Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Lol, i recently got into MTG again with MTGA. I did a quick decompile as its a Unity game and not il2cpp (not that it would have protected it that much) but I found some fun stuff too. Keys for their epic launcher build, some undocumented apis.

I never wanted to use it to cheat, i really just wish there was a battle log. What matches I won, what I lost, view the battlefied of a finished game, etc...

Gonna check this out, but hopefuly its patched quick.



This vulnerability was patched before I wrote the post - I disclosed it to MTG.

In terms of viewing your history, you should check out https://untapped.gg/en. I have talked to them a bit and they essentially do what you want. They take most of their info from MTG's debug log, which you can find in MTGA's application directory, so you could also make your own tracker as well if you want. They talk about it on their site: https://help.hearthsim.net/en/articles/3620440-how-do-i-supp...


What is the Twitter post for? I'm assuming this was not you "disclosing" it to them, but it's basically some kind of advertisement for yourself? You did contact them via a proper, private channel to disclose and make sure they fixed it before the Twitter post, correct?


They didn't respond to my email so I tried twitter. That got a prompter response! No details about how to actually perform the insta-win are visible in the video so I wasn't too pressed about someone replicating it from the tweet


Absolutely ridiculous that they wouldn't respond to your e-mail, but I don't know why I expected more from WotC or anything they're involved in.


What was the process like disclosing the bug to them? One part of your post that you left out and I was curious on. Was it friendly/straightforward? Were they surprised at all that this was possible?


Pretty nondescript. I just sent them the code and explained how to replicate it. They said they'd patch it and then they did haha. They offered me some in-game currency as a reward (20,000 gems, which I think is equivalent ~115 bucks).


I hope you have the blingiest cards ever now, great write up.


https://www.17lands.com/ collects your limited game win/loss stats, and it also records your turn-by-turn game history for both limited and constructed games. (I was a contributor)


https://mtgaassistant.net/ is the most common one I know of for collecting your play data.


I'm pretty sure this exists. I think it's player log. There are a bunch of apps that do tracking that use it iirc


There is mtgatool, an open source app to read the logs and generate a history of played games and some statistics: https://github.com/mtgatool/mtgatool-desktop




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: