Pwn Adventure 3: Pwnie Island
Last updated
Last updated
Pwn Adventure 3: Pwnie Island is a MMORPG game designed to be hacked. There were different versions of this game that can be run on Windows, Linux and MacOS. We choose the Windows version since this is the most popular OS for games.
docker compose up -d runs into this error: "Cannot create container for server master: invalid mount config for type bind: bind source path does not exist: /root/PwnAdventure3/postgres-data". Just create an empty postgres-data directory inside PwnAdventure3/.
We set up the client on Windows. The /etc/hosts file is at C:\Windows\System32\drivers\etc\hosts. Make sure you open a text editor with admin privilege in order to edit this file. For example, you can open sublime with admin privilege first, then go to Open -> Open File and open hosts file.
Another caveat is the server cert expired after November 2024:
First you go to ./PwnAdventure3/server/MasterServer on your vps / server machine, and you will see server.crt and server.key. To create a new certificate while reusing your existing key, you need to generate a certificate signing request (CSR) from your old key and then self‑sign that CSR. In other words, you’ll keep your current private key (server.key) but issue a new certificate (server.crt) with updated validity dates. For example, you can run (after you back up the old cert):
Replace the old server.crt in ~/PwnAdventure3/client/PwnAdventure3_Data/PwnAdventure3/PwnAdventure3/Content/Server with this new server.crt. Then you would transfer the newly generated server.crt back to your game machine, for me it is my main windows machine:
On a Windows machine, you can add your self‑signed certificate to the Trusted Root Certification Authorities so that the client (or any application using the Windows certificate store) will trust it:
Locate your certificate file: Make sure you have your certificate (for example, server.crt) accessible.
Double-click the certificate: This opens the Certificate window with details about the certificate.
Click “Install Certificate…”: This launches the Certificate Import Wizard.
Choose the store location:
If you want the certificate trusted for the current user only, select Current User.
If you want it trusted for all users on the machine, select Local Machine (you may need administrative rights).
Select “Place all certificates in the following store”: Click the radio button for this option and then click Browse….
Choose “Trusted Root Certification Authorities”: In the dialog that appears, select Trusted Root Certification Authorities and click OK.
Finish the Wizard: Click Next and then Finish. You may receive a security warning; confirm that you want to install the certificate.
Restart your game client: Done!
If you get stuck at "Waiting in connection queue" after character creation, there are 2 possibilities:
Follow the instruction in this issue: https://github.com/LiveOverflow/PwnAdventure3/issues/39#issuecomment-2639997930 and try again
Make sure server.crt is replaced both at your game client (for me it is the windows machine) and at ~/PwnAdventure3/client/PwnAdventure3_Data/PwnAdventure3/PwnAdventure3/Content/Server on your vps (where you run docker)
I did both options above so I am not sure which one worked, but I successfully logged in at the end.
Programming language and framework:
The game launched is written in Mono, which is a cross-platform .NET framework.
The underlying game engine is Unreal 4, but we don't attack the engine itself because net code and game logic are completely custom.
The game logic is written in C++. This is expected since Unreal 4 is the game engine.
Based on common game hacking techniques, there are a few things that we can do:
Try speed hack, health/mana hack, teleport hack, fly hack
Figure out how to patch game binary
Write a proxy to discover the data format of client-server communication
Maybe we can do DLL injection
Below is the relation between game client, game server and master server (from https://github.com/beaujeant/PwnAdventure3):
The game is structured in 3 parts:
Client
Master server
Game server
note: The following information is purely build on assumptions and not from the official documentation.
The client is the game you are running on your computer. It's basically the application responsible render the 3D environment, capturing your mouse and keyboard to move your character, establish the connection to the server, etc.
Whenever the user click on "Play game" (online), the client will first establish a connection with the master server. The master server is responsible to store and manage your account:
Your credentials
Your characters (name, color, face, etc)
Your inventory
Your team
Your quests progression
Your achievement
The locations you've already visited
So whenever you first authenticate, the master server will verify your credentials then show your characters. Once you decide to join the world of Pwnie Island, the master server will send your inventory, quests, achievement, etc; and redirect you to the game server.
The game server is responsible for the instances. In order to avoid having too many players and enemies all together on the same map (instance) - which would not only overload the network traffic and CPU usage of the server but the client as well - the game server will dispatch the players on different game instances. Each instance is managed by one game server. The game server is responsible for keeping track of the players and enemies location on the map. It is also responsible to keep track of the states of the elements (e.g. the dropped loots, switches, enemies and player health/mana, etc).
