第8集：曼弗雷德（第二部分）

在开始之前，简单说一下。

Real quick before we get started.

这是关于曼弗雷德的两部分系列的第二部分。

This is part two of a two part series on Manfred.

如果你想了解他是如何为了好玩而破解网络游戏的，请先看第一部分。

If you want to hear how he hacks online games for fun, check out part one first.

我第一次破解的是一款叫《模拟城市》的游戏。

The first hack I ever did was on a game called SimCity.

这是最初的城市建设类游戏。

It's the original city building game.

我那时是个好奇的青少年，找到了存档文件的存储位置，并开始检查这些文件。

My curious teenage self found where the saved game files were stored and began inspecting these files.

在我看来，这些内容全是乱码。

It was gibberish as far as I could tell.

我决定把文件加载到十六进制编辑器中。

I decided to load the file into a hex editor.

这会将文件的内容转换为十六进制格式。

This converts the contents of the file to a hexadecimal format.

我开始随意修改一些数字。

I started changing a few numbers around.

我只是在猜测，然后重新加载游戏，看看有没有什么变化。

I was just guessing and then loading the game back up to see if anything had changed.

我知道我找对地方了，因为我修改的是像年份和城镇名称这样的内容。

I knew I was in the right area because I was changing things like the year and the name of the town.

我不断调整数值，一遍又一遍地重新加载。

I kept tweaking values and loading it again and again.

最终，我加载了游戏，惊讶地看到了眼前的一切。

Eventually, I loaded the game, and I was amazed at what I saw.

我给自己增加了十万亿美元的游戏货币。

I had given myself 100,000,000,000 in game dollars.

通过破解游戏获得的成就感，远比真正玩游戏还要令人兴奋。

The feeling I got from hacking the game was so much more exciting than actually playing the game.

有了这么多钱，我建造了一些非常庞大的城市。

With that amount of money, I built some very large cities.

在单人游戏中破解金钱系统是一回事，但如果你能在大型多人在线游戏中破解金钱系统呢？

Hacking the money system in a single player game is one thing, but what if you could hack the money system in a massive multiplayer online game?

这是《暗网日记》，来自互联网黑暗面的真实故事。

This is Darknet Diaries, true stories from the dark side of the Internet.

我是杰克·雷德。

I'm Jack Reider.

本集由Vanta赞助。

This episode is sponsored by Vanta.

客户的信任可以成就或摧毁你的业务。

Customer trust can make or break your business.

随着你的业务不断增长，你的安全和合规工具也会变得越来越复杂。

And the more your business grows, the more complex your security and compliance tools get.

这可能会变成一团混乱，而混乱并不是一种安全策略。

It can turn into chaos, and chaos isn't a security strategy.

这就是Vanta的用武之地。

That's where Vanta comes in.

把Vanta想象成一位24小时在线的AI安全专家，它会随着你一起成长。

Think of Vanta as your always on AI powered security expert who scales with you.

Vanta自动完成合规性工作，持续监控你的控制措施，并为你提供合规与风险的单一信息来源。

Vanta automates compliance, continuously monitors your controls, and gives you a single source of truth for compliance and risk.

无论你是像Cursor这样的快速成长型初创公司，还是像Snowflake这样的大型企业，Vanta都能轻松融入你现有的工作流程，让你持续发展一家客户可以信赖的公司。

So whether you're fast growing startup like Cursor or an enterprise like Snowflake, Vanta fits easily into your existing workflows so you can keep growing a company your customers can trust.

前往 vanta.com/darknet 开始使用。

Get started at vanta.com/darknet.

拼写是 vanta。

That's spelled vanta.

vanta.com/darknet。

Vanta.com/darknet.

本集由Shopify赞助。

This episode is sponsored by Shopify.

还有比新年伊始更好的时机来尝试新事物吗？

Is there any better time to try out something new than at the start of a new year?

我太喜欢了。

I love it.

我感觉自己有权利去学习一项新技能、启动一个新项目，或者做出新的决定。

I feel like I have permission to try learning a new skill or starting a new project or making new decisions.

但如果你特别有雄心，为什么不三者都尝试，把2026年变成你用Shopify开启新事业的一年呢？

But if you're feeling extra ambitious, why not do all three and turn 2026 into the year you started your new business with Shopify?

Shopify为你提供了在线和线下销售所需的一切工具。

Shopify gives you everything you need to sell online and in person.

通过Shopify内置的AI工具，你可以快速完成设置，这些工具能撰写产品描述和标题，甚至帮你编辑产品图片。

Set up is fast with Shopify's built in AI tools that write product descriptions and headlines and even help you edit product photos.

数百万创业者已经完成了这一跃，从家喻户晓的品牌到刚刚起步的初次创业者。

Millions of entrepreneurs have already made this leap from household names to first time business owners just getting started.

就连我，我的T恤店也在Shopify上。

And even me, my t shirt shop is on Shopify.

那是 shop..netdiaries.com。

That's shop..netdiaries.com.

我喜欢 Shopify，因为它让我轻松地把业务搬到线上。

And I love Shopify because how easy it is for me to get my business online.

营销功能也是内置的。

Marketing is built in too.

你可以创建电子邮件和社交媒体活动，触达客户浏览的每一个角落。

You can create emails and social campaigns that reach customers wherever they scroll.

所以在 2026 年，别再等待，立即用 Shopify 开始销售吧。

So in 2026, stop waiting and start selling with Shopify.

注册每月 1 美元的试用版，今天就前往 shopify.com/darknet 开始销售。

Sign up for your $1 per month trial and start selling today at shopify.com/darknet.

前往 shopify.com/darknet。

Go to shopify.com/darknet.

那就是 shopify.com/darknet。

That's shopify.com/darknet.

今年第一件事，让Shopify伴你同行。

Hear your first this new year with Shopify by your side.

在本期节目中，我们继续跟进Menfred的故事。

In this episode, we pick back up with Menfred.

你好。

Hello.

正如上期所闻，他专门破解在线游戏。

As you heard in the last episode, he hacks online video games.

但上期节目纯粹是娱乐消遣。

But the last episode was all just fun and games.

而本期节目，全是正经事。

In this episode, it's all business.

破解在线游戏能赚不少钱。

There's lots of money to be made in hacking online games.

让我们把时间倒回上世纪九十年代末，那时他刚开始通过破解在线游戏赚钱。

So let's dial back the clock to late nineties when he first started making money hacking online games.

他当时玩的游戏是《无尽的任务在线》。

The game he was playing at that time was Ultima Online.

这就像其他任何一款MMORPG，你需要提升角色等级、装备物品并击败怪物。

It was just like any other MMO RPG where you level up your character, equip items, and slay monsters.

曼弗雷德玩过这个游戏，玩得很熟练，但后来感到厌倦了。

Manfred had played the game, got good at it, and then got bored.

于是他开始捣鼓，逆向工程客户端并篡改数据包。

So he started tinkering and reverse engineering the client and manipulating the packets.

在《无尽的任务在线》中，玩家可以购买房屋并将其放置在地图上。

In Ultima Online, players could buy houses and place them on the map.

这会成为你角色存放物品和休息的安全地点。

This would be a safe place for your character to store things and rest.

不过，房屋在地图上会占据空间，就像现实中的房屋一样。

The houses took up space on a map though, just like houses do in real life.

因此，游戏开发者添加了一个功能，允许你拆除房屋。

So the game developers added a feature where you could demolish a house.

他们还添加了另一个功能：如果房主长时间不进入房屋，房屋就会被遗弃并倒塌。

And they also added another feature where houses would become abandoned and fall down if the owner did not go in it for a while.

所以最初，我想弄清楚拆除自己房屋的过程是如何运作的。

So initially, I was trying to find out how the process of demolishing your own house works.

比如，你可以拆除房屋并拿回材料。

Like, you could demolish the house and get the deep back.

我很好奇在协议层面这个过程是如何实现的。

I was curious to see how that works, at the protocol level.

客户端向服务器发送了什么指令，才会触发房屋删除事件？

What was the client sending to the server to cause a house deletion event to happen?

当我看到这一点时，发现它非常简单。

So when I saw that, it was pretty simple.

就是一个操作码，表示‘删除这栋房屋’，后面跟着房屋的ID。

It was the operation code that said, hey, let's delete this house, and it was the ID of the house.

我当时就想，哇。

I was like, wow.

这太简单了。

That's pretty simple.

肯定没这么简单。

There has to be more to it.

比如，服务器肯定要检查你是否拥有这所房子。

Like, how the server must be checking if you own this house.

所以我想，好吧。

So I was like, okay.

然后我去邻居家，通过和房子互动并查看数据包获取了房子的ID，发现这个ID是这样的。

Then I then I went over to my neighbor's house, got the house's ID by interacting with it a little bit and looking at the packets, and I saw that, you know, the ID was this.

于是我用这个ID发送了一个删除房子的请求，但什么都没发生。

So I sent a house deletion event with that house ID, and nothing happened.

我觉得这很奇怪。

I was like, this is weird.

为什么这不起作用？

Why isn't this working?

然后我又对我自己的房子做了同样的事情。

Then I did the same thing again with my house.

我打开了我的房子菜单，发送了删除数据包，结果我的房子被删掉了。

I opened up my house menu, and I set the deletion packet, and it deleted my house.

我当时想，也许他们修复了这个问题。

I was like, Maybe maybe they fixed it.

也许服务器端在检查我是不是房子的主人。

Like, maybe server side are checking if I'm the owner of the house or not.

所以我又试了一次，以确保万无一失。

So I tried it once more just to make sure.

于是我再次打开房子菜单，想确认一下数据包里的某些信息，并且保持房子菜单打开着。

So I opened up my house menu item just to double check on some information in the packets, and I left my house menu up.

然后我发送了一个带有邻居房子ID的数据包。

And then I sent my packet with my neighbor's house ID.

令我惊讶的是，我邻居的房子突然消失了。

And to my surprise, my neighbor's house just disappeared.

那所房子里的一切——家具、设备，他或她收集的所有东西——都散落在地上，因为房子已经不在了，无法再容纳它们。

Everything that was in that house, the furniture, equipment, everything he ever collected, he or she, just was laying there on the ground because the house wasn't there to hold it anymore.

一开始我心想：哎呀，抱歉，我真的不是故意的，但已经无法挽回了，所以我只好摊手说：糟了。

So first I was like oops, you know, my bad, I really didn't mean to do that, but there's nothing I could do to undo it, so I was, I just kinda threw up my hands and said, crap.

对不起。

Sorry.

结论是：不，服务器在你发送删除包时，并不会检查你是否是这所房子的主人。

The conclusion was that, no, the server doesn't check if you're the owner of this house when you send the delete packet.

它真正要求的是，你在与房屋互动时，必须保持房屋菜单对话框处于打开状态。

The thing that it wants is it wants you to make sure that you have a house menu dialogue up when you're interacting with a house.

因此，只要你正在与自己拥有的房屋互动，你就能控制其他玩家的房屋，甚至可以删除它，只要你愿意的话。

So as long as you're interacting with a house that you own, you're able to control another player's house and, you know, ultimately delete it if that's what you wanna do.

我最初开始删除敌对公会玩家的房屋，是因为这个游戏以PvP为核心，而我玩的服务器上有很多搞破坏和恶作剧的公会，所以我可能有点报复心理，开始删除他们的公会总部之类的东西。

I think initially, I started deleting players' homes of rival guilds because it was a p it was a game centered around PvP, and there were a lot of griefing and trolling guilds on the server I was playing on, so I think I took a bit of retaliation on them and started deleting their guild headquarters and stuff like that.

其中一个公会叫‘亚洲玩家’，主要由被指控作弊的中国玩家组成。

So one of the guilds was called Players of Asia, and there were mainly Chinese players that were accused of hacking themselves.

管理员们特别不喜欢那个公会以及与之相关的其他公会。

The GMs didn't really like specifically that guild and guilds associated with them.

所以，我不确定他们是否真的提交过投诉工单。

So, you know, I'm not sure if they ever sent out a complaint ticket.

我肯定他们提交了，但我觉得管理员只是无视了。

I'm sure they did, and I think the GM just ignored it.

然后，在我删除了他们的房子后，我在那里建了一座自己的房子。

And then, you know, after I delete their house, I placed a house of my own up there.

当曼弗雷德删除其他玩家的房子时，那所房子的地契会出现在他的背包里。

When Manfred would delete another player's house, the deed to that house would show up in his inventory.

他不仅能收集到房子里储存的所有物品，还能实际上获得那所房子的所有权，因为他现在有了地契，可以立刻在原地重建。

Not only was he able to collect all the items that were stored in that house, but he would also essentially take ownership of that house since he now had the deed and could build it right back in the same spot where he deleted the house.

过了一段时间，我就有了十几座房子，我当时就想：我该怎么处理这么多房子？

And after a while, you know, I'd have, like, a dozen houses, and I was like, what am I gonna do with all these houses?

这时候，eBay就派上用场了。

And that's when eBay came into play.

我注意到，房屋的售价从几百美元到几千美元不等，具体取决于房屋的大小。

I noticed that houses were selling for hundreds, sometimes thousands of dollars, depending on the size of a house.

通常，玩家的房屋只有一间房，只能存放少量物品。

Usually, players had a house that was just a single room where they could store minimal items.

最大的房屋是城堡，空间巨大，足以容纳整个公会及其所有物品。

The largest house was a castle, which was huge to accommodate the guild and all their items.

因此，一座城堡很容易以2000到10000美元之间的价格售出。

So a castle could easily sell up from between 2 and maybe $10,000.

随着这演变成一种商业模式，我需要越来越多的房屋，因为我在eBay上架的每件物品都会很快售罄。

As this turned into a business model, I needed more and more houses because, you know, everything I'd put up on eBay would sell out pretty quickly.

所以，我没法再去找公会或者敌对公会来拆掉他们的房子了。

So I couldn't, you know, I ran out of guilds to or rival guilds to demolish their houses.

于是我开始寻找那些即将倒塌的房屋。

So I started looking for houses that were in danger of collapsing.

几天过去了，这些房屋眼看就要坍塌了。

Days passed and they were about to collapse.

所以通常当房子即将倒塌时，会举办一场盛大的倒塌派对，大量玩家涌入，试图把他们的房子建在刚倒塌的房子上方。

So usually when the house is about to collapse, there's like a huge collapsing party, tons of players come in, and they try to place their house on top of a house that just collapsed.

所以我不想跟二十个其他玩家竞争，争夺建房的位置。

So I don't wanna compete with like 20 other players trying to place a house.

于是我立刻四处寻找那些即将倒塌且周围没有玩家的房子。

So as soon so I'd go around looking looking for a house that's in in danger of collapsing that had no players around it.

这样我就能进去，删除那栋房子，然后把我的房子建在上面，而没人会察觉任何异常。

So I could go in, delete this house, place on place my house on top of it without anybody suspecting anything.

但有一次，我进去后发现了一座塔，它相当大。

Except in this one case, I go in, I find the tower, which is pretty big.

那是一个高大的长方形结构。

It's a big rectangular structure that's pretty tall.

所以这座塔正处于即将倒塌的边缘。

So this thing is in danger of collapsing.

我环顾四周。

I look around.

周围一个人也没有。

There's nobody around.

于是我利用漏洞摧毁了塔，然后在原地放了三座小房子。

So I I run the exploit, collapser tower, and place three small houses in its place.

不久之后，大概几分钟后，有个人进来了，完全懵了。

Shortly after that, maybe a couple minutes, this guy comes in and he's totally baffled.

他四处张望，来回奔跑，以为自己误入了城镇的错误区域。

He's like looking around, running back and forth, he thinks maybe he came into the wrong section of town.

然后他问：嘿。

And he's like, hey.

这里以前是不是有个塔？

Was there a tower here?

我回答：我不知道。

And I'm like, I don't know.

我只是刚玩的新手角色而已。

I I was just like I was on the newbie character.

我当时才一级。

I was like level one.

我身上什么都没有，就一件T恤和一条破裤子。

I had nothing on me, just like a t shirt and some torn pants.

所以我也不知道发生了什么。

So I was like, I don't know what's going on.

我又等了几分钟，然后这个公会的几个成员也陆续进来了。

I waits a few more minutes and like a few more members members of this guild join in.

我想他们还挺安静的。

I guess they're pretty silent.

我想他们可能在频道外用IRC之类的方式聊天，但现场一片混乱。

I guess they're talking again out of band and, like, IRC or something, but there's a lot of commotion going on.

所以我只是站在那儿说：嘿。

So I'm just standing around going, hey.

咱们看看这事会怎么发展。

Let let's let's see where this goes.

我从未经历过这样的情况。

This is I've never been in a situation like this.

我知道我当时有点担心管理员会突然出现，看到这一切，我觉得管理员可能能发现我已经删除了这栋房子，并用这三栋取而代之。

I know I was I was kind of afraid that the GM would pop in and they'd see that, and I I thought that maybe the GM would be able to see that I had deleted this house and placed these three in place of it.

所以我心想，不如就先待着，看看是不是真的会这样。

So I was like, I might as well just hang around and see if that's the case.

咱们看看管理员工具和服务器日志在管理房屋时有多精准。

Let's see how good the GM tools are and how good the server logging is when they manage their houses.

我其实挺紧张的，因为你知道，这已经变成一个相当不错的商业模式，而我现在却担心随时都会失去它。

I I was pretty nervous because, you know, this was this turned into a pretty good business model, and here I am thinking I'm gonna lose it any any minute.

所以，我真的很想知道接下来会发生什么。

So, you know, I'm really curious to see how this is gonna play out.

于是我继续待着。

So I hang around.

发生了许多骚动。

A lot of commotion happens.

一位GM进来了。

A GM pops in.

这位GM完全一头雾水。

The GM is pretty much clueless.

所有人都在游戏里对他大喊：嘿。

Everybody's basically shouting at him in game, going, hey.

发生什么事了？

What's going on?

我有点同情这位GM，因为几分钟后，我就发现他根本不知道发生了什么。

I kinda felt sorry for the GM because after a few minutes, I could tell that GM had no idea what was going on.

五分钟后，他毫无头绪，GM工具还不够成熟或先进，无法追踪这里是否曾经有房子、谁删除了它、谁放置了这些房子以及何时放置的。

Five minutes in, he has no answer, and the GM tools weren't mature enough or advanced enough to get a tracking, you know, of was there a house here, who deleted it, and who placed these houses and when.

十分钟过去了，他还是没有答案。

Ten minutes and no answer.

他周围聚集了许多愤怒的玩家。

He had lots of angry players around him.

二十分钟后，很明显GM完全不知道发生了什么。

After twenty minutes, it was obvious that the GM had no idea what was going on.

然后，这位玩家说了句著名的话：要么是GM，要么是黑客。

And then the famous quote of this guy going, it was either GMs or hackers.

他们指责GM删除了房子，或者说是黑客干的。

You know, they were accusing the GM of deleting the house or hackers.

我知道自己不用担心被封号了，那个漏洞问题也当场解决了。

I I knew I was off the hook for, you know, getting banned and getting that exploit fixed right there and there.

很明显，他们没有任何关于事件经过的记录。

Well, it was obvious that they didn't have any records of what transpired.

所以那时我感到如释重负。

So I was like I was relieved at that point.

对GM来说，也许他们完全是在编造故事，想用三座房子骗我。

For all the GM knew, maybe they were totally fabricating the story, trying to defraud me with three houses on that spot.

是的。

Yeah.

这是我游戏黑客生涯中最喜欢的时刻之一。

That's one of my, favorite moments in my career of hacking online games.

曼弗雷德后来发现了一个漏洞，让他能够在地下建造房屋。

Manfred then found a bug that gave him the ability to build a house underground.

这很有趣，因为如果有人走过这栋房子，游戏会认为他们身处他的房屋内，这样他就可以毫无后果地杀死他们。

This was interesting because if somebody walks over the house, the game would think they're in his house so he could kill them without repercussion.

由于这个漏洞对曼弗雷德来说并不重要，他向游戏管理员报告了它。

Because this bug was not important to Manfred, he reported it to the GM.

游戏管理员将此事上报给开发人员，结果游戏公司解雇了这位管理员。

The GM reported it to the developers, and the game company fired the GM.

游戏公司认为，报告这个漏洞的黑客一定从管理员那里获得了内部信息，才能发现这些漏洞。

The game company thought the hackers who reported this must have gotten some kind of inside information from the GM to find these exploits.

因此，公司认为管理员与黑客串通，共同攻击游戏。

So the company thought the GM was working with the hackers to hack the game.

除了管理员被解雇外，曼弗雷德和他的朋友们也被封禁了。

On top of the GM getting fired, Manfred and his friends got banned.

曼弗雷德只是想帮助游戏开发者报告这些漏洞，所以他对他们的反应感到非常沮丧。

Manfred was just trying to help the game developers by reporting these bugs, so he was upset that they reacted this way.

于是曼弗雷德等到周日晚上，当管理员和开发者都睡着后，创建了一个新角色。

So Manfred waited until late Sunday night when GMs and developers were asleep and created a new character.

他在游戏中四处奔走，删除了他能找到的每一栋房子。

He ran around the game deleting every house he could find.

他删除了20栋、50栋、100栋房子，然后切换到另一个服务器，把那里的所有房子也全删了。

He deleted 20 houses, 50 houses, a 100 houses, and then switched to another server and deleted all the houses there.

总共删除了200栋房子，他继续切换服务器，删掉更多房子。

200 houses were deleted, and he kept switching servers and deleting even more houses.

300栋、400栋、500栋房子被删除。

300 houses deleted, 400, 500.

最终，他再也找不到可以删除的房子了。

Eventually, he ran out of houses to delete.

他最后向游戏挥了挥手，道了别。

He waved one last goodbye to the game and said farewell.

他最后一次登出，再也没有回来。

He logged off for the last time and never returned.

那个星期一早上，游戏中出现了大量投诉和混乱，开发者不得不将服务器回滚到周日删除房屋之前的一个存档点。

That Monday morning, there were so many complaints and such chaos in the game that the developers had to roll back the servers to a save point on Sunday before the houses were deleted.

所有玩家的房屋都被恢复了。

All players had their houses restored.

开发者承认了游戏中存在一个漏洞，并为这次回滚向玩家道歉。

The developers did acknowledge a bug in the game and apologized to players for the rollback.

他们甚至禁用了房屋功能，直到修复这个漏洞。

They even disabled house features until they could fix the bug.

曼弗雷德在《创世纪在线》中靠出售房屋赚钱的财源就此断绝。

Manfred's cash cow of making money selling houses in Ultima Online was dead.

那是我疯狂的大学时代，正如截图所示，我当时在伤害其他玩家。

That was back in my crazy college days where, I mean, as the screenshot showed, I was causing players harm.

在看到这种行为给玩家带来的影响后，我在网络游戏中的所有行为都变得更加隐蔽了，这意味着我使用的任何漏洞对玩家完全不可见，更重要的是，对游戏开发者也完全不可见。

After seeing the kind of impact that it caused the players, basically all everything I did in online games went even more undercover than it was, meaning that any exploit I ran was completely invisible to the players and also importantly, it was also invisible to the game developers.

于是，曼弗雷德悄然隐入阴影，变得无影无踪。

So Manfred slipped into the shadows and became invisible.

本集由DeleteMe赞助。

This episode is sponsored by DeleteMe.

DeleteMe让删除您的在线个人信息变得简单、快捷且安全，尤其是在监控和数据泄露日益普遍、人人都可能受害的今天。

DeleteMe makes it easy, quick, and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable.

如今，要在网上找到关于某人的个人信息比以往任何时候都更容易。

It's easier than ever to find personal information about people online.

您的地址、电话号码以及家人的姓名在网络上公开，可能会在现实世界中带来实际后果，使每个人都有风险。

Having your address, phone number, and family members' names hanging out there on the Internet can have actual consequences in the real world and makes everyone vulnerable.

隐私对我来说是一个极其重要的议题。

Privacy is a super important topic to me.

所以几年前，我注册了DeleteMe，它立刻开始在互联网上搜索我的名字，并向我提供发现结果的报告。

So a few years ago, I signed up, and DeleteMe immediately got busy scouring the Internet, looking for my name, and then gave me reports on what they found.

然后它开始删除这些信息，并向我展示它清理掉了哪些内容。

And then they got busy deleting things, showing me what they got rid of.

有人在我这边为我的隐私保驾护航，真是太好了。

It's great to have someone on my team when it comes to my privacy.

通过注册 DeleteMe 来掌控你的数据，保护你的私人生活不被泄露。

Take control of your data and keep your private life private by signing up for DeleteMe.

现在我的听众可以享受特别折扣，访问 deleteme.com/darknetdiaries 注册，结账时使用促销码 d d 20，即可享受 20% 优惠。

Now at a special discount for my listeners, you can get 20% off your DeleteMe plan when you go to join deleteme.com/darknetdiaries, and use promo code d d 20 at checkout.

要享受 20% 优惠，唯一的方法是访问 join deleteme.com/darknetdiaries，并在结账时输入代码 d d 20。

The only way to get 20% off is to go to join deleteme.com/darknetdiaries and enter code d d 20 at checkout.

就是 joindeleteme.com/darknetdiaries，代码 d d 20。

That's joindeleteme.com/darknetdiaries code d d 20.

随后，曼弗雷德在另一款游戏中发现了一个惊人的漏洞。

Manfred then found an amazing bug in another game.

在 Ultim Online 的账户删除风波之后不久，我转去玩了一款叫《黑暗纪元：骆驼罗》的游戏。

Shortly after the Ultim Online house deletion fiasco, I moved on to a game called Dark Age of Camelot.

在那款游戏中，情况也是一样。

In that one, it was the same story.

我会玩这个游戏，玩腻了就开始逆向分析，研究数据包，然后发现其中一个数据包允许我登录两次。

I'd play the game, get bored of it, start reversing it, learn about the packets, and then I noticed that one of the packets would allow me to log in twice.

基本上，我会进入游戏。

Basically, I'd be in game.

我可以把我的物品、金币转给另一个玩家，比如一个代练角色，然后我不退出前一个角色的情况下，再次登录自己。

I could pass off, like, my items, my gold to another player, like a mule character, and then I'd cause myself to log in again without logging it without logging out the previous character.

所以服务器端会发生什么？我会重新加载数据库，然后又拥有了我所有的物品和金币。

So what would happen server side is I get a fresh reload of the database, and I'd have all my items and my gold again.

所以，这基本上被称为复制漏洞，你复制物品，或者在这个案例中，我复制了我整个角色。

So, basically, this is called, a dupe glitch where you duplicate items, or in this case, I duplicate my entire character.

因为在游戏里，如果你看我，你会看到两个相同的角色站在游戏里，这相当独特。

Because in game, if you were to look at me, you'd see two copies of the same character standing in game, which is pretty unique.

我从未遇到过这样的游戏，能让你用同一个数据库实例同时登录两个角色。

I've never encountered a game like that where you could log in two characters at once that were the same database instance.

复制漏洞是漏洞中的 jackpot。

Duplication exploit is a jackpot of exploits.

仅仅能够在游戏中复制金币就已经是一笔巨富了。

Just the ability to duplicate in game gold alone is a jackpot.

即使他一开始只有1个金币，如果重复20次，他就能拥有超过一百万金币。

Even if he started with 1 gold coin, if he duplicated it 20 times, he'd have over 1,000,000 gold.

他拥有随时想造多少金币就造多少金币的能力。

He possesses the ability to make as much gold as he wants whenever he wants.

所以有一段时间，我专门强化了我的角色，弄到了最好的装备之类的。

So for a little bit, I tweaked out my character, got the best items and all that.

然后我去eBay上看了看，发现有人在卖《黑暗时代》游戏里的金币和物品。

And then I went on eBay, and I noticed that people were selling items in gold in Dark Age of Camelot.

我当时就想，嘿。

And I was like, hey.

我手上有很多金币和物品。

I have lots of items in gold.

于是我注册了一个eBay账号，开始在eBay上出售《黑暗时代》的金币和装备。

So I made an eBay account and started selling Dark Age of Camelot, platinum, and items on eBay.

这个漏洞允许你登录两次从而复制角色的物品，一直持续到2013年，我认为，所以它存在了大约十四年。

This protect your bug where you can log in twice and duplicate the character's inventory lasted until 2013 I believe, so it lasted for about fourteen years.

所以最初，我在eBay上出售。

So initially, I sold on eBay.

我想大概是2003年或2004年，eBay禁止了在其平台上出售虚拟物品。

I think around 2003 or 2004, eBay banned the sale of virtual goods using their platform.

但关键是，这催生了互联网上庞大的虚拟物品黑市，于是我开始直接向一家中国供应商供货，那就是ige.com。

But the thing is, is it created this huge black market economy on the Internet for virtual goods, so I started selling directly to a Chinese supplier back then, and it was ige.com.

所以，我从在eBay上销售转为在ige.com上销售，持续了几年。

So I went from selling on eBay to ige.com for, you know, a few years.

我想插一句，强调一下这种情况。

I want to step in here for a second and underline the situation.

通过利用游戏中的复制漏洞，曼弗雷德能够生成无限量的游戏中金币，然后将这些金币出售给愿意用真实美元购买的玩家。

By using a duplication bug in the game, Manfred is able to create an unlimited amount of in game gold and then sell this gold to players who are paying real US dollars for it.

通过这个他发现的漏洞，他一个人就能满足所有愿意为游戏金币付费的玩家的市场需求。

By using the bug he found, he could single handedly meet all market demand for people who are willing to pay for in game gold.

正如你所想象的，这可能成为一个非常赚钱的商业模式。

As you can imagine, this could become a very lucrative business model.

是的。

Yeah.

我的意思是，你拥有多少美元完全由市场决定。

I mean, you have as many dollars as the market dictates.

还记得他说过他黑过的那些游戏的长长清单吗？

And remember that long list of video games he said he hacked?

魔兽世界是唯一一个我始终找不到办法破解其货币系统的游戏。

World of Warcraft was the only one the only game that I never, found a way to hack the money system.

我们再来聊聊他黑过的其他一些游戏。

Let's go over some more games he's hacked.

《亚瑟王的召唤2》。

Asheron's Call two.

他利用了一个可以导致副本崩溃的漏洞。

He used an exploit that would allow him to crash an instance.

所以他把所有物品都转移到朋友那里。

So he'd move all his items to a friend.

然后那个朋友登出游戏。

That friend would then log off.

他就会让服务器实例崩溃。

He'd crash the instance.

当他们重新登录时，两人都拥有完全相同的物品。

And then when they'd both log back in, they both have the same exact items.

这让他能够复制任何他拥有的物品，包括金币。

This gave him the ability to duplicate anything he had, including gold.

《无政府状态在线》。

Anarchy online.

他发现了一个整数溢出漏洞，可以将他的力量值减到零以下，从而获得65000点力量。

He found an integer overflow bug that allowed him to subtract his strength beyond zero, which gave him 65,000 strength points.

他对于智力、敏捷和耐力也用了同样的方法。

He did the same thing for intelligence, dexterity, and stamina.

《传奇》到

Lineage to

他在从商人处购买物品时发现了一个漏洞。

He found a bug when buying items from a vendor.

他可以更改商人出售的物品ID，并以任意价格购买任何他想要的物品，甚至包括玩家本不允许拥有的物品。

He could change the item ID the vendor was selling, and buy any item he wanted for any price he wanted, even items that were not allowed for players to have.

反过来也是如此。

And the reverse was true.

他可以把一根木棍卖给商人，但修改数据包中的物品ID，商人就会像它是一件高级昂贵物品一样支付他钱。

He could sell a stick to a vendor, but change the item ID in the packet, and the vendor would pay as if it was a high level expensive item.

《最终幻想在线》，第一代。

Final Fantasy Online, the first one.

他在这款游戏中发现了许多整数溢出漏洞。

He found numerous integer overflow exploits in this game.

比如，当他试图给其他玩家负数量的某种物品时，该玩家反而会获得该物品的最大数量。

Like when he tried to give another player a negative amount of something, that player would end up with the maximum amount of it instead.

指环王在线。

Lord of the Rings online.

他可以把一块石头卖给商人，却声称那是钻石，商人就会以钻石的价格收购石头。

He could sell a rock to a vendor, but say it was a diamond, and the vendor would buy rocks at diamond prices.

Rift在线。

Rift Online.

他可以从公会银行提取负数的白金，这会导致他的背包中出现正数的白金，使他能够凭空生成任意数量的金币。

He could withdraw negative platinum from the guild bank, which would result in positive platinum in his inventory, allowing him to create as much gold as he wanted out of thin air.

最终幻想14。

Final Fantasy 14.

它和第一代最终幻想存在完全相同的漏洞。

It had the same exact exploits as the first Final Fantasy.

其中一个漏洞允许他将药水等物品堆栈进行分割，并在分割过程中触发整数溢出，比如试图从堆栈中取出负一个药水。

One allowed him to split stacks of items like potions and conduct an integer overflow during the split, like trying to take negative one potion from the stack.

这导致他获得了20亿瓶药水。

This resulted in him getting 2,000,000,000 potions.

《狂野星球》在线。

Wildstar Online.

所以这个漏洞是利用拍卖行出价实现的。

So that one was creating a bid on an auction house.

这个漏洞的具体操作是，你创建一个最大有符号64位整数的出价，大约是九百亿亿，不管怎样。

So the specifics of that one were you'd create a maximum signed 64 bit integer bid, which was around nine quintillion, whatever.

你得去谷歌一下才能知道确切的数字。

You'd to Google it to get the exact number.

游戏会接受这个9百亿亿的最高出价，并在此基础上加收20%的手续费，使其上升到大约11百亿亿左右。

And the game would take that maximum bid of 9 quintillion, and it would add a 20% fee on top of that, which would pull it up into, you know, 11 quintillion or whatever.

当系统试图从你的角色账户中扣除11百亿亿时，会导致你的金钱数值回绕到正值，最终你就会获得9百亿亿的游戏铂金。

So when they try to subtract 11 quintillion from your character, it would roll your money amount back into the positive, and you'd end up with 9 quintillion in game platinum.

如果把曼弗雷德在《狂野星球》中获得的所有铂金按今天的市场价值兑换成现实货币，曼弗雷德将拥有397万亿美金。

If you were to take all the WildStar Online platinum that Manfred had and sell it for real money in today's market value, Manfred would have 397,000,000,000,000 US dollars.

当然，市场上根本不存在足够的需求让他卖出如此大量的铂金。

Of course, there isn't enough market demand for him to sell that much platinum.

他只能卖给那些愿意购买游戏内铂金的人。

He's only able to sell to people who are willing to buy in game platinum.

这是我唯一的一份工作。

This was my one and only job.

所有收入都报了税。

Everything went on my taxes.

你知道的，这是一份合法收入。

You know, it was a legit income.

我本质上是在应用内购买尚未普及之前，为玩家扩展或增强游戏的功能。

I was basically extending the or expanding the game's functionality to provide players with in app purchases before in app purchases were a thing.

我更愿意将其视为道德上的黑帽黑客行为，因为我确实提供了游戏公司尚未提供的服务。

And I like to think of it as ethical black hat hacking because I really was providing the service that the game companies weren't providing yet.

我以前从未听过这个说法。

I've never heard the term before.

道德上的黑帽黑客行为。

Ethical black hat hacking.

所以我花了很长时间跟曼弗雷德讨论，以便真正理解他的意思。

So I spent a long time talking about this with Manfred to really understand what he means.

为了理解这一点，我们来打个比方。

To understand this, let's use an analogy.

让我们回到二十世纪二十年代，那时电影院还不在场内售卖爆米花或小吃。

Let's go back to the nineteen twenties when movie theaters didn't sell popcorn or snacks in the theater.

想象一下，曼弗雷德是个在电影院外卖爆米花的人。

Imagine that Manfred is a guy who sold popcorn outside the movie theater.

人们看电影时想要吃点零食，但因为影院不卖，他们就转向外面卖爆米花的人，偷偷带进去。

People want some kind of snack while watching the film, but since the theater didn't sell any, they turn to the guy selling popcorn outside and they'd sneak it in.

爆米花小贩并没有直接与影院竞争，但影院看到他赚了这么多钱，便决定不再允许外面卖爆米花，转而自己开始售卖。

The popcorn seller isn't competing with the theater in any way, But then the movie theater saw how much the popcorn seller was making and couldn't keep the popcorn outside the movie theaters, so they decided to start selling it themselves.

现在，爆米花小贩就和电影院成了竞争对手。

Now the popcorn seller would be competing with the movie theater.

事实上，如今电影院卖零食的收入比卖电影票还要高。

In fact, today, movie theaters make more money selling snacks than they do selling movie tickets.

所以曼弗雷德只会向那些自己不卖金币的游戏的玩家出售金币。

So Manfred would only sell gold to players for games that weren't already doing that themselves.

他认为，如果与那些向玩家出售金币的游戏公司竞争，会损害他们的收入，这是不道德的。

He thinks it would be unethical to compete with game companies that sell gold to players since it hurts their revenue.

就像如今电影院通过售卖零食赚的钱比卖票还多一样，游戏公司如今通过应用内购买赚的钱也远超游戏本身的销售收入。

And just like how movie theaters make more money selling snacks today, game companies make more money through in app purchases today than they do actually selling the game.

一些游戏公司已经完全停止了游戏的收费，因为应用内购买实在太赚钱了。

Some game companies have stopped charging entirely for their game because of how profitable in app purchases are.

虽然曼弗雷德在黑产中努力保持道德底线，但还有很多黑客并不这么做。

And while Manfred tries to stay ethical while hacking, there are a lot of hackers that don't.

很多参与其中的中国和俄罗斯黑客，数量不少，他们的行为完全是黑帽式的、完全不道德的。

A lot of the Chinese and Russian hackers that are involved with this, and there's a lot of them, they hack in a way that's completely black hat and completely unethical.

他们根本不关心是否破坏服务器。

They don't care about compromising servers.

他们会向玩游戏的人发送恶意软件，只是为了安装键盘记录器，窃取他们的游戏账号信息，然后一次登录数百个账号，把角色和账户洗劫一空，严重伤害了这些玩家的利益。

They'll send malware to people that play the game just so they could, you know, install a keylogger and steal their game credentials, and they'll, you know, log in to hundreds of accounts at a time and basically strip the characters and accounts naked, immensely hurting the players that are playing this game.

另外，还有一个小内幕是，假设你正在玩《魔兽世界》，你去一个《魔兽世界》的粉丝网站，那里玩家讨论游戏、即将推出的补丁，还有游戏物品数据库等等，这是一个为《魔兽世界》玩家打造的社区。

Also, another little inside secret is so let's let's say you're playing World of Warcraft and you go to a World of Warcraft fan fan website, you know, where players talk about the game and the upcoming patches and maybe databases of items in the game and, you it's a community for World of Warcraft players.

这些社区网站通常是由中国人或俄罗斯人运营的。

Often, these community sites will be ran by either the Chinese or the Russians.

你可以猜猜看，为什么中国人和俄罗斯人想要运营一个游戏粉丝网站？原因其实很简单，因为人们常常重复使用自己的邮箱和密码。

And you wanna take a guess as to why the Chinese and Russians would wanna run a fan site for video game players, it's really simple because the main reason is people tend to reuse their email addresses and passwords.

所以，如果你登录了一个《魔兽世界》的粉丝网站，那么你在这个网站上使用的用户名和密码，很可能也适用于你的《魔兽世界》账号。

So if you log into a fan site for World of Warcraft, chances are pretty good that same username and password you're using for that fan site will also work on your World Warcraft account.

这可能是获取游戏金币最不道德的方式。

This is probably the most unethical way of getting in game gold.

它伤害了那些热爱并玩这款游戏的玩家。

It hurts the players who love and play the game.

但这些黑客并没有就此罢手。

But these kind of hackers didn't stop there.

所以，还有分布式拒绝服务攻击、游戏公司、游戏服务器，以及报复行为。

So denial of service attack, game companies, game servers, and retaliation.

他们会尝试入侵系统，获取数据库，这种情况在《魔兽世界2》中发生过，可能其他很多游戏也遭遇过。

They'll try and, you know, root their systems to get ahold of databases, which happened Guild Wars two and probably a lot of other games.

我的意思是，这简直就是无法无天。

I mean, mean, it's the Wild West.

这是一个价值数十亿美元的产业，而有很多黑客根本不关心，或者远离法律的制裁，尤其是在中国或俄罗斯，他们根本不在乎违反美国法律。

It's a it's a multi billion dollar industry, and you have a lot of hackers out there that don't care or are out of reach of, you know, the long arm of the law, concern China or Russia, and they don't care about breaking any US laws.

顺便提一下，2011年，《纽约时报》报道说，受朝鲜和金正日支持的黑客被抓获，他们入侵了《天堂》视频游戏的服务器。

As a quick sidebar, in 2011, The New York Times reported hackers that were sponsored by North Korea and Kim Jong il were caught hacking into the Lineage video game servers.

报道称，他们这么做是为了为朝鲜筹集资金。

The story says they were doing it to raise money for North Korea.

这是我唯一一次听说有国家支持针对视频游戏公司的黑客攻击。

This is the only time I've ever heard of a nation state sponsoring a hack against a video game company.

这也很独特，因为大多数国家支持的黑客行为并非仅仅为了赚钱。

It's also unique because most nation state hacks aren't done simply to make extra money.

文章称，朝鲜黑客通过攻击《天堂》服务器获利600万美元。

The article says North Korea hackers made $6,000,000 in their hacks against Lineage servers.

门弗雷德不认为自己做这些事违反了任何法律。

Menfred did not believe he broke any laws doing what he did.

是的，这违反了游戏规则，如果被发现，他会遭到封禁。

Yes, it was against the game rules, and if he was caught, he was banned.

他曾收到过一封停止并终止函，但游戏公司从未试图通过执法手段追究他。

At one point, he was even sent a cease and desist letter, but never did the game company try to come after him using any law enforcement.

他也很自豪自己没有伤害任何其他玩家，也没有破坏电子游戏公司的商业模式。

He's also proud that he didn't harm any other players, and he didn't compete with the video game maker's business model.

这就是他称其为合乎道德的原因。

This is why he calls it ethical.

但他仍然称其为黑帽黑客行为，因为他违反了游戏规则和客户端来实现自己的破解。

But he still calls it black hat hacking since he's breaking the rules of the game and the client to accomplish his hacks.

在这里，道德与法律的界限确实很模糊。

The line is certainly gray on where ethics and laws meet here.

游戏公司看待安全问题的方式是，不赞成人们修改客户端或进行逆向工程。

The way game companies look at security, they frown upon, you know, people modding their clients, people reverse engineering.

我认为他们应该退一步，尝试与社区中的黑客合作，以帮助保护他们的游戏。

I think they really should take a step back and try and work with hackers in the community to help secure their games.

因为过去二十年里，每一款游戏都存在整数溢出问题，而这种情况本不该发生。

Because over the past twenty years, every single game has an integer overflow, and that's something that really shouldn't happen.

我的意思是，这就像如今网站上出现SQL注入一样。

I mean, it's it's it's it's akin to having SQL injection on the website these days.

这种情况确实会发生，但不应当在每一款游戏中都出现。

It happens, but it shouldn't be in every single instance of a game.

比如《Wildstar Online》，我认为这款游戏的开发预算超过五千万美元，但游戏中却存在极其简单的漏洞。

And, for example, like, Wildstar Online, I think their budget to create that game was in excess of $50,000,000, and they had extremely simple exploits in that game.

对吧？

Right?

他们没有将预算的哪怕一小部分用于花上一天时间，对游戏服务器提供的公开玩家功能进行单元测试。

They didn't allocate, you know, just a small percentage of that budget into spending even a day, you know, unit testing some of the publicly player facing functionality that the game server provides.

我认为，大多数这些漏洞或利用方式，尤其是整数溢出，其实只需一周左右的时间就能被发现并修复。

I I think most of these bugs or exploits, especially the integer overflows, could be identified and fixed within, you know, just a week's worth of time.