Lost the product key for your game? If you have to reinstall the game and don't have that key anymore, you're out of luck, especially if you didn't "buy" the game. But never be in fear of losing product keys again with today's Null Byte, where we'll be practicing a little bit of mind-kung fu.
Social manipulation is a huge part of learning how to hack and defend from hackers, because the human element is always the weakest chain in the fence. Since it's such an intense and fun subject, we might as well get hands on with it. And that's exactly what's going on here today—practicing our social engineering elite skills.
Our targets vary—game retailers, their employees, and the system behind it are all things we need to manipulate in order to prove this concept.
Note: These skills and concepts are taken from live social engineering hacks that we perform at Null Byte on a weekly basis.
Warning
- This is illegal, without question. This tutorial is here merely as an informational how-to showing people how easy it is to manipulate and be manipulated.
Requirements
- Calm and strong persona
- Pen and paper to write down important information
- Telephone
Step 1 Call the Game Retailer
Call the game retailer that you purchased the game from and get ready to lie through your teeth. When the employee answers the phone and greets you, brace yourself for battle and start talking.
Tips
- Do research on your target ahead of time, i.e. location of headquarters, etc.
- Call from a phone that isn't your own.
- Think of a creative story in case something backfires and hang up.
Example script:
"Hi, my name is Roy Walters from the Infinity Ward shipping office in <insert location>. I'm calling because of a defective shipment that's been brought to my attention by the logistics team from <location of IW HQ>. The game was (pretend to look at a clipboard or something) <insert game here> and we need to verify that the games are indeed from the defective batch. I need you to grab a copy and read off the bar code on the back of the case."
Watch in amusement as they likely comply with your seemingly harmless demands.
Step 2 Run with Your New Information
Now we need to social engineer the key code out of them. Be careful not to sound too weird. You need to sound smooth and calm. If something goes wrong, be persistent for a minute and act a bit stressed. Say the boss is breathing down your neck. Most people will be more than willing to help out if you don't rage at them.
You: "May I have the UID code located on the <UID location> (do your research!)?"
Them: "Okay, Just a sec... It's XXXX-XXXX-XXXX-XXXX."
You: "Alright, hold on, let me check that real quick (make typing sounds on your keyboard for authenticity)."
You: "Weird, it looks like we're okay, but just to make sure, can you read the key off for me? It's located at <location here>."
Them: "Okay, the game key is XXX-XX-XXXX-XXXX."
Roll out with your profit. This could be extremely helpful in a situation where you possess a game, but no longer have a product key. However, this is indeed illegal—and very morally wrong.
Be a Part of Null Byte!
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
3 Comments
Remember folks, only for use to learn not to be manipulated!
Not for use in actual circumstances disclaimer.
:P
you have good brain use it in good direction. may god bless u ?
He may not. I will not stand for such things.
Then again, if he exists, it's probably up to him not me.
Share Your Thoughts