff. Please feel free to ask questions and I will provide the answers I know. The program I used to get the number of people online is legit, it acts as a client connecting to the server, sending the same packets, the server sends the amount of people online, I am fairly sure.
I have some theories about how you would be able to hack an account, but if Wizet has coded login properly, I see no possible way. Hacker, come get me, I dare you.
There a lot of people, kids, in maple story that like to have online friends, or even have relationships deeper then that (nolife). You do not know that person, at all, in any way. The only thing you go on is what they tell you, it is so easy to trick you kids.
Never trust anyone on the internet that you do not really know, you do not need to be paranoid or anything but don't get into a relationship to involved. I can make someone who does not know me at all buddy me in 5 min and make them guild invite me in 15. I can walk up to someone anywhere and instantly become friends.
Account Hacking from In-Game
As I explained before, you can not get hacked from in-game. I also explained how the client works. In this part I will explain how you can not get hacked from in the game, it’s impossible.
People think that you can get hacked if whispered to or traded. To explain this, I looked at a few packets (legit). When the client sends the whisper packet, it sends the header, same as in all data packets. After that it will send the recipient and the message that you are sending that person. Based on the recipient, the server will most likely then send a data packet to the receiver. Nowhere in this relationship to the two clients communicate at all in any direct way; the server does all that for them, as it should. In no way can a hacker abuse whispers.
Trades are similar. The client will send a packet for spawning a trade, the server will then most likely make a new object for that trade. An object is basically a data space reserved for a set of data containing properties and such. After that multiple packets are sent between the two clients and the server, but the two clients never directly interact in any way. A hacker can not abuse this relationship in any way either.
Surly you must think that the clients have a link when you are in the same map. Sadly, that is not true. There are packets for spawning the player, moving the player and just about everything you can think of. When coded properly, this does not lag at all. Look at google; it searches over 8000000000 pages every search in less than 1 second.
Hacking Item Stats
The data inside the .wz files contains all images and default stat data for the game. The server also has a copy of this as reading from the clients’ files al the time would be very memory consuming and would pose security issues. Since all the default item stats are stored in the .wz, you would think you could change them. The only problem with that would be that the copy that the server reads off of will not be changed. There are indeed some data, other then images that are read from the clients .wz but I assume that HS checks for that.
What happened in MSEA was probably a loop hole that a hacker found to be able to edit these stats to his will. It would not be too hard, there are always loop holes in programs, its just finding them that is the hard part. Also, changing your images may make you look cool in-game, but only only our screen, no one else would see that.
Malwarebyte’s Anti-Malware is the best software for virus scanning I have found so far. I suggest using it on top of what ever virus protection software and firewall you have right now. Setting your firewall to not allow programs other then certain software that you use to connect to the internet will protect you even better.
I also suggest to sandbox your computer. That is the act of making a part of your computer trap files inside it, making it safe even if you had a virus in there. It is a very useful thing to do if you were to constantly download software. The way I explained it is not actually how it is, but you would get the general idea of sandboxing.
I am sure you all have heard about dupe glitches and different places in the game giving you free items. If you have fallen for one of these, you should probably hit yourself now. I will tell you why.
Duping is almost non-existent. The only way you would be able to dupe is either if you were to drop an item, somehow not save your character to the database, then pick that item up. That item is then added to the database when it was never removed in the first place. This is highly unlikely, Wizet are not noobs.
For getting free random items, this one is easy to explain. Each and every item has an ID, there is often more then one item with the same name so they need a unique key to tell what item is what. All these item ids are inside your .wz files by the way, also found on BannedStory. To be able to get a free random item, that item id would need to be included inside the source files at one point.
Hacking of 2009/2010
I know this part or section conflicts with others, the facts/information here applies to this section only and overrides the other information in this section online.
There are three ways the hacker could have done it, one, he got database access; once he has that he can do anything. The second way he could have done it is to find a flaw in the source code programming. Lastly, he could have planted a virus, a very powerful one, in an often used source by people who play this game.
Database access is a likely option, but he would not have had it, perhaps an administrator dump of the accounts once inside would have been enough. This option is favoured and though of to be likely by many people and it is not impossible. The passwords were most likely encrypted in the database, meaning that the hacker would either have to brute force the passwords, if encrypted in hash, or would have to decompile them. Some say that Glacia was not hit, but the truth is that the accounts being used there were around for a long time, every world was hit.
The flaw in the source code programming would have been a likely explanation, it is very easy to bypass pins and a flaw in the source code programming was the cause of the guild hacking last year. It is very possible to send packets that the client doesn't really want to, such as a packet to disband guild when you are not the leader. These exploits are easy to patch if found.
Planting a virus is a very likely thing, but there are a ton of secure people who have been hacked. Do not be so sure that you have no virus; always scan before answering that question.
change your password when people are getting hacked
Once weekly or by-weekly on average to avoid being the first hacked. It does not take to long. In the event of a database breach, this is the best method to take. When hacking is going on, changing password every day will avoid decryption issues. Make sure that your password is not easy and not the same as your email password.
use the anti-virus software I suggested and sandbox
see Anti-Virus Software. If you download at all, sandbox, all the cool people do this.
Knowing about Hacking
The best way to protect yourself from hacking is to know about it. There are a type of hackers called White Hat Hackers, these are hackers that hack to protect themselves and others. They do not really hack at all, but most likely know how to it’s not that hard. I am not saying to know how to hack, just know about it so you can know how to prepare yourself.