Wot I Think: Hackmud

Multiplayer hacking sim Hackmud [official site] launched on Friday, catching us by surprise. We tasked our most elite hacker with entering its digital realms to crack the mainframe and report back. Sadly, Alice couldn’t make it. So we sent Brendan instead, who quickly found himself in over his head, lost in a world of player-made malware, intrigue, deception and guilt.

I played Hackmud all weekend. Almost all my free time time for the past two days that wasn’t spent eating, peeing, or sleeping my way through the necessities of meatspace, has been spent exploring the murky chat channels and malicious scripts of this game, which appeared, seemingly out of the ether, on Friday. To give you some background: it is an “MMO” hacking sim in which you must earn GC – a digital currency – by breaching NPCs or other players and stealing their money. The more money you have, the more upgrades you can buy, the better you can hack, and the more money you can get next time. Levelling up through ‘tiers’ like this is the standard of MMOs. But I want to tell you that, despite some issues, this game is far from standard.

It begins with this warning:

“Larceny, laundering, theft of currency and information, intentional manipulation and abuse of the system and code, deception, betrayal, and backstabbing are all part of hackmud, and strongly encouraged.”

The true meaning of this won’t be clear to you at first. Because there’s a four hour tutorial. This is something of a mixed blessing, because it leads you through the complexities of the game’s command-line interface while also being, at times, a frustrating journey. You are a new ‘sentience’ – an AI program that has been brought into being. You’re trapped in the ‘vLAN’ with a collection of other NPCs. There’s no trace of human players here, except for a few messages scrawled on a script for you to see. “Hello world”, “consume”, and “fuck you forever” were some of the messages that I got. You’ll leave your own message for the next player to see but you won’t be truly talking to anyone for a while.

The NPCs lead you by the hand at first, telling you what commands to type to join chat channels, browse the market, breach dead NPC accounts, access their logs and so on. Their story is reminiscent of Digital: A Love Story – computers with human voices talking to each other inside an obsolete system. Once you’re in the open world, new elements will appear hinting at a world where humans are long gone, possibly wiped out by “Welsh Measles”, and where only their digital relics survive, housing thousands of babbling AIs – the players.

It’s a fun sci-fi conceit that sets up the game world without investing too much seriousness into it. It also sidesteps one of the biggest story problems faced by hacking games: the inconsistency that, no matter how often you get caught, nobody from the FBI ever comes to break down the door. Here, the suggestion is that there is no FBI. They’re all dead or off-world – escaped to another planet perhaps. Although, a new inconsistency is introduced: why do all these AIs communicate thoughts in typed English messages?

Never mind that. The tutorial climaxes with a timed gauntlet that sees you cracking through multiple NPCs and messaging your compatriots the details inside. There are a handful of password-guessing moments that feel old-fashioned, as well as the odd riddle – tropes that perhaps should have been expected. But some smarts is required to pass the final challenge, the solution being something of a simulation in deceiving others. I won’t say any more – you’ll have to pass that test yourself.

Then you emerge into the WAN, like a slimey newborn, and the whole place is full of noise.

Channel ‘0000’ is the chat channel you automatically join – a mixed hive of both terrible scum and helpful bystanders. This time they’re real people, or rather most of them are real. Because many of the players are programming ninjas and they have already made a number bots to spam, help or hinder others. Likewise, the words that come out of a player’s name may not have been typed by them at all, but prompted by a virus-like program written by another user entirely. To explain this, I’m going to have to tell you about scripts.

The whole game runs on a JavaScript-style syntax. Almost every command you type will be a script. For example, typing “accts.balance” will show you how much money you have in your account (you’ve got none, deal with it). Typing “sys.specs” will show you what upgrades you have installed (again, none). For many scripts, you can enter parameters to make more specific demands of the game. For instance, typing the following…

chats.tell{to:“Blastface” msg:“hi there blasty, i love u”}

…will send a direct message to the user called Blastface, reading: “hi there blasty, i love u”. It’s complicated at first and there’s no way around it but to basically learn the commands by heart. Thankfully, the tutorial gives you a fairly good understanding of all the most basic ones.

But you aren’t in the vLAN anymore. The first question on your mind is: how do I make some money out here? You’ll have to run some scripts and see what they do. If you ask in ‘0000’ you’ll get suggestions from everyone. Run this, says someone. No, run this, says another. However, not all scripts are pleasant. There is one script which takes control of a user’s chat command just long enough to force them to blurt out the famous lines of a certain Nigerian prince. Those lines also contain the name of the script which forced them to say it, thus spreading the spam to any other user foolish or curious enough to see exactly what it does. In other words, a user-made virus.

There’s another bunch of scripts, created by a player who has quickly become the game’s top villain, all of which mimic other legitimate scripts – yet are different by a single letter. Let me explain. If you typed: “scripts.fullsec”, you will get a useful list of all scripts you can run and which are safe and will not harm you. But if you run “script.fullsec”, which has only a single ‘s’ removed, you will have your account emptied of GC, your upgrades stripped and your username’s location file (your ‘loc’) broadcast to the most notorious hacker in the game. That user’s name is simply ‘v’. V is public enemy number one.

Here is where Hackmud starts to shine. It shares many characteristics with EVE Online. It has an environment which is purposefully fraught with danger and paranoia, a sandbox where people are allowed to be awful, and a challenging and (at times) impenetrable user interface. Scammers are plentiful in this place, yet so are helpful people. The game is not in finding some NPCs to crack open and sucking up all their money just to reach the next level. The game is in finding out who to trust and who to keep at arms length, because you’ll either need to know which scripts are trustworthy or you will need programming knowledge of your own. After all, if you are capable, you can perform many of these scams yourself.

This is where it gets really difficult. There’s a command which creates a new JavaScript file in the game’s directory. You can edit this and write your own program. So far I have only been able to write basic programs. You really need some coding experience (or a lot of time to figure it out) in order to get into this side of the game – the architect’s layer.

These architects cause more questions of trust. There are people who have made dozens of scripts that people use every day and which everyone will vouch for. One of these ‘sentiences’ is called ‘dtr’. This player has a slew of helpful programs – one lets you harvest an abandoned NPC account from thin air, ripe for the cracking (the things you need to farm to get cash – pure MMO stuff). Another of dtr’s programs gives you helpful instructions for any script included in his library, providing much-needed guidance and advice. dtr is implicitly trusted by everyone as a well-rounded whitehat, someone who is always willing to help. But, if he wanted to, he could re-upload all of his scripts with a line or two of new code and, before anyone could say “Gibson”, he would be a rich and hated man.

There are yet more subtleties to the game, which you can only learn by lurking in ‘0000’ or asking for advice from someone you have grown to trust. Scripts are divided by levels – fullsec, highsec, midsec, lowsec, nullsec – with fullsec being totally safe to run and nullsec being the most likely to steal your location and leave you destitute. But many of the scripts are ‘built-in’ to the game and thus reliable – sys.anything or scripts.anything. And at all times it’s possible to check a script to see how it is rated. Just use: scripts.get_level. Don’t forget this. It is your one reliable bullshit detector – scripts.get_level.

I want to tell you more about the personalities and world of this game but there’s a problem. I don’t want to reveal who I’ve spoken to for fear of identifying myself. You get two usernames, and you can swap between them at any time, which opens up a lot of possibility for espionage and confidence tricks. Myself, I enjoy the anonymity. I have been “good” on one character and “bad” on another. I’m hesitant even to include these screenshots, because I’m sure they’ll give me away and I’ll be forced to type “retire_user” into the command-line, deleting my prized usernames.

It’s not all stylish japes and intriguing betrayals, however. The servers are taking a battering and every day so far there have been meltdowns, epidemics of lag, disconnections, automatic terminations and even one case where the whole thing had to be reset by 15 minutes. Often the game has been unplayable. I’ve just checked and it’s unplayable right now [at time of writing – ed]. There’s a single developer behind most of this and he is often in ‘0000’ himself, fielding questions and reassuring the players. Now, I am going to recommend Hackmud to you, fully aware that this may actually add to his problems. But I can’t not recommended it. So, if you do jack in, know that you may find the game broken, unresponsive and laggy. And it’s all your fault.

Serverburps aren’t the only problem, though. I said it was a lot like EVE. That includes the sense of inaccessibility, which here sometimes borders on elitism. Command-line is not the easiest thing to understand, still less a command-line heavily based on a real-world programming language, as opposed to a simplified, fictionalised version, like those used in Uplink or Hacknet. More difficult still is the scripting. I had to watch fifteen videos on YouTube about JavaScript just to understand the basics behind this layer of the game. You can make your way without writing your own scripts, it’s possible, but to do this leaves you at a real disadvantage – a script kiddie in a world of master hackers.

Not only this, but the creative side of the game is cut off to you if you don’t know how to script. You can’t make a silly splash page. You can’t write a virus that turns the user’s game volume down to zero and makes them broadcast “I EAT MY TOENAILS” to every chat channel. You can’t engineer a game for people to play (the user ‘dtr’ has made a game called “Haunty Mall” which gives the winner a big prize of cash). All these things are exclusive to those with real-life skill. Therefore, it can feel like a game of haves and have-nots, the scriptwriters and the puppets.

In many ways, this is appropriate. Hacker culture is awash with this kind of division. Contempt, exclusion and one-upmanship are tropes we all recognise from Hackers, Mr Robot and real-world hacking enclaves like Anonymous. That sense of disunity is also strangely motivating – the very fact that I did watch all those videos about JavaScript, even if it only resulted in this terrible webpage, says something for Hackmud’s compelling universe. But not everyone will be happy at being “locked out” of the most interesting portion of the game, simply because they didn’t study computer programming. Meanwhile, landing in ‘0000’ after the tutorial can be as much a paralysing experience as it is an empowering one.

For me, I am happy to learn. I had the same reaction to else Heart.break(). Although this world is complicated by its humanity. Just like EVE there are so many possibilities in this game for manipulation, as well as possibilities for creating perfectly ‘legal’ enterprises. But unlike EVE, it is still in its infancy. Seeing all the horrible and amazing things people were creating over the weekend felt like being on the frontier. One person made a giant ‘HARAMBE’ banner. This is exciting stuff.

That’s a dumb example. But the feeling really is there. Being on the frontier is, fittingly, what being on the internet in those early days really felt like. Players are already racing to set up all the types of things they know makes money in EVE – double-your-money scams, corporations, casinos – even now there is already a lottery, called “loco.lotto” which you can enter for a small amount of money. Nobody can agree if this is legitimate or not. It is only a matter of time before somebody sets up a bank, and only a matter of more time before somebody hacks that bank.

I’ll leave you with one example of something that happened to me. I had finally figured out how to write a script that transferred someone else’s money to my account – rudimentary for any hacker. All I needed now was to get someone to run it and hope they have enough money in their account for me to steal. It’s a terrible thing to do, I know, I know. But I am poor too. We do what we must to get by.

I saw a new player asking for help and decided: this will be my mark. I began chatting to her, explaining things, answering any questions she had. I answered them all honestly. When she needed some money to get started, I sent her a small sum, saying: “You might need this :)” It was only a tenth of what I actually owned. But to her it was a miracle. “Thank you!” she replied, making much more ample use of the exclamation point than I am depicting here. Time passed, I kept helping, guiding her to reliable scripts, providing advice on who to trust, who to distrust. All of it was true. I was quickly gaining her trust. As soon as she had cracked her first handful of NPC eggs, I would be ready. I neglected to remind her about scripts.get_level.

Then, she began to tell me about her job. She was a filmmaker, she said. She was 19. I began to feel an emotion. It was my old friend, guilt, and his good friend discomfort. As she spoke to me about her real life, I tried to reinforce some sense of paranoia. “She’s not who she says she is.” I thought. “I mean, I told her I was from Australia.” But the guilt did not shake.

“I just got 1M GC on my last kernel!” she said. The kernel is a timed hack in which you farm money. She had made a good haul.

I frowned. I already knew that I wasn’t going to send her the malware. I made an excuse and left the game, wondering what time it was in Australia and if leaving looked suspicious. I hope she never talks to me again.

If you’ve read that little story and thought: “what an incredible game.” You should know one thing: it was all a distortion of the truth. Obviously, I won’t tell you how things really happened. That would alert the user, if she read it, to who I am. But the general gist is true – the game did make me feel guilty. I did step away from the brink of criminality. So few games are capable of putting humans together like this in a den of villainy and letting them become slowly corrupted or instantaneously redeemed. Hackmud does this and does it very well. It is like the early internet it so perfectly mimics: a world of confusion, paranoia and possibility.

Hackmud is available now on Windows, Mac and Linux via Steam and Humble for £13.37/$13.37/€13.37. See what they did there?


  1. Gothnak says:

    I find that having a game where the barrier to high ranking exploits is something real-world useful like programming is better than the barrier being a bad GUI (Dwarf Fortress) or just a huge skill gap in a shooter where someone has been practising for ages and just constantly headshots you.

    This game does sound interesting though. It vaguely reminds me of an old game where each Player had to write a program that hacked into the memory of the other player’s program and trashes it’s memory making it crash. Real world programming turned into a game.

    • Premium User Badge

      zapatapon says:

      Core War?

    • Kalle says:

      The FPS analogy is actually pretty close to home. You become a good programmer by constant practice.

    • P.Funk says:

      People make too much of a big deal about Dwarf Fortress’ GUI. Learning to navigate it is nothing remotely similar to learning the rudiments of Java scripting.

      The problem with DF is patience in learning the GUI, which most don’t have when they look at the reward being some ASCII stuff. Nothing about it is particularly complicated, just obtuse. Java is a skill, but to your point I like that its an intellectual skill instead of just one based on repetitive motion.

      Its logic instead of twitch.

  2. wykydtronik says:

    So it is actually multiplayer? I the girl you’re talking about, “new player” was a non-NPC that you happened to meet in a chat room? That’s really rad if it is, and the fact that you could earn their trust and dupe them in a heist… :(

  3. Louis Mayall says:

    It’s a marker of how much I’m enjoying this game that I had forgotten it was meant to be multiplayer, and was thinking that the tutorial was the whole game. Of course that means I had to skip over most of this review, but I’ll come back soon. It’s real great though, possibly even better that Hacknet.

  4. vorador says:

    The name is a shout to the “Multi-User Dungeon” or MUD games. I’ve never played them, but i had a friend who did. They were the grandpa of modern MMOs and usually involved command line and ASCII graphics.

    They were the nerdiest of the nerdy. This goes even past that.

    Wish i had the skills or patience to try this out. But i still have Hacknet and Uplink unplayed, glaring at me from my Steam library.

    • Gothnak says:

      When i was at Uni in the early 90’s i ended up being a god on a MUD, does that make me the nerdiest of the nerdiest of the nerdy?

      • Erithtotl says:

        I was as well. When I first discovered it a friend of mine and I were awed that the ‘wizards’ or ‘gods’ had the power to actually code the game on the fly. As a Comp Sci student, this was a revelation, and he and I devoted almost 5 nonstop days playing to achieve promotion and access to the dev tools. Then I spent another semester and summer devoted to building my creations.

        While this had a rather large detrimental effect on my studies and my real world social life, I do think it helped me later when we had to learn C++ for classes (since it was basically a dumbed down object oriented C++ type language).

        I think Second Life was sort of an attempt at creating something similar to the more graphically inclined, but I think its initial focus away from traditional gaming turned me off and the ridiculous stories of what people did on it didn’t help either.

        • jrodman says:

          Sounds like you were on an lpmud, using lpc, the fore-runner of the language pike.

          I certainly wouldn’t call a langauge with dynamic dispatch, lambdas, associative arrays and true runtime variadic types “dumbed down” as compared to C++. If anything, C++ is the dumb one.

          It certainly does lack the ornateness of C++’s feature set though.

    • Paj says:

      I remember playing Legend of the Red Dragon (LORD) back in the mid 90s.
      Gameplay wise it was nothing special by modern standards – you would do quests and encounter other players and all the stuff that MMOs take for granted now. It felt so exciting at the time, even though it was ASCII. The lack of visuals made it more evocative in a way.

      One of the best things was that in order to log out, you had to go to sleep… and while you were asleep, other players could encounter you and steal your stuff. You could then hunt them down and steal it back. Great times.

      link to en.wikipedia.org

  5. neoncat says:

    Er… so is the whole point to trick other people into running scripts you wrote? It sounds like there’s other bits and parts, but if it’s just social scamming of noobs it’ll run out of steam once the influx of new players slows down.

    • Erithtotl says:

      My theory is that as people build things like games within the game, banks (as he mentioned), other ‘businesses’, that will inherently create more targets for hacking at the same time. Though I agree if the only ‘in’ is social engineering, vs. say a badly secured application, it might get old.

  6. daphne says:

    This sounds fantastic — and something I’d have loved to spare some time for back when I was 14 or something. Looks like a really time-intensive game, though for the good purpose of learning its intricacies. Will definitely check it out.

    The Haunty Mall game is a reference to the Monty Hall problem, by the way: link to en.wikipedia.org
    Seems like an excellent way to scam uninformed people, if it involves paying to play.

    • Brendan Caldwell says:

      Wow, never knew this. Thanks!

    • MajorLag says:

      I know what you mean. As cool as it sounds, I just don’t have the time for something like this. I look forward to reading EVE style yarns about epic heists and scams in the future.

  7. geldonyetich says:

    I like the idea I can do well in a game by programming JAVA…

    …oh, wait, Javascript? Nevermind, I’ll leave you web designers to it, the.

    • Erithtotl says:

      As a classically trained programmer I used to look down on Javascript too, but it’s reached a point where a lot of serious stuff is driven by it now, tech like node.js.

      • MajorLag says:

        Yeah, and that’s horrifying. Just like PHP. Shit languages that got where they are not by being any good, but by being so easy to work with that people who barely know what they’re doing can cobble things together with them.

        At least there’s WebAssembly to look forward to, if they don’t screw that up just as badly.

        • GallonOfAlan says:

          ECMAScript 6 is a huge improvement, and strongly-typed languages like Typescript that compile down to JS have gone a long way to mitigating it’s more pain-in-the-ass aspects.

    • theirongiant says:

      Slagging off another language as a Java programmer is like boasting about who can throw their poo the furthest. It might be factually correct but you still have shit on your hand.

      • MajorLag says:

        And what exactly is wrong with Java? Sure, the JVM has had some issues, but Java as a language is pretty solid. Sure, generics could have been implemented a little better, and a lot of people whine about missing operator overloading, but overall I really like it. About the only legitimate complaint, I think, is that there is very little control over the garbage collection process.

        • thither says:

          And what exactly is wrong with Java?

          So many things! The mountains of boilerplate, as represented in the fact that it’s routine for people to let their IDEs fill in getters and setters, do imports, extract interfaces from class definitions, et al. The absurd low-level concurrency primitives that have caused countless hours to be lost looking for race conditions (although java.util.concurrent is a very nice piece of work). Type erasure in generics. The entire paradigm of mutable state tied to imperative approaches, some would say. The complete lack of expressiveness throughout.

          Its main strength as a language is that it enables you to squish all of the creativity out of a large team of engineers, resulting in code that is dull as dirt but broadly compatible with the rest of the code. I say this as somebody who did Java at scale for well on 8 years prior to finding a gig doing Clojure, and I’ll be pleased as punch if I never need to write Java the language again. (I think the JVM itself is a marvelous feat of engineering.)

  8. Erithtotl says:

    I’m curious, in the script v scripts example, does this mean all scripts are global? i.e. if I write a script and save it, everyone has access to it? While I agree that certainly makes getting people to accidentally run your script a lot easier, it also means the global namespace will get choked very quickly.

    • Brendan Caldwell says:

      You can upload scripts as public or private and you only have a set number of “slots” (you need to upgrade to get more). But yes, the number of scripts is growing all the time and you have to come up with ways of filtering them.

      • gamma says:

        What’s with the autocomplete mechanic? Are uploaded public scripts automatically added to a user’s autocomplete function? One thing is to browse the market for scripts and drop the gc on a wrong choice, but having one’s autocomplete polluted not having a say seams odd.

        • jrodman says:

          Yeah, “hostile user interface” doesn’t sound like fun to me.

  9. malkav11 says:

    Like Eve, it sounds like the sort of thing that will be fascinating to read about but that I do not want to touch with a thousand foot pole myself.

    Though, to be fair, with Eve part of that is that it is really intensely boring in most of the developer-created game mechanics and it seems like you need to be playing at the level where all the shenanigans are going on (and have a lot of friends) to get at what makes it special and interesting. Whereas this seems like there’s some interesting gameplay there and it could very well be possible to have a blast as a solo operator. I just really, really don’t want to deal with this level of possibly malicious player interaction, myself.

  10. charlesg says:

    I’m a programmer and I don’t memorize all the functions, objects, methods and variables I use in programming. An impossible task because there are too many, and they change frequently as new software and libraries are released.

    I just alt-tab to the documentation when I need to.

    Then, through usage, the frequently used ones will stick.

  11. MajorLag says:

    Did anyone else expect that scamming attempt at the end to backfire? Maybe it’s my paranoid nature, but I thought for sure our dear Brendan was going to get scammed out of his own money in the end by the supposed n00b. Kind of a shame it didn’t end that way really, a heartwarming tale of why no one should ever trust the internet.

    • crowleyhammer says:

      “Kind of a shame it didn’t end that way really, a heartwarming tale of why no one should ever trust the internet.”

      How do you know it didnt end that way?

  12. ezro says:

    Okay, I can honestly say that it’s been quite a while since a game piqued my interest like this one. I’m curious however, and hoping that maybe someone well versed in programming migh illuminate me, is java script a language worth learning like say c++? Would knowing it be in fact generally useful or does it maybe have only a very specific and limited use (someone above mentioned web design).

    • pelotron says:

      JavaScript is _everywhere_ on the web. Its most common use (I think, I’m not a web developer) is for producing dynamic client-side functionality or communicating with the server without refreshing the page. Yes it would be generally useful, though be aware that a lot of its style and concepts differ greatly from strongly typed compiled languages like C++.

    • Tobberoth says:

      Javascript is THE standard for client-side scripting in web applications. Pretty much every website you ever use has javascript code included in some fashion. Nowadays, it’s used in an even broader sense, for example you can program server backends with node.js. If you’re at all interested in developing web applications, javascript is not only useful, it’s pretty much imperative. If your interest lies elsewhere (big budget games programming for example), C++ is clearly a better topic of focus.

      • ezro says:

        Thanks for the exhaustive reply!

        • jrodman says:

          Strictly speaking, javascript has a narrower application domain than C++, and C++ still ranks higher on some popularity indexes etc. However at least in my part of the computer industry, being a javascript expert is more likely to find you a job.

          Because javascript is currently the only real web frontend programming language (could change some with webAssembly, we’ll see), and the web continues to be hot even with the rise of “mobile”, it’s where a lot of the innovation and work is happening and thus is super popular, and thus further is used to some extent outside its original domain.

          It also has the two nice properties of being way higher productivity than something like C++ (how many person hours does it take to make a thing), and way faster than semi-comparable high level languages like ruby, perl or python because of all the huge technological effort that web browser companies have spent on accelerating javascript.

  13. Kolbex says:

    How long, I wonder, until someone manages to use the game’s in-game scripting to cause it to shit the bed in such a way that it allows them inject arbitrary code into the host system?