Word Warrior

About

Word Warrior is an alternative desktop client for playing games on the Internet Scrabble Club. It can also be used as a standalone Scrabble application to play against the computer, analyze games and more.

Here’s a screenshot of Word Warrior:

Main Features

Word Warrior offers the following features which are not supported in the default ISC client.

  • Offline Play: Play against the computer or your friend next door. No need to connect to ISC.
  • Multiple Games at Once: More than one game board can be open at any given time.
  • Custom Layout: Rearrange the views in the application to your liking.
  • Analysis Tools: Analyze games to improve your skills.
  • Player Search: Easier to use than the WordBiz console-based ‘who’ command.
  • Move List: Shows each move in the game in a clean tabular format.
  • Full Clabbers Support: Including proper dictionary checking.

Download

wordwarrior-installer.exe (Windows Installer – 11MB)

Background

Back in 2003 or so, I got into playing Scrabble online.  There weren’t many great places to play but I ultimately chose to spend my time on the Internet Scrabble Club (ISC).  It had lots of enthusiastic players of many skill levels and an interface similar to the Internet Chess Club, which I enjoy as well, though ISC’s was far uglier and buggier.

After playing there for some time I grew tired of this ugliness and bugginess.  I knew I could do a much better job, but the member base of ISC is nothing to sneeze at.  At any given time, 4-5k people are online playing Scrabble there. So I figured it would be great if there could be an alternative client for playing on the same server, while being more pleasing on the eyes and more fun to interact with.

I initially used Ethereal to take a peek at the network communications between the ISC client and server.  It turned out to be an ASCII based protocol that was fairly easy to figure out, though this still proved rather laborious.  So I poked around at my ISC installation.  It became clear that it was developed in Java but the developer actually used a code obfuscator of some sort, rendering the decompiled class files difficult to comprehend.  I recalled that there was an online applet version of the client, so I grabbed that jar file and found that it had not been obfuscated.  I now had a gigantic decompiled source file that handled all of the network operations and reverse engineering the protocol became much easier.

By this time I already had a basic Scrabble UI developed and AI to go along with it.  I developed my client in Java but used the Eclipse Rich Client Platform (RCP) and SWT to give the app a much more modern and native look and feel.  Most of my further efforts were in making my client work with the ISC server.  During this process, I uncovered many awful security holes in ISC, including:

  1. The client chooses its own next tiles after making a move, instead of the server assigning them. A malicious client could choose its own tiles. In fact, it can choose tiles that no longer exist in the bag. There’s hardly any validation on the server at all, it mostly echos information between clients.
  2. The server sends the client the opponent’s tiles. (It has to, because of #1 above, so the client knows what tiles are left in the bag.) A malicious client could use this knowledge to its benefit.
  3. The server allows a player to abort a game without opponent approval.
  4. Timestamps are not verified, allowing the client to claim that it used far less time in making a move than it actually did.

I never took advantage of any of these security holes, and I won’t detail how to take advantage of them. I was simply shocked to discover them and couldn’t believe that this software was even worse than I had imagined. This made me even more determined to develop a nice client for ISC, although I had to follow the same flawed protocol to be compatible with the server.

After a few months of development, Word Warrior was pretty much complete.  I tried to introduce it to the ISC community, which back-fired.  A few members loved my app, others didn’t care and, surprisingly, others passionately defended WordBiz, ISC’s buggy client. I guess it was what they were used to.  The admin/maintainer/developer of ISC ultimately banned my account, probably worried that I would expose the awful bugs in his code or jeopardize his business model, since he actually charges for “pro” accounts, adding a few more features to WordBiz.

Since then I’ve lost most of my interest in Scrabble, and Word Warrior has mostly been forgotten. I keep this page around mainly to document it as a personal programming achievement.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">