Why I'm teaching kids to hack computers
hacktivate.app134 points by twostraws 5 days ago
134 points by twostraws 5 days ago
Cool idea and execution but having in-app purchases to buy hints for a game targeted to kids is a big no.
I get the market forces and such but I don't want to have an app subtly teach my non-existent kids to reach out to in-app purchases like that.
If you try the game and like it – if you've run through the 10 tutorial challenges and thought, "I like this and want more" – there's a separate version of the app that is an up-front, one-time purchase with no in-app purchases at all. You pay once and get everything. Get it here: https://apps.apple.com/app/id6754342195
Show them X free levels and with free hints.
When they get into the groove, at X+1 level show them "Did you like this? You can get 200+ levels if you convince your parents that this is a worthwhile investment for your learning." (copy TBD) and bam, you have a traditional game with a demo and a way to buy it that doesn't train kids to expect in-app purchases for every breath they take.
And btw, $25 is high even for an indie steam game, a mobile game will be even harder to market at that price. Just FYI. Best of luck!
Oh, so having a separate (paid for) app makes targeting kids with in app purchases OK in the (free) app you advertise?
If I only released an up-front payment version, people would complain that they weren't able to try the app first. If I only released a free version with in-app purchases, people would complain that they don't like in-app purchases. I did both, and I'm still getting complaints. I get that my solution is imperfect, but I'm trying my best.
This is a solved problem. It's called a "demo". What it entails is giving a small sample of your product completely for free, with no monetization at all, in order to entice a prospective buyer for more. It may be less lucrative than selling microtransactions to literal children, but it is something that people won't complain about, if you are genuinely in the market for a solution and not just trying to farm money off of scamming kids into swiping their parents' credit card because they have no idea what it's worth.
I really appreciate you having a full unlocked copy of the game with up front pricing and trying to solve this issue in a thoughtful way.
In the old days, the free version would be a limited preview of the game, and would direct users to purchase the full game. We called it a demo or shareware, as in you were intended to share and copy it widely.
You could also have the “in app purchase” be the full game unlock.
Good early lesson of small business and app development is you can’t make everyone happy. Trying to though will be guaranteed to make at least one person unhappy, and that’s you.
So take advice where it’s offered but don’t mistake complaints for advice.
The issue here is that you are trying to bridge two disparate goals - making money and helping kids.
The fact that this isn’t open source, as it stands, means the latter is not a primary goal - which is not an indictment, just an observation.
The complaints will come, regardless, for that reason alone, given the marketing/narrative.
You’re selling a product to parents/educators who want to gamify the technical education of their children. That market, small as it is, despises micro transactions.
What does open sourcing an application have to do with helping kids?
There are plenty of arguments for open sourcing things. “Closed source apps necessarily deprioritize helping children” is not an obvious argument to me. Can you draw the connection more explicitly?
Yep, in-app purchases aimed at kids is always a sensitive area
"sensitive" undersells it. Apple in its refund form has an option to select "unauthorised in-app purchase by a minor" as the reason.
I was not aware how predatory this market has become until an annual subscription after a "one week trial" renewed itself automatically despite having been already cancelled on the last day.
I'm assuming the money is lost because third party subscriptions might require earlier cancellation, but that was the last time I allowed for anything with such a short trial period.
In the early 2000s, growing up in a third-world country with limited resources meant computers and operating systems were constantly breaking. That scarcity pushed me to tinker and experiment, I learned to troubleshoot hardware, reinstall OSes, and reverse-engineer odd behaviors. I even experimented with keyloggers out of curiosity. That practical, trial-and-error schooling is where a lot of the so called “common sense” about security comes from. It is less theory, more failing, fixing, and learning what actually keeps one safe online.
I think it all stemmed from curiosity to learn and tinker. I wonder if gamifying it is enough but it’s a step.
Started modding Android ROMs at 13. That age is perfect; old enough to understand consequences, young enough to not care about breaking things.
Hardware hacking tools have gotten more accessible since then. The Flipper Zero makes this easier now; 256KB RAM, open firmware, $200. Compare that to needing a full PC setup in the 2000s. Lower barrier, same curiosity-driven learning.
Guided challenges vs pure exploration; both work. The structure gets more people started. The ones who stick around will break out of the sandbox anyway.
“El hambre agudiza el ingenio”, we say in Spanish. Hunger sharpens the mind.
Growing up with fewer resources than others paradoxically leads to better outcomes sometimes, since you’re conscious of the barriers around you and that motivates you to overcome them.
If I had grown up with the latest iPhone I would never have cared about rooting and custom ROMs, for example.
Early 90's were more fun. I modified DOS command.com file to change the outputs it prints, drilled holes into laptop to attach broken hinges, break electronic garbage to salvage wires and interesting things, disassemble disk drives, ...
I agree that the early 90's were a lot of fun – I remember drilling holes in 3.5-inch floppy disks to increase their capacity, blissfully unaware that actual HD floppies had a different coating entirely…
Haha that reminds me, Qbasic using the help file to figure out how to program. Taking apart a HD and getting my fingers pinched between the two bloody strong magnets.
Amazing what you learn when you have no other distraction xD
That era of breaking-and-fixing out of necessity was like the ultimate bootcamp
I suspect gamifying it isn't enough, but as you say it's a step, and if it helps more people get involved then hopefully others can provide more steps to follow.
Where would this sit between Over the Wire [0] and Hacknet [1]? I would try it but I don't own anything apple.
I don't think you can recreate this in any top-down manner no matter how well-intentioned.
It has to matter to them, and what's more, it gives you extra boost if you aren't supposed to do it and no parent or teacher pats you on the shoulder, but rather your friends or people in online forums like it, or simply you like it for yourself, seeing that the computer does what you want.
I learned computers by making a website for my school class, where we would put pictures from events and excursions, hosted a chat and a phpbb, designed the graphical elements in cracked warez Photoshop etc. This forced me to naturally pick up the skills. HTML, JS, burning ISO to CD, downloading things etc. Also warez games, learning about the Program Files difectory at like age 8 and how to copy the cracked exe there. Or setting up port forwarding for multi-player gaming.
Or when I modded GTA (3/VC/SA) with new car models that I built in 3D modeling software based on hunting down the orthographic projection blueprints of our family car, or adding the police vehicles from my country in GTA, messing with textures etc.
Or translating games from English, reverse engineering the binary file that contained the strings, I figures out that the length of each string was also there and I had to modify that too, learn about big endian and little endian, learn to work with a hex editor, understand what hex is. It was super exciting. If I had a lecture from some teacher about hex representation with some exercises at the end of the chapter for homework, I likely would have found it boring. But here I had context, I had a goal, and I had no idea what I was looking at when I opened the hex editor, I just saw that people used similar tools for translating other games and so I tried on less popular games where nobody had a specialized tool yet, it felt like making discoveries, going deep into the jungle and prevailing.
Now to contradict myself, I did have a lot of fun also while solving PythonChallenge.com, even though it's artificial tasks. But at least I found it myself online and wasn't handed to me and nobody knew or cared that I was working on it.
So I think this is just really hard to externally motivate if the kids don't have any desires or drive to see some effect caused by them. And maybe even I wouldn't do it in the current software and phone environment.
But we also have to remember that a generation ago it was also not many people who were really into computers.
The supposed target of this game do not at all match who can actually play it. Kids don't have Macs. Those who want to hack don't have iPhones. I would even say that a kid with an iPhone will never get the necessary curiosity about computers to want to hack anything.
My son has been highly motivated to learn about hacking in his iPad to hack some of the games they play for school (blooket and prodigy). Those are web based games, true, but fiddling with the dev console, editing the dom, and finding and pasting scripts, is not nothing.
Cool idea I was going to check it out but I don’t want to update my iPad to the latest OS for jailbreaky reasons. Any chance you could release support for something slightly before 18.5?
The app only uses one API from iOS 18 and later, so from a coding perspective I could make it support older versions easily. However, the bigger problem is testing: right now I test each release thoroughly on iPhone, iPad, and Mac, across iOS 18 and iOS 26, so adding another iOS version would require another set of devices and more time.
Huge respect for not just building a tool, but building an experience that demystifies hacking in a structured, ethical, and genuinely fun way
I have not used the app but the developer Paul Hudson was the guy who taught me Swift and UIKit when I was in college and wanted to dig into iOS development for fun. He’s truly gifted when it comes to teaching.
Thank you for your kind words! I've spent over a decade teaching folks to build apps, and it's something I hope I can continue doing for a long time to come.
Such a great idea and product!
Thanks for all the hard work.
However, please get rid of micro-transactions...
I'm fine paying full price of the product for my kid, but not micro-transactions.
Just FYI: The App Store has an Education Edition which is the “same app but paid up front”.
There's a separate version of the app that is a one-time purchase, with zero in-app purchases. It's available here: https://apps.apple.com/gb/app/hacktivate-education-edition/i...
>And if you’re dead set against Apple devices, you should check out the web version of Hacktivate – it’s not as powerful or as fun, but it’s entirely web-based and free!)
350+ schools are already using this, completely free, and I'm adding new schools every week!
This is why I like the Try Hack Me platform so much. You have a lot of walkthroughs and guided challenges to get started and learn the basics; challenges get harder and harder with less and less help. You also have access to challenge write-ups even if you did not complete them, meaning that if you're stuck, instead of losing motivation, you can make progress.
They embrace learning for all levels and helped me so much getting into infosec professionally.
Game for kids, where you dedicate a third of the screen to a locked hint list and a very prominent "Buy Hint Tokens" button? Hard pass.
https://www.hacktivate.app/img/framed-ipad-3.png
The game industry needs to move away from milking vulnerable people with pay-to-win schemes.
Also the game costs 20 bucks but it's offered as "Free" with "in app purchases". But you can only play one challenge until you need to buy the game. That's just false advertising. Just be upfront about it and sell the game for 20 bucks instead.
I'm not sure where you got the one challenge thing from – you can play 10 challenges without needing to pay a cent. Plus, there is a dedicated version you can buy up front front without any in-app purchases, right here: https://apps.apple.com/gb/app/hacktivate-education-edition/i...
I installed and played the game on my mac this morning. I tried several ways to get to another challenge I could play, but was unable.
The link I used is the one from your site.
All you have to do to unlock the next free challenge is solve the previous challenge. The first 10 tutorials are designed to teach the basics of the app – how to transform data with the toolbox, how to read web page source code and run JavaScript, basic Linux commands, etc – and so they are run in order. There are 10 in total, all free, plus another one in the first territory afterwards, which teaches the basics of ciphers.
So there's our misunderstanding. I skipped the tutorial, because I already saw your demo video. Then I clicked on the US on the map and played the first challenge called "Tutorial: Cipher salad". After that I always got the "Buy now" popup when I tried to play another challenge.
But you're right, the tutorial is playable too and it consists of the same kind of challenges, not just simple explanations how to play. So my initial statement was not correct.
I see. Well, I hope you can appreciate there are limits to what I can do – if someone skips the free challenges then is unhappy there aren't enough free challenges, I don't really know how I can fix that. If you want to go back to play the tutorial challenges, they remain available.
Nothing about Hacktivate is pay-to-win – you can solve every challenge without using a single hint, and even if someone does need hints there are a bunch given away for free. Even more, for people who want the game but don't want micro-transactions, there's a dedicated version of the game (https://apps.apple.com/gb/app/hacktivate-education-edition/i...) that is a one-time purchase with no in-app purchases at all.
Right, that's absolutely disgusting. The only reason that would be somewhat OK is if that's part of the game, and you can hack it to get tokens for free.
I've watched my grandma play a mobile game a few days ago. It has been a simple word search game. A level takes her about 2-3 minutes to beat. Every single time she beats a level, she is getting 1-2 30 second advertisements that she has to sit through. Its honestly so sad to see. Thankfully she knows that all mobile ads are bullshit and how to close them, but still... This market is shameless.
Nice.. But Damn.. Apple only : (
Yeah, sorry; I know my limitations, and would rather do one thing very well than two things kinda average.
Neat... Brings memories of the national cybersecurity courses you were talking about.
I never figured out how to do that "cat flag" terminal privilege escalation.
Those cybersecurity challenges are incredible – I see kids light up when they take part, finding a passion for something they didn't even known existed previously. I don't think the teams who organize them get enough recognition for their incredible work!
>how to do SQL injection, how to use rainbow tables to figure out hashes, how to use steganography to hide data in images, and more.
I feel like there are more practical and timeless topics that will still be relevant in 2040. Frameworks (abstraction) have largely solved SQL injection and bad cryptography.
Personally I would avoid a cybersecurity focused corriculum and just focus on regular software engineering. Being able to think like who you are attacking and knowing the common pitfalls is most of the battle.
Eh… I just went to Stack Overflow and searched for "php mysql", and the first result (https://stackoverflow.com/q/79790370) – asked 12 days ago – had SQL injection
[flagged]
