Sunday, June 01, 2014

Kingdom Rush for programmers

Read on to learn how to play Kingdom Rush as a hacker.

As I might have alluded to: I dislike games with in-app purchases. A recent Humble Bundle included a game called Kingdom Rush that has in-app purchases. Kingdom Rush is a tower defence game where you build towers while monsters come along stupidly predictable paths. While I started out enjoying the game, it quickly became too difficult to be fun. I had two options: play the easy levels repeatedly and gain the in-game currency, or stop playing the game.

So you'll be happy to know that I chose option #3: use my mad Android skillz to win the game with little effort.

The game came as part of a Humble Bundle, so I downloaded the Android apk and installed it on a rooted device. I could have done this on a PC as well, but an Android device is easier to experiment with. First I started poking around the /data/data directory. The data for the game was in /data/data/ I looked around using adb shell. All I found was a few Linux shared objects: .so files. There was a .plist file but that contained some trivial settings. I also found shared preferences which also had nothing useful. At this point I thought the game might get all its state from the network. So I put the device in airplane mode. It was still able to show me the levels I had won, and my score. So the information was stored somewhere. After a process of experimentation, I eliminated the sdcard as a possibility.

Then I copied all of /data/data/ onto my desktop for analysis. One of the files, .Defaults.plist was particularly interesting. Kingdom Rush is developed using a framework called Apportable. This compiles a game written in Objective-C with minor shims for Android. Objective-C uses .plist files for resources. The file opened in a simple text editor and is a simple XML format. The file contains all the game state: the total number of stars, stars earned at each level,  the number of diamonds, the amount of power-ups (dynamite, extra ammo) you have.

From there it was a simple matter of figuring out what the values mean, made easier because the XML file had descriptive variable names. I stopped the game from the Android device, and loaded up a modified file onto it. After starting the game again, I had a shockingly large number diamonds and power-ups. I continued playing the game, progressing through levels at an easy pace. My strategy was to start out making crazy amounts of money using a special gold-coin power-up. Then I made towers of blindingly superior firepower using my newly acquired mountain of money. The final step was to leave the game running as my towers made confetti out of the enemy army.

It was glorious to watch: like a well made action movie in which the bad guys lose.
I highly recommend it.

This raises some interesting questions about the nature of my activity. Did I just cheat the Kingdom Rush team out of large sums of money by not legally paying them for the diamonds? Were they cheating me by making the game too difficult to play without in-app purchases?  Am I entitled to change files on my own Android device, or do I need someone's permission to modify certain files?

More importantly, what else can I play in this manner?
This is my kind of game!

(Image courtesy: Vikram)