Metin 2

Metin2 is a long-running MMORPG originally released in Korea and later republished in Europe. Featuring large-scale PvP, PvE combat, guild systems, and seasonal events, the game supports a persistent online ecosystem with competitive player interaction.

Webzen engaged Cyrex to conduct black box penetration testing, emulating real-world attack conditions without internal documentation or source code access.

The scope included:

• Player physics (movement and jumping)
• PvP duels
• PvE combat systems
• Mount and pet mechanics
• Guild and land systems
• Kingdom and class systems
• Weapon and equipment crafting
• Seasonal and community events

In MMORPG environments, vulnerabilities in combat, crafting, or guild systems can destabilize progression balance and in-game economies.

Cyrex conducted structured black box penetration testing, interacting with live services and gameplay systems as an external attacker would.

Our engagement included testing of:

• Server-side validation of player movement and physics
• PvP duel mechanics and combat resolution
• PvE combat flows
• Crafting and equipment upgrade logic

We evaluated whether gameplay actions were properly enforced server-side and resistant to manipulation.

Cyrex also assessed:

• Guild and land management systems
• Kingdom and class-based progression
• Mount and pet mechanics
• Seasonal and community event logic

The objective was to ensure that social and progression systems could not be exploited through parameter tampering or network-level manipulation.

Through testing, Cyrex identified several high-risk vulnerabilities across gameplay systems.

We delivered:

• A comprehensive security report
• Detailed risk assessments
• Prioritized remediation guidance aligned with best practice security principles

This enabled the development team to address weaknesses before they could be exploited at scale.