(credit: Medium / Ruby)
If you were watching Steam over the weekend, you may have been among those to notice an odd game called "Watch paint dry" go up on the popular digital storefront. The "sports-puzzle game that evolves around one mysterious cutscene" wasn't a new low-point in Steam's increasingly permissive attitude towards letting games onto the service. Instead, it was the result of a now-patched exploit that let developers sneak games onto Steam without Valve's approval.
A teenage British web developer going by the handle Ruby outlined the hacking process in a post on Medium earlier this week. Even before being fixed, this exploit wasn't available to any random Internet user, though, since it relied on access to the Steamworks Developer Program.
With that access secured (through unstated means), Ruby dove into the HTML for the Steamworks backend to look for weak points. By forcing an "editor ID" variable passed through the page to "1" (which Ruby assumed would be "someone who might work at Valve"), Ruby was able to access a new form that revealed the form data she needed to get an "approved" value for Steam Trading Cards, a first step in making her game look legitimate.
Read 2 remaining paragraphs | Comments
No comments:
Post a Comment