Open in app

Sign in

Write

Sign in

Hacking #1 - How should I think?

Santiago Rosenblatt
strike.sh
Published in
6 min readMay 19, 2021

Introduction

How are you all doing? It’s been a while since the last time I posted about hacking 😅

Was waiting until an interesting topic came up to my mind and I believe it did. I am 24 now but been hacking since 6–7, so pretty much people have been asking during my entire life “how can I hack?”, “is it difficult?” and “what do I need to know?” among many others.

Given the above, I thought it was good to start sharing a bit here so that people can understand and have another view to the topic. Although there is a lot of material, I will try to start from -1, talking about the theory I used to use while I was little.

This will hopefully be at one point a weekly series but as I am currently extremely packed, I believe it is better to start and then catch up when I start having more time but still add some value from time to time.

Structure of the series

Regarding the structure, my idea is to start from the way one could think and then continue by building the foundations with theory, tools and speaking about fun hacking stories & write-ups.

Will be writing with no particular length in mind, so the first ones might be short stories and then write-ups may get long.

Thinking

Why thinking as the first topic? According to Cambridge, thinking is “the process of using one’s mind to consider or reason about something”.

That is actually something you need to do whenever you want to approach a problem, think about how something stands and how does it work. Hacking is not an exception.

As I’ve seen many tutorials that go straight to tooling and trying things, I guessed speaking about “the way to think” was a good starting point.

Just keep in mind this is my approach and there are many others; related to thinking is combining different approaches to build your own.

How should I think

Whenever I want to hack something, I start analyzing, but I’m not only referring to computers and devices. Think about life in general, imagine you are inside a room on a big building and try to picture it.

How is the room built? How does it stand? What was the material used to build it? Is it brick? Is it wood? If it is made of bricks, is there any place in which the bricks are more separated than in the rest of the room?

I know, lots of questions! By asking questions, you stimulate your brain and start getting out of the box but at the same time getting deeper. Combining analyzing and bombarding yourself with questions, is what will take you to examine lots of possibilities to compromise something.

For instance, now let’s talk about some practical examples, follow me:

Snapchat

Imagine you are in front of a cellphone. You just opened Snapchat and a picture arrived. How could you see the picture as many times as you want without having it disappeared?

Maybe there is a random mode in Snapchat aimed only for developers. Or maybe, you are thinking about using Snapchat. What if I tell you to zoom out a bit and start thinking out of the box?

What does it means to see a picture in your Snapchat app? It actually means that it has been downloaded to your phone. Duhh, of course it has been downloaded, it’s obvious, so why is it so important?

This fact is important, because the picture will disappear only if Snapchat detects that we have opened it. To do so, the pictured should be opened within the application, so an internal trigger when you click to see the picture sets a flag as seen=true.

If you are able to locate the file storing the picture in your file system, then you could have a look at it from another application, Finder for example, and avoid triggering alarms.

Another way, could be to think: “okay, so Snapchat will execute a function and set a flag as true if I open it within the app. Maybe I could find the function, reverse engineer it and tell it to always return seen=false.”

Here you have our first example and this is what I am referring to when I talk about thinking: go deeper and think out of the box.

CandyCrush

Let’s talk about CandyCrush (but this applies to any game). Imagine you are playing in your phone, new levels have been downloaded and now suddenly you are offline. How is it possible that you are being able to play without connecting to the internet?

Yes, you guessed it, the configurations and structure of the levels are in your phone, stored there in the memory. This means, that there is a place in which they are storing how many bonus you have, how many points you’ve scored, the amount of life you have and they are waiting for you to have connection again in order to sync.

This is how I hacked CandyCrush almost 10 years ago. They used to store all their levels in txt files. They would specify in the file, a matrix that had in place different numbers, each number referring to a specific material and there would be other files for points and scores.

Using this approach, I was able to create different playable levels, modify the existing ones and modify my score. When I connected back to the internet, everything synced and I was awarded my hacking achievements.

Actually, that was in 2013 and just as an anecdote, I created a custom level for a girl I used to date at that time.

Fun story about CandyCrush is that I only downloaded the app to hack it 😁 For some reason it never caught my attention, but still, I have the highest score in any level I played, which usually is between 5 to 10 times higher than the second position.

VideoGame - Cracks

Finishing with a last example that follows the same principle. When you download and play game or program in your computer, it will somehow be checking for the license.

How will it do it? Well, there should be a file or a directory (appdata for example) that will be storing this valuable info. If you reverse engineer the application, you will see that there is a call made to a function that might check for the presence of a file, set up a boolean or try to consult an external server connecting to the internet.

In any case, you can find the file and modify it, or if it is connecting to an external server, can analyze the outgoing connections, check for a response and then add a new registry to your local DNS so that the example.com domain it is expecting a response from, actually points to a dummy domain of yourself that always returns a mock of a successful response.

Conclusion

Although this might not be my best written article given it is 6am and I went through it just throwing out my process of thinking, that was just the idea.

My purpose was to show you a bit of what happens in the head of a hacker, the questions that are done and what a first or zero step would be.

Hope showing you some examples has helped. Try having a look at things during the day with this approach and you will start noticing more stuff than usual. Our world is amazing, it is insane how things can actually work, so try not to take things for granted for a day and think about how they are made.

Thank you for taking the time and reading this week’s story, I hope to be continuing with the series soon. As usual, if you have any doubts or need any help, anyone at Strike will be happy to help you. You can reach out to me here or in LinkedIn!

If you want to see daily news, tips and funny memes (yes, we are into that too :D), be sure to give us a follow there too.

Cheers from Strike :)

Hacking
Security
Thoughts
Thinking
Reflections

--

--

Santiago Rosenblatt
strike.sh

Written by Santiago Rosenblatt

72 Followers
Editor for

Founder & CEO at Strike.sh | Ethical Hacker | Computer Engineer | Go Getter ✌🏻 - “Embrace reality and deal with it” https://linkedin.com/in/santiagorosenblatt

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams