Hacking in MTG Arena - CONFIRMED
Updated: Mar 9, 2019
It has been a few days and the video has had an outpouring of both support and hate, I have gone ahead and deleted the comments that did not promote civil conversation where they basically called me every name under the sun.
I wanted to set the record straight so that you have all the information in one place. I have always been suspicious of people's abilities to hack arena, because it seemed like a very insecure program. The rumor is that only 30% of the Arena program was actually developed by Wizards of the Coast and the rest was developed (also within unity) from outsourced contractors.
The problem with this is that with so many hands there are many versions of developer tools out there that can easily penetrate the program, especially when it is on client side. So in the last few weeks I have seen 3 different cheaters and only recently have I been able to capture it in the act and have logs to support this theory, and with the help of a few others we were able to track down the exact points in which the intrusions happened.
My first interaction was New Years eve, when you would expect Arena to be empty. So I fired up the game logged in an near the end of the night I was facing off against an Opponent who was playing a Dimir "Etrara, the Silencer" deck.
Generally this wouldn't be a problem, however my opponent decided to mulligan down to six cards, he had a dropped 2 land and then cast duress. he then murdered my creature. This normally would not be an issue however he had an answer to everything. the turn after he hit me he dropped a second one. then immediately after a 3rd one. now generally this wouldn't be an issue however the game drew a perfect game while being down 1 card. He also scry'd to the bottom his top card.
He had an answer to all my cards and on top of that drew a perfect game. Now I didn't know about the log ability so I do not have the logs to verify this.
The more damning evidence is that during this game XSplit went bat-shit crazy. My chats disconnected, my program started locking up, all issues I have never had prior to this game. The fact XSplit was still able to record is what made me realize that he was giving me increased traffic.
The second instance I had seemed more of a glitch that a hack so I won't touch on it very closely. The most damning evidence I have for a hacker came from my opponent "Dendenni".
In my latest video, what you missed was turns 1 to 4, but that is only because I was scrambling to get XSplit running. What had happened was the following:
Turn 1: Swamp, Grasping Scoundrel
Turn 1(Him): - Forest
Turn 2: Drowned Catacomb, Attack
Turn 2 (Him): - Swamp, Saproling Migration
Turn 3: Island, Attack (pressed all attack), Grasping Scoundrel, No Blocks, cast Ruin Raider, get card draw.
Turn 3 (Him) - Poison Tip Archer,
Turn 4: Swamp, Cast Chupacabra, kill Poison tip archer. Move to attack phase. Can not hit anything. All attack or Singular attack.
Turn 4(Him): Cast another poison tip, says go
This catches you up to the video. Now a lot of people were asking me why didn't I attack like this then kill or anything like that, well I was Pissed, I was interrupted and I was trying to think 3 or 4 moves ahead to get around his archer and Slimefoot. As Desolator suspected (Link Below) after watching it and mostly everyone else, he made a bad critical play by sacing the archer that was blocking Demonlord Belzenlok. Had he just take the 3 points and lose the archer he would have won on his attack phase. This was a critical error for him, which leads me to believe not only he was a bad player but a bad cheater at that, since he was going for 1 massive attack instead of nickle and dimming me, like I was him. This was confirmed by him holding back until he had enough saprolings to hit me for six. If there is anything to take away from this is that you should take notes of your matches, if you suspect any foul play at all take note of the name, time the match took place and snag a log. To do this you go to the gear icon or hit "ESC" button, you will see the menu. at this point you will see the "Report a bug" button at which point it creates a log. You send the log to the provided wizards email address and wait. They will send you a confirmation of a bug report being received and then will reach out to you for further information. If you notice in the logs his ID is scrambled, which isn't normal it should report for example "matchfound userid=J,TheFilthyCasual #44448" his did not, further trying to hide his ID. I was able to provide them his ID name, they found the account and told me they will "Investigate Further".
There were exceptions made in the game with this person that were not present in the control games, and the times at which the "Attacks" were being "Exceptioned" were too consistent to be deemed a "bug" as seen here on the right. You can see that there is an input exception from a "control source" that say's "Dev insert exception trigger attack T1 = 0" which is basically setting my attack phase to Zero or No for those who know what 1 and 0 means. Zero is "off" in programming.
The normal combat phase should have looked similar to this here (Below), which is void of this "Exception" which was being placed by the 3rd part program. In this one here you can see that exception is missing or rather not being "Inserted" from the 3rd party.
This when you compare the two logs you can clearly see where the intrusion was made and in one of the lines you can see that input as "Dev" for Developer tools. It is our finding that someone has receives either the developer tool from a WoTC employee, Stolen it, or reverse engineered it form the .ini files already saved on the system. If Wizards of the Coast and Hasbro are going to take this into E-Sport level then it would behoove them to lock this program down to prevent any further intrusions.
You can see the game play of the hacked game and get follow-ups through the description on my YouTube page here:
J, The Filthy Casual