How they cheat (analysis)
- Memory manipulation and library injection – reading and writing to a memory
- Common base
Dedicated application / driver
- Direct memory manipulation
- Abusing gameplay script
- Patching the data and executable
- Gameplay exploits
- Bypassing the protection
- Finding the right offsets
- Finding execution methods for gameplay script
- Combination with exploits and gameplay logic
What is the future?
- Drivers in VMs, possible use of bytecode.
- Controller hacks with direct access to memory (custom firmware)
- Dedicated hacking HW
Layered protection
- Prevention
- Detection
- Obfuscation
- Banning strategy
- Legal
Prevention how?
- Ring0 kernel agent
- OB_callback routines
- DLL whitelist
- Protecting the processes from hooks
- Disable running of the game in Windows test mode
- Etc.
Detection how?
- Pattern detection
- Strings (names, scripts etc.)
- Certificates
- Driver memory patterns
- Bypass vectors (registry entries, unsp journal)
- Process/Memory scanning
- File Scanning
How do we protect the game!
- Protect the ring0 agent
- From reverse engineering (VMProtect)
- Remove parts of code, reintroduce them later
- Live update
- Use authoritative master server for detection and processing
- Encryption
- Client – Server Architecture
- Extensive sanity checks
- Consider performance and impact
- Extensive logging
- Keep history!
- Don’t trust the client! Authoritative server
- Extensive logging
- Consider performance and impact
How do we protect the game!
- Protect the game data / executable
- Make it harder to unpack
- Make it harder to extract offsets (obfuscation)
- Make it harder to identify functionality
- Find the balance between performance / protection
- Obfuscation!
- Use client side checks as fake
- Leave bypasses open to gather bans
- Fake the detections when needed
- Use ban waves
- Use delayed bans
- D
- False positives
- They do happen
- Customer support
- Be mindful
- Better be safe than sorry
- Banning (how & why)
- Time based bans / Permanent bans
- License based bans / game content bans
- HWID / License / IP bans
- Griefers and repeated offenders
Who needs to get involved?
- Legal
- Taking down the sites offering the cheats
- Tax Fraud
Personal Harrasment
- DDOS attacks
- Make focusing on your game inconvenient for creators and let them move on.
- Production
- Hire dedicated staff
- Programmers, Community managers and cheaters
- Involve the community through reporting
- Dedicated staff
- Programmers
- Focus on network/controller, authoritative client<server architecture
- Programmers
- Community managers
- Infiltrate the hack provider sites
- Infiltrate hacking forums
- Infiltrate private community
- Community
- Make friends!
- Public reward systems
- Focus on the creative cheaters
- Get them payed for find the exploits
- Public report systems
- Reporting exploits/cheats/cheaters
- Lessons to be learned
- Try not to make it personal
- Don’t retaliate
- Don’t taunt
- Be aware of the repercussions