How hackers cheat (analysis)

How they cheat (analysis)

• Memory manipulation and library injection – reading and writing to a memory
• Common base

Dedicated application / driver

• Direct memory manipulation
• Abusing gameplay script
• Patching the data and executable
• Gameplay exploits
• Bypassing the protection
• Finding the right offsets
• Finding execution methods for gameplay script
• Combination with exploits and gameplay logic

What is the future?

• Drivers in VMs, possible use of bytecode.
• Controller hacks with direct access to memory (custom firmware)
• Dedicated hacking HW

Layered protection

• Prevention
• Detection
• Obfuscation
• Banning strategy
• Legal

Prevention how?

• Ring0 kernel agent
  • OB_callback routines
  • DLL whitelist
  • Protecting the processes from hooks
  • Disable running of the game in Windows test mode
  • Etc.

Detection how?

• Pattern detection
  • Strings (names, scripts etc.)
  • Certificates
  • Driver memory patterns
  • Bypass vectors (registry entries, unsp journal)
  • Process/Memory scanning
  • File Scanning

How do we protect the game!

• Protect the ring0 agent
  • From reverse engineering (VMProtect)
  • Remove parts of code, reintroduce them later
  • Live update
  • Use authoritative master server for detection and processing
  • Encryption
  • Client – Server Architecture
• Extensive sanity checks
  • Consider performance and impact
    • Extensive logging
      • Keep history!
    • Don’t trust the client! Authoritative server

How do we protect the game!

• Protect the game data / executable
  • Make it harder to unpack
  • Make it harder to extract offsets (obfuscation)
  • Make it harder to identify functionality
  • Find the balance between performance / protection
• Obfuscation!
  • Use client side checks as fake
  • Leave bypasses open to gather bans
  • Fake the detections when needed
  • Use ban waves
  • Use delayed bans
  • D
• False positives
  • They do happen
  • Customer support
  • Be mindful
  • Better be safe than sorry
• Banning (how & why)
  • Time based bans / Permanent bans
  • License based bans / game content bans
  • HWID / License / IP bans
    • Griefers and repeated offenders

Who needs to get involved?

• Legal
  • Taking down the sites offering the cheats
  • Tax Fraud

Personal Harrasment

• DDOS attacks
  • Make focusing on your game inconvenient for creators and let them move on.
• Production
  • Hire dedicated staff
  • Programmers, Community managers and cheaters
  • Involve the community through reporting
• Dedicated staff
  • Programmers
    • Focus on network/controller, authoritative client<server architecture
• Community managers
  • Infiltrate the hack provider sites
  • Infiltrate hacking forums
  • Infiltrate private community
• Community
  • Make friends!
  • Public reward systems
    • Focus on the creative cheaters
    • Get them payed for find the exploits
  • Public report systems
    • Reporting exploits/cheats/cheaters
• Lessons to be learned
  • Try not to make it personal
  • Don’t retaliate
  • Don’t taunt
  • Be aware of the repercussions