FANDOM


Hacking is most commonly seen in two forms: falsely acquiring armor and falsely acquiring weapons. It is not limited to armor and weapons designed for the player; some examples are: playing as the boss, other enemies, npcs.

The vulnerability was first found by developer Raymond Camden, and he posted about it on his website linked here. It seems that he did not extend it past obtaining the best armor and weapon in the game. He wrote code modifying the localStorage in the console found in the web inspector.

Browserquest stores the user's data (armor, weapon, name, achievements, etc.) in localStorage. LocalStorage is essentially sectioned off disc space on a user's computer that stores data accessible by websites - similar to cookies. You can learn more about localStorage on developer.mozilla.org

The most popular version of this hack was originally created several days later by developer Ritchie Thai and injected into the game via the url bar. You can see his post on it at his website ritchiethai.com

Most browsers now allow users to view and edit localStorage by using the web inspector. Hitting 'F12' on your keyboard should open the web inspector in all modern browsers. This method is the preferred way to change your character's attributes, but the community has mostly stuck with the original method developed back in 2012. It is better to change localStorage via the inspector because injecting javascript into a webpage by entering 'javascript:code goes here' into the url bar has been deprecated and even removed in some browsers.
Screenshot 2018-03-24 at 6.50.26 PM
Here's a screenshot of a contributor and a "fellow big boi hacker" playing as Rick Astley.

You can change your name, weapon, armor, achievements, and the image of your character on the loading screen by using the method described above.

Browserquest App by Mads & Peter Sandberg Brun Edit

Hacking the Browserquest app is much more difficult than hacking the online version! The only one I have seen hacked is the app for Windows 10. It replicates the same hack outlined above: a user can change his save data to obtain different armor, weapons, etc.

There is a file named 'settings.dat' in the hidden appdata folder. The file contains the string that was in localStorage on the online Browserquest version and can be manipulated in a similar manner to get the same results. See this tutorial for more information.