Paid Advertising
web application security lab

Cheating Part 2

5 posts left…

So my Wife decided that she loves to play that game “Words with Friends” on the iPhone. It’s basically just like Scrabble but probably for legal reasons it’s just slightly different (bonus placement, tile value, etc… are different). Unfortunately for me, my Wife is scary smart and knows the English language far better than I. So I’m at a huge disadvantage when playing games that involve words or spelling. The only thing I’m good at is the math part, figuring out what the highest scoring word is… oh, yeah, and cheating. Well after a few dozen games, I kinda got fed up with the whole thing and started looking for ways to cheat. Sure, it’s probably talking an unencrypted protocol and it’s probably doing most of it’s validation checks on the client side, but my Wife is going to notice if I start using words that aren’t words.

So I start thinking about writing a tool that brute forces through the dictionary and attempts each word in a simulator to see if it’ll fit. Then the idea starts taking shape in the form of a program that starts tabulating which letters are worth what, and where the various double and triple word scores are in relation, etc… It grows in complexity further and further until I finally decide that I had better test it before I go much further. So on my first trial run it picks the word, “exine”. Okay, whatever, I plug it in and it works as expected. My Wife was on chat with me at the same time and instantly she writes, “Wtf is exine? You’re cheating.” So at this point I look up the word and sure enough it’s defined as “the outer coat of a spore, esp. a pollen grain” to which she write, “You totally cheated. You are so not a botanist. Spore my ass. Your mom is the outer coat of a spore. I don’t believe it for a second that you knew that word before playing it.”

Alas, all that work and she called me out the VERY first time I tried out my program. Of course in hindsight I should have parsed apart every word I had ever written in the blog or in my books and compared them against the dictionary to only use words that I was guaranteed to know. Such a waste. So I never got to try my other theories, about how to play defensively. For instance when I know there’s only a certain number of letters left in the deck of tiles, I can figure out which characters she can have left and the probability of which words she can play.

It would have been fun to create a contest to see which strategies are the most effective in a bot on bot scenario. Is an all defensive strategy better, or an all offensive (always opportunistically taking the highest value word)? Or maybe a hybrid of both where you play defensively at some points or offensively when you know it’s better in the long run. Anyway… unlike the previous cheating at Casino night it was not a very successful attempt. Like I said, my Wife knows that I cheat - she knows her adversary way too well. You win some, you lose some, I guess. That’s what I get for not marrying a bimbo.

9 Responses to “Cheating Part 2”

  1. Jordan Says:

    I’m nearly as good as my wife, but not quite, so I was in a similar position on the exact same game. At the time, the wordlist was stored in a plaintext file that you could edit yourself (trivial on a jailbroken device, but I suspect you could do it by hacking the backups on a stock device since I think only the binaries are signed, and validation was done (as you suspected) entirely client-side. I only used it once to add a word that was supposed to be in that dictionary but wasn’t. (they’re using an old version of the enable dictionary, not even the latest)

  2. Ross Dargan Says:

    Great story! Going to miss your posts!

  3. MrAnderson Says:

    Well, it’s pretty much like playing chess online, just fire up a good chess-playing program like GNUChess, set it at the max level, and start cheating your enemy. The nice part is that you wrote the application yourself. I did a similar thing while playing Fallout 3; in that game you could hack computers to gain access to information/places and to be successful you had to “guess” the password selecting it from a list following the given suggestions (for example: wrong password 1 character is ok). Of course with only 3 retries (or maybe even less on “harder” computers), and with the only help of your own mind that was not that easy. So I made this script to which you can feed the list of the words and then I was able to guess the password always in less than 3 retries… I really enjoied that.

  4. Johan Says:

    Odd, i usualy loose at blackjack but i make nice profits at roulette, got any tips for me on blackjack?

    As always, great reading, we’ll miss you when you stop posting!

  5. AppSec Says:

    Play a game which is similar but allows you to use a dictionary look up (using I can pretty well guestimate where the best location is to put certain letters., I’ll then use a site to generate words.

    When asked I simply say: I just randomly tested combos in the dictionary.

    It’s not cheating if the game allows you to do it.

  6. llvllatrix Says:

    I did something similar with dominoes when I went down to South America the last time. My relatives play every other day. I understand the basic strategy but my mind is nowhere near as good at tracking the tiles that players may or may not have.

    After getting myself thoroughly schooled one night, I wrote a python script to track the probabilities. I asked if I could play with the computer program I wrote. They said yes, and regretted it until they started working together to beat it.

  7. Gareth Heyes Says:

    Sounds like your wife is a perfect CDS (Cheating Detection System)

  8. cblazek Says:

    I did the same thing. I found the dbs in a text file in the app folder, copied them out and made a simple php app that searched the files using a regex expression. I was called out pretty quick as well and no longer have anybody that will play me :( My motivation was people playing words like qi and getting 30+ points.

  9. zzamboni Says:

    Or, you could have just used

    I know, where’s the fun in not writing the code yourself :)