Shall We Hack A Game?

A fantastic summertime game has consumed many of the kids in my neighborhood. It’s basically a treasure hunt, but the treasures are all shoebox-sized NFC readers that are “easily” findable on a map. Players all have a smart card and run around from box to box, collecting points that depend on how far apart the boxes are from each other. Walk, skate, or bike 1 km between check-ins, and ten points show up on the e-paper screen.

It’s been going on for a few weeks now, and it’s not uncommon to see a line of two or three kids at any given box, all with the purple lanyards and smart cards around their necks. So far, the highest-rated plausible single efforts have 450 km (280 miles) under their belt. My son’s grade-school average is 45 km (28 miles) over three weeks. The goal is getting kids out on the early summer afternoons, and that seems to be working!

Of course I had to reverse engineer the infrastructure, so here’s what I started with. Each box knows your point standing as soon as you tap the card, with a small delay. Scores appear online about every four hours. And the boxes are all ~1 km from each other or less.

My first thought was some kind of mesh network – that would be by far the coolest solution. Each box could simply report your card number to a central database, and the rest is a simple matter of software. LoRa radios rounded out my fantasy design.

But the length of time between getting the points and their appearance online suggests otherwise. And, a little bit of playing around with my cellphone’s NFC reader gives up the juice – they are MiFare Classic cards with data storage. So I got my own card, ran around town, and diffed the results. I haven’t cracked the location/time-stamping yet, but I know exactly where my total points are stored.

I’m going to keep observing until I’ve got it figured out completely, but I’m so tempted to tweak the points and see what happens. Are some of the digits in what I think are a timestamp in reality a checksum? Will I get disqualified? Or worse, what if I make a mistake and get myself publicly into first place? OK, better to sit this one out on the sidelines – I really don’t want to be the jerk who crashes a fantastic kid’s game. Sometimes you’ve gotta know when not to hack.

26 thoughts on “Shall We Hack A Game?

      1. The city’s Transportation Dept.

        My guess is that the idea is to fool kids and their parents into realizing that everything is closer by bike/skateboard/whatever than you think it is, so why not bike up to the library instead of driving next time? And for that, it’s totally working.

    1. Cool! Haven’t looked at your docs yet, so I’ll put my final guess in for posterity:

      The data clearly makes it to the central server every couple hours, so I’m guessing it’s on a cell phone modem plan, and they aggregate it and push it all up at once rather than running it constantly — for at least power budget reasons if not also SMS data budget.

  1. Nice find! I would love to build this here as well.. Armchair reverse engineering:
    I found a photo online about the boxes. They have a display (e paper?) and announce the new points you gained right away. The box is large enough to house a beefy battery.

    Each card has a number. You seem to be able to assing an name/school/team online. I guess that does not need to be stored on the card at all. It would be nice to be greeted at the box though.

    Each box needs to transmit something for the online scoreboard. Every few hours would be fine though. It could be a mobile network text message, lora netwirk, or even wifi (there are some free wifi projects around Munich)

    Let’s say you store a timestamp and visited-box id on the card only. That would require synchronized clocks in the boxes and have a distance map to all other boxes on each box. Then the box can award points right away. That would be annoying if you setup/move boxes and need to update the distance maps. Some downlink would be really useful.

      1. Two of them got taken this round!

        They’re secured to light poles usually, and with a metal band. Someone’s put a fair bit of energy into taking one.

        But the boxes were called in as missing within a few hours, so I surely wouldn’t want to be in possession of a box that knows its GPS coordinates and is marked as stolen.

  2. Maybe someone could hack the linked webpage so that when you click the “English” link at the top, it actually translates the pages into English, and not just the top menu. :)

  3. It’s a social game for the whole purpose of fun, why would anyone even think about giving themselves a bad reputation just to lower other people’s entertainment?
    To comment on the last sentence, in this case it’s probably even wise not only not to hack, but to not even publicize such articles that can give the impression that this is what hackers do..

    1. Hard disagree. How do nascent hackers even learn about such principles if the respected sources don’t occasionally highlight them? The entire point of the article is you *don’t* need to actually hack the device to enjoy the intellectual challenge of figuring it out.

    2. I’m with perlrun! What hackers _do_ is open up systems and have a look at how they work.

      I absolutely do have a “do no harm” moral code for myself, and so yeah — no hacking on the (pubic) game. If I had my own setup, you know I’d be actively poking at it, though. needs a refresh / update, IMO, but is a good starting point.

      I like that Germany’s Chaos Computer Club added “Make public data available, protect private data.” as both a hat-tip to the tremendous power of data aggregation in the modern world and the importance of privacy. I think there’s further to go.

  4. Assassin is a better and easier game.

    All the kids write their names on a slip of paper. Papers go in hat. Each pick a name, if they get their own it goes back and they pick again.
    Each gets a toy gun. When they ‘kill’ their target they get the targets slip collection including latest target. Last person killing wins.

    What could go wrong?

    We played this game when crime rates were twice what they are today. The problem is TV news and gun grabbers constant lying, leading to massively bunched panties.
    We also used to point expended LAW rocket tubes at cop cars as they went by, pretending to shoot at them.
    Good times. I digress.

    Perhaps a cellphone, camera based version.
    Cells are wirelessly NF saying ‘Target #x’ here.
    Assassins phone can’t find it, but will detect a ‘kill’, post score and automatically update to next target.

    Call it the ‘wildlife photo’ game. To head the idiots off.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.