第7集：曼弗雷德（第一部分）

2002年的时候，我被禁止玩《无尽的任务》。

Back in 2002, I got banned from playing EverQuest.

这是一款大型多人在线角色扮演游戏，简称MMORPG。

This was a massive multiplayer online role playing game or MMORPG.

我花了多年时间扮演一个半精灵吟游诗人，游历诺拉斯世界。

I spent years playing the game as a half elf bard traveling through the world of Norrath.

它占据了我生活的全部，但我有过一些永远难忘的经历。

It consumed my life, but I had ventures that I'll never forget.

比如有一次，我和另外80名玩家联手杀死了像沃克斯夫人和纳加万这样的巨龙。

Like the time I got together with 80 other players and killed dragons like Lady Vox and Nagavan.

但经过多年重复做同样的事情、登上顶峰之后，我感到厌倦并退出了游戏。

But after years of doing the same repetitive things over and over and making it to the top, I got bored and I quit.

但这种状态没持续多久，几周后我又忍不住重新玩了起来。

But that didn't last long because I found myself playing again a few weeks later.

我花了多年时间培养我的角色，实在难以放手。

I had spent years working on my character and it was just too hard to let it go.

我到了根本无法戒掉游戏的地步。

I got to the point where I just couldn't quit the game.

所以，我想到的唯一能强迫自己停玩的办法，就是找办法被封号。

So the only solution I could think of to force me to quit was to find a way to get banned.

于是我开始使用机器人。

So I started using a bot.

这个机器人会接管我的角色并为我自动运行。

The bot would take control of my character and automate it for me.

这严重违反了游戏规则。

This was strictly against game rules.

我会让机器人整晚运行，让我在睡觉时也能打怪升级。

I would leave the bot run all night long, fighting monsters and gain experience while I was sleeping.

当我醒来时，惊讶地发现我的角色还在打怪。

And when I woke, I was surprised to see that I was still fighting monsters.

可我还是没被封号。

Still not banned.

我继续使用机器人，一晚又一晚地让它运行。

I kept botting and letting it run night after night.

最终，玩家们向游戏管理员（GM）投诉，而我如愿以偿地被封号了。

And eventually, players complained to a GM or game master, which is like the game's admin, and I got just what I wanted, banned.

虽然这个故事在我自己的记忆中很传奇，但跟接下来你要听到的故事相比，根本不值一提。

While this story is epic in my own memories, it's nothing compared to the story you're about to hear.

你即将听到的，可能是有史以来最史诗级的网络游戏故事。

You're about to hear possibly the most epic online video game story of all time.

这个故事如此离奇，甚至被《连线》杂志报道过。

This tale is so crazy that it was even featured in Wired magazine.

世界将发生你从未预料到的改变，届时将出现海量的金币与财富。

The world will become altered in ways you've never expected, and there will be massive amounts of gold and wealth.

所以围过来，听一个史诗般的故事吧。

So gather around and listen to a tale of epic proportions.

这是《暗网日记》，来自互联网黑暗面的真实故事。

This is Darknet Diaries, true stories from the dark side of the Internet.

我是杰克·雷西德。

I'm Jack Recider.

本集由Vanta赞助。

This episode is sponsored by Vanta.

客户信任可以成就或摧毁你的业务。

Customer trust can make or break your business.

随着你的业务不断增长，你的安全和合规工具也会变得越来越复杂。

And the more your business grows, the more complex your security and compliance tools get.

这可能会变成一团混乱，而混乱并不是一种安全策略。

It can turn into chaos, and chaos isn't a security strategy.

这就是Vanta发挥作用的地方。

That's where Vanta comes in.

把Vanta想象成一位24小时在线、由AI驱动的安全专家，它会随着你一起成长。

Think of Vanta as your always on AI powered security expert who scales with you.

Vanta自动处理合规性，持续监控你的控制措施，并为你提供合规与风险的单一信息来源。

Vanta automates compliance, continuously monitors your controls, and gives you a single source of truth for compliance and risk.

无论你是像Cursor这样的快速成长型初创公司，还是像Snowflake这样的大型企业，Vanta都能轻松融入你现有的工作流程，让你持续发展一家客户可以信赖的公司。

So whether you're fast growing startup like Cursor or an enterprise like Snowflake, Vanta fits easily into your existing workflows so you can keep growing a company your customers can trust.

前往 vanta.com/darknet 开始使用。

Get started at vanta.com/darknet.

拼写是 vanta。

That's spelled vanta.

vanta.com/darknet。

Vanta.com/darknet.

本集由Shopify赞助。

This episode is sponsored by Shopify.

还有比新年伊始尝试新事物更好的时机吗？

Is there any better time to try out something new than at the start of a new year?

我非常喜欢。

I love it.

我觉得自己有理由去学习一项新技能、启动一个新项目，或者做出新的决定。

I feel like I have permission to try learning a new skill or starting a new project or making new decisions.

但如果你更有雄心壮志，为什么不三者都试试，把2026年变成你用Shopify开启新事业的一年呢？

But if you're feeling extra ambitious, why not do all three and turn 2026 into the year you started your new business with Shopify?

Shopify为你提供了在线和线下销售所需的一切工具。

Shopify gives you everything you need to sell online and in person.

通过Shopify内置的AI工具，你可以快速完成设置，这些工具能帮你撰写产品描述和标题，甚至协助你编辑产品图片。

Set up is fast with Shopify's built in AI tools that product descriptions and headlines and even help you edit product photos.

数以百万计的创业者已经完成了这一跃，从家庭知名度的人士成长为刚刚起步的初创企业主。

Millions of entrepreneurs have already made this leap from household names to first time business owners just getting started.

就连我，我的T恤店也在Shopify上。

And even me, my t shirt shop is on Shopify.

网址是shop.netdiaries.com，我喜欢Shopify，因为它让我轻松地把业务搬到了网上。

That's shop..netdiaries.com, and I love Shopify because how easy it is for me to get my business online.

营销功能也是内置的。

Marketing is built in too.

你可以创建电子邮件和社交媒体活动，触达顾客在任何地方浏览时的注意力。

You can create emails and social campaigns that reach customers wherever they scroll.

所以在2026年，别再等待，立即用Shopify开始销售吧。

So in 2026, stop waiting and start selling with Shopify.

注册每月1美元的试用版，今天就前往shopify.com/darknet开始销售。

Sign up for your $1 per month trial and start selling today at shopify.com/darknet.

前往shopify.com/darknet。

Go to shopify.com/darknet.

就是shopify.com/darknet。

That's shopify.com/darknet.

在新的一年里，让Shopify陪伴你聆听你的第一个故事。

Hear your first this new year with Shopify by your side.

我感到非常幸运，能够记录下这个故事。

I feel really lucky to have captured this story.

这个故事差点就溜走了，永远消失在夕阳里。

This is one that almost got away and disappeared into the sunset forever.

这是一段难得一闻的故事。

It's a rare one to be heard.

这是一个关于名叫曼弗雷德的人的故事。

This is a story from a guy named Manfred.

你好。

Hello.

嘿。

Hey.

最近怎么样？

How's it going?

曼弗雷德已经保守这个秘密二十年了。

Manfred has kept his story quiet for twenty years.

他直到今年才首次公开讲述这些故事。

He's never publicly told these stories until this year.

他首次在DEFCON——全球最大的黑客大会上谈及此事，但他没能说完所有想说的话。

He first spoke about this at DEFCON, the largest hacker conference in the world, but he didn't get to say everything he wanted to say.

所以我本来打算展示两款游戏中的两个零日漏洞。

So I was gonna show two zero day exploits in a couple of games.

所以我在DEFCON的休息室里，就在我的演讲前十五分钟左右。

So I was in the green room at DEFCON, like, fifteen minutes before my talk.

一位DEFCON团队成员——那些工作人员——问我我的演讲是关于什么的，我们就聊到了我演示这个漏洞的事情。

One of the DEFCON team members, goons, they asked me what, you know, what my talk's about, and we got on the subject of, you know, me just me demonstrating this exploit.

他去找了另一个工作人员，然后两人一起回来对我说，你可能不想这么做。

He, he went and talked to another goon, and they both came back to me, and they were like, you probably don't wanna do this.

你可以谈论这个漏洞，但别演示如何复现它。

Like, you can talk about the exploit, just don't demonstrate how to reproduce it.

于是我心想，你们说得可能是对的。

So then I was like, you know, you guys are probably right.

他在DEFCON演讲中确实谈到了自己黑过的众多游戏，那段演讲被录下并上传到了YouTube，但没过多久就被下架了。

He did talk about the numerous games he did hack during his DEFCON talk, which was recorded and put on YouTube, but that didn't last long.

我的DEFCON演讲因为ArenaNet公司——《魔兽世界2》的开发商——的版权主张而被删除了。

My DEFCON talk got taken down, due to, like, a copyright claim by ArenaNet, the makers of Guild Wars two.

正如你所见，这个故事不仅罕见，而且在某些方面是被禁止的。

As you can see, the story is not only rare, but in some ways forbidden.

那么，我们开始吧，好吗？

So let's begin, shall we?

首先，Manfred 这个名字是怎么来的？

First off, what kind of name is Manfred?

在早期的网络时代，我经常进行 Pk 搞恶作剧之类的活动。

So back in the early days of online, I did a lot of p k ing griefing and all that good stuff.

所以，我最初的名字并不是 Manfred。

So originally, my name wasn't Manfred.

我的名字是 Phuckechop。

It was Phuckechop.

拼写是 p-h-u-c-k-c-h-o-p。

It's p h u c k c h o p.

我想，这无异于在杀死玩家并夺走他们辛苦获得的资源后，又给了他们额外的羞辱。

I guess it kind of like added insult to injury to the players that I'd kill and take all their hard earned resources.

纯粹是开个玩笑，你知道的。

All in good fun, know.

现实中不是我，我只是在游戏中这么做，纯粹是图个乐子。

It's not me in real life, it was just the game and I did it all in good fun.

在‘Fuckjap’这个名字下，我连续几周甚至几个月都在进行玩家对战（PK）。

Under that name of Fuckjap, I player killed PKD, as it's called, for weeks and maybe months.

有一天，我正待在城镇里，受着卫兵保护，旁边就是游戏内的银行，我出去买午餐的凯撒甜甜圈。

And then one day, I was just staying AFK in town under guard protection next to an in game bank, and I went out to get some Krispy Kreme doughnuts for lunch.

那是我平时的午餐，一次买一打。

That was my usual lunch, like a dozen of those.

它们真的很棒。

They're pretty awesome.

我回来后，一看我的角色，发现我的名字变成了‘Banford’。

I came back, and I looked at my character, my name was Banford.

我当时就想，这挺有意思的。

I was like, this is interesting.

于是我查看了聊天记录，发现有管理员告诉我，他不能允许我到处以‘fuck job’的身份杀玩家。

So I looked at the chat log, and I saw that a GM told me that he can't have me going around killing players as fuck job.

他说，你知道的，你可以杀玩家之类的。

He's like, you know, you can kill players or whatever.

这是游戏的一部分，但我们不能让你用那个名字。

It's part of the game, but we can't have that name.

所以他直接给我改成了一个随机名字，恰好是曼弗雷德，从此就一直用这个名字了。

So he just changed my name to a random name, and it happened to be Manfred, and it stuck ever since.

这个故事发生在二十年前。

That story took place twenty years ago.

自那以后，曼弗雷德就一直在玩MMORPG。

Manfred has been playing MMORPGs ever since.

每次都是从同样的方式开始。

It always starts out the same way.

他会先玩，享受乐趣，彻底摸清游戏机制，然后最终感到无聊，开始去捣鼓它。

He'll play, have fun, learn the game inside and out, and then eventually get bored and start to tinker with it.

为了好玩，我会逆向工程游戏，研究协议如何与服务器通信，以及服务器如何回传数据给客户端。

For fun, I reverse engineer games, and I reverse engineer how the protocol talks to the server and vice versa, how the how the server talks back to the client.

他黑入在线视频游戏。

He hacks online video games.

这就是他的专长。

This is what he's good at.

在做了二十年这件事之后，他已经成为发现游戏漏洞和MMO漏洞的专家。

And after twenty years of doing this, he's an expert at finding bugs and MMOs.

他捕获数据包并分析其中的内容。

He captures the packets and analyzes what's in them.

他会将自己的数据注入数据包，观察游戏的反应。

He'll inject his own data into packets and see how the game responds.

他会找到进入游戏客户端的方法，操控发送到服务器的流量。

He'll find ways into the game client and manipulate what traffic is sent to the server.

他在几乎每款游戏中发现的漏洞都是整数溢出。

The exploit he finds in almost every game is an integer overflow.

要理解这一点，想象你有一块钟表，时间是01:00。

To understand this, imagine you have a clock, and the time is 01:00.

现在，如果你从这个时间减去一分钟，时间就会变成12:59。

Now if you were to subtract one minute from it, the time would then be 12:59.

你有没有发现，通过减法，结果反而变成了一个更大的数字？

Do you see how by subtracting, it resulted in a larger number?

计算机对能计数的最大值是有上限的。

Computers have a limit of how high they can count.

一旦达到这个上限，它就会直接回滚到能计数的最小值。

And once they hit that limit, it rolls all the way around to the lowest number they can count.

而视频游戏并不总是检查你是否能从最小值中减去数值。

And video games don't always check if you can subtract from the lowest amounts.

所以曼弗雷德尝试从零开始减，有时会得到意想不到的结果。

So Manfred tries to subtract from zero, and he sometimes gets surprising results.

他是在数据包层面进行这种操作，类似于中间人攻击。

He's doing this at the packet level, sort of like a man in the middle.

当数据包从他的电脑发送到服务器时，他会截获它，修改某些数值，然后再发送出去。

When a packet is sent from his computer to the server, he captures it, changes some values, and sends it off.

他这么干已经很久了，所以几乎能在任何游戏中找到漏洞。

He's been doing this for a long time, so he can pretty much find bugs in any game.

到目前为止，他在所有这些游戏中都发现了漏洞。

So far, he's found bugs in all these games.

《最终幻想14》、《魔兽世界》、《激战》、《上古卷轴在线》、《指环王在线》、《激战2》、《无尽的任务2》、《安纳克希在线》、《暗黑纪元：卡姆瓦》、《最终幻想11》、《魔兽世界》、《激战》、《野星在线》，我肯定还漏掉了五六个。

Ultima Online, Dark Age of Kamwa, Anarchy Online, Lineage two, Final Fantasy Online, the first one, World of Warcraft, Rift Online, Elder Scrolls Online, Lord of the Rings Online, Rift Online, Second, Final Fantasy 14, Guild Wars two, and Wild Star Online, and I'm sure I forgot five or six more.

因为我个人玩过很多《魔兽世界》，我们就从那里开始吧。

Because I personally played a lot of World of Warcraft, let's start there.

2007年，《魔兽世界》是当时最受欢迎的大型多人在线角色扮演游戏。

World of Warcraft was leading the pack as the most popular MMORPG in 2007.

我玩那会儿，我觉得玩家数量接近一千万。

Back when I was playing it, I think it had close to 10,000,000 players.

曼弗雷德玩了很久，他很享受升级角色、打怪和探索世界的过程。

Manfred had been playing for a while, and he was having fun leveling up his characters, fighting creatures, and exploring the world.

这款游戏有一个叫做天赋系统的东西。

This game had a thing called a talent system.

每升一级，你都会获得一个天赋点，用于提升你的角色。

For every level you level up, you get one talent point to put into improving your character.

曼弗雷德很好奇，当他使用天赋点时，电脑会向服务器发送哪些数据包。

Manfred became curious what packets the computer was sending to the server when he would use a talent point.

出了个问题。

There was a problem.

他的电脑和服务器之间的数据包是加密的，所以他无法看到其中的内容，也无法注入自己的数据。

The packets between his computer and the server were encrypted, so he couldn't see what was inside them or inject his own data in it.

但他是个逆向工程师，于是开始捣鼓

But he's a reverse engineer, so he starts to tinker with

稍微修改游戏客户端，以便在数据包发出前、加密发生前接管通信，以及在数据包从服务器返回后、解密发生后接管通信。

Slightly modifying the game client so I could take over the communication before decree or before encryption happens when the packets are outgoing, and I take over communication after encryption happens when they're coming from the server.

一旦他成功介入游戏通信，他就玩起了游戏，花了一个天赋点来强化角色，并观察了此时数据的形态。

Once he has his hooks in the game communication, he played the game and spent a talent point to boost his character, and he saw what the data looks like when this happens.

于是他尝试将同一个数据包重新发送回游戏客户端。

So he tried replaying that same packet back to the game client.

他原本以为会看到自己花掉了一个天赋点，天赋值增加了1点。

What he was expecting to see was that he had spent one talent point, and his talent would go up by one.

但我发现我的技能点数和我花费的天赋点数对不上。

And I noticed that my skills didn't match up with the talent points I spent.

这里存在一个不一致的地方。

There was, a disconnect.

比如说，我明明有15个技能点分配在某个天赋树上，但我根本没用任何天赋点，这很奇怪。

Like, supposedly, I had, for example, like, 15 skill points in this one skill tree, but I didn't use any of my talent points, which was weird.

但至少一开始，我以为这只是客户端的bug，是我没花技能点就提升了天赋。

But somehow, at least, initially, I thought it was just a client side glitch where I raised my talents without using any skill points.

于是我登出游戏，关闭了客户端，然后重新从服务器加载了一份我的角色数据。

So I logged out of the game, closed down the client, and, you know, I'd pull up a fresh copy of my character from the server.

这样就能知道到底发生了什么真实情况。

That would be that would tell me the true story of what's going on.

所以我重新登录游戏，发现我的天赋树里依然有15个点，我的技能点也还是15个。

So I log into the game, and I still have my, you know, whatever, 15 points in my talent tree, and I still have my 15 skill points.

所以我心想，好吧。

So I was like, okay.

这挺有意思的。

This is interesting.

我们来看看这里到底发生了什么。

Let's see what's going on here.

天赋点很稀有，你只能获得一定数量。

Talent points are rare, and you can only get a certain amount.

而且你在一个特定技能上最多只能花费五个点。

And you could only spend a maximum of five on a specific skill.

但曼弗雷德找到了一种不消耗天赋点就能花费天赋点，并且超过五个点的方法。

But Manfred found a way to spend talent points without using talent points and to spend more than five.

我只用了五个点，就把它提升到了十五点。

I was able to boost it up to 15 points using only five points.

任何能增强你角色实力或让你对其他玩家取得优势的漏洞都非常重要，因为你基本上获得了对一千万名玩家的不公平优势。

Any exploits that improved your character's strength or gave you an advantage over another player were pretty significant because, you know, you gained an advantage, an unfair advantage over 10,000,000 players, basically.

曼弗雷德利用这个漏洞超额加点后，他在游戏中变得如同神一般。

After Manfred overloaded his talents with this exploit, he became godlike in the game.

他的能力远超任何其他玩家。

His powers were far more superior than any other player.

他开始为自己的角色配备所有最好的装备，让自己变得更加强大。

He started decking out his character and all the best equipment and made himself even more powerful.

然后我去试试能不能独自完成一个地下城。

And then I went to see if I could, like, complete a dungeon solo.

他能够轻松通关通常需要五人才能完成的地下城，从而获取更优质的装备并进一步提升实力。

He was able to easily clear dungeons that normally takes five people to complete, allowing him to gather even better equipment and improving more.

他不断挑战自己的极限，看看这个超级角色究竟能做到什么地步。

He kept pushing his abilities to see what was possible to do with this super character.

有一段时间，他的目标变成了熔火之心。

At one point, his goal became Molten Core.

这是一个需要40人才能通关的团队副本，但他却试图独自挑战。

This was a raid level dungeon, which required 40 people to clear, so he tried to solo it.

我的角色不够强大，没法独自完成熔火之心，所以我们开始召集一些朋友。

My character wasn't powerful enough to, like, complete Molten Core, so we started getting some friends together.

我会给我的角色和朋友们的角色加BUFF，然后我们一起进去完成熔火之心，我觉得那是一个40人副本。

So I'd buff up my characters and my friends' characters, and we go in and complete Molten Core, which I think was a 40 person dungeon.

我们只用八个人就完成了。

We do it with, like, eight people.

这非常有趣。

It was a lot of fun.

这很有挑战性。

It was challenging.

我们利用这个天赋漏洞，用极少的人数完成了副本，持续了大约八到九个月。

We used, this talent exploit to complete dungeons with very few people for probably eight to nine months.

游戏开发者从未发现或抓到Manfred在使用这些漏洞。

Game developers never detected or caught Manfred doing these exploits.

你可能会以为他们对所有副本都有数据统计，能看出来玩家队伍完成副本的速度之类的信息，但他们并没有。

You'd think they'd have metrics on all these dungeons, and they could see, you know, how quickly a group of players could finish a dungeon or whatnot, but they didn't.

他回去逆向工程客户端。

He went back to reverse engineering the client.

他发现生产服务器中启用了调试数据包。

He found there were debug packets that were enabled in production servers.

在花时间分析这些调试数据包后，他找到了一些惊人的操作方法。

After spending time analyzing the debug packets, he found ways of doing some amazing things.

比如向整个服务器广播消息，直接传送到玩家身边。

Things like broadcasting messages to the entire server, like, teleport directly to the player.

即使使用这些漏洞几个月后，他仍然没有被发现或察觉。

Even after using these exploits for a few months, he still wasn't caught or detected.

所以他最终对游戏感到厌倦，决定看看在被封号前能将这个漏洞推到多远。

So he eventually started getting bored with the game and decided to see how far he can push this before getting banned.

通常，这种情况的结局都会发生在PVP中。

So usually, the way this ends is in PVP.

当人们被瞬间击杀时，他们会抱怨。

People complain when they get, you know, killed instantly.

所以我们开始进入PVP区域，直接一击秒杀玩家，无论是满级80级还是50级的角色——当时等级上限是多少，我们都能一击或几击之内干掉。

So we started going out into the PvP lands and just basically one shotting people, killing a person, like a super buffed up level 80 person or level 50, whatever the level cap was back then, you know, in a in a single hit or a couple of hits.

玩家们开始玩的时候会截图，然后找游戏管理员举报，大概一两周，最多三周后，我们所有人都被封号了。

So the players will start playing, they take screenshots, they call GMs, and, you know, fairly quick quickly, maybe one or two weeks, maybe three weeks afterwards, we'd all get banned.

让我最惊讶的是，像《魔兽世界》这样规模的游戏，竟然会有这样的漏洞。

What surprises me most about this story is how a game the size of World of Warcraft can have these exploits in them.

这款游戏有上千万玩家，每人每月支付15美元来玩。

The game had 10,000,000 players who were all paying $15 a month to play.

游戏开发者每月收入超过一亿美元，也就是每天三百万美元。

The game developers were bringing in over $100,000,000 a month or $3,000,000 a day.

有这么大的预算，你本以为他们早就该修复所有漏洞了。

With a budget like that, you'd think they'd have solved every exploit.

这确实是开发者的一大疏忽。

That that was a huge oversight on the developer's part.

你知道，他们不该把开发用的数据包留在《魔兽世界》这种规模的线上游戏中。

You know, they shouldn't have included development packets and their production MMORPG on the scale of World of Warcraft.

所以当曼弗雷德被封禁出《魔兽世界》时，这对他来说根本不是问题，因为他可以轻松转向其他游戏。

So while Manfred was banned from World of Warcraft, it was no problem for him because he could just move on to another game.

本集由DeleteMe赞助。

This episode is sponsored by DeleteMe.

DeleteMe让删除你的在线个人信息变得简单、快速且安全，尤其是在监控和数据泄露日益普遍、人人都可能受害的今天。

DeleteMe makes it easy, quick, and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable.

现在要在网上找到关于一个人的个人信息比以往任何时候都更容易。

It's easier than ever to find personal information about people online.

你的地址、电话号码以及家人的姓名暴露在互联网上，可能会在现实世界中带来实际后果，使每个人都有风险。

Having your address, phone number, and family members' names hanging out there on the Internet can have actual consequences in the real world and makes everyone vulnerable.

隐私对我来说是一个极其重要的议题。

Privacy is a super important topic to me.

所以几年前，我注册了DeleteMe，它立即开始在互联网上搜索我的名字，并向我提供发现结果的报告。

So a few years ago, I signed up, and DeleteMe immediately got busy scouring the Internet looking for my name and then gave me reports on what they found.

然后它开始删除这些信息，并向我展示它清理掉了哪些内容。

Then they got busy deleting things showing me what they got rid of.

有人在我团队中帮我处理隐私问题，这真是太好了。

It's great to have someone on my team when it comes to my privacy.

通过注册 DeleteMe 来掌控你的数据，保护你的私人生活不被泄露。

Take control of your data and keep your private life private by signing up for DeleteMe.

现在，我的听众可以享受特别折扣，访问 deleteme.com/darknetdiaries 并在结账时使用促销码 d d 20，即可享受 20% 的优惠。

Now at a special discount for my listeners, you can get 20% off your DeleteMe plan when you go to join deleteme.com/darknetdiaries and use promo code d d 20 at checkout.

要享受 20% 的折扣，唯一的方式是访问 deleteme.com/darknetdiaries，并在结账时输入代码 d d 20。

The only way to get 20% off is to go to join deleteme.com/darknetdiaries and enter code d d 20 at checkout.

就是访问 deleteme.com/darknetdiaries，使用代码 d d 20。

That's join deleteme.com/darknetdiaries code d d 20.

在那之前几年，他玩过一款叫 Shadowbane 的游戏。

A few years before that, he played a game called Shadowbane.

那是一款大型多人在线角色扮演游戏。

It was an MMORPG.

你通过击杀怪物来提升角色等级，装备新物品，也可以与其他玩家对战，但仅限于特定区域。

You level up your character by killing monsters, equip new items, and you fight other players too, but only in certain areas.

曼弗雷德对这款游戏的漏洞之多感到震惊。

Manfred was amazed at how buggy this game was.

他得出结论，这款游戏一定跳过了所有Alpha测试和Beta测试，直接进入了最终发布阶段。

He concluded the game must have skipped any alpha testing, any beta testing, and went directly to final release.

在他二十年的视频游戏破解生涯中，没有任何一款游戏的漏洞能比《Shadowbane》更严重。

In all his twenty years of hacking video games, none have come close to how bad Shadowbane was in terms of bugs.

所以我认为《Shadowbane》值得拥有独立的分类，甚至可以拍一部关于它的电影。

So I think Shadowbane deserves its own category and maybe a movie made after it.

《Shadowbane》的安全性差到极点，如果我要写一款游戏来向游戏开发者展示‘不要这样写游戏，因为这太不安全了’，

Shadowbane was so hopelessly insecure that, you know, if I were to write a game to demonstrate to game developers, no, do not write the game like this because this is very insecure.

我基本上就会把《Shadowbane》拿给他们看。

I'd basically give them Shadowbane.

这个故事和其他人的一样开始。

The story starts the same way as others.

曼弗雷德玩了这款游戏，变得很擅长，然后感到厌倦，开始逆向分析客户端。

Manfred played the game, got good at it, and then got bored and started reverse engineering the client.

他发现，当你获得经验值时，系统会发送一个数据包给游戏，标明你刚刚获得了多少经验值。

He saw that when you get experience points, a packet is sent to the game indicating how many experience points you just earned.

他捕获了这个数据包，再次发送了一次，果然，仅仅重新发送这个数据包，他就再次获得了经验值。

He captured that packet, sent it a second time, and sure enough, he got experience points in the game just for resending that packet again.

他只需向服务器发送特制的数据包，就能无限获取经验值。

He could keep getting unlimited experience points by just sending specially crafted packets to the server.

几分钟内，他就升了100多级。

Within a few minutes, he gained over 100 levels.

他发现服务器对任何发送的数据包都没有验证机制，因此他几乎可以为所欲为。

He found that there was no server side validation for any packet he sent, so he could do almost anything he wanted.

他可以打开其他玩家的保险箱，拿走他们的物品。

He could open up other players' bank vaults, take items from them.

他可以将任何装备装入自己的背包。

He could load any piece of equipment into his inventory.

他甚至能获得大量的力量值和生命值。

He could even gain massive amounts of strength and hit points.

我尝试的任何漏洞几乎都成功了。

Pretty much anything that I tried, any exploit I tried worked.

这简直像是在现实生活中吗？

It was like, is this real life?

他试着看看是否有人愿意用真钱购买他的装备、金币或角色，但由于玩《Shadowbang》的玩家太少，需求根本不足。

He tried to see if anyone would be willing to buy equipment, gold, or characters from him for real dollars, but there just wasn't enough demand because there wasn't enough players playing Shadowbang.

他觉得这个游戏漏洞太多，不想再玩了。

He decided the game was so buggy, he and didn't wanna play it anymore.

所以我们决定来个终极黑客行动，彻底毁掉这个游戏，然后退出。

So we just decided to do a grand finale hack and and basically unsell the game and move on.

我知道如果我们做得太明显，服务器会被回滚，所以我们不得不做得过火一点，因为如果只是杀掉几个玩家之类的，大家在论坛上抱怨，开发者根本不会理。

I knew if we made this super obvious that servers would get rolled back, So we had we we did have to kinda go over the top because, mean, if we killed a few players here and there and blah blah blah, you know, they complained to developers on the forums and they get ignored.

但如果我们发动一场大规模的、改变游戏机制的攻击，比如一次性杀死数百名玩家，彻底改变游戏规则，那他们就不得不回滚服务器。

But if we do, like, a mass scale game mechanic changing attack where it kills hundreds of players and totally alters the rules of the game, then they get rolled back.

我们终极行动之一就是把高级怪物直接传送到新手玩家出生的安全区城市。

So one of our grand finale acts was to basically teleport high level monsters into safe haven cities that new players would start in.

比如说，你在Shadow Bay创建一个新角色，会被传送到一个小岛上，游戏会在这里教你如何玩。

So, like, let's say, create a new character in Shadow Bay and you're sent into this little island where the game teaches you how to play.

理论上这应该是完全安全的。

It's supposed to be completely safe.

但我们把等级200的怪物传送到了那里，杀死所有加入游戏的人。

But we teleported, like, level 200 monsters in there to kill anybody that joined the game.

所以当你作为新玩家加入游戏时，突然间一只等级200的龙就会把你彻底摧毁。

So you join the game as a new player, then suddenly this, like, level 200 dragon just totally decimates you.

在这个小小的新玩家岛上，我们可能在三十分钟到一小时内，杀死了数十名不断重生的新玩家。

So on this little little island of new players, you know, we probably killed dozens and dozens and dozens of new players joining the game and respawning over like a course of thirty minutes to an hour.

我们把整个城镇的人全都传送到了海底。

We teleported an entire town full of people, like, under the ocean.

所以他们会慢慢溺水。

So they'd slowly drown.

你知道，他们溺水太慢了，所以我们还把怪物一起传送过去，让怪物杀死那些溺水的玩家。

You know, they weren't drowning fast enough, so we also teleported the monsters with them so that the monsters would kill the drowning players.

所以，你知道，我们在击杀刚加入游戏的新手。

So, you know, we're killing newbies joining in game.

我们在击杀活跃玩家。

We're killing active players.

我们把玩家传送到海里。

We're teleporting players into the ocean.

这简直就是一片混乱。

It's just complete chaos.

是的，确实如此。

It was it was yeah.

这还挺搞笑的。

It was pretty funny.

我的意思是，这都是好玩的事，但我当时真的震惊了。

I mean, it was all good fun, and I was kind of shock and awe.

有趣的是，那些事件——玩家被传送到海里，怪物被传送到本该安全的新手区域。

It was it was funny that, you know, that the events that were going on, you know, players being teleported into the sea, monsters being teleported into newbie areas where players are supposed to be safe.

令人震惊的是，你怎么可能在一款号称最终版的游戏里做到这种事？

It was shocking that, you know, how is it possible that we could pull this off in a supposedly final game?

但即便如此，这还不够。

But still, that wasn't enough.

他决定把游戏里所有的安全区都变成PvP区。

He decided to make every safe zone in the game a PvP zone.

这意味着玩家可以在世界的任何地方攻击其他玩家。

This means the players could attack other players anywhere in the world.

根本没有地方可以躲藏。

There was no place to hide.

伦弗雷德利用漏洞将自己的角色等级提升到很高，并给角色配备了游戏中所有最好的装备。

Renfred had used his exploits to level his character high up and gave his character all the best equipment in the game.

既然整个世界都变成了PvP区域，你可以猜到他接下来会做什么。

So now that the whole world is a PvP area, you can guess what he did next.

我和朋友们直接冲进去，用那些极度过强的角色横扫所有人。

Me and my friends just going in and decimating everybody with highly overpowered characters.

是的

Yeah.

对

Yeah.

这完全是混乱无序的。

It was complete chaos and disorder.

都很有趣。

All good fun.

曼弗雷德的混乱影响了整个服务器上的每个人。

Manfred's chaos impacted everyone on the entire server.

无论你往哪里看，到处都是成百上千的墓碑，所有人都在疑惑到底发生了什么。

There were hundreds of tombstones everywhere you looked, and everyone was wondering what in the world is happening.

有些人说众神发疯了，还有些人说游戏里有漏洞。

Some people are saying the gods went crazy, and other people are saying there's bugs in the game.

大约一小时的全面混乱之后，服务器下线了。

After about an hour of total chaos, the servers went offline.

他和他的朋友们被封禁了，服务器回滚到混乱开始前的存档点，所有玩家的数据都被恢复了。

Him and his friends were banned from the game, and the server rolled back to a save point before the chaos began, and all players were restored.

最初，被隐形封禁的玩家以为有人入侵了他们的服务器，非法获取了访问权限，以为自己的服务器被攻破了，而实际上我们只是在利用游戏内的机制。

Initially, the shadowbaned people thought, you know, somebody ruded their servers, you know, gained illegal access to their servers, and they thought their servers were compromised when all we were doing was just using in game mechanics.

他们在Shadowbane论坛上查看事后反应时，有些玩家说，这种事应该多发生几次。

And they look at the aftermath in the Shadowbane forums, and some of the players were saying, like, this should happen more often.

这可是他们买下游戏以来玩得最开心的一次。

This was, like, the most fun they've ever had since they bought the game.

所以，有些玩家确实挺生气的，但也有一些玩家说，嘿。

So, I mean, there were some players that were kind of annoyed, and some players were like, hey.

这挺酷的。

This is pretty cool.

咱们再来一次吧。

Let's do it again.

这个隐形封禁漏洞太荒谬了，以至于Wired杂志在2003年事件发生时还专门写了一篇报道。

This shadowbang hack was so ridiculous that Wired wrote an article about it back in 2003 when it happened.

直到现在，都没人知道这件事背后的主谋是谁。

Nobody ever knew who was behind this until now.

Wired杂志刊登了游戏开发者的一条评论，内容是：‘我们正在与执法部门合作，并向大家保证，这些人员将受到法律的严惩。’

Wired posted a comment from the game developers, which said, quote, we're working with law enforcement and we promise all of you that these individuals will be prosecuted to the full extent of the law, end quote.

那都是Bark干的。

That was all Bark.

我想他们意识到自己的服务器并没有被入侵，我们只是利用游戏协议和游戏逻辑，通过发现协议中未预期的功能来反制游戏本身。

I think they realized that their servers weren't compromised and we were just using the game protocol and the game logic against itself by, you know, finding unintended features in the protocol.

Manfred从未因这一事件被游戏开发者或执法部门联系过。

Manfred was never contacted by game developers or law enforcement for this event.

Manford曾尝试与游戏开发者合作，负责任地报告他发现的漏洞。

Manford has tried working with game developers to responsibly disclose the bugs he finds.

在我刚起步的早期，我曾尝试与游戏开发者合作，但总是适得其反。

Back in the early days when I started doing this, I tried to work with the game developers, and it's always backfired.

比如一个例子就是《无政府状态在线》。

For one example would be Anarchy Online.

我想这应该是2000年或2001年发生的。

I think it came out in 2000 or 2001.

所以我在游戏中给GM发了消息，说：嘿，我想和你们的开发者谈谈我发现的一些漏洞。

So I page GM in game and I go, hey, I wanna talk to one of your developers about some exploits I found.

于是我们进入IRC聊天，也就是脱离游戏之外，通过IRC交流，我们就说：看，这些是漏洞，这是我们制造它们的方法，以及如何利用它们。

So we go in and we talk in IRC, you know, kind of go out of band outside the game and talk over IRC and we're like here.

这是这些漏洞的详情，以及我们是如何实现它们的。

Here's these exploits and here's that we produce them and here's how to do them.

他们说：好的，不错。

And they're like, Okay, cool.

谢谢。

Thanks.

第二天早上我们醒来，发现账号被封了。

Next day we wake up and our accounts are banned.

早期的时候，这种情况发生了两次。

This happened twice, early on.

而且你知道，如果这种情况发生了两次，或者在一个游戏里发生了，然后在另一个完全不同的开发团队的游戏里又发生了，那你只能假设，也许游戏行业并不想与负责任地报告漏洞的人合作。

And, you know, if it happens twice or it happen it happens in one game and then it happens in another game with a completely different development team, then you gotta assume, you know, maybe the game industry doesn't wanna work with people responsibly disclosing hacks.

我认为他们的主要观点是，他们根本不想让人逆向工程他们的客户端。

I think their main point is they don't want people reverse engineering their client in the first place.

所以也许这就是他们封禁发现这类问题的人的原因。

So maybe I think that's their motive for banning people that find these sorts of things.

但这有点反直觉，因为你并不想封禁那些试图帮助你的人。

But it's kind of counterintuitive because you don't wanna ban the people that are trying to help you out.

你可能会觉得他们应该给我们提供资源或更多资源，比如：嘿，这里有几套免费账号，还有我们的私有测试服务器。

You'd think they'd want to give us resources or additional resources or be like, hey, here's some free accounts and here's, you know, here's our private test servers.

随便用吧，结果却恰恰相反。

Have at, you know, the opposite happened.

他们只是说我们要封禁你。

They just said we're gonna ban you.

别再回来了。

Don't come back.

今年，曼弗雷德在DEFCON大会上做了一次演讲。

This year, Manfred gave a talk at DEFCON.

他原本打算曝光《上古卷轴在线》和《野星在线》中的两个未修复的漏洞。

He was going to expose two unfixed bugs in Elder Scrolls Online and WildStar Online.

但他决定不演示这个漏洞利用方法。

He decided not to demonstrate the hack.

演讲结束后，一家与《上古卷轴在线》相关的公司找到我，说：这是我的名片。

After the talk, one of the companies that was behind the older scrolls online came up to me, and they were like, here's my business card.

我们聊聊吧。

Let's talk.

于是我和他们进行了交流。

So I talked to them.

DEFCON之后不久，我们在拉斯维加斯时，我向他们展示了这个漏洞。

I I showed them the exploit shortly after DEFCON while we were still in Vegas.

我当面给他们演示了，他们说：不错。

I showed it to them in person, and they're like, cool.

谢谢。

Thanks.

对于WildStar Online，我发了一封邮件描述了问题及其影响，他们回复我说：好的，谢谢。

The other one for WildStar Online, I sent them an email describing the issue at hand and its ramifications, and they got back to me and said cool, thanks.

就这样了。

And that's about it.

对于Elder Scrolls Online，我上个月中旬最后一次检查过，那是DEFCON结束六周后，问题至今仍未修复。

For Elder Scrolls Online, I last checked about a month and a half ago, which was about six weeks after DEFCON and its closure, and it still hasn't been fixed.

WildStar Online，我之后就没再检查过。

WildStar Online, I haven't checked since.

但这只是Manfred史诗般旅程的第一章。

But this is just chapter one of Manfred's epic journey.

你听到的所有这些漏洞都只是出于好玩，但他还发现了其他游戏中的漏洞，这些漏洞改变了他未来几十年的生活。

All of these exploits you've heard are just for fun, but he found exploits in other games that would change his life for decades.

他找到了将虚拟物品转化为真实美元的方法。

He found ways to turn his virtual items into real US dollars.

这不再只是关于乐趣和游戏了。

No longer was this about fun and games.

它变成了一项严肃的全职事业。

It became a serious full time business.

让我这么说吧，如果你有机会当一名软件工程师，你可以想象一下如今软件工程师的收入有多高。

Let me just say that given the option of getting a day job as a software engineer, and you can imagine how much a software engineer makes these days.

在当软件工程师和黑入在线视频游戏之间，我选择了黑入在线视频游戏，因为报酬不错，而且我还自己创业，可以自己安排时间。

Given the option of doing that versus hacking online video games, I chose to hack online video games because the pay was good, but also because I was running my own business and, you know, making my own hours.

在本故事的第二部分，我们将从往游戏里充钱转向从游戏里掏钱。

Join us in part two of this story as we shift from putting coins into the game to taking coins out of the game.

你正在收听《暗网日记》。

You've been listening to Darknet Diaries.

Manfred的冒险经历有很多截图，可以在 darknetdiaries.com 上查看。

There's a bunch of screenshots of Manfred's adventures at darknetdiaries.com.

别忘了去看看这些截图，以及一些提到的故事的链接。

Be sure to check them out as well as links to some of the stories that were mentioned.

音乐由 Ian Alex Mack、Kevin McCloud 和 Tabletop Audio 提供。

Music is provided by Ian Alex Mack, Kevin McCloud, and Tabletop Audio.

A5，B1，B2，B3，B4B5C5。

A5, B1, B2, B3, B4B5C5.

我们来玩个游戏吧。

Let's play a game.

该你走了。

It's your move.