I built a tool to hack Letterpress

At risk of contributing to the comment soup…<p>[Some colleagues and ]I have been doing some research on Letterpress for the past couple weeks (expect a HN story about us later this week… I hope). We independently discovered this hack last weekend. Here's some information:<p>- the client is trusted; the opponent's client does not validate a played word<p>- Game Center is a naïve carrier for turn-based games; no validation is done on the server side<p>- Game Center is naïve by design; this is the beauty (and one of the drawbacks of GC—another major drawback is that your client only works with GC, which means you can't easily port to other platforms, and if you do port, you can't play cross-platform games because non-iOS devices can't use GC). The real beauty here is that Loren/Atebits doesn't need to run <i>any</i> server infrastructure. Apple does it for him. This is a huge benefit to games like this.<p>- We contacted Loren; he was really cool about it, and doesn't seem to care that Letterpress is cheatable in this way. I'm with him on this. It doesn't matter.<p>- There's no leaderboard, nor even a long-term score in Letterpress. This cheat doesn't matter.<p>- As far as we could figure, there's no way to fully validate both clients without 1) adding a server component, or 2) losing the ability to port Letterpress games between devices (from iPhone to iPad, for example); I'd love to hear ideas about how this could be possible if you think we're mistaken<p>- The dictionary files live in the application's `o/` directory, as a series of text files, named by the word's first two letters. e.g. "imbecile" would be in `o/im.txt`<p>- The app will re-read dictionary files on launch (or maybe at word play); either way, the dictionary can be changed <i>during</i> a game; it's even possible to start a game with a person and immediately play the winning 25-letter word, before the opponent even gets a game-state notification from Game Center<p>- There are 271377 words in the Letterpess dictionary.<p>- The longest words in the Letterpress dictionary 21 letters long. There are three of them: `counterdemonstrations`, `hyperaggressivenesses`, and `microminiaturizations`<p>- There are 124 two-letter words<p>We'll try to outline some of the other Game Center research in the article we publish. We welcome future upvotes. (-:<p>S<p>[edit: auto-paragraph fail, tyop]

Neat I guess, but I wish it hadn't been released. There's something to say for security through obscurity when the target is only a video game.<p>I hope my boss doesn't find this. He's already a prolific words with friends cheater.

It seems like the app could do a simple checksum check of the file before using it.

As a developer it's really easy to do simple client side auth like this. Adding server side auth creates a great deal more work and potential usability issues.<p>As a business question, is it worth it to think about cheating in advance and try to prevent it?<p>Just going by the example of Letterpress, it seems the answer is a resounding NO.

I made a Python implementation of the DrawSomething API <a href="https://github.com/boukevanderbijl/drawsomething-api" rel="nofollow">https://github.com/boukevanderbijl/drawsomething-api</a><p>Draw Something uses a key value storage to store all game state including user profiles, drawing and gamelists. You can edit all games and users, and give yourself as many coins as you want

A better hack would be to do image recognition on the board and have an arduino or lego play for you. Just loading your OS's dict[0] in a trie and filtering using the characters on the board, you can already pretty easily win games without even using any strategy (just try the longest matching word with a letter or two you don't own), add a very basic AI to get the board painted in the shortest possible number of moves and you should be done (nb: an extension would be deciding on suffix-pruning, as I believe letterpress doesn't allow suffix extensions of already-used words)<p>[0] using letterpress's own dictionary file would be better as it'd avoid words which are in one but not in the other.

Thanks for releasing the libimobiledevice wrapper! That's probably worth its own blog post. I'm already thinking of ways I can use it for interesting hacks of my own :)

Interestingly, this would allow custom localizations. I'd love to play it in French but as far as I can tell the word list is only in English.

Modifying a file isn't really "hacking". I was hoping to see automated playing or maybe some math regarding tiles and words to play.

An unfortunate but understandable consequence of going Game Center only is stuff like this.

I've been wondering how hard it would be build an app that accepts a Letterpress screen shot and gives you the optimal word to play

Game Center should allow developers to write server side code, not unlike Cloud Code by Parse.

you see, I wrote a python script which chugs through SCOWL (a dictionary..) with certain constraints to help me win the endgames, and I felt bad. This feels, somehow worse (although at least this hack is obvious to your opponent, mine was more covert.)