What is Farmerama – and what were players really looking for?
Farmerama is a browser game released by Bigpoint in 2009, where millions of players manage and expand their virtual farms. Despite its extensive gameplay, the game lacked essential features for data analysis and transparency for a long time.
Players were looking for features such as:
- Tracking of historical market prices
- A complete overview of their stable inventory value
- Founding date of their farm and insights into their neighborhood
- Breeding logs and overviews of item placements
- Daily statistics for XP, CC, level progress, and more
2010: The launch of Farmeramania
My fansite Farmeramania.de went live on June 14, 2010. It quickly became one of the most active and well-known platforms around Farmerama – offering news, event coverage, tips, and custom tools for data-driven gameplay analysis.
The project started in cooperation with Randyrun, a virtual currency provider seeking to expand its presence in the browser gaming market. With Enclase as editor-in-chief, I took over the technical direction and community management.
From the very beginning, Farmeramania was designed to empower players with real insights and understanding – not just to entertain. The first event FAQs were provided solely by us – long before the official team published their own.
Later, Farmeramania was criticized for publishing content found in publicly accessible code. I was one of the first recognized game “leakers” in Germany – technically clean, but unusually transparent for that time.
2011: The Randyrun company on Gran Canaria
In 2011, I lived on Gran Canaria and founded a company there – initially under my own name – for Randyrun. The decision was made because it eliminated the need for the management to travel, and company formation in Spain was significantly easier.
The company was intended to be transferred to Randyrun later – but this never happened. Randyrun appointed a new CEO, who had previously worked at MMOGA. One of his first actions was to drastically cut the budget for our Gran Canaria team. The takeover of the company was rejected.
After making sure that the two employees on Gran Canaria continued to receive their salaries, I submitted my resignation. In return, I retained full rights to the Farmeramania project – as a kind of “ deal” to keep something from it. I was now stuck with a Spanish legal entity whose closure cost me several thousand euros.
My plan was to move to Turkey after a short stop in Germany – no longer than a year. However, the move to Turkey never happened. Since 2012, I’ve been living in Hilden – a wonderful town in North Rhine-Westphalia.
2012–2013: The birth of OpenFarm
I developed OpenFarm as a Firefox add-on (with experimental Chrome support) to make Farmerama more transparent and accessible. The extension captured game data, processed it on custom servers, and provided players with statistical evaluations.
As early as 2013, OpenFarm offered core features such as breeding logs, market analysis, neighborhood tracking, and detailed inventory reports. Chrome proved less suitable over time, as many functions for intercepting and modifying network traffic were gradually restricted or removed – unlike in Firefox.
2016–2020: Building a data-driven backend
The server logic was initially implemented with ColdFusion and Oracle, later migrated to Node.js with MariaDB and Redis. The system stored daily snapshots of user data and market activity. Over the years, the database grew to nearly 600 GB.
2021: Unity replaces Flash – but APIs remain
In January 2021, Bigpoint replaced the Flash version with a Unity-based frontend – a major shift visually. However, the backend remained largely unchanged. The familiar FarmAPI.php endpoint was still in use – now with RC4 encryption, Base64 encoding, and GZIP compression. All data could still be decrypted client-side.
How OpenFarm worked in practice
Upon login, the Firefox add-on intercepted the response from FarmAPI.php, decrypted the payload, and analyzed it. The resulting data was stored as a daily snapshot. Later versions also tracked additional events in real-time – including market behavior, breeding actions, and gameplay activity.
Result: A custom web dashboard
The collected data was not displayed in-game, but visualized via a standalone interactive dashboard. Players could analyze their XP progress across the main farm and Bahamarama over days, weeks, or months – using charts, comparisons, and averages. The entire tool was ad-free, fast, and privacy-respecting.
Example from the OpenFarm interface:
Funding by the community
OpenFarm was entirely funded by the community. Once a year, I launched a donation campaign to cover the server costs – and the community always delivered. Whatever exceeded the infrastructure expenses, I was allowed to keep. A truly amazing community made this project possible – thank you to all supporters!
OpenFarm Tech Demo – Try it now
The current technical demo is a simplified version of the original OpenFarm add-on. It demonstrates how game data can be captured and stored locally in the browser – a solid foundation for future extensions or data visualization experiments.
Download via Google Drive: (If you’ re interested, please contact me via the contact form)
Note:
The decryption key used has not changed since the Unity migration in January 2021. If it ever does, it can still be extracted from the Unity files.
Conclusion
OpenFarm has always been a community-driven project. Had I chosen to exploit it, OpenFarm could have gone much further – up to fully automating the game. With the “discovered” data, it would have been technically trivial to build a free harvest helper or even fully automate farm operations – including planting, harvesting, and trading. But that was never my goal: OpenFarm was built to foster understanding, not to exploit.
Hoping that someone will one day revive the project, I am now releasing a technical demo that reads and stores game data locally in the browser – a ready-to-use foundation for a new Firefox extension. There are still hundreds of active players who would welcome its return.
Disclaimer:
The information presented in this article is based on a technical analysis of the client-side communication of a browser-based game. A stream of encrypted data (RC4) was analyzed, where the decryption key was obtained solely from publicly transmitted or client-accessible elements.
The RC4 encryption algorithm was already considered outdated and insecure by industry standards at the time of the analysis. Part of this project aimed to demonstrate that vulnerability and document the client-side data flow through legitimate observation.
At no point was the login process intercepted or analyzed. All evaluations occurred only after successful login and were limited to farm-related data sent to the browser.
The analyzed FarmAPI.php packets contained no personally identifiable information (PII) such as real names, email addresses, or contact data – a credit to the game’s cautious and privacy-aware implementation.
No servers were compromised, no access controls bypassed, and no third-party user accounts were affected. The analysis focused solely on data accessible to the user’ s own browser session.
No manipulation, abuse, or commercial exploitation of the extracted information took place.
For transparency, the full source code of the extension was always openly published and made available through the Mozilla Add-ons platform. Users were able to review the features, verify the data flow, and assess the security of the extension themselves.
This project was conducted within the boundaries of applicable laws and serves solely as technical documentation. It does not constitute encouragement for replication.