Kingdom Under Fire 2

Kingdom Under Fire II blends large-scale RTS mechanics with MMORPG systems, allowing players to command NPC armies while engaging in real-time combat. Built on a custom engine and released across major platforms, the game required validation of both client integration and gameplay services.

The scope included complex systems such as:

• RTS battle mechanics commanding NPC units
• Crafting and equipment upgrade systems
• Quest logic and progression
• Physics-based movement and combat
• Active and passive abilities
• PvP and PvE combat systems
• Trading and loot systems
• Mounts and hub map traversal

In hybrid MMORPG/RTS environments, vulnerabilities in combat logic, trading, or progression systems can destabilize game balance and economy integrity. Blueside required structured security testing to identify potential exploit paths before they could impact players.

Cyrex worked directly within Blueside’s custom engine environment, focusing on gameplay systems and client integration layers.

Our engagement included structured testing of:

• The full RTS battle system and NPC command logic
• Skills, crafting, and equipment upgrade workflows
• Quest systems and progression validation
• Physics systems (movement, flying, attacking, aiming)
• Combat abilities (active and passive)
• Trading and drop/loot mechanics
• PvP and PvE combat flows
• Mount and hub traversal systems

We evaluated server-side validation and gameplay trust boundaries to determine whether actions could be manipulated or improperly authorized.

During testing, Cyrex identified several critical vulnerabilities and architectural weaknesses that could have had significant impact if exploited.

We delivered:

• Detailed findings documentation
• Prioritized remediation guidance
• Recommendations aligned with security best practices

After Blueside implemented patches, Cyrex conducted full sanity and regression testing to confirm that vulnerabilities were properly resolved and no new issues were introduced.