Bug Leaderboard exploit discussion

Chris Dunman

New member
Apr 11, 2012
359
0
When the bug has been fixed, I will tell you all about it, and trust me, it won't take a Youtube tutorial video to explain. You will not believe how easy it is.

Fair play here I think. Jeffs right about not posting the issue but fair play to Luobo for pointing it out and for agreeing to share AFTER the fix
 

DrainoBraino

New member
Apr 11, 2012
634
0
regardless of the method chosen there are probably 2 types of high score cheaters

i) those who post crazy unrealistic scores which obviously show they are hacks.
ii) those who post a score just a little higher than the previous best. These are more detrimental to our community as they cannot be detected unless FS close all the loop holes.
Sure, I can dig that. But check this out:

Luobo high score on Central Park is (#1) 1,944,570
The next high score (#2) - 9,751
The next high score (#3) -8,082

So the bug allows him transfer a score from one table to another. How you gonna score 9,751 or 8,082 on another table? What other table can you get a digit besides "0" in the ones place? The top 20 scores for CP end in a number other than 0. CP is the only table that has single digit scoring. He has to be the only one who used this bug on CP.
 

Luobo

New member
Mar 19, 2013
18
0
Sure, I can dig that. But check this out:

Luobo high score on Central Park is (#1) 1,944,570
The next high score (#2) - 9,751
The next high score (#3) -8,082

So the bug allows him transfer a score from one table to another. How you gonna score 9,751 or 8,082 on another table? What other table can you get a digit besides "0" in the ones place? The top 20 scores for CP end in a number other than 0. CP is the only table that has single digit scoring. He has to be the only one who used this bug on CP.

Makes sense. However, while the existence of a single digit in the score shows it comes from CP, a zero at the end of the score does not in itself prove that the score is fake.

At the other end of the spectrum, there is no table where you can easily get the hundreds of billions necessary to get to the top of tables like ATF and ToM, so I guess they are safe from this particular type of abuse.

But I don't think we should downplay the severity of this bug just because it can "only" wreck the leaderboard of like 90% of the tables in the game.
 

DrainoBraino

New member
Apr 11, 2012
634
0
Makes sense. However, while the existence of a single digit in the score shows it comes from CP, a zero at the end of the score does not in itself prove that the score is fake.

At the other end of the spectrum, there is no table where you can easily get the hundreds of billions necessary to get to the top of tables like ATF and ToM, so I guess they are safe from this particular type of abuse.

But I don't think we should downplay the severity of this bug just because it can "only" wreck the leaderboard of like 90% of the tables in the game.
No I'm not downplaying this bug, in fact just the opposite.

I am almost certain that you are the only one who knows it. If others knew, that CP scoreboard, and the other low scoring tables like Big Shot and Genie, would be blown to smithereens by now.
 

9u1d0

New member
Jan 7, 2013
310
0
Did you als try this in the latest tournament? I hope FS did not have any bugs or exploits there.
 

Paul Petrissans

New member
Jan 4, 2013
84
0
Background: I haven't been playing in a while, so I didn't notice until yesterday that FarSight seem to have cleaned up the leaderboards a bit, including getting rid of my bogus 300+ million high score for Genie. "Finally", I thought. "I wonder if they've fixed the most important thing - the bug that allowed me to (unintentionally) get that score in the first place".

Test: For the first time, I intentionally tried to exploit the bug, and guess what, it's still there, and I can take advantage of it at will. I gave myself nearly 2 million on Central Park. I didn't quite realize Central Park is such a low scoring game - in comparison my score is obviously fake and nobody will believe it, and it's probably gonna get deleted promptly by FarSight. For the ultimate test, I wanted to use the bug a second time, proving the first time wasn't a fluke, and this time give myself a more believable score. I knew the highest score for Genie was 4+ million, I took aim at that, and gave myself 4.3+ million. It wasn't enough for first place, but that's irrelevant, the point is I could do it, and the score looks totally legit.

Conclusion: I stumbled upon this bug at first, and I was shocked when I noticed how easy it was to recreate at will. Now, of all the thousands of people who've been playing Pinball Arcade, I can't possibly be the only one who is aware of this bug. No way. In fact, I'm surprised you can play the game for an extended period at all and not discover the bug. In my opinion, the leaderboard is totally pointless. Not a single score can be trusted. Who knows how many players who are taking advantage of this bug and have heads cool enough not to making it appear glaringly fake. That goes for all tables, including the Hall of Fame. I hope you guys are all playing just for the fun of it, and not only chasing high scores.

Disclosure: If my scores haven't been deleted by the end of this week, I will contact FarSight myself and request that they do get deleted, including 2000 points of my Hall of Fame score.
Thank goodness!
 

Luobo

New member
Mar 19, 2013
18
0
Did you als try this in the latest tournament? I hope FS did not have any bugs or exploits there.

I didn't intentionally use the bug until the day before I started this thread, so I'm not sure if it would work in a tournament, but my guess is that it would.
 

JoeNewberry

New member
Apr 19, 2013
4
0
I continue to wonder why the scoreboards aren't broken up by platform. It's a little disheartening when the top 10-20 spots or more are usually a long line of mobile devices with really, really high scores, then non-mobile devices with much lower scores. I do believe people walking around playing on their phone could build up those scores legitimately over several days (pausing the game, coming back to it, getting some more points, etc.), but are we really playing exactly the same game when they're on a phone and I'm on the PS3? Why even bother classifying them differently, if we're on a level playing field?
 

Luobo

New member
Mar 19, 2013
18
0
Nope, still broken. I don't think there were enough time to look into it before the release of the new patch.

Not that I mind though, I figured out a way to play WW and SS (and all other tables I don't own) for free.
 

brakel

New member
Apr 27, 2012
2,305
1
Luobo,

I know you list your device as Android but do you know if the high score exploit exists on other platforms?
 

Mark W**a

Banned
Sep 7, 2012
1,511
0
Please, just for fun, transfer an attack from mars score to Central Park.

Would be hilarious to see a CP score in the multi-billions.

You did the right thing reporting the glitch to Farsight.
 

Luobo

New member
Mar 19, 2013
18
0
Please, just for fun, transfer an attack from mars score to Central Park.

Would be hilarious to see a CP score in the multi-billions.

You did the right thing reporting the glitch to Farsight.

I don't think it's necessary for me to abuse the bug any further, since it might be detrimental to the Pinball Arcade community and I've already proven my point...

...but "Yit" has posted a ridiculous score of 48+ million on Genie, knocking back my bogus-but-not-so-ridiculous score of 4+ million down to third. Since you asked so politely, I guess I must respond. 10 billion sounds like a nice even number don't you think? Those are now the new high scores for Genie and Central Park.

No more requests. ;)

I only have access to Android devices, and I'm not tech savvy enough to speculate on whether it would be possible to use the glitch on other platforms as well.
 
Last edited:

9u1d0

New member
Jan 7, 2013
310
0
Maybe renaming a table's filename on the filesystem does the trick?
That wouln not be easy on consoles, unless they're hacked.
On IOS I don't know. Maybe if the device is jailbroken?
 

goforthewall

New member
Feb 21, 2012
314
0
Maybe renaming a table's filename on the filesystem does the trick?
That wouln not be easy on consoles, unless they're hacked.
On IOS I don't know. Maybe if the device is jailbroken?

Tried this out on Android out of curiocity when Luobo started this thread - didn't work! The app just redownloads any table that was renamed to another since it probably compares the filesize and checksums with the download server...
 

Members online

Members online

Top