Just as a quick reminder, there was a topic last year that explains the incident:
https://emps-world.net/forum/index.php?topic=18078.0That's true, however that won't change the fact that he'll be able to do some strange things ing,
last time we had to deal with an edited client a lot of annoying things happened.
I don't know how far this dude can go or what is he trying to do, it seems to me he is trying to find a way to decrypt the passwords.
something looks a bit hard, however I am sure with some editing to the source code he has such thing will be possible if he attempt to login to an account with any password to apply the change.
anyway I might be wrong ^ , I am sure thomy will leave a reply here sooner or later to explain it all.
No. People can always modify game code and try to come up with modifications. However the server validates and checks if a request is valid. Even if somebody sent a request to withdraw 20M ags from their bank, the server would deny it.
Passwords are safely hashed with bcrypt (
https://en.wikipedia.org/wiki/Bcrypt), which is a one-directional transformation. If you login to the site or game, your password is encrypted (site: HTTPS, game: plain RSA), hashed and compared with the value that's in the database. If there is an exact match, the login is granted. Even if you asked me what your password is... I couldn't tell, because I'd have to brute-force it (trying out all combinations). The reason nobody brute-forces such passwords is the complexity of the problem. Besides... the site would lock you out for some time for spamming logins. It would take years to decrypt a set of passwords, which simply isn't worth the time and thus the system is considered safe.