Skip to main content
If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Wot I Think: Hackmud

brendan.review{verdict:"excellent", buy:true}

Brendan Caldwell avatar
Review by Brendan Caldwell Former Features Editor
Published on
39 comments

Multiplayer hacking sim Hackmud [official site] launched on Friday, catching us by surprise. We tasked our most elite hacker with entering its digital realms to crack the mainframe and report back. Sadly, Alice couldn’t make it. So we sent Brendan instead, who quickly found himself in over his head, lost in a world of player-made malware, intrigue, deception and guilt.

I played Hackmud all weekend. Almost all my free time time for the past two days that wasn’t spent eating, peeing, or sleeping my way through the necessities of meatspace, has been spent exploring the murky chat channels and malicious scripts of this game, which appeared, seemingly out of the ether, on Friday. To give you some background: it is an “MMO” hacking sim in which you must earn GC – a digital currency – by breaching NPCs or other players and stealing their money. The more money you have, the more upgrades you can buy, the better you can hack, and the more money you can get next time. Levelling up through ‘tiers’ like this is the standard of MMOs. But I want to tell you that, despite some issues, this game is far from standard.

It begins with this warning:

“Larceny, laundering, theft of currency and information, intentional manipulation and abuse of the system and code, deception, betrayal, and backstabbing are all part of hackmud, and strongly encouraged.”

The true meaning of this won’t be clear to you at first. Because there’s a four hour tutorial. This is something of a mixed blessing, because it leads you through the complexities of the game’s command-line interface while also being, at times, a frustrating journey. You are a new ‘sentience’ - an AI program that has been brought into being. You’re trapped in the ‘vLAN’ with a collection of other NPCs. There’s no trace of human players here, except for a few messages scrawled on a script for you to see. “Hello world”, “consume”, and “fuck you forever” were some of the messages that I got. You'll leave your own message for the next player to see but you won’t be truly talking to anyone for a while.

The NPCs lead you by the hand at first, telling you what commands to type to join chat channels, browse the market, breach dead NPC accounts, access their logs and so on. Their story is reminiscent of Digital: A Love Story – computers with human voices talking to each other inside an obsolete system. Once you’re in the open world, new elements will appear hinting at a world where humans are long gone, possibly wiped out by “Welsh Measles”, and where only their digital relics survive, housing thousands of babbling AIs – the players.

It’s a fun sci-fi conceit that sets up the game world without investing too much seriousness into it. It also sidesteps one of the biggest story problems faced by hacking games: the inconsistency that, no matter how often you get caught, nobody from the FBI ever comes to break down the door. Here, the suggestion is that there is no FBI. They’re all dead or off-world – escaped to another planet perhaps. Although, a new inconsistency is introduced: why do all these AIs communicate thoughts in typed English messages?

Never mind that. The tutorial climaxes with a timed gauntlet that sees you cracking through multiple NPCs and messaging your compatriots the details inside. There are a handful of password-guessing moments that feel old-fashioned, as well as the odd riddle – tropes that perhaps should have been expected. But some smarts is required to pass the final challenge, the solution being something of a simulation in deceiving others. I won’t say any more – you’ll have to pass that test yourself.

Then you emerge into the WAN, like a slimey newborn, and the whole place is full of noise.

Channel ‘0000’ is the chat channel you automatically join – a mixed hive of both terrible scum and helpful bystanders. This time they’re real people, or rather most of them are real. Because many of the players are programming ninjas and they have already made a number bots to spam, help or hinder others. Likewise, the words that come out of a player’s name may not have been typed by them at all, but prompted by a virus-like program written by another user entirely. To explain this, I’m going to have to tell you about scripts.

The whole game runs on a JavaScript-style syntax. Almost every command you type will be a script. For example, typing “accts.balance” will show you how much money you have in your account (you’ve got none, deal with it). Typing “sys.specs” will show you what upgrades you have installed (again, none). For many scripts, you can enter parameters to make more specific demands of the game. For instance, typing the following...

chats.tell{to:“Blastface” msg:“hi there blasty, i love u”}

...will send a direct message to the user called Blastface, reading: “hi there blasty, i love u”. It’s complicated at first and there's no way around it but to basically learn the commands by heart. Thankfully, the tutorial gives you a fairly good understanding of all the most basic ones.

But you aren’t in the vLAN anymore. The first question on your mind is: how do I make some money out here? You’ll have to run some scripts and see what they do. If you ask in ‘0000’ you’ll get suggestions from everyone. Run this, says someone. No, run this, says another. However, not all scripts are pleasant. There is one script which takes control of a user’s chat command just long enough to force them to blurt out the famous lines of a certain Nigerian prince. Those lines also contain the name of the script which forced them to say it, thus spreading the spam to any other user foolish or curious enough to see exactly what it does. In other words, a user-made virus.

There’s another bunch of scripts, created by a player who has quickly become the game’s top villain, all of which mimic other legitimate scripts – yet are different by a single letter. Let me explain. If you typed: “scripts.fullsec”, you will get a useful list of all scripts you can run and which are safe and will not harm you. But if you run “script.fullsec”, which has only a single ‘s’ removed, you will have your account emptied of GC, your upgrades stripped and your username’s location file (your ‘loc’) broadcast to the most notorious hacker in the game. That user’s name is simply ‘v’. V is public enemy number one.

Here is where Hackmud starts to shine. It shares many characteristics with EVE Online. It has an environment which is purposefully fraught with danger and paranoia, a sandbox where people are allowed to be awful, and a challenging and (at times) impenetrable user interface. Scammers are plentiful in this place, yet so are helpful people. The game is not in finding some NPCs to crack open and sucking up all their money just to reach the next level. The game is in finding out who to trust and who to keep at arms length, because you’ll either need to know which scripts are trustworthy or you will need programming knowledge of your own. After all, if you are capable, you can perform many of these scams yourself.

This is where it gets really difficult. There’s a command which creates a new JavaScript file in the game’s directory. You can edit this and write your own program. So far I have only been able to write basic programs. You really need some coding experience (or a lot of time to figure it out) in order to get into this side of the game – the architect’s layer.

These architects cause more questions of trust. There are people who have made dozens of scripts that people use every day and which everyone will vouch for. One of these ‘sentiences’ is called ‘dtr’. This player has a slew of helpful programs – one lets you harvest an abandoned NPC account from thin air, ripe for the cracking (the things you need to farm to get cash – pure MMO stuff). Another of dtr’s programs gives you helpful instructions for any script included in his library, providing much-needed guidance and advice. dtr is implicitly trusted by everyone as a well-rounded whitehat, someone who is always willing to help. But, if he wanted to, he could re-upload all of his scripts with a line or two of new code and, before anyone could say “Gibson”, he would be a rich and hated man.

There are yet more subtleties to the game, which you can only learn by lurking in ‘0000’ or asking for advice from someone you have grown to trust. Scripts are divided by levels – fullsec, highsec, midsec, lowsec, nullsec – with fullsec being totally safe to run and nullsec being the most likely to steal your location and leave you destitute. But many of the scripts are ‘built-in’ to the game and thus reliable – sys.anything or scripts.anything. And at all times it’s possible to check a script to see how it is rated. Just use: scripts.get_level. Don’t forget this. It is your one reliable bullshit detector - scripts.get_level.

I want to tell you more about the personalities and world of this game but there's a problem. I don’t want to reveal who I’ve spoken to for fear of identifying myself. You get two usernames, and you can swap between them at any time, which opens up a lot of possibility for espionage and confidence tricks. Myself, I enjoy the anonymity. I have been “good” on one character and “bad” on another. I'm hesitant even to include these screenshots, because I'm sure they'll give me away and I'll be forced to type "retire_user" into the command-line, deleting my prized usernames.

It’s not all stylish japes and intriguing betrayals, however. The servers are taking a battering and every day so far there have been meltdowns, epidemics of lag, disconnections, automatic terminations and even one case where the whole thing had to be reset by 15 minutes. Often the game has been unplayable. I've just checked and it's unplayable right now [at time of writing - ed]. There’s a single developer behind most of this and he is often in ‘0000’ himself, fielding questions and reassuring the players. Now, I am going to recommend Hackmud to you, fully aware that this may actually add to his problems. But I can’t not recommended it. So, if you do jack in, know that you may find the game broken, unresponsive and laggy. And it’s all your fault.

Serverburps aren’t the only problem, though. I said it was a lot like EVE. That includes the sense of inaccessibility, which here sometimes borders on elitism. Command-line is not the easiest thing to understand, still less a command-line heavily based on a real-world programming language, as opposed to a simplified, fictionalised version, like those used in Uplink or Hacknet. More difficult still is the scripting. I had to watch fifteen videos on YouTube about JavaScript just to understand the basics behind this layer of the game. You can make your way without writing your own scripts, it’s possible, but to do this leaves you at a real disadvantage – a script kiddie in a world of master hackers.

Not only this, but the creative side of the game is cut off to you if you don’t know how to script. You can’t make a silly splash page. You can’t write a virus that turns the user’s game volume down to zero and makes them broadcast “I EAT MY TOENAILS” to every chat channel. You can’t engineer a game for people to play (the user ‘dtr’ has made a game called “Haunty Mall” which gives the winner a big prize of cash). All these things are exclusive to those with real-life skill. Therefore, it can feel like a game of haves and have-nots, the scriptwriters and the puppets.

In many ways, this is appropriate. Hacker culture is awash with this kind of division. Contempt, exclusion and one-upmanship are tropes we all recognise from Hackers, Mr Robot and real-world hacking enclaves like Anonymous. That sense of disunity is also strangely motivating – the very fact that I did watch all those videos about JavaScript, even if it only resulted in this terrible webpage, says something for Hackmud’s compelling universe. But not everyone will be happy at being “locked out” of the most interesting portion of the game, simply because they didn’t study computer programming. Meanwhile, landing in '0000' after the tutorial can be as much a paralysing experience as it is an empowering one.

For me, I am happy to learn. I had the same reaction to else Heart.break(). Although this world is complicated by its humanity. Just like EVE there are so many possibilities in this game for manipulation, as well as possibilities for creating perfectly ‘legal’ enterprises. But unlike EVE, it is still in its infancy. Seeing all the horrible and amazing things people were creating over the weekend felt like being on the frontier. One person made a giant ‘HARAMBE’ banner. This is exciting stuff.

That’s a dumb example. But the feeling really is there. Being on the frontier is, fittingly, what being on the internet in those early days really felt like. Players are already racing to set up all the types of things they know makes money in EVE – double-your-money scams, corporations, casinos – even now there is already a lottery, called “loco.lotto” which you can enter for a small amount of money. Nobody can agree if this is legitimate or not. It is only a matter of time before somebody sets up a bank, and only a matter of more time before somebody hacks that bank.

I’ll leave you with one example of something that happened to me. I had finally figured out how to write a script that transferred someone else’s money to my account – rudimentary for any hacker. All I needed now was to get someone to run it and hope they have enough money in their account for me to steal. It’s a terrible thing to do, I know, I know. But I am poor too. We do what we must to get by.

I saw a new player asking for help and decided: this will be my mark. I began chatting to her, explaining things, answering any questions she had. I answered them all honestly. When she needed some money to get started, I sent her a small sum, saying: “You might need this :)” It was only a tenth of what I actually owned. But to her it was a miracle. “Thank you!” she replied, making much more ample use of the exclamation point than I am depicting here. Time passed, I kept helping, guiding her to reliable scripts, providing advice on who to trust, who to distrust. All of it was true. I was quickly gaining her trust. As soon as she had cracked her first handful of NPC eggs, I would be ready. I neglected to remind her about scripts.get_level.

Then, she began to tell me about her job. She was a filmmaker, she said. She was 19. I began to feel an emotion. It was my old friend, guilt, and his good friend discomfort. As she spoke to me about her real life, I tried to reinforce some sense of paranoia. “She’s not who she says she is." I thought. "I mean, I told her I was from Australia.” But the guilt did not shake.

“I just got 1M GC on my last kernel!” she said. The kernel is a timed hack in which you farm money. She had made a good haul.

I frowned. I already knew that I wasn’t going to send her the malware. I made an excuse and left the game, wondering what time it was in Australia and if leaving looked suspicious. I hope she never talks to me again.

If you’ve read that little story and thought: “what an incredible game.” You should know one thing: it was all a distortion of the truth. Obviously, I won’t tell you how things really happened. That would alert the user, if she read it, to who I am. But the general gist is true – the game did make me feel guilty. I did step away from the brink of criminality. So few games are capable of putting humans together like this in a den of villainy and letting them become slowly corrupted or instantaneously redeemed. Hackmud does this and does it very well. It is like the early internet it so perfectly mimics: a world of confusion, paranoia and possibility.

Hackmud is available now on Windows, Mac and Linux via Steam and Humble for £13.37/$13.37/€13.37. See what they did there?

Read this next