TERA is an epic fantasy action MMORPG developed by Bluehole Studio and published by Gameforge. An action-packed experienced, TERA launched to positive reviews in 2011 and quickly gained 2 million registered accounts. By 2018, the game had over 28 million players across the world.

Our testing on TERA were conducted under our Black Box penetration testing service, a real-world approach to hacking.

TERA’s services were built on a custom in-house engine and network protocol. To support this, we had to perform reconnaissance on their services and reverse engineer a solution to integrate our tools. Because we had no access to documentation, we had act independently to discover and extract functionalities from the game client to test them.

During our work with the TERA developers, we tested a variety of functionalities. These include:

  • Network-based packets
  • Physics (meaning player movement and attacking)
  • Fighting Abilities
  • Player skills (such as mining and crafting)
  • Trading between players (individually and large scale in the “Grand Exchange”)
  • Duelling
  • Quest start and completion
  • Mounts
  • Guild and party system
  • Account registration and authentication
  • Character creation


Our testing of TERA was actually composed of several iterations. Our collaboration was extended upon the results of each iteration, which revealed multiple vulnerabilities. As we did so, our testing continued to cover a wider net of the services and functionalities. Once each iteration of patching had been completed, we conducted full sanity and regression testing.

Several vulnerabilities were discovered with each iteration. Many were considered high-risk by the publisher and developer. One in particular, allowed players to repeatedly attain the “quest complete” state and easily farm experience points and the quest rewards.

The Black Box testing was the most convenient approach for Gameforge as they valued the real world approach to hacking.

“The security audits are always splendid. With the extensive reporting and risk assessment, our developers can effectively patch vulnerabilities.”



Test your game's security against the best

Learn more about our penetration testing and ethical hacking for online games.