League hacker reveals infinite RP exploit

scroll back up and hit that subscribe button if you're old enough to remember IP :3

Ryscu

Looks like we're finally going to see some major updates or maybe even an entirely new client! Riot might not care about player experiences being ruined through gameplay exploits but once someone touches RP and in turn their wallet directly is when they might finally wake up and do something, lol.

JJBeauregard

man, maybe if the hackers keep finding stuff like this; Riot will actually FIX SOMETHING.

andrewkelley

if this guy gets hired by Riot i swear the game will become 100x times better

wpwpwpwpwpwpwpwpwp

this indie game company has some really big security issues

Samira_Ultrakill

I guess the 200 years of collective game design experience will never get old lmao

spyxfamily-anyaforger

Riot fixing bugs and crashes in game: I sleep


Riot fixing RP bugs: REAL SHIT

killercreed

Rito Games cleaning up their code challenge speedrun any% (IMPOSSIBLE) (GONE WRONG) (GONE SEXUAL) (NOTEAM) (UNBALANCED) (BROKEN BUILD)

blackburn

For those wondering what this is; It is essentially a "hidden" store offer that was used once upon a time (as he mentioned, 2011) to do some sort of debugging of their store system. It is fairly common for developers to forget to strip what we would call "debug offers" from the API, and there is a chance many of your favourite games have left over debug offers like these too somewhere, and they just haven't been found yet.

The "script" showin in the video is a json header describing the store offer. You can see how it has an id, name, date, price and so on listed in the header.

The "script" would essentially request the purchase of the debug offer many times a second, and provided you do not get rate limited (which very well could happen), you should be able to convert all of your blue essence to RP in a matter of minutes. But since there probably is a rate limit, it is very likely you can only do this a "few" times at a time.

Last thing I would like to mention is that this does not actually have anything to do with the client itself, but rather the server side of the store (their store API).

astrea

What you're looking at is data in JSON format, just a couple of variables with its accompanying data is being sent to riot servers through code that isnt fully shown in the tweet. It seems like Riot forgot to clear some of the possible to buy items in its database, they may of removed the gui possible to reach the item in the client but deep within its servers it was still there and so is accessable with the right data if sent to riot directly.

onlineenth

It seems like when they remove something from the store, it essentially still exists in the codebase as long as it's not completely deleted/removed. Unless this is just a one-off thing, this could maybe even be abused to get some exclusive items that aren't going to be sold again (the original Championship Riven, for example). Obviously you'd still get banned if this was true, but it's an interesting peek into how the client is actually working.

JJroks

Riot about to get 30% of someones salary

alyx

Haven't played league for few months and I'm getting worried about the amount of scripts, bugs and different exploits like this happening so much recently. It also doesn't help how they said this year will have their biggest budget yet lmao.

shuaery

Here's the code; proceeds to show a JSON configuration object haha (not code but can be used in a script file ["code"]). But yeah, it looks like it is an item that is still available to access through a request but just not through the user interface and instead you can make a post request with the above JSON body probably.

whelbe

this guy has connections to Riot. If only the community knew how ass backwards it is.

Beebos

"I have a double digit IQ" 🤣

edufuze

From a glance it looks like the code just sends a request to buy the RP from the client using the thing from 2011

ClassicaI

What's shown on screen is actually just an object containing the information for the offer in the store and not the code itself

fabiano_osu

thank god that's not the code to run the exploit but just the json object, but it would've been pretty cool to see how the exploit is being done just as a learning thing

zzAIMoo

I wonder if the Hexakill announcement is still in the Game.

nicks