Wednesday, 1 January 2014


Some super simple exploits in a browser game that I documented–like I’m pretending to be a security researcher or something.

File: Some Security Stuff About Mythea (PDF)

tl;dr An online browser game has vulnerabilities. I show how to exploit them and suggest changes to avoid them. The exploits aren’t really sophisticated or unique, but I used this as a writing exercise and (as a player of the game) hoped the author would fix the issues if they were more public.

Mythea is webbrowser-based game where you manage a medieval kingdom, cooperating and competing with other players in a fantasy setting. For the time that I played the game, I found that there was an unsatisfactory amount of development attention directed at the quality of the system that ran the game. I spent some time to discover and document a small number of problems, demonstrated attacks that used them and tried to show how things could be done differently to avoid the problems.

I had seen security research papers done in a very professional looking format where they point out exactly what exploits were possible in a system, how they worked, and how they could be prevented. This paper tries to mimic that but in a much more amateur capacity and context.

In early 2014, I gave the site administrator a copy of my paper so that they could benefit from it.

In 2017, someone contacted me about it. He used the vulnerabilities to create a bridge between the game and the discord channel for his group. The API changed a bit so we found some attacks didn’t work and discovered new ones.

Scribbled in crayon on Wednesday, 1 January 2014

Categorized as “