In fall of 2020, I took what turned out to be the most fun (and eye-opening) class on the road to my B.S. degree in Computer Science. Penetration Testing. Not only was Pen Testing excitingly challenging and tested my wits, it also opened by eyes to how vulnerable we are in a digital world. I did not learn this valuable lesson from reading about the losses endured by others. Rather, I learned it by standing in the shoes of a bad actor and (safely) discovering just how easy it can be to exploit others. Within the first weeks of that class, I found myself changing the way I did things, from managing passwords to using WiFi networks.
What it does
This project is a 2D RPG Android mobile-device game where the player gets to play the role of a white hat hacker secretly retained by the president of a company to test the company's vulnerabilities. The game consists of five challenges. By solving each challenge, the player will learn how easy we can make things for bad actors, just through plain old carelessness. None of the challenges require technical knowledge. These challenges, which mostly revolve around passwords, are entitled:
- Identify logout laziness
- Be a brute & give yourself a raise
- Sticky note no-no
- Serve up John the Ripper some hash
- Compromise in the park :) Although the setting for the game is a workplace, it can be used to "gamify" education literacy both at work and at home. After solving these challenges, the player will be more educated and aware of bad habits in which most of us partake, especially when it comes to passwords.
How I built it
I built the game using Flutter, the Dart programming language, and the Flame engine (which is built on top of Flutter).
Challenges I ran into
Before starting this challenge, I had never touched Flutter, Dart, or Flame, nor had I ever built a mobile app of significance. Starting from scratch like this, especially given my ordinary time limitations, was challenging to say the least.
Accomplishments that I'm proud of
Normally, I would say that I'm proud that I was able to even finish the project, given the typical challenges. In this instance, however, I think I'm most proud of the fact that I took a subject matter that is so important and made it something fun to learn.
What I learned
I learned how rewarding it can be to build something that will both do some good from an educational perspective, while also providing some fun in the process.
What's next for White Hat Hacker RPG Challenge
Given my time limitations, I did not get the opportunity to fully test out the mobile app or finish all the features (e.g., splash screen intro, bells and whistles, etc.). Consequently, I will continue to work on it, add more challenges and features, and also see about deploying it in both iOS and web formats. I hope to be able to at least upload the mobile apps to both the App Store and Google Play Store.
A link to the .apk file for the Android mobile app is provided in the "Try it out" link below.