The Game – CTF Writeup

Platform: TryHackMe

Instructions:

Cipher has gone dark, but intel reveals he’s hiding critical secrets inside Tetris, a popular video game. Hack it and uncover the encrypted data buried in its code.

This challenge was originally a part of the Hackfinity Battle 2025 CTF Event.

Writeup

Time for game hacking! I was really excited about doing this CTF, as I had been digging into reverse engineering and getting back into some lower level programming!

Downloading the files that are provided get an exe file called Textrix.exe, we run it we are presented with the following:

Pasted image 20250924185437.png

Its a tetris game that you can play! But we want to break this, and immediately we are given our objective at the top “Score more than 999999”

Now I’m really not that good at Tetris so I started thinking, “What is a way I can change my score value to get past 999999?” It was then that I remembered the following YouTube video I watched.

In the video Low Level utilizes a tool to modify the values of specific addresses in memory that correspond to how many apples he has in the game. So if I can find the memory address that has the score, and then manipulate that value to 999999, I should be good!

I’m not sure what tool he is using in the video, but a popular tool to be able do so is Cheat Engine You could also probably use a debugger, like the x64dbg, but Cheat Engine is super easy to start and connect to running processes.

Okay, so I boot up Cheat Engine. Our current score is 0, so lets see what address have 0 set to their value.

Pasted image 20250924190138.png

Unsurprisingly, a WHOLE lot of values, but thats only our starting point. Instead of 0, how about I get my score to a higher value, stack it up (pun intended) and then using Cheat engine, I see the memory addresses that changed their value from 0 to that score.

Pasted image 20250924190335.png

So now my score is 100 so inside of Cheat Engine, I look for values from the original scan that increased by 100
Pasted image 20250924190414.png

Hitting next scan we get 24 addresses! Which is a big improvement, lets change the score one more time and do the same again. Doing that didn’t work, which lead to me think two things:

  1. I messed up
  2. The value for the score is not stored as an integer but rather as a floating point value

After a closer look, it was indeed the first option. If you look at the first screenshot I shared, you’ll notice that I have the HEX value selected instead of normal decimal notation. I forgot to undo that while I was messing around with Cheat engine earlier. Now if we go ahead and use my previous approach we find the addresses easily!

We see that there are two addresses if you follow my approach, so I go ahead and modify their values. To do this in cheat engine, you double click on the address then click on the value in the list that is provided below in the memory view. Nothing happened though. 

Now I am assuming that there is a loop inside of the code that checks every time a score occurs whether it has passed the threshold. So I score one more time and boom! The flag appears underneath the score.

Now, there are a bunch of approaches that game developers can take in order to ensure that actions such as this do not happen. For a game like this, where it is local values could be stored as floats, pointers could be used to “hide” the location of the value behind some references, code obfuscation, and more!

Otherwise, for multiplayer games, developers often rely on an game server that maintains an authoritative game state, and ensures that expected values align with the values that the players send from their client to the server. There are other tactics as well, but I’d like to do those justice, maybe in another blog!

Until then 🙂