Home » How hackers cheat (analysis)

How hackers cheat (analysis)

How they cheat (analysis)

  • Memory manipulation and library injection – reading and writing to a memory
  • Common base

Dedicated application / driver

  • Direct memory manipulation
  • Abusing gameplay script
  • Patching the data and executable
  • Gameplay exploits
  • Bypassing the protection
  • Finding the right offsets
  • Finding execution methods for gameplay script
  • Combination with exploits and gameplay logic

What is the future?

  • Drivers in VMs, possible use of bytecode.
  • Controller hacks with direct access to memory (custom firmware)
  • Dedicated hacking HW

Layered protection

  • Prevention
  • Detection
  • Obfuscation
  • Banning strategy
  • Legal

Prevention how?

  • Ring0 kernel agent
    • OB_callback routines
    • DLL whitelist
    • Protecting the processes from hooks
    • Disable running of the game in Windows test mode
    • Etc.

Detection how?

  • Pattern detection
    • Strings (names, scripts etc.)
    • Certificates
    • Driver memory patterns
    • Bypass vectors (registry entries, unsp journal)
    • Process/Memory scanning
    • File Scanning

How do we protect the game!

  • Protect the ring0 agent
    • From reverse engineering (VMProtect)
    • Remove parts of code, reintroduce them later
    • Live update
    • Use authoritative master server for detection and processing
    • Encryption
    • Client – Server Architecture
  • Extensive sanity checks
    • Consider performance and impact
      • Extensive logging
        • Keep history!
      • Don’t trust the client! Authoritative server

How do we protect the game!

  • Protect the game data / executable
    • Make it harder to unpack
    • Make it harder to extract offsets (obfuscation)
    • Make it harder to identify functionality
    • Find the balance between performance / protection
  • Obfuscation!
    • Use client side checks as fake
    • Leave bypasses open to gather bans
    • Fake the detections when needed
    • Use ban waves
    • Use delayed bans
    • D
  • False positives
    • They do happen
    • Customer support
    • Be mindful
    • Better be safe than sorry
  • Banning (how & why)
    • Time based bans / Permanent bans
    • License based bans / game content bans
    • HWID / License / IP bans
      • Griefers and repeated offenders

Who needs to get involved?

  • Legal
    • Taking down the sites offering the cheats
    • Tax Fraud

Personal Harrasment

  • DDOS attacks
    • Make focusing on your game inconvenient for creators and let them move on.
  • Production
    • Hire dedicated staff
    • Programmers, Community managers and cheaters
    • Involve the community through reporting
  • Dedicated staff
    • Programmers
      • Focus on network/controller, authoritative client<server architecture
  • Community managers
    • Infiltrate the hack provider sites
    • Infiltrate hacking forums
    • Infiltrate private community
  • Community
    • Make friends!
    • Public reward systems
      • Focus on the creative cheaters
      • Get them payed for find the exploits
    • Public report systems
      • Reporting exploits/cheats/cheaters
  • Lessons to be learned
    • Try not to make it personal
    • Don’t retaliate
    • Don’t taunt
    • Be aware of the repercussions

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × 5 =