The method to exploit was much harder, and I'm not going to go into it, but you couldn't just copy and paste. We found another vulnerability, found in a function called enableDebug. After this, we thought we didn't have anything else we could do. We could access everything they had patched by using Phaser.GAMES instead of PIXI. This was patched soon after, a week or two after, even. Soon after, however, we realized Prodigy was STILL just as vulnerable as it was. Prodigy announced it would fix the PIXI variable. As you may know, Prodigy reset these accounts, but it had the desired effect. Some of you might know what the name was, but for those who don't, it was Bobby Fancywoman. How else would we be able to show Prodigy that their security was fleeting? Something EVERYONE can see! So, we created 30 identical accounts, with the same name, level, etc. We had started to be able to hack arena points. Until.Īt this point, we had developed an idea.
We found things like free membership, level hacks, currency/gold hacks, basically anything you can think of. We reported this to Prodigy multiple times, and they didn't do a thing for the longest time. Basically, anything you put under the string was going to save and was exploitable. PatheticMustan found a variable in Prodigy called PIXI that could be accessed from the Chrome console (Like, control+Shift+I).