Since they used localStorage, you can modify the state of your character.

If you want the best weapons in the game, the sword is called 'goldensword' and the armor is call 'goldenarmor'.

What would be the point of that? The only fun in the game (besides the fact that it works at all) is finding the new gear and getting the achievements. If you just edit your character, then you may as well not even play.

Cheating single player is only affects the player themselves. But when it comes to online, multiplayer, then cheating/codes need to be restricted. It's more from a sustaining/profitability point of view – nothing drive users away when they first log on and see everyone running around looking identical and having the best items obtained with just a few key strokes.

I guess the OP's comment of local storage was also to point out the 'flaw' since it is for a multiplayer game.

I'm guessing they aren't too worried as it is just a demo. You can easily put some backend checks in for things like this.

Giving each weapon/character relationship an id solves this pretty easily.

TBH I just did it because I could.

Random idea: write a brand new game that talks to the Browser Quest server. Use the input of other players moving around as input into your own game (maybe some sort of ambient art thingy).

How'd you do it? I'm trying to do:

localStorage.data = localStorage.data.replace('sword1', goldensword')

But it just reverts after I type that into the console. Could someone explain how it works?

I ran this line

  localStorage.data = JSON.stringify((function (data) { data.player.weapon = 'goldensword'; return data })(JSON.parse(localStorage.data)))

and then reloaded the page, and I had the golden sword.

Ah, I see. I didn't reload the page. I wonder if there is any way to do this without reloading the page...

It be fun to show off if someone figured it out.

The client server protocol only lets you specify arbitrary equipment when you connect. To change equipment during the game, you have to Types.Messages.LOOT a dropped item.

Sorry, I don't understand. Types.Messages.LOOT can be used how exactly?

LOOT is an action in the client server protocol - you can't easily use it. The important part is that you can only equip an item that is available to be picked up, unlike when you first connect. You can specify any weapon and armor when you first connect, which is why editing the local storage works.

I actually did this in Chrome by just opening up the developer console, clicking on the Resources tab, and modifying the value directly. You'll see Local Storage under Databases in that tree on the left.

I did the same thing. You can actually change the weapon to "flask" (so it doesn't show up) and armor to things like "boss", "rick", "nyan", etc. "Rat" is pretty fun too.

You can also make yourself permanently invincible, attack 10 times per second, and teleport around, if you get a reference to some of the internal variables. I actually found it quite difficult to get that reference since the project uses requireJS and doesn't leave any global/window references. As far as I can tell, the only way is to pause in the debugger, which is much more tamper resistant than I expected it to be.

I'd like to hear more about how you did this. I'm always interested in manipulating Javascript and whatnot. Who knows, maybe I will learn something about securing my own games by tinkering with this.

I played it for 20min and after that I had golden sword and golden armor; hacking around in localStorage would probably have cost me around 10min too. And playing the game deems me much more fun :)