Skip to content

Latest commit

 

History

History
300 lines (176 loc) · 18.4 KB

ckt7rkxd70lgu95s1811j0mlj.md

File metadata and controls

300 lines (176 loc) · 18.4 KB

World Wide Hack - Alpha First Impression

Summary

🏃 Join WWH Discord server

Lotus Innovations delivers in their alpha game World Wide Hack a very deep and real representation of a company and great potential in story telling. The amount of work put into the project so far is satisfactory, and I'm anticipating to see how the game will look at the early beta version because I chose to pledge the WWH on the Kickstarter.

This is a first time to me to put the pledge on the Kickstarter project!

Read more to dive into the mysterious QuanTech Simulation Project.

Following article presents my point view and my opinion. I was not sponsored by any mean to write any of these - to be honest it was quite opposite, as I've reached the developers via different channels to ask them if I can publish the first impression after the alpha free access.


Contents

  1. Summary
  2. Introduction
  3. "There are things that the public needs to see…"
  4. Jack Finch
  5. The Experiment
  6. The Simulation
  7. Becoming full-value member of QuanTech Ltd.
  8. Training
  9. Design
  10. From the cyber security enthusiast perspective
  11. Interesting findings
  12. Additional readings

🔔 CyberEthical.Me is maintained purely from your donations - consider one-time sponsoring with the Sponsor button or 🎁 become a Patron which also gives you some bonus perks.
Join our Discord Server!

Introduction

Recently, I've decided to make my presence on the Reddit. I have my content on the LinkedIn, Instagram, Twitter and Facebook. I share my publications on the various Discord servers - and I wanted to try the Reddit. I've joined a couple of subreddits, including r/HowToHack and came across to this thread:

2021-09-04-09-58-47.png

Multiplayer hacking game with a story? Sounds interesting, so I've checked their Kickstarter page, joined the Discord and jumped to the 48h free alpha access.

%[http://kck.st/38IB1v7]

Back to top

"There are things that the public needs to see…"

2021-09-01-19-20-03.png

Alpha access is hosted on the web, when we first enter the site we are welcomed by the person that calls himself jhack.

Full version will have a standalone client, as was confirmed by the Dev Team

2021-09-04-10-08-09.png

I'm instructed to sign in as the fpoulsen HR Manager account. As I don't know the answer, the only way to get pass that is using the security question - "Security Question: Your favourite meal?". Apparently Quantum Tech is hosting their website with a blog (yes, this is a real site where you can read about company goals, history etc.) - where I could find the interview with Mr. Poulsen.

2021-09-01-19-24-12.png

After I'm inside the system, jhack suggest I need to create myself an account as soon as possible - using manager account is an easy way to compromise.

2021-09-01-19-27-37.png

Before that, I'm more interested in the data I have access right now.

Back to top

Jack Finch

2021-09-01-19-28-01.png

I would say that this is when I spent most of my time during the alpha stage. As a Mr. Poulsen I have access to confidential data, meeting notes, company structure and organization, mails from co-workers and supervisors. All of these started to make more and more sense as I go through many layers of text.

Yes, this is by no reason a mistake that Lotus listed a "text-based" tag in their game tags. You learn the lore and story through these scattered notes, that you have to make sense by yourself. Potentially irrelevant dinner invitation can contain post-scriptum that tells a bit more about Quantum Technology and their experiment.

By going through some meeting agendas and private mails, I get a picture of a former employee who was fired because of gross violations of internal regulations and company policies. This person was a Jack Finch.

2021-09-01-19-42-32.png

We get to know Jack as a person of an idealistic nature, that likes to work as an individual. He has interest in quantum physics and developments in this area already for many years ago. In the past, he was actively interested in hacking - by actively I can only guess that maybe he was once caught by the law enforcements, has some shady past episodes.

2021-09-01-19-34-51.png

In other documents we read that Jack released access to the application that supposed to be top secret and a lot of unknown accounts were added uncontrollably every day, none of them was approved as they should be.

Is this a coincidence that jhack we are contacted with, introduce us in the company network by the cracked version of the software by instructing us to create an employee account - so the same idea that was Jack Finch driven by? At this point, it's obvious to me that jhack is a Jack Finch.

Nevertheless, the simulation still continues.

2021-09-01-19-32-58.png

Relationship with Evelyn

We get a glimpse of some emotional attachment between Evelyn and Jack, as the Frank Poulsen noted:

2021-09-04-13-12-05.png

By searching through the list of employees, the only Evelyn that works in QuanTech is HR deputy and main assistant: Evelyn Nicolson.

Back to top

The Experiment

2021-09-01-19-46-54.png

QuanTech is providing services and creating innovative software using quantum computers. By joining their ranks, I can read that the simulation or experiment is a main area of their focus. Apparently they were successful to connect to other quantum computer, but - lo and behold - data they've received didn't match any existing operating system or world information. Do they established connection to some artificial or extraterrestrial network? Apparently, employees of QuanTech had the same doubts and thoughts.

2021-09-01-20-03-48.png

But what is this application? Why did Jack do what he did?

Starting from 19th of April 2021 our manager, Frank Poulsen, started contacting with the Jack about his doubts and fears from this project.

2021-09-01-19-53-35.png

2021-09-01-19-52-48.png

Frank apparently tried to convince the board to stop The Experiment.

2021-09-01-19-54-06.png

But unsuccessfully.

2021-09-01-20-02-51.png

But let's stop it for a bit. First, we discover that QuanTech apparently communicated with some unknown entities through quantum computing, shortly after we read "it destroyed so many lives already". Why?

Back to top

The Simulation

2021-09-01-19-49-52.png

2021-09-02-22-11-22.png

2021-09-01-19-53-19.png

I don't know if you've ever read the O. S. Card's Ender's Game book. So beware, spoilers ahead.

Ender's Game (in very short and trivialized way) is a story about a young boy who was incorporated to the Earth's Defence Military Unit stationed on the Earth's orbit. During their training, they were practising tactics and commander skills on a Simulator. They've been ordering the ships and space armadas in the simulated environment to fight with the alien race called Formics. Ender was a very successful at playing that game, as I remember he didn't lose any game. In the final scene, we read about the last game he and his company played that was also their last exam. At the end they've won by killing the Formics' Queen - and everybody in the room that was observing the game started crying from the happiness, cheered like never before. Ender then realized this whole time it was not games they had been playing, but real battles they were fighting. These weren't simulations, they've just been told that it was a simulation to free their minds of the dark thought they are killing aliens. Real, living beings.

Does it sound familiar? I think so. Is this another coincidence? I think not, and Lotus Innovations know what they are doing. And I really, really like it :).

Back to top

Becoming full-value member of QuanTech Ltd.

Well, I've been carried away a little by the story - so let's get back to business. To create an employee account - which is our real account we would be using since now to play the game - we are instructed to use some existing candidate data. I've chosen the Derick, Watson who would work as a Database analyst.

2021-09-04-14-07-03.png

After that, we are contacted with the jhack once again - and with his help, I was able to activate account. This was also the time I stuck for the first time - thanks to the WWH Discord server, I was able to correct my mistake and complete the "onboarding" process.

Back to top

Training

2021-09-02-19-45-18.png

Now with my personal account, I have insight in the pretty extensive list of the Simulation Q&A

2021-09-02-19-48-36.png

At this point, many questions started to appear in my mind. What is a simulation, what is the game? Where the reality ends and fiction starts? Am I playing the game within the game? Are these FAQ refer to the game or the experiment? Am I in the simulation?

Simulation - Questions and Answers - What activity options will I have in a simulated application?
AUTHOR:	HUMAN RESOURCES DEPARTMENT
DATE:	24.6.2021 08:52
Several documents and other text files will be available during experiment for you.
You can manipulate them at your discretion and need - read, delete, move, edit, use as needed, etc. 
Moreover, like other testers and employees, you have your account created in the application. 
You can challenge, contact, help, interact, hack, block, track, corrupt, or support your accounts each other.

This reminds me that kind of ARG type games (Alternate Reality Games) that people are playing in the real world. The difference here is that in a strict ARG participants don't know they are playing the game. Here I know I'm playing only the game, the developers' creation... At least, I want to think that this is it.

You can end the experiment in two ways:

- pause and turn it off (either forever, or return to it at any time)
- or automatically when you'll bring the simulated world to the maximum of negative values (in other words, when you'll destroy the simulated world)

Well... destroying the simulated world doesn't sound so peacefully, in the light of what I've discovered so far.

2021-09-02-20-22-50.png

The training itself is a way to put the knowledge, we've gained so far, into the practice. It consists of multiple tasks of connecting, hacking, acquiring and hiding our tracks. After its completion, we can start the multiplayer part of the game in something I would call a free roam.

2021-09-03-22-49-08.png

Back to top

Design

Music is very climatic, well-built into the mysterious and futuristic character of the story. It's not obtrusive and creates pleasant ambient.

Music & Sounds
by Kea Audio Solutions

Graphic
Font White Rabbit by Matthew Welch
www.squaregear.net

You can listen to the soundtrack on the official YouTube playlist.

I am listening to it right now as I am writing this article :)

As you can see from the screens, colours are vivid, bright - especially when you compare it to such productions like Uplink or Hacker Evolution, which both focused on a single colour variant.

See the alpha trailer in action.

%[https://www.youtube.com/watch?v=Gs14B84FsSs]

Back to top

From the cyber security enthusiast perspective

Do you like what you see? Join the Hashnode.com now and start publishing. Things that are awesome:

✔ Automatic GitHub Backup

✔ Write in Markdown

✔ Free domain mapping

✔ CDN hosted images

✔ Free built-in newsletter service

✔ Built-in blog monetizing through the Sponsor feature

By using my link, you can help me unlock the ambassador role, which cost you nothing and gives me some additional features to support my content creation mojo.

World Wide Hack is advertised as having "real-life hacking & security tools which are authentic, yet modified to be fun and created with a number of options to strategize". I could agree with that. We are using simplified versions of nmap, various exploits using the dictionary attacks, scanners. We can get statistics of the node we are currently on, list processes, move and edit files.

Additionally, through the playtrough, we can obtain additional tools for the money we've acquired from other nodes. And when it comes to the list of tools - it is a very impressive list - and I'm reminding you, this is an alpha stage!

As it comes to the terminal itself. It works pretty similar to the real one. It gets autocomplete and suggestions. Holds history of commands. I really like the QoL that it has, that you can click on the highlighted text, and it gets automatically copied to the prompt.

I am going to make it clear - you will not learn how to hack, by playing this game. But 100% sure - you will learn how the hacking works. That you need to gain access to some nodes, travel though different networks, use some exploits, establish and collect data.

For the engagements that will help you learn about actual systems I recommend platforms like TryHackMe and HackTheBox - this and more you can find in my How can I learn Ethical Hacking? Where should I start?

Back to top

Interesting findings

Just a collection of things I've discovered, that didn't fit in the previous sections.

  • Jasper Houston has a cat called qu8Az.3*eb!7kw_2et - it is also his password

  • Some testing site

137.171.36.124:/> cat home/web/index.web
Testovcia webpage
  • Richard White: 2021-09-01-19-37-11.png

  • Example of a node content 2021-09-01-20-07-41.png

  • Mysterious group/company (black box)? 2021-09-01-20-01-08.png

Back to top

Additional readings

📌 Follow the #CyberEthical hashtag on the social media
🎁 Become a Patron and gain additional benefits
👾 Join CyberEthical Discord server
👉 Instagram: @cyber.ethical.me
👉 LinkedIn: Kamil Gierach-Pacanek
👉 Twitter: @cyberethical_me
👉 Facebook: @CyberEthicalMe

Back to top