Mobile Game The Hack

Mobile games have dominated the marketplace for the past few years. They can be categorized into three main groups:

• Fully online games: These require an internet connection for all aspects of gameplay.
• Partially online games: These can be played offline, but require an internet connection for features like events and leaderboards.
• Fully offline games: These don’t require an internet connection at all.

I recently had the chance to play Plants vs. Zombies 2, which falls into the interesting category of games that are advertised as offline but still require an internet connection for some features. This post will delve exclusively into this category of games.

Important Note: If you’re looking for hacks or cheats for fully online games, this post won’t be helpful. The methods discussed here focus on this specific category of “offline-but-needs-internet” games.

Game State

As mentioned earlier, Plants vs. Zombies is an offline game with an online twist. While it requires an internet connection, it only uses it for in-game purchases, not the core gameplay. This suggests that the game state is managed locally on the device, not by a server.

This approach offers a double-edged sword for the publisher. On the one hand, it saves costs by eliminating the need for a server to constantly validate and process player actions. Servers are only required for transactions. However, this also presents a benefit for players (but a drawback for the publisher): players with the technical know-how can potentially modify the game state, allowing them to acquire items without paying.

/Android/data folder

When examining app data on Android, the /Android/data folder is a good starting point. Most apps store their data there by default.

Further exploration within this folder reveals the pp.dat file.

The initial inspection proved inconclusive due to the non-human readable nature of the data.

Fortunately, some online research yielded helpful resources. I discovered that the pp.dat file is stored in a format called RTON, which can be converted to the more human-readable JSON format. This allows us to potentially modify the data within the JSON file, then convert it back to RTON and replace the existing pp.dat file. (link here)

Despite receiving ongoing updates, the game’s age has allowed developers and hackers to uncover and share its secrets. By decoding the RTON file and exploring online resources, I discovered a guide that explains which JSON fields to modify in order to achieve the desired game state.

Leveraging the knowledge acquired throughout this process, I can now manipulate the JSON data to attain the intended game state.

While the JSON field names aren’t particularly intuitive, the provided guide acts as a key, offering aliases for each field. For instance, the ‘p’ field represents all the plants you own. Additionally, the continuous integer IDs make it even simpler to identify the desired plant. You can simply increment the ID until you find the specific plant you want.

What if there’s no guide on which field to modify?

While manually deciphering all field functions would be time-consuming, it’s not an insurmountable obstacle. We can employ a systematic approach: modify a specific game state, compare the JSON data before and after the change, and identify which fields were altered.

For example, the ‘p’ field, as we know, represents plant ownership. By taking a snapshot of the JSON data before acquiring a new plant and comparing it to the data afterwards, we’ll observe a change within the ‘p’ field. This not only confirms the function of the ‘p’ field but also reveals the ID of the newly acquired plant.

Recap

Bypassing game security, even in offline titles like Plants vs. Zombies 2, is a complex task. Without readily available information on the RTON format, this process would have been significantly more challenging. However, understanding these mechanisms goes beyond simply exploiting them. It fosters deeper technical knowledge and empowers us to create more secure software in the future. While the financial impact of hacking on Popcap Games is likely significant, focusing on educational aspects can ultimately benefit the entire gaming industry.