Friday, September 2, 2011

Automatically add clan-members on Zynga’s Vampires iPhone game

imageThis is a quick hack I’ve done on Zynga’s “Vampires” game on the iPhone. One of the parameters of becoming powerful in the game is to have a large clan (friends) in the game. As there is no downside with being clan-member with people outside your normal social sphere (like the loss of privacy) people have published their player IDs on the net in the hope that people will add them.

The thing is that adding members to your clan is a tedious effort, where you can add a member perhaps every 30 seconds if you are really fast. Still, adding hundreds of members is something that I rather not do manually. Luckily for me I didn’t need to.

First off I sniffed the traffic between the iPhone and Zynga’s servers while playing the game and especially took note how the “add player to clan” message looked like. It looked something like this:


The nice thing is that it is not protected against replay attacks, so I can post the same message over and over again with a list of clan members to add.

So lets get the second piece of the puzzle and grab some player IDs. I grabbed almost 1200 player IDs from and put them in a text-file called “vampires.txt”. I then wrote a little bash-script around curl that looks like this:

   1:  #!/bin/bash
   3:  for VAMP_ID in `cat vampires.txt`
   4:  do
   5:          POST_DATA1='{"purchase_level":0,"accept_codes":["'
   6:          POST_DATA2='"],"zid":"8:14103891","client_version":"1.72","gids":[46],"data":{},"ipid":"IPHONE_ID","gid":46}'
   8:          POST_DATA=${POST_DATA1}${VAMP_ID}${POST_DATA2}
  10:          curl \
  11:                  --user-agent "Vampires/1.72 CFNetwork/485.13.9 Darwin/11.0.0" \
  12:                  --data-binary ${POST_DATA} \
  14:  done

You need to replace IPHONE_ID with your iPhone ID (you can grab it by sniffing the traffic just like how I did it).

I hope that you will use this successfully and get as large clan as I have now Winking smile.

/Michael Boman


Just to be clear: The player IDs from are from people who wants to be added to your clan so in their turn get a larger clan for the game (if I add you to my clan I automatically becomes added to your clan as well). The “hack” in this is that I automated the process of adding people to my clan. I am lazy, but in a good way.

photoMichael Boman is a a security consultant with Omegapoint AB Stockholm (Sweden) office.

When he is not breaking in to customers systems and infrastructure he collects and analyzes malware. That is a peculiar hobby but when he said “some people collects stamps, I collect malware” it did make a weird sort of sense.

Michael has spoken at many international security conferences about his discoveries in the security field on various topics from intrusion detection to a large-scale analysis of the worlds HTTPS servers.


  1. Did you know that there exists a Twitter hashtag focused on just one system cavity? After a symptom connected with illness as well as malnourishment, flashing some sort of "thigh gap" has turned into a trendy factor to own.Kyäni

  2. Zynga game helps are so interesting to play , if any problem then Zynga game support team helps you please go through this link.Zynga Games Support

    Thanks & Regards
    Aalia lyon

  3. Oh nice post for me!! I just searching Iphone game for playing. Finally got it. I am sure that it will be very effective to me as well. Thanks!! Kevin Cooper

  4. Diversion has advanced and it originates from various sources nowadays for the aggregate fulfillment of the general population. The latest improvement is the open door given to the gamers to download wii recreations free ideal on your PC.visit this site

  5. Wonderful post! We will be linking to this particularly great post on our site. Keep up the great writing. check this link right here now