A less cool, more accurate title: "Using buffer overflow to gain infinite in-game currency locked to one account in Magic: the Gathering Arena and then disclosing the exploit to the publisher".
There are two M:tG online games, and Arena is the one with no way to transfer currency, cosmetics, or cards between accounts. The other one, M:tG Online, does allow for the ability to trade digital goods between accounts or redeem physical cards and, like grinding/botting on WoW or RuneScape, it's a way to earn reasonable money in South American countries (Brazil and Venezuela are the two I've heard about specifically).
If you think of the integer as a buffer of size 31, containing an unsigned integer, the attack overflows into a different buffer of size 1, containing a sign bit for scaling that integer. ;)
But yeah, integer overflow and not buffer overflow.
One league takes about 1.5-2 hours to play, a challenge 5-8 hours depending on amount of players. 1 tix = $0.90, so you can see how hard it is to make a living.
I think there's only like 3-4,000 of us that play mtgo still, so the level of play is much higher than Arena (or even your average local FNM)
Yep, still plenty of those of folks, mostly for challenges on the weekend. I'm always impressed by how they can keep two games in two different formats straight 4-5 hours into it lol
If it's anything like the news reports I read years ago about various mobile games, I imagine the people you're talking about are low-paid employees of a grinding company, playing on heavily streamlined and partially automated stations provided by the employer. There likely isn't even 1:1 relationship between a person and a handle.
It's just not possible to be successful in Magic doing that because the meta would quickly adapt to exploit whatever decks they had built automations for and make them losing players. Also, most trophy leaders in mtgo are well known people who all hang out in the same Discords, so we know exactly who they are.
Why not? Even ignoring any kind of streamlining automation, someone who plays MTG 8+ hours a day 5+ times a week is bound to eventually become a successful and adaptable player. They may not end up at the very top, but close to it, and more than enough to make positive profits for their employer, in countries with low labor costs and standards of living.
That'll be the tradeoff with games that allow players to earn money (play-to-earn); it has to be rewarding enough to attract players, but not rewarding enough that people can turn it into a job (automated or otherwise). This is why these play-to-earn crypto/nft games aren't going to work. Or well, they work, but not the way people think they do - it'll be low wage countries doing the grinding, and people with expendable income / whales doing the buying, and I'm not sure if the two groups are aware of each other's existence.
Aye, except the days of accurate headlines are a long long way behind us.
Makes me think that each HN submission should have two title fields: one for the exact title of the article or blog post or whatever, and one for an accurate consensus driven title!
Or if somehow content creators could be rewarded for accuracy in their headlines.
> A less cool, more accurate title: "Using buffer overflow to gain infinite in-game currency locked to one account in Magic: the Gathering Arena and then disclosing the exploit to the publisher".
That is 76 characters too long for HN’s submit form.
A friend of mine and sometimes contractor is a venezuelan I met online in WoW classic because he was always farming dungeons we wanted to run, so we'd party with him a lot. Pretty interesting to learn about gold selling and leveling market from him.
I thought blizzard would find it easy to crack down on gold selling but I guess not, every once in a while he'd dump these massive amounts of gold to some random player he'd never interacted with and wouldn't get banned for it.
These days the way it works is he'd basically be a stringer for some big gold farming site. He'd farm, dump some big chunk to one of their sock accounts, and then they'd take that into bigger blobs of gold that would get banked or eventually parceled off into whatever amount a customer wanted.
The per hour price for his labor was pretty shit, better than in Venezuela of course but if I remember correctly not close to USA's 7$ or whatever it was at the time. It gave him access to USD though which was important, as USD can be used to buy more critical goods than venezuelan cash. Like computer components for example. And it's easily turned into local currency. So any time he could get his hands on usd he was keen.
It seemed like the better money was in levelling, where he'd log in onto your account and just level your character. In wow classic this was worth it cause the leveling gets insanely tedious around 48 to 58 (level cap 60). If you think it's silly to pay someone to play a game for you you're mostly right, but retail wow (the non classic redo) iirc sells level up potions, and so does guild wars 2, so presumably people buy them. Some people are more interested in end game than levelling.
Anyway for level up work he'd have to find a client through personal relationships, so harder to do, but more money cause no middleman. Plus he's just playing the game then which is more fun than grinding for gold.
Right now it sounds like the gold market is bereft, he's saying he can't find buyers right now, not sure what's happening there, but he hasn't grinded gold in months last I checked.
I now hire him on when I can for admin assist work, which I highly recommend doing even if you think you don't need an admin assist. I read Tim Ferris' "4 hour workweek" ages ago and remember him mentioning how an admin assist can save you time in ways you don't realize until you hire one on.
So far for me he's done asset placement in a tile map generator with data entry for a game dev contract we had, some project management related cleanup and admin work, photo editing of RAWs in Darktable (a skill he picked up in about 3 hours and became remarkably good at within two sets of photos), basic accounting and cleanup with data entry, and research with compilation. All for between 10-20usd/hour depending on what he feels comfortable charging (he wanted to charge less than 10 which is just too low for me to be comfortable with). Tldr I highly recommend exploring this sometime, I can recommend my buddy personally of course but there's also agencies and the like. Actually side note, incredibly, his venezuelan bank lets me make payments from my credit card. I have no idea what's happening in that country. I used to have to pay him in eth.
It's really remarkable the ingenuity folks in places like Venezuela have to have to make any kind of money. My buddy will be sniffing out these online working opportunities I'd never have dreamed of.
A good related book is Neal Stephenson's "Reamde," plot of which somewhat revolves around the transfer of digital games currency to real currency.
There are two M:tG online games, and Arena is the one with no way to transfer currency, cosmetics, or cards between accounts. The other one, M:tG Online, does allow for the ability to trade digital goods between accounts or redeem physical cards and, like grinding/botting on WoW or RuneScape, it's a way to earn reasonable money in South American countries (Brazil and Venezuela are the two I've heard about specifically).