Feb 7, 2012

The Shell/Concrete Request Exploit

Share:

A few days ago, I made a post about some players having suspicious loot items in their accounts (1). I pulled the original post when it became clear that this was due to an widespread exploit and was not family specific. I unfairly targeted a single family and apologize for that. I have since learned all about this exploit and will explain it the best I can. Zynga has quite a mess to clean up as it has been going on since January 5th when Family Property consumable requests were made (1).  What makes it worse is players could be sent suspicious loot items without even knowing about it! The exploit was patched today and players can no longer use it.

Any player was able to send another player ANY loot item that is in the inventory. It was done by manipulating the requests for Artillery Shells and/or Reinforced Concrete. The item IDs of Shells or Concrete were replaced with the loot item of choice and 20 of those items could be sent and therefore received. Below is a Artillery Shell request. When 20 players click on it, I get an Artillery Shell and so do they. The exploit worked exactly how these requests do but instead of a Artillery Shell both players got a loot item.

lg1
The reason this exploit was bad news is players could use ANY Mafia Wars profile ID, create a request and “bounce” 20 items into any other players account (provided they were Facebook friends). There are innocents who got loot items and didn’t even realize it. Those using request scanning scripts also reported getting suspicious items.  If manipulated request links were posted, players using scanners got the items.  Loot was not the only thing that could be gained by this exploit. Treasure Chest Keys and Collectable Stat Cards could be sent. In addition to boosting equipment attack/defense scores, players could boost their reward point balance and skills! In a game which is all about skill points, this is not good news to players who earn and/or pay for theirs.
lg2
lg3
Many players using the exploit were not very smart about it and that lead to it’s discovery. Our inventory items are displayed on our profile page and our active defense items can be viewed by anybody (1). Learning you were beat by a Emerald player owning hundreds of Harbingers would be cause for further investigation.


lg5
The not so brilliant exploiters who created requests for items which are impossible to own more than one of, are not released yet or don’t exist are the ones who drove this exploit into the lime light. Owning hundreds of rare Boss Fight items is suspicious enough but I saw profiles with multiple Grand Prize Mission items, Death By Ice Reward items, unreleased Ice Season loot, Collector’s Edition loot, Ruby Level Group Sale items and many Collectable Stat Card Grand Prize items!

There were several instances of players using this exploit to target other players/families. Items were unknowingly sent to players and the innocent were reported by the same players who sent the items. If you find that suspicious loot items were added to your inventory, the best thing to do is contact Customer Support to have them removed or dump them into your Family Property to get them out of your inventory.

lg6
I don’t know how Zynga is going to undo the damage that this exploit has created. Many players pay real money for loot items, skill points and reward points. Most are now worried that those items purchased with real money or earned the hard way will be wrongfully removed in the event of a rollback. Zynga will need to figure a way to distinguish those that were purchased/earned from those acquired through the exploit before attempting rollbacks. It’s recommended that you take video images of your stats and inventory items in the event that a rollback happens and they screw it up.


lg7

Article written by Jennifer Patterson, Creator of the MW Loot Lady Blog, The Mafia Wars Loot Lady Facebook Fan Page and Co-Host of The Informant Podcast.
All material is protected by copyright law

43 comments:

  1. Great Job 007 Jen ! awesome detective work.
    Hope the cheaters are going to be busted :)

    ReplyDelete
  2. For your information, i have contacted Zynga through Live Chat and Phone Calling, but both returned the message that Zynga will not launch a rollback in the game as they are unable to reproduce the log in the game. Apparently no log were stored and they were unable to look at who took advantage of the glitch. Seems they are going to let this glitch slide by.

    ReplyDelete
    Replies
    1. yes i contacted support too for information if they are gonna roll back the accounts , they said no

      Delete
    2. They are not doing a roll back, but there are some people who have had their ill gotten loot removed. Ain't that right PB ^_~

      Delete
    3. why you all blamming PB?
      Please concern this sentence:
      "There are innocents who got loot items and didn’t even realize it."
      So its meant, if i'm the cheater, i can send you all here those loot 500 pcs, even you all doesnt realize.

      its posible if there are few person who hate this clan (PB) and make propaganda using this glitch.

      You can see their warpage, even zynga already clear the issue, several people, and 2 clan warring them just because they jelous not have that glitch.....

      so are we gonna watch this drama????

      Delete
    4. what do you even mean ? we been at war with PB way longer then you think ever since last year you claim we warring them for that but your wrong you just dont get that group they have a big mouth wonder why ppl at war with them dont you think just check out there wall you see it all

      Delete
  3. I am pretty sure, this is the end of mafia wars and this all happened just because of Jennifer putting that family post on her blog a couple of days before and instantly after that, this glitch opened widely to many players and they grabbed everything available in the game and by which Jennifer ruined the game she would instead have reported directly to Zynga Administration and they would have fixed this glitch in the background. Damn, the worse day for Zynga and Mafia Wars. I shall miss this game and many many thanks to Jennifer Patterson. You Rock

    ReplyDelete
    Replies
    1. Why on earth are you blaming Jen? She simply posted a family with suspicious loot.She never said how they got it or how to duplicate it. She did not ruin anything for us and how dare you say that. She does nothing but help us with the knowledge she provides and is invaluable.

      Delete
  4. Zynga can simply check the inventory and see who has unreleased loot items - if they do, whether from this glitch or some other - it's bogus. Then anyone who does gets rolled back to prior to January 5th. Piece of cake.

    ReplyDelete
    Replies
    1. Or busted to a much lower level so they have some incentive to not do this again. Merely a rollback is like a light slap on the hand.

      Delete
  5. At this rate some will take advantage of it!

    ReplyDelete
  6. I got a Supercharged Death Ray through one of those links and although I didn't exactly believe I'd get it when I hit that link I in no way regret it. This is the 6th boss I'm fighting, defeating one or more per day for months now, and I think one of these ultimate loot babies is no more than I deserve. Last I checked using scripts in the game also qualifies as cheating so watch out that you don't get busted either. And for the record, people can do what they like with their cash and if buying a virtual item that in no real sense "belongs" to them for more than many people earn in a month working their asses off in some "economically challenged" country (PC for POOR) is what they need to empower themselves, then go ahead. But don't start labeling people who want a chance at the good loot and can only use their BRAINS instead of their WALLETS.

    ReplyDelete
  7. They likely won't be able to catch the "smart" cheaters who generated legit loot that we can have multiples of. I guarantee they can (and probably will) create a basic script to identify accts which have multiples of unique items and adjust the inventory appropriately (Harbinger, for example)

    ReplyDelete
  8. A rollback can be done on for example the Harbingers (also with special event item) given out. Zynga knows who can have ONE Harbinger and who not... at least 1 item they can rollback ;)
    Letting this go by is not good from Zynga's side given that Harbinger and special event items everybody cannot have more than a certain amount

    ReplyDelete
  9. I see the whole ASS clan has huge health now? Is this from the health glitch via reallocation - lol - Zynga needs to ban this whole clan

    ReplyDelete
  10. i like this statement :
    "I unfairly targeted a single family and apologize for that."
    cuz previous post made me dissapointed about the proffesinalism of this blog.. though i m not in the X clan (that u mentioned on previous post).. but i m from the country u mentioned..
    thanx

    ReplyDelete
  11. They are absolutely NOT "going to let this glitch slide by," you can count on that. The question is how good a job will they do fixing this problem? Probably not very good at all, since they'll only expend as little effort as possible to make it look like they're doing something about it.

    What a bunch of clowns these Zynga programmers are. Yet another reason to quit this clusterfuck of a game.

    ReplyDelete
  12. ^If that is true, then we may as well all give up. Profiles floating around with hundreds of Harbingers and left well alone? What a joke.

    ReplyDelete
  13. I haven't taken a chance to see if I happen to have these items (checking right now after posting this note) but I am appalled and now can see why some players with a/d far below me are beating me in fights etc.

    ReplyDelete
  14. Bloody big glitch to let slide, they should remove all items where there should only be one as no one in their right mind would willingly give them back

    ReplyDelete
  15. Haha.. since Zynga isn't rolling this one back, aren't you sorry you wasted 5 Harbingers on your Property build?

    ReplyDelete
  16. False. We will be rolling back impacted accounts.

    -The Man

    ReplyDelete
  17. You people are not understanding the term "roll back" properly. Zynga takes snapshots of all accounts, probably daily. They can "roll an account" back by simply replacing the current account stats with an older version. That's not the same thing as going in and manually removing loot, etc. You can absolutely count on them removing unreleased items and multiples of 1-of-a-kind items. All they're saying at this point is that they're not going to do a global rollback, where all accounts get reset to Jan 5. I think they should, actually. Even though I lose a month's progress, this current situation is absolutely unacceptabel.

    It just makes me wonder what other exploits there are that we don't even hear about.

    ReplyDelete
  18. This isn't even a new glitch. This same method worked Waaaaay back on property upgrades. Zynga patched it back then, and then creates another event with the same loophole. If they weren't in such a rush to roll things out, they might catch these things. Don't blame the people who exploit the glitch, blame the idiots who make it possible.

    ReplyDelete
  19. i know 3 members with 500 Harbingers and 300 of the top boss loot.

    ReplyDelete
  20. Yikes! and here I am playing my rear end off to earn any little bit of anything I can :( At this rate, most of us won't 'make the grade' so what's the point? I certainly hope that something will be done about it without messing up anything legit. Why do folks have to be so dishonest? There's no challenge in cheating...

    ReplyDelete
  21. Maybe I'm just an ignorant person regarding people discovering these 'glitches' that occur from time to time but I have enough going on within this silly game these days and I don't have any spare time to try and figure out any loop holes within the game but it never ceases to amaze me that there are people out there that can not only do their daily game play BUT also seek out and actually FIND these loop holes. It just seems like there aren't enough hours in a given day to be able to discover these new ways of cheating. I'm having a hell of a time just trying to upgrade these stupid NY properties that they keep throwing at us and I'm really questioning the need for completing these at this point. Now a loop hole that will help me complete these with ease is something that I can use...

    ReplyDelete
  22. What are your stats with 500 harbingers and 300 top boss loot? :P

    ReplyDelete
  23. so its not hacker isnt,its a glitch,another zynga bug,good job Jen

    ReplyDelete
  24. hahahahhaha7 PBT doesnt have any excuse for blamming PB now,before they use this issue to gain clans to attacking PB,its only bug not hacking

    ReplyDelete
  25. i foubt if there is anyone who complained after getting the top of the line items lol everyone is just as happy and guilty lol.

    ReplyDelete
  26. I'm glad I got out of this shitty game at the end of the year. I spent so much time on it (starting playing a week after it came out) that I still keep "up to date" with the goings on. Things like this make me very happy that I got out before the total implosion. What a shame.

    ReplyDelete
  27. Amazing ! FYI! If you went and bought all the best for fighting and defense . I found Attack would be 420,000 .I found it hard to find any defense items to take it beyond 380,000.

    ReplyDelete
  28. ok. it is clear now why clans increased their requirements. there are players that simply did not know about multiplied health and those stats/rp glitches and they were paying. not so big money, but paying. so having those glitches and players that use them allow zynga to push players to pay. so basically this is not a first time and a time for us to move on. enough is enough

    ReplyDelete
  29. Glich/bug whatever!! these players/clan knew it was wrong,yet continued to use/plus only help fb friends.who would want to be involved with such dishonest/greedy peeps! The clan/peeps in question is just upset because they got busted!By all rights they should lose their accounts.pfft however we all know zynga can not afford to lose any more players,So will sit idling by.think what upsets me the most over this is how other players have lost their accounts for less! daily players paying or not who have worked hard and still do not have it all.plus knowing about that 1 clan in question belittling the clan they are at war with.yes everyone can read walls. making threats to the loot lady.Now act as your lil little angels you did no wrong,for zynga can/has really no way to prove..you should be counting ur blessings your allowed to even play!!

    ReplyDelete
  30. What will probably happen, is loot with ridiculous stats will be invented so all our current loot will be rendered obsolete, even the harbinger will become an inactive item and this time they wont adjust the stats to make it the strongest weapon, expect everything you have now to be rendered useless in the near future.

    ReplyDelete
  31. have you post your sorry at the family page that you accused ??

    ReplyDelete
  32. What I find wrong is for 2 tags one clan to go up in loot from 260k to go up to 323k 329k and up in less then a 4 hour period then to brag about it on a war page is just wrong. No one from PBT ever asked for help in the war to my knowledge. I just don't thinks it is fair for people who play this game honestly to have to put up with a bunch of hackers and cheats. Play the game and play it fair or quit and make your own game as people really don't care for cheats while we spend tons of money and your getting for free and sent to all your clan. I could see maybe one person going up but 2 of their tags unreal. I don't feel an apology is needed as PB has been doing things like this for years.

    ReplyDelete
  33. bwahahahah.. its a simple sql query.. to find out who is fracking around with glitches.... silly.

    ReplyDelete
  34. Don't worry tick tock tick tock .....

    ReplyDelete
  35. its not ticking again lol ,get a life,dont hate ppl just because they know more info than you

    ReplyDelete
  36. I didn't even get any of this junk and they ripped my henchmen. I even bought zynga cards and purchased rp's. It's not right.

    ReplyDelete

Comments are moderated and will not be published until they are reviewed. Please don't use bad language or insult others. For faster feedback on questions, visit our fan page.