Virtual Newsletter about Software Freedom December 6, 2025 Hacking Frozen-Bubble directly from your home folder ---------------------------------------------------- I've talked about Frozen-Bubble before.[1] Frozen-Bubble is a nice game, and it's old. I'm working on many projects for Frozen-Bubble. I'm not here to talk about the insecurity of the Frozen-Bubble server. That's a topic for later. But there is a way to also hack the Frozen-Bubble client. There's a config file for Frozen-Bubble at ~/.frozen-bubble/rc This config file weirdly looks like Perl. Oh wait, because it's valid Perl. Frozen-Bubble is also written in Perl. So I checked the source code to see why a CONFIG FILE is in Perl. The reason why, is because it DIRECTLY runs what's on that file.[2] Now, this is obviously not good. The first thing I did of course, was to remove the nick sanitization: ``` sub sanitize_nick { my ($nick) = @_; return $nick; } ``` This makes me able to put whatever nick I want online (the server will reject it anyway). It also removes the 7 character nick limit, which is now a 10 character nick limit enforced by the server. When you save the config, this will get overrided.[3] Luckily, you can fix this by adding this to your config: ``` sub save_config { return; } ``` This will literally make the game unable to save your config, as the `save_config` function does nothing. If you don't use this, then it will get overriden on exit. The possibilities for this are endless. Now you can mod Frozen-Bubble! I can imagine someone will make a hack client or modloader for Frozen-Bubble with this. I'll see if I can find out more ways to hack Frozen-Bubble soon. - NexusSfan [1] https://mrchicken.nexussfan.cz/newsletter/links/frozen-bubble.txt [2] https://github.com/kthakore/frozen-bubble/blob/d6a029110ad6ab9e4960052e175addc98807fb7e/bin/frozen-bubble#L124 [3] https://github.com/kthakore/frozen-bubble/blob/d6a029110ad6ab9e4960052e175addc98807fb7e/bin/frozen-bubble#L5481 --- Copyright (c) 2025 NexusSfan Except where otherwise noted, this work is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License A copy of the license is included at https://creativecommons.org/licenses/by-nd/4.0 ---