Legends of IdleOn RNG Manipulation

idleon.md

Disclosure Timeline

Note: All dates are in YYYY-MM-DD format (as per ISO 8601 and other standards).

Date	Action
2023-07-06	Emailed lava at lavaflame2 dot com with these details and a recommended fix.
2023-08-06	A month later, I follow up just asking if Lava has received my messages.
2023-11-15	Additional follow-up email
2023-11-15	Mentioned knowing an exploit in Discord, passed details onto moderator (Hotair)
2023-11-15	Additional follow-up email (as I cannot DM lava)
2024-01-16	Given a lack of repsonse after more than 6 months, public disclosure.

Screenshots are also available for some of my outreach attempts.

Exploit

This is easiest to do in the browser version of the game. You can use a Google Account for both Steam and Web in order to load an existing account in the web mode. Easy peasy.

Press F12 to open your developer tools. Run the following code:

// Make a native copy of your browser's Math.random function
Math.originalRandom = Math.random

// Now replace it
Math.random = () => Math.originalRandom() / 100000000000;

Open the Arcade. Press Launch. Notice all of the balls always fall to the right. You can score unlimited jackpots.

There are some other use cases where you want high numbers. There are yet others where you want to pingpong between high and low numbers for the desired effect.

Math.originalRandom = Math.random;
Math.lowRandom = function() {
    return Math.originalRandom() / 100000000000;
}

Math.highRandom = function() {
    return 1 - Math.lowRandom();
}


let breakCycle = false;
function luckyCycle() {
  return setTimeout(function() {
    if (breakCycle) return;
    // console.log('rng on');
    Math.random = Math.lowRandom;
    return setTimeout(function() {
      //console.log('rng off');
      Math.random = Math.highRandom;
      return setTimeout(luckyCycle, 30000);
    }, 30000);
  });
}

Then you can just Math.random = /* desired other function, such as Math.lowRandom */ your way to winning big.

Impact

• Millions of Gems
• See https://soatok.idleonefficiency.com for what controlling RNG outputs looks like on an account

Mitigation

Lava could mitigate this risk with one line of code, followed by a search and replace:

+ const LavaMath = Object.freeze(Math)

And then replace any calls to Math.random with LavaMath.random, and then this would no longer be possible.

(Yes, I included this one-liner in my email to Lava in July 2023.)

Advanced Exploit

Compile Chromium with a custom RNG that returns a low value (less than 0.000001) 9/10 times, then defers to the normal LCG the rest of the time. You'll win most luck-based things (Arcade Balls, Gaming Plants, etc.).

The mitigation I suggest doesn't defend against this, but using a secure RNG instead of Math.random would likely generate farier numers anyway.

Update

The /r/idleon mods censored the link to this Gist from their subreddit (Archive).

@moneymanmonhash IMO Lava get too much with those in game purchases, while I understand he have to make money it is just too much.

Open game in chrome Right mouse button -> inspect element Go to Console tab Write there "allow pasting" (or something like that) -> press enter Copy paste "Math.originalRandom = Math.random" -> press enter Copy paste "Math.random = () => Math.originalRandom() / 3;" -> press enter Open arcade and launch few balls, do not launch too much because it may lag you and throw black screen for game.

Would it be possible to use this method to affect RNG on Sneaking (item finding rolls and detection chance) or farming overgrowth?

Is there a way to get unlimited dungeon flurbos?

can it work for the companion pets?

if anyone knows the code which can make all the balls turn into time candies let me know

@danielgarciabsb

The following code makes it go right for 5 seconds for a while, and then loop so your browser dont freeze. Just copy and paste it and watch the show. You can lower from 5000 ms (5 seconds) to 4 or 3 seconds if its still freezing...

// Save the original Math.random function Math.originalRandom = Math.random;

// Function to modify Math.random function modifyRandom(divisor) { Math.random = () => Math.originalRandom() / divisor; }

// Initial modification of Math.random modifyRandom(3); // Start by dividing by 3

// Function to toggle the behavior function toggleRandom() { let divisor = 3; // Start with dividing by 3 let interval = 5000; // Initial interval for 5 seconds

// Function to change the behavior after the initial interval const changeBehavior = () => { if (divisor === 3) { // If currently dividing by 3, switch to dividing by 1 for 10 seconds divisor = 1; interval = 10000; modifyRandom(divisor); } else { // If currently dividing by 1, switch back to dividing by 3 for 5 seconds divisor = 3; interval = 5000; modifyRandom(divisor); }

setTimeout(changeBehavior, interval); };

// Schedule the first behavior change after the initial interval setTimeout(changeBehavior, interval); }

// Start the toggling process toggleRandom();`

did you ever get any type of ban/shadowban after playing around with these codes? i wanted to be a little subtle with the use of them so I don't get locked out of playing with any friends :'] I've already spent almost $100 on gem packs so this would be cool if it's usable every now and then- also curious if you could use it to change the value of getting something like doot from the weekly pet, thanks in advance if you can manage to reply!