Hack Tales 3: Assassin Nation
For anyone not familiar with it, Assassin Nation was an online multiplayer game created by Kevin Lohman for AOL Instant Messenger users. The aim of the game was to assassinate other AIM users by attempting to kill them (using a game-generated instant message) when you think they are away from their machine or offline. If they do not verify their presence to the Assassin Nation Web site within five minutes, they die. If they do prove that they are online and at their machine, the assassin dies instead. Verification was done using an automatically-generated image containing random characters superimposed over a background, the characters from which had to be typed into an HTML form to prevent cheating via automation.
I was doing particularly well one night when I received an assassination attempt instant message. I followed the link in the IM to the verification page, only to find to my dismay that the image refused to load. It was not timing out, nor was it a 404, it simply refused to display in my browser. Time was ticking down fast: I only had a few minutes to get the image open, at least one of which was expended attempting to take up the issue with Kevin by AIM. I think he did respond, but had no idea about the cause of the problem, leaving me only two or three minutes to find an answer.
Thinking quickly, I launched my HTTP Werkzeug HTTP send/receive tool and used it to display the image in question as raw binary data from the server. I was surprised to discover, embedded inside the supposed PNG data, PHP error messages! Turned out that the file on Kevin’s server being used for the verification image background had gone walkies, and (presumably) GD was complaining, generating error messages during page execution; unfortunately PHP was not smart enough to realise that one should not output error messages inside a PNG image data stream. As a result, iCab was finding the image to be corrupted and was not displaying it.
Of course, all I needed at that moment was the valid PNG data. Thus, I took my best guess as to where the real PNG data started, and copied the appropriate data out of HTTP Werkzeug’s server request window and pasted it into a blank HexEdit document. Then, I saved that data to disc with a PNG extension and opened the file in PictureViewer. And as if by magic, there was my verification image complete with the verification code. With probably only seconds to spare, in went the code into Assassin Nation – I did not die that time. One will have to try harder if you want to see me dead…
(Aside: before my major drive damage, I used to have a screenshot of the PNG data open in HTTP Werkzeug and HexEdit. Alas, that file is no more.)