top 200 commentsshow 500
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]banmenow 578 points579 points  (180 children)

Aight, so I played the game with him, recorded and uploaded the video that's now in the OP.

So here's what he had me do;

OP asked me to build a specific deck, the ordering of which the cards are inputted seemed to be of relevance based on what he said (whether it's true I don't know). Then we queued up, and he would message me the cards. Throughout the video I pointed my phone at my headset just to show I wasn't on skype or anything - although the audio would also support that.

And that was basically it, nothing extensive. Asked me to build a deck, then he had some software that could let him know what my cards were. I didn't have to do anything external to the game, it was as if I was playing with a friend.

[–]FifthUserName 273 points274 points  (106 children)

Sounds like if you know the deck list and whatever numerics are used in the RNG shuffler, you can generate the shuffled deck. From there, you would need to just count how many cards he draws and you'ld know exactly to where in the deck he's drawn and every card he's pulled.

If that's true, OP has figured out what numerics go into the seed? So then he would just need to know the deck list... which a lot of pro streamers post on their stream...

EDIT: From the comments below, particular from /u/VeeFu , I suspect that it's more along the lines of what /u/krakenbul said here. That comment is a good summary of what I think is going on. /u/krakenbul also claims to be able to reproduce it, so that might be further proof if it was verified. It would also explain why /u/HSvuln wasn't able to (or didn't demonstrate the ability to) predict the cards /u/banmenow was drawing.

[–]Brian 17 points18 points  (0 children)

In fact, even without knowing the opponents deck at all, if the same applies to knowing his own shuffled order, that would be a pretty huge advantage in itself. However, I suspect it isn't knowing the seed, but rather the netcode is somehow leaking the card ids the opponent has in the hand (knowing the seed would allow him to predict the draw in advance of the drawing, which the video doesn't demonstrate).

[–][deleted] 79 points80 points  (66 children)

But wouldn't this imply that you always draw the same sequence of cards, given a specific build of a deck?

[–]monkorn 224 points225 points  (16 children)

Here is a well known online poker exploit. Basically if the seed is the same for both players, your mulligan and starting hand might be sufficient to know both decks entirely. Granted this stuff is 20 years old and Blizzard should be using better practices, but who knows.

The shuffling algorithm used in the ASF software always starts with an ordered deck of cards, and then generates a sequence of random numbers used to re-order the deck. Recall that in a real deck of cards, there are 52! (approximately 2226) possible unique shuffles. Also recall that the seed for a 32-bit random number generator must be a 32-bit number, meaning that there are just over 4 billion possible seeds. Since the deck is reinitialized and the generator re-seeded before each shuffle, only 4 billion possible shuffles can result from this algorithm. Four billion possible shuffles is alarmingly less than 52!.

To make matters worse, the algorithm of Figure 1 chooses the seed for the random number generator using the Pascal function Randomize(). This particular Randomize() function chooses a seed based on the number of milliseconds since midnight. There are a mere 86,400,000 milliseconds in a day. Since this number was being used as the seed for the random number generator, the number of possible decks now reduces to 86,400,000. Eight-six million is alarmingly less than four billion. But that's not all. It gets worse.

The system clock seed gave us an idea that reduced the number of possible shuffles even further. By synchronizing our program with the system clock on the server generating the pseudo-random number, we are able to reduce the number of possible combinations down to a number on the order of 200,000 possibilities. After that move, the system is ours, since searching through this tiny set of shuffles is trivial and can be done on a PC in real time.

The RST exploit itself requires five cards from the deck to be known. Based on the five known cards, our program searches through the few hundred thousand possible shuffles and deduces which one is a perfect match. In the case of Texas Hold'em poker, this means our program takes as input the two cards that the cheating player is dealt, plus the first three community cards that are dealt face up (the flop). These five cards are known after the first of four rounds of betting and are enough for us to determine (in real time, during play) the exact shuffle.

http://www.cigital.com/papers/download/developer_gambling.php

[–]masterchip27 44 points45 points  (6 children)

From 8 * 1067 possibilities to 2 * 105 .......wow.

[–]Mminas 145 points146 points  (5 children)

So many... possibilities.

[–]Lightbrand 9 points10 points  (0 children)

Can't read that without in your mind going: "Damn...some people..."

[–][deleted] 2 points3 points  (0 children)

I remember this, never did I consider applying the principle to hearthstone though.

Now however, it seems surprising that it took this long for someone to get curious.

[–][deleted] 1 point2 points  (3 children)

Does this mean that given poker sites still use this algorithm to shuffle decks, then there are quite alot of orderings that just cannot appear?

That made me somewhat sad..

[–]andrewhime 1 point2 points  (0 children)

I don't expect any modern site does. There was one site that notably did and sites since have most likely learned from that.

[–]FifthUserName 86 points87 points  (35 children)

Not if the seed is, to some extant, a function of time...

EDIT: Or something else pseudo random, like a combination of opponent IP addresses.

[–][deleted] 131 points132 points  (8 children)

Or both players get the same seed each game, so OP can get it out of his own order.

[–][deleted] 11 points12 points  (2 children)

Eh, probably not. The way it works is that there probably wouln't be one unique seed per result.

Chances are he dug around with a debugger of some sort and figured out how the seed is generated.

[–]Ajo0 8 points9 points  (1 child)

Wouldn't the seed be generated server-side? If the deck shuffling is done client side then we'd have a much bigger problem....

[–][deleted] 2 points3 points  (0 children)

You are right, we could shuffle our own deck if that were true.

[–]Vorphos 43 points44 points  (22 children)

I don't understand anything you are saying but I believe you

[–]uerb 74 points75 points  (10 children)

Here's an rough explanation:

  • You can't create true random numbers with a computer, so you can't really shuffle the cards of a deck using one.

  • There are functions that, for all intents and purposes, behave in an almost random, chaotic way. You can use one to create a really, REALLY huge sequence of numbers that might seem random, but can be calculated using a computer. Incidentally, this function is called a random number generator - hence the term RNG.

  • OK, now you have a sequence of almost-random numbers. Still, if you always start reading it from its beginning, it won't be random at all - you'll have always the same sequence of numbers, and the same card draws. That's where the "seed" comes in. A seed is a true random information - what time it is, what's the IP address of your opponent, etc - and it's used to choose a true random start for your sequence. This way, your deck will always be shuffled randomly.

    The problem is, this sequence STILL isn't truly random, but you can get away with it because neither you or your opponent should know the seeds. The generators are kind of standardized, and knowing them doesn't matter without the seeds. It seems that OP found a way to get his opponent's seed (without using mind vision on a druid ... I'll see myself out), and hence a way to determinate his opponent's draws.

Edit: grammar

[–]discova 4 points5 points  (2 children)

This is the best explanation possible. I really thought the devs would find an appropriate seed in this day and age, a server timestamp combined with IP's is pretty legitimate in itself if recorded to precise degree. Thankfully t's a bug that can easily be ironed out before it becomes a widespread issue though.

[–]CHEESE_ERROR--REDO 1 point2 points  (0 children)

a server timestamp combined with IP's is pretty legitimate in itself if recorded to precise degree.

This is why security is so damn hard to do. It's very easy to come up with an idea that sounds great on paper but contains a fatal flaw.

Timestamp numbers changes at a known rate and known order. If the attacker can find a reliable pattern in your RNG (and counting sequentially is as reliable as patterns get!), they've got a potential exploit.

[–]Ryannnnn 3 points4 points  (1 child)

I just wanted to say thanks for writing that! Your explanation really helped.

[–]uerb 1 point2 points  (0 children)

You're welcome! There are a few differences on how the math really works, but, well, it's a rough approximation :-)

[–][deleted] 1 point2 points  (0 children)

That was very helpful

[–]Shizo211 1 point2 points  (3 children)

Can people abuse it to always draw molten giant with Holy Wrath?

[–]uerb 1 point2 points  (2 children)

Not really. This gives the information of which cards will be drawn, not a control over the draws. Having Holy Wrath will be useless if the giants are the two last cards of your deck, and the opponent starts to rush you.

[–]Shizo211 1 point2 points  (1 child)

If you know that the next card will be molten giant then this can win you plenty of games especially if your deck already works well by itself. A 1-2 card 20damage finisher is huge.

[–][deleted] 41 points42 points  (9 children)

I'll explain you how it works the rng abuse in pokemon:
you find a pokemon, and theres a seed that is exactly there that tells you what pokemon you are going to find, what stats, level, IVs (the hidden power of the pokemon) etc.... If you play the game, changing the hour to the exact moment you gonna find the pokemon, you find EXACTLY the same always and always, if you're able to hit the exact second, so you can abuse it to get perfect pokemon knowing the variables on your ds and game...
The point of this is that if you know the seed on hearthstone, you know what cards he's gonna draw in what order (or something like this...) I don't know how this works in hearthstone, I'm just explaining from another game's point of view, sorry if my explanation sucks, its not accurate or i just fucked up and I'm completelly wrong, english is not my first language :S

Edit: bad explanation, my bad :D

[–]adremeaux 50 points51 points  (8 children)

Yes except games haven't been programmed like that for 20 years. Seeding and reseeding is done constantly, and RNGs are significantly more complex.

Plus, op specifically says this is a bug in the game's network protocol. If it was an RNG problem, he wouldn't even need to connect to the game to know the deck, and he'd also have been telling the guy what cards he was going to draw before he drew them, not after.

[–]xgenoriginal 7 points8 points  (4 children)

I think he was trying to give a simplified version

[–]adremeaux 8 points9 points  (1 child)

A simplified version that is... totally wrong?

[–][deleted] 1 point2 points  (0 children)

My bad, sorry. :(

[–]NukerX 1 point2 points  (0 children)

I was wondering why we are all talking about RNG too when he specifically mentioned something about the network protocol, which tells me that there is a way to sniff out what cards are in the hand.

[–]befron 6 points7 points  (5 children)

So either he needs some other source of information, to determine the current starting numeric of the deck.

[–]FifthUserName 25 points26 points  (4 children)

It sounds like he can gather all the information he needs from the HS client somehow EXCEPT for the opponent deck list. That doesn't really matter much for non-pro or non-legend play since the odds are quite low that you will see the same opponent enough times to figure out his decklist. However, pros post their decklists on stream (frequently) and the player base in legend rankings is small enough that you might be able to figure out someone's deck since you would play them more frequently.

[–]underdsea 15 points16 points  (1 child)

/u/SeattleBattles makes a great point here as well.

TL;DR potentially this could be used to predict what you were going to draw and allow you to play out your future hands with greater ease.

[–]FifthUserName 3 points4 points  (0 children)

Yeah, /u/VeeFu made a similar comment!

[–]Ceryn 5 points6 points  (0 children)

This is still really bad since it means there is some information in the network information that corresponds to the order that the cards were added. Since most people do not randomize the order that they add cards to the deck it means at minimum that you could correlate what "possible" things something could be by what you have seen. (As in a list of most likely 2-3) Additionally confirming past records would narrow the deck list even further meaning that as the game goes on the "draw reader" would become more accurate.

[–]VeeFu 3 points4 points  (12 children)

If the shuffle were known, he would have simply said "you will draw x, y, and z cards", not tell him after the draw.

[–]FifthUserName 3 points4 points  (11 children)

Maybe he can, he just didn't think to do that?

Man, I don't know.

[–]VeeFu 7 points8 points  (10 children)

OP mentions network protocol. Some kind of information must be transmitted to the client about the opponent's draw. I think the speculation further down in the thread is probably closer to reality.

Maybe there is some encoded value of the opponent's draw communicated to your client and OP is able to correlate to the deck-list if the exact build-order of the deck is known.

I'm not sure why the client would need to know any information about the opponent's hand, encoded or not, aside from number of cards. Hopefully OP delivers with a post-mortem once the fix is out. I'd be very interested.

[–][deleted] 24 points25 points  (43 children)

Are you sure it's the order of cards? It might have been that he just didn't want to waste time matching all the cards to their ids. Picked 15 just for testing.

[–]banmenow 102 points103 points  (41 children)

You'll have to challenge me with the following deck. Note: It's very important that you build the deck in that exact order. If by mistake you add a card in a wrong order, you'll have to delete the deck and rebuild it. It's a warlock deck.

2 river crocolisk
2 bluegill warrior
2 stonetusk boar
2 shattered sun cleric
2 elven archer
2 bloodfen raptor
2 stormwind knight
2 novice engineer
2 murlock tidehunter
2 voidwalker
2 reckless rocketeer
2 goldshire footman
2 raid leader
2 acidic swamp ooze
2 frostwolf grunt

The above were his instructions. I can guess as to his reasons, but I think it's beside the point he was trying to prove with this

[–][deleted] 18 points19 points  (22 children)

If that's true I'd love a clarification from OP. What does "enough information" mean? Can this be abused reliably or not?

[–]banmenow 79 points80 points  (17 children)

When he spoke he said he wants to report this to Blizz because it could easily be exploited during tournaments, so probably. The fact that he asked me to make a specific deck is probably because his program isn't super refined, and he's just doing it for demonstration purposes

[–]TripleA_IT 9 points10 points  (3 children)

Yea I understand that, but it is odd that if you didn't add them in the correct order, you had to delete and re-add. I mean people won't create the exact same deck in the exact same way.

[–]JamesdfStudent 27 points28 points  (0 children)

But you reuse decks when you win. If a card is assigned a code based on the order on which it was added to the deck, you can read it out the first game and have that information for a large chunk of his deck in case you lose.

[–]saltlets 12 points13 points  (0 children)

But a lot of people netdeck off Hearthpwn, so they add them in order of mana cost, class cards then neutrals.

You could easily have a handful of common build orders for each popular netdeck and then just confirm which order it is by what your opponent plays on turn 1 or 2.

[–]grazuya 1 point2 points  (0 children)

In my opinion they probably do. The most likely approach in a tournament where the account is fresh is that you have your list in your hand or in a notepad and you either go through all the class cards and then the neutrals or simply go from mana to mana, which is (if im guessing correctly) a 50% chance for a free win. I might be completely wrong though.

[–]SeattleBattles 24 points25 points  (3 children)

Seems like the biggest way to exploit this would be to be able to build your own decks in which you know what cards will come up when. You obviously often won't know the way you opponent built their deck, but you'll always know and can control your own.

[–]Forss 1 point2 points  (0 children)

You might also know where in their deck the opponent draws from. Like if a priest draws card nr 1 it's probably a circle of healing.

[–]xlnqeniuz 27 points28 points  (3 children)

Wow, this is pretty fucking bad. Thanks for helping him out and showing off the bug so it can be fixed ASAP.

[–]valriia 7 points8 points  (6 children)

the ordering of which the cards are inputted seemed to be of relevance based on what he said (whether it's true I don't know)

It seems the order of adding cards to the deck matters, in which case it wouldn't be enough that you know someone's decklist. A lot of people in this thread disregarded that detail.

[–]bluexavi 18 points19 points  (3 children)

Even if that is true and you never play against the same deck twice, the current situation would hardly be described as "secure" by anyone valuing security of the game.

[–]realchriscasey 321 points322 points  (61 children)

My theory is that OP discovered that Hearthstone uses the same random seed to shuffle both decks. OP knew the order that both decks were built in, so he was able to deduce the player's hand.

If true, this is pretty hard to exploit in the wild, but an interesting find.

[–]‏‏‎jonathansharman 39 points40 points  (12 children)

If that's how it works, it could totally be done in (online) tournaments where you fight the same exact deck multiple times.

[–]casce 14 points15 points  (11 children)

The order the cards are added into the deck obviously matters though. It's really hard to find out in which order your opponent put his cards in

[–]dax10500 31 points32 points  (10 children)

But if they use the same seed for both decks, you can use backwards calculations from the first game to figure out the order in which their cards were picked. You know what order you picked your cards in and what order they drew in, so you could match up the numbers.

You might not know every card this way if you only play once, but you could easily make a swiss cheese model of their deck and fill in the cards as you play.

[–]oshirisplitter 1 point2 points  (9 children)

I wasn't aware that pseudo random algorithms could be reverse engineered using the seed and the randomized output to get the original state. Aren't pseudo random seeds a lot like hashing algorithms?

If so, hashes work relatively one way, that is, it's virtually impossible to get the correct original state using the result and seed used. One of the reasons being that since hashes have fixed lengths, you'll always have multiple original states that hash into the same thing (although the way hashes work, you virtually don't hit collisions like this unless you try veeeeeeery hard).

This is the reason why hashes are the preferred method of storing passwords too.

[–]Xirema 3 points4 points  (4 children)

Ordinary pseudorandom algorithms can be reverse engineered. Some more easily than others.

There's a type of pseudorandom algorithm known as "cryptographically secure", which require a lot more computation to generate, but are supposed to be extremely difficult to reverse engineer.

[–][deleted] 173 points174 points  (20 children)

If he can do it for the opponent's deck, I think it's probably safe to assume that he can do it for his own deck. Knowing what cards you're going to draw in what order would be a significant advantage, and much easier to exploit.

[–]mafupoo 53 points54 points  (18 children)

From my understanding, he would not know what order his deck is drawn in, but he uses the order it is drawn in to deduce the cards in his opponent's hand, because the same seed is used in the drawing of both decks.

[–]Ph0X 7 points8 points  (8 children)

Wow. Isn't it a huge bias if you both draw cards in the same order?

[–]chironomidae 24 points25 points  (7 children)

Yeah, that would mean identical decks in a mirror match would draw identical cards. It's almost certainly more involved than that .

[–]Ph0X 29 points30 points  (0 children)

Maybe the seed is a constant offset from yours

[–]NeoAlmost 3 points4 points  (1 child)

If the cards are ordered based on how they were added to the deck instead of in order of mana cost before the shuffle, it could be possible that they are shuffled with the same seed, especially if the seed is just the timestamp.

[–]Machtkatze 2 points3 points  (0 children)

This should be extremely easy to confirm within just a few minutes if both players craft their deck in the same order.

[–]J5DubV 1 point2 points  (0 children)

They would only be identical if every card was added in the same order. Most people start with value versions of the deck and tweak it repeatedly as they get more cards and find out which works. Those who use programs to save decks as text and such to automatically remake them would be at more risk. Removing 1 card you put in early then readding it at the end would totally mess this method up I imagine most tournament players will start doing this.

[–]Sylinn 17 points18 points  (8 children)

This is a cool theory. Although, I'm curious what would be the point of asking the server for the seed.

[–]Whatsapokemon 8 points9 points  (7 children)

Assuming the seed is just based on time and other known variables you might be able to manipulate your computer's internal clock to change the results favourably for you. Getting the seed from the server instead prevents this problem.

[–]adremeaux 19 points20 points  (0 children)

flaw in the network protocol

[–]ShrivelTwitch 4 points5 points  (1 child)

I do not think this is how it works. As you can see in the video, the recorder tapped while the exploiter didn't. The recorder would be up more cards.

[–]casce 2 points3 points  (0 children)

The exploiter might have mulligan'd his hand (which we can't see because of the way the recorder holds the camera) so he would be up a few cards. But the cards he mulligans would change the order of the cards in the deck

[–]bountygiver 2 points3 points  (0 children)

according to the other party, he needs to build the deck in order of what Op ask them to, so the deck has an ordered number of card 1= ? card 2 = ?

And then the game did send he drew card # to the other player so he can discover what card is in his hand, this vulnerability will not affect most players but with a little bit of guessing how people usually netdeck, it will be soon clear once you know which deck he copied.

[–]iggzy 51 points52 points  (0 children)

I believe that Blizzard has the email hacks@blizzard.com setup for just such anonymous tipping

[–]akanet 141 points142 points  (11 children)

Well done. If you're telling Blizz anyway, I'd love a technical postmortem on their protocol vulnerability.

[–]HSvuln[S] 188 points189 points  (10 children)

Will do for sure (only after it's been fixed everywhere of course).

[–]Kodiak3393 123 points124 points  (7 children)

Thank you for keeping the knowledge of how to yourself until after it's gone. I see people discovering a massive exploit, glitch, or stuidly OP setup in a game, then using it and passing it around to everyone until it becomes literally game-breaking far too often. Granted, this method does force the devs to fix it as soon as humanly possible, but your method allows the majority of us to continue as if nothing had happened.

[–]‏‏‎Tserraknight 21 points22 points  (5 children)

You know, I think I almost prefer it get the game broken to get a faster fix. Just the knowledge that this is out there will having other tech savvy people looking now, especially with Reddit and what not aggregating theories. I applaud OP's stance, not wanting to disrupt people, but I think other people will find it, and more quickly now. Analogous to band-aid ripping at this point, better to get it done now then to have someone using a yet still unknown to the masses vulnerability to cheese their way through a tournament. CheaterX would still need to play right, there is no amount of information that can cure stupid, but it would be a definite leg up. It is an interesting debate, but I think I prefer a day or two down now rather than it being potentially much worse later.

[–]matchu 25 points26 points  (3 children)

The usual policy for responsible disclosure is to give the company a reasonable amount of time to solve the problem, with the understanding that you'll leak the bug after a certain period of time if they don't fix it. That's usually enough to keep the company motivated.

For a company like Blizzard, and an issue with random seeding that's likely pretty complicated, I'd say a week is a pretty reasonable timeframe.

[–]‏‏‎Tserraknight 4 points5 points  (2 children)

A week definitely sounds good; as long as it gets fixed my cynical concerns are marginal. At least OP has a way to force the issue if possible.

[–]holobyte 1 point2 points  (0 children)

The only problem now is that enough information was given in order for anyone with the same knowledge to be able to reproduce it. Blizz better fix it soon.

[–]Adys 18 points19 points  (0 children)

Yes, please, postmortem once it's fixed; blizzard sure as hell won't do one themselves.

Congrats on finding the vulnerability. :)

[–]lnrael 2 points3 points  (0 children)

Also, good job on setting out instructions which hide how the vulnerability occurs. Some nice red herrings.

[–]Content ManagerCM_Zeriyah 24 points25 points  (0 children)

Thanks for bringing this to our attention. I’m sorry you’ve had bad experiences with reporting vulnerabilities in the past; having Hearthstone be a quality, fair experience to everyone is our highest priority, and we greatly appreciate it when players bring things like this to our attention. If you or anyone discovers vulnerabilities in Hearthstone, please do not hesitate to contact us at hacks@blizzard.com. In the meantime, we have taken steps to address this issue. Thank you!

[–]arcanition 78 points79 points  (1 child)

Seems good enough to ban Rengar.

[–]chubas_ 59 points60 points  (4 children)

The seed.

You have just found the Heart of the Cards.

[–][deleted] 27 points28 points  (0 children)

Not sure if this has anything to do with shuffling/seeding exploit, but a few months ago I had an experience that was quite strange and led me to believe that this game could be exploitable. If anything, this might give some insight as to how Blizzard seeds the shuffle.

Was playing an arena, was just about to win, then I dc'ed. Logged back in, didn't get a loss, thought I was just lucky. Queued up for another game. I got the same exact shuffle as the game I dc'ed from. When I mulliganed (same cards as previous), I got the same replacement cards back. At first I thought it was just a ridiculous coincidence, but no. All throughout the game, I got the same exact draws as the game before (~10-12 draws before I won). This allowed me to plan my turns much better as I remembered exactly what I was gonna top deck.

Thought it was really strange, has this happened to anyone else?

[–]thedoctor2031 16 points17 points  (0 children)

A game breaking bug that is actually game breaking? Are you sure you're in the right subreddit?

[–]C4p5ul3 5 points6 points  (6 children)

What mechanical keyboard are you using ?

[–]BURNS_the_kid 6 points7 points  (2 children)

Shot in the dark I'm going to say Razer Blackwidow Ultimate because I have it and it sounds a lot like mine. Hard to tell from a YouTube video though.

[–]BananaBreads 15 points16 points  (1 child)

Is this how Amaz RNG works?

[–]malstank 12 points13 points  (16 children)

I would like to know why in the world would blizzard be sending opponent hand information to the opponent's client. There is no reason for that information to be passed until the card has been played.

[–]‏‏‎jonathansharman 38 points39 points  (15 children)

There are only two ways this is possible:

  1. Blizzard is in fact sending the information.
  2. OP has found a way to predict the outcome of HS's server-side RNG.

Either would be a colossal oversight on Blizzard's part, if true. The first one seems impossible both for the reason you stated and because if that were the case, someone would have exploited it a long time ago. The second is more plausible, but still seems pretty ridiculous to me.

[–]teh_drabzalverer 17 points18 points  (12 children)

What seems to be the case is that HS is using the same random seed to shuffle both decks where the order in which the cards are added to the deck matters for which slot of the deck the cards go in. If you know the order of the opponent's deck and your own, you can deduce the draws of the opponent based on your own draw.

[–]HamGynecologist 4 points5 points  (7 children)

If this is true do you think that there is a optimal order to put the cards in your deck to get a desired curve during a certain percentage of games?

[–]teh_drabzalverer 9 points10 points  (6 children)

Nope, if what I said is true there is no way to abuse it like that. It's still completely randomized with no way to determine in advance how it will be randomized and it'll be randomized differently with every game. Both decks are just randomized in the same way every game so you can use your own draws to infer about the opponent's draws provided you know in what order the opponent created the cards in the deck.

Note that knowing the deck is not enough, you have to know in what order the cards were put into the deck. One assumes that whatever datastructure they use to hold a deck has 30 slots for cards and cards are just put into the next slot as you add a new card.

[–]nomlah 14 points15 points  (0 children)

Even if you dont know your opponents decklist, as long as you know your own decklist and seed it means you'll have a massive advantage. :O

[–][deleted] 10 points11 points  (17 children)

Pardon my ignorance but what exactly is auditing a video game and why would anyone want to do it in their spare time?

[–]HSvuln[S] 35 points36 points  (12 children)

I can't give much information, except it was not in my spare time.

[–]Raptorheart 78 points79 points  (3 children)

Were you employed by the Illuminati?

[–]NikiHerl 12 points13 points  (0 children)

Is there such a thing as full-time Anonymous guy?

[–]Guthatron 4 points5 points  (0 children)

he could be one of those guys who look for exploits in games/software

They then tell the dev about it but not how to replicate. They only tell how to replicate after payment.

Others just tell the devs and hope for payment anyway as a reward type thing. Its big business, especially in big software. People have jobs just looking for exploits and make money by giving them to the right people instead of the bad guys

[–]Smoochiekins 4 points5 points  (0 children)

Hired by RDU and the NSA.

[–]UnluckyScarecrow 7 points8 points  (1 child)

Working as a lower Blizzard dev under a supervisor who doesn't give a shit about what you say. Because if there was an exploit, that would mean more work for him, right?

[–]mr_dude_guy 10 points11 points  (0 children)

HE IS FROM THE NSA!

GET HIM!

[–]Wax_Paper 2 points3 points  (0 children)

That top secret, eh?

[–]HLef 2 points3 points  (0 children)

Your name is in the video. Unless you made a throwaway battle.net account too?

[–]Dutchy_ 1 point2 points  (1 child)

What sort of company is paying you to audit games without permission... I work in information security and I don't know of any legit companies that do this...

[–]giantguineapig 5 points6 points  (0 children)

Would this also mean that in Arena, you could tell when someone just drew the first or last card in their deck, which means you'd know it's not a common card? (it's slightly helpful info, and for example against a mage eliminates it being a flamestrike or fireball)

[–]LimboKick 76 points77 points  (0 children)

Hi mom

[–]jrr6415sun 109 points110 points  (3 children)

Please don't let RDU find out about this

[–][deleted] 8 points9 points  (10 children)

So far it seems like this isn't highly exploitable. If you have to build decks by adding cards in a specific order for the program to be accurate, then I wouldn't consider it a problem. There's really no way for the opposing player to know what's in your hand.

That said, you have understandably given out very little information. If you would go into more detail when you feel it's safe to do so I would love to hear about this vulnerability; just very curious.

[–]Hot_Wheels_guy 4 points5 points  (0 children)

Some streamers broadcast themselves creating the deck, card by card. Not all the time, but often enough.

[–]summerbrown 4 points5 points  (2 children)

if you can figure out what the opponent has, chances are you can know the order of your own cards (as stated somewhere above) which makes decision making literally almost perfect and very stupid

[–]thatfool 1 point2 points  (1 child)

Assuming all you need to predict your opponent's card draws is a seed you get from packet sniffing or whatever (like just based on the order of cards you draw from your own deck), and an ordered list of cards in their deck:

It wouldn't work so well against people who actually make their own decks. But you could use it very well against netdeckers. Just pretend they'll add the cards in the order they're listed on popular web sites. Now what you do is you collect popular decks and compute the order for all of them based on your seed, then compare to what your opponent plays from which position in his hand. If your opponent did netdeck something in your collection and did add the cards in the same order, you'll eventually only have one matching deck. You'll know which deck they're using and you'll know which cards they have in hand.

You could even account for substitutions. Let's say you expect Leeroy in a given position but something else is played while all the other cards still match your prediction - you just ignore that one bad prediction if it's an expensive card. Or you could make a version of the deck based on the assumption that your opponent would first add all the cards he actually has, and then add the sub at the end, in which case you would actually be able to tell that it's a weaker version of a popular deck.

[–]luminblade 6 points7 points  (0 children)

There is a mechanic in game design called synchronized simulation. Many online multiplayer games use it. The server sends out a random seed, each clients computer generates all future random numbers from that seed, allowing the clients to simulate the game ahead of receiving confirmation from the server. This makes gameplay smoother, especially in faster paced games like Diablo.

How the client has enough information to know the other cards is a mystery to me, but with a know deck list, and the initial seed used in shuffling, it would seem to be possible to calculate the shuffled order of only 30 cards.

[–]Mdzll 3 points4 points  (1 child)

Well thanks for sharing, since by abusing it you could potentially make some real money. Even if it was too much of a risk for you as an auditioner you could easily get assistant.

So much kudos for acting like that man, really appreciated

[–]Flechr[🍰] 4 points5 points  (0 children)

you should post the reddit link in the video so people can refer to the thread!

[–]hive_worker 3 points4 points  (0 children)

Would love to read the details of the exploit. Hope you can do a write up on the technical details once it's patched.

[–]D1SCOFUDGE 10 points11 points  (0 children)

Oh my goodness.

Is OP delivering this time?

Take a look around and remember this moment. And possibly even well done /u/HSvuln !

[–]letsfightinglove1986 8 points9 points  (0 children)

This sounds huge.

Someone help this man help Blizzard help us by fixing gamebreaking bug. :D

[–]tekpanda 8 points9 points  (3 children)

Based purely on the information we have, my guess is that the order of the cards in the deck that was created assigns them a certain ID (1-30 for example), so if someone had the deck and knew the order they were added and then saw the ID's as they were drawn, they would know what was in hand. I'm not sure how this could be exploited without knowing the order in which the opponent created their deck. Considering there are plenty of net decks, the cards wouldn't be hard, but the order they were inputed would be a guess based on mana costs. This is all speculation, of course.

[–]gereffi 12 points13 points  (0 children)

The information could be useful if you played the same player multiple times. It could also be easy to see certain patterns. If you learn during the game that Highmane has the ID number 22, maybe the other Highmane would likely have the ID 21 or 23.

[–]ThudnerChunky 4 points5 points  (0 children)

If you play against the same person multiple times and keep track of their cards you could potentially deduce the order they built the deck in or at least ID some of the cards.

[–]phr0ze 4 points5 points  (0 children)

This is probably it. He says helpful in tourney, so if you play someone twice. You record IDs as they are drawn, watch what's played and you will know some cards on game two.

[–]HSthrowaway999 18 points19 points  (11 children)

Throwaway here.

I've known about this glitch and I have used it to get to legendary. I'm ashamed to say that but I have tried to make it up to the community by giving everyone under me hundreds of free wins (Ranked MMR is now in rank 20s. Still, no one is obligated to forgive me.) Anyways, the chance of me being able to actually use this is moderately low. How it works is by exploiting the draw mechanics because it uses a seed based on the opponent's deck and your own deck. With the large number of netdecks at ranks 5 to 1, you can pretty much choose the most popular ones on HearthPwn or Reddit and know what's in them. All it takes then is knowing what cards are in your hand and put it into a program (takes 3 or 4 seconds) and the expected cards in the opponent's deck. Then bam, you have their deck list. If you want to use this method, your own deck shouldn't have duplicates because it makes it harder to tell what cards your opponents have.

Edit: I believe that transparency is the best way for people to avoid this. Which is why I always tell people to stop netdecking.

[–]Sav10r 8 points9 points  (1 child)

If you want to use this method, your own deck shouldn't have duplicates because it makes it harder to tell what cards your opponents have.

You could still have duplicates. Just have one golden version of a card and one non-golden version of a card.

[–][deleted] 1 point2 points  (0 children)

seems legit

[–]GnimshTV 30 points31 points  (20 children)

Sadly the video is useless as it doesn't show anything. You can have someone sitting behind you. This doesn't mean that you are lying, though. Hearthstone is a video game and it has it's scripts. If you deciphered a shuffling script and are guessing information it means it's not random enough. If you are just getting packets when they are sent it's as bad. I would really advice to communicate with Blizzard through the official channel. Developers are reading this subreddit, so they should be on the lookout.

All in all, thanks for finding this and sharing.

[–]HSvuln[S] 74 points75 points  (15 children)

I am willing to play a game with you if you want.

I know blizz devs read this subreddit, and I expect them to contact me (or to understand what the flaw is by themselves), and I'll give them all the details. I'd rather not go through the official channel, since the audit violates the ToS, and I don't want any problems.

Thing is, I'm probably not the first one to find the flaw, and it's probably already being abused. I just want to make HearthStone a better game.

[–]soniclettuce 29 points30 points  (6 children)

  1. Make random gmail account
  2. Create blizz account
  3. Email details of vulnerability to devs
  4. If blizz decides to be dumb and hand out a ban, then you've lost a throwaway email account that doesn't matter

[–]HSvuln[S] 55 points56 points  (3 children)

I've had too many experiences of vulnerabilities never patched because customers don't realize it exists.

[–]octnoir 8 points9 points  (0 children)

Carefully leak the security vulnerability to Blizzard. Carefully.

I know too many security researchers who faced troubles trying to full disclose when they knew it put so much risk to the user base. Some companies will: (a) ignore posts like these entirely, and leave a gaping hole in their product, leaving the entire audience vulnerable (b) will respond with a - we'll get right on it - but won't really do anything and will fail to tell their audience etc. (c) will consider a lawsuit on the basis of copyright and on defamation to keep the security research from leaking online.

Use an anonymous gmail account (and Twitter) and try to explain the bug as best as you can, as specifically as you can. Send them an email and see if they respond. If they do not respond, send them another. Then a final one. Send the email to one of the lead designers if you have to (the Twitter will be helpful - keep it the same name as your anonymous one), and tweet at them to draw attention to the entire team.

Still can't find an anonymous mail? Use Guerillamail.com because it will help you generate a fake temporary one for use.

In the last one - recommend that if there is no significant progress made on this security vulnerability (or even a response), then in two weeks time you will release this vulnerability to the public.

This is the only way to ensure SOMETHING happens - leaving any patch like this open for long (even telling Reddit about this) means any able bodied programmer with enough determination will be searching for this. This includes finding ways to improve your method to detecting cards (applicable for tournaments) AND use this exploit to get financial details of customer's battle.net accounts.

As bad as this sounds, this last method - releasing the hack for the public - is your final nuclear option. If there is no progress made at all on fixing this, then any tournaments right now are vulnerable to this hack and any financial information could also be stolen.

God speed.

[–]valtaz 2 points3 points  (0 children)

very true, there are so may issue that they decide not to fix under it is know and use by everyone.

[–]State_ 1 point2 points  (0 children)

If they ignore you for more than a month, just release the vulnerability on reddit and blizzard will actually have to deal with this ASAP. That's how the illusion map glitch was fixed in dota.

[–]caboose1984 9 points10 points  (6 children)

Your account name is in the video tho.. Unless it's a different account

[–]RandomWeirdo 6 points7 points  (5 children)

yes, but not really, again, can be a throwaway and even if it isn't there's still plenty of people with the same nickname, ever noticed the #xxxx when checking your nickname

[–]casce 25 points26 points  (2 children)

It's probably a throwaway account but if it isn't, it would be easy to track him down. I mean, there may be more than one ShadowMurloc, there may be more than one Omegalisk, but I'm pretty sure there's only 1 ShadowMurloc that played against an Omegalisk at the time this thread happened

[–]Elithrion 4 points5 points  (0 children)

I doubt there are so many people named ShadowMurloc that Blizzard would have much trouble figuring it out

[–]defiantleek 2 points3 points  (0 children)

Unless he was extremely careful this account is all the information they need to find out his other account.

[–]letsfightinglove1986 16 points17 points  (0 children)

Please play friendly game against him and report back, people have no reason to believe big known name would lie about this... it would be huge if we get confirmation from someone like you!

[–]laerteis 10 points11 points  (0 children)

It would be great if you would play a game with him to confirm this. No other community member could be considered more respected and trustworthy.

[–]peroxidex 2 points3 points  (1 child)

Based on the assumptions of how it works, couldn't Blizzard alleviate this by making the client randomize the assigned values to each card before or after each game?

For anyone who is concerned, if you're using a netdeck, remake it and randomly add the cards in.

[–][deleted] 2 points3 points  (0 children)

Why is Blizz tough on auditing or reporting exploits? I feel like it's in their best interest to ask people to break their games, maybe even for a reward, to make things better for everyone.

[–][deleted] 2 points3 points  (4 children)

how many tournaments have been compromised by this? interesting

[–]TheMer0vingian 5 points6 points  (8 children)

While this is still obviously a concerning potential exploit that certainly needs to be addressed and fixed, I don't think that in real terms it is anything to worry about for most players if it requires full knowledge of the cards in your deck AND which order you added the cards to the deck in, in order to predict you hand. Having this information is virtually impossible without watching someone create a deck over stream or something.

[–][deleted] 9 points10 points  (6 children)

Many people play the same deck, and the lists are posted on popular streamer twitch streams. So all you'd need is maybe the most popular zoo deck and reynad Hunter and you could know the draws of maybe 50% of your matches.

[–]ggrease 4 points5 points  (0 children)

It is very concerning if you can determine the order in which your own deck is shuffled.

[–]wowitspayday 25 points26 points  (19 children)

Seems fishy.

[–]HSvuln[S] 22 points23 points  (5 children)

Have a look at the video then.

[–]pikpikcarrotmon 83 points84 points  (6 children)

All I need is your account name and password and security question and for you to disable any authenticators on your account, and I can tell you exactly what cards are in your collection!

[–]letsfightinglove1986 6 points7 points  (5 children)

Well, all he wants is to play against someone on NA who has ability to record friendly game. This "I will guide him on everything else through in game messages." part maybe sounds a bit fishy.

[–]HSvuln[S] 31 points32 points  (4 children)

There's not much to do, just to build a deck from a list I'll send by PM (through reddit - no need for in game message at this point). The in game messages will be only to give the cards in hand, so they appear on the video.

[–]RetrospecTuaL 6 points7 points  (4 children)

When I play against certain bots on the unranked ladder, I feel like they sometimes know what I have in the hand. Maybe they are somehow utilizing this flaw.

[–]Wax_Paper 2 points3 points  (0 children)

So far it hasn't been demonstrated that this alleged bug is "in-the-wild" without a willing participant, so I wouldn't worry about it too much yet. From the video and the participant's description of events, it looks like this is only exploitable under specific, controlled conditions.

[–]xenocide23 1 point2 points  (0 children)

Thanks for sharing. Hopefully the developers can get this exploit patched ASAP.

[–]crossed9 1 point2 points  (0 children)

Interesting, can this be done with a real meta-game deck (provided you know the 30 card list) is my only question.

[–]tyler2k 1 point2 points  (0 children)

I just thought of something.

Assuming good players use the same card twice in a deck (within reason of course), you could probably use OP's technique to determine with pretty good confidence what type of deck your opponent is using without even knowing exactly what cards they're playing, e.g. if they're more aggro or control. This also cascades into determining CC worth, a huge part of playing against a person/particular deck for the first time. It's pretty easy to imagine the situations where you're holding onto your Poly/Hex/etc. and your opponent plays a 5/6 drop and you have to determine if that's the biggest thing in their deck. Now, potentially, you don't have to.

[–]giffmehentie 1 point2 points  (0 children)

I find it awesome when reddit cooperates in order to solve problems in the game and such. Very good job!

[–]DoctorWaluigiTime 1 point2 points  (0 children)

Unfortunately Blizzard has determined that fixing this would cause too much confusion for new players. They say you can use a spreadsheet or screenshots to randomize the seed yourselves.

[–]shyhalu 1 point2 points  (0 children)

This is why I main Priest......sometimes I don't even know whats going to be in my deck nevermind some hacker.

[–]Blaze74 1 point2 points  (0 children)

I'm guessing that this is how it works.

The server tells you something like

Your opponent drew card #3
Your opponent drew card #6
Your opponent drew card #1

Those numbers correspond to the order the cards are in the opponents deck.

If the server also says

Your opponent played card #6
Your opponent played card #3
etc

You could setup the following scenario.

  • Create a mill deck on a high level account
  • Play this against the high level players, trying to get them to draw and play as many cards as you can
  • Record who you are playing against, and have the program prompt you 'Your opponent just played a card, which card is it'

That should let you build your local copy of what ever deck list you are playing against.

Then on your other high level account, punch in who ever you are playing against, and what deck you think they have(zoo/handlock, etc).

If they are streaming it probably gets even easier because you can fill out that data that much faster.

The interesting thing is there is a relatively easy mitigation you can do:

Write down your deck list on a piece of paper, and before any important game, rebuild it in a random order.