Lost the product key for your game? If you have to reinstall the game and don't have that key anymore, you're out of luck, especially if you didn't "buy" the game. But never be in fear of losing product keys again with today's Null Byte, where we'll be practicing a little bit of mind-kung fu.
Social manipulation is a huge part of learning how to hack and defend from hackers, because the human element is always the weakest chain in the fence. Since it's such an intense and fun subject, we might as well get hands on with it. And that's exactly what's going on here today—practicing our social engineering elite skills.
Our targets vary—game retailers, their employees, and the system behind it are all things we need to manipulate in order to prove this concept.
Note: These skills and concepts are taken from live social engineering hacks that we perform at Null Byte on a weekly basis.
- This is illegal, without question. This tutorial is here merely as an informational how-to showing people how easy it is to manipulate and be manipulated.
- Calm and strong persona
- Pen and paper to write down important information
Step 1 Call the Game Retailer
Call the game retailer that you purchased the game from and get ready to lie through your teeth. When the employee answers the phone and greets you, brace yourself for battle and start talking.
- Do research on your target ahead of time, i.e. location of headquarters, etc.
- Call from a phone that isn't your own.
- Think of a creative story in case something backfires and hang up.
"Hi, my name is Roy Walters from the Infinity Ward shipping office in <insert location>. I'm calling because of a defective shipment that's been brought to my attention by the logistics team from <location of IW HQ>. The game was (pretend to look at a clipboard or something) <insert game here> and we need to verify that the games are indeed from the defective batch. I need you to grab a copy and read off the bar code on the back of the case."
Watch in amusement as they likely comply with your seemingly harmless demands.
Step 2 Run with Your New Information
Now we need to social engineer the key code out of them. Be careful not to sound too weird. You need to sound smooth and calm. If something goes wrong, be persistent for a minute and act a bit stressed. Say the boss is breathing down your neck. Most people will be more than willing to help out if you don't rage at them.
You: "May I have the UID code located on the <UID location> (do your research!)?"
Them: "Okay, Just a sec... It's XXXX-XXXX-XXXX-XXXX."
You: "Alright, hold on, let me check that real quick (make typing sounds on your keyboard for authenticity)."
You: "Weird, it looks like we're okay, but just to make sure, can you read the key off for me? It's located at <location here>."
Them: "Okay, the game key is XXX-XX-XXXX-XXXX."
Roll out with your profit. This could be extremely helpful in a situation where you possess a game, but no longer have a product key. However, this is indeed illegal—and very morally wrong.
Be a Part of Null Byte!
Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.