Source: http://world-of-ru.livejournal.com/3136620.html Hello everyone, if you dabble in reading various internal game files (models and such), you can imagine how useful a full game client can be. You can pull all sorts of things from it, including models, maps and a lot of other interesting stats. In any case, it is pretty undesireable for Wargaming to actually spread the client around. Today, we’re going to look at how Russians “hacked” the World of Warships (not a hack really, just… well, you’ll see). This was posted by a LJ user the_komp (der_komp in the game). First, he started thinking: all the Wargaming projects are started via a launcher, so there is no reason for WoWs to be any different. This launcher transmits a special xml file with the client version, checking against the server, whether the client needs an update. All you need to know is the address of the updating server. For WoT, it’s http://update.worldoftanks.ru, for WoWp, it’s http://update.worldofwarplanes.ru/, so for WoWs, it should be http://update.worldofwarships.ru? Not quite. So, the player started to look for it. He ran a scanner (specifically, MyLanViewer) and scanned all known IP’s and sub-networks of Wargaming. He took the known IP address of the World of Warships developer blog (185.12.242.181) and scanned the entire IP range from 0 to 255 on it. Bingo: There are tons of servers running on those IP’s – from magazines to EU test server apparently. The interesting address in this case is 166 – trying to access it (https://185.12.242.166) automatically changes the server address to http://update-v4r4h10x.worldofwarships.ru/ and throws a “Bad Request” error. Which means that there has to be a correct request. The player then sent a request, using “Advanced REST client for Google Chrome” – target=client&client_ver=unknown And this was the server’s answer: Basically, what happened here – he requested a version of the client and in turn recieved the link for client download. Then he changed “target=client&client_ver=unknown” to “target=launcher&launcher_ver=unknown” and recieved the current launcher link. http://dl.wargaming.net/wows_a/ru/pa...ncher_ru.patch http://dl.wargaming.net/wows_a/ru/pa...2_client.patch http://dl.wargaming.net/wows_a/ru/pa....patch.torrent The links are no longer working (this was posted yesterday). However, this way, he was able to get his hands on an alpha World of Warships client: The player then reported this exploit to Wargaming, the developer answer is that they will check it out. As his final statement that I feel is worthy of quoting: “You know what’s the most interesting part? Wargaming can blame testers, close alpha test in Europe, ban players for leaks, but they can never fix the errors on their part.”

More...