{"id":329,"date":"2020-01-26T14:31:11","date_gmt":"2020-01-26T14:31:11","guid":{"rendered":"https:\/\/system-error-message.com\/?p=329"},"modified":"2020-04-25T11:39:29","modified_gmt":"2020-04-25T10:39:29","slug":"how-hackers-cheat-analysis","status":"publish","type":"post","link":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/","title":{"rendered":"How hackers cheat (analysis)"},"content":{"rendered":"\n<p>How they cheat (analysis)<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Memory manipulation and library\ninjection \u2013 reading and writing to a memory<\/li><li>Common base<\/li><\/ul>\n\n\n\n<p>Dedicated application \/ driver<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Direct memory manipulation<\/li><li>Abusing gameplay script<\/li><li>Patching the data and\nexecutable<\/li><li>Gameplay exploits<\/li><li>Bypassing the protection<\/li><li>Finding the right offsets<\/li><li>Finding execution methods for\ngameplay script<\/li><li>Combination with exploits and\ngameplay logic<\/li><\/ul>\n\n\n\n<p>What is the future?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Drivers in VMs, possible use of\nbytecode.<\/li><li>Controller hacks with direct\naccess to memory (custom firmware)<\/li><li>Dedicated hacking HW<\/li><\/ul>\n\n\n\n<p>Layered protection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Prevention<\/li><li>Detection<\/li><li>Obfuscation<\/li><li>Banning strategy<\/li><li>Legal<\/li><\/ul>\n\n\n\n<p>Prevention how?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Ring0 kernel agent<ul><li>OB_callback routines<\/li><\/ul><ul><li>DLL whitelist<\/li><\/ul><ul><li>Protecting the processes from\nhooks<\/li><\/ul><ul><li>Disable  running of the game in Windows test mode<\/li><\/ul><ul><li>Etc.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p>Detection how?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Pattern detection<ul><li>Strings (names, scripts etc.)<\/li><\/ul><ul><li>Certificates<\/li><\/ul><ul><li>Driver memory patterns<\/li><\/ul><ul><li>Bypass vectors (registry\nentries, unsp journal)<\/li><\/ul><ul><li>Process\/Memory scanning<\/li><\/ul><ul><li>File Scanning<\/li><\/ul><\/li><\/ul>\n\n\n\n<p>How do we protect the game!<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Protect the ring0 agent<ul><li>From reverse engineering\n(VMProtect)<\/li><\/ul><ul><li>Remove parts of code,\nreintroduce them later<\/li><\/ul><ul><li>Live update<\/li><\/ul><ul><li>Use authoritative master server\nfor detection and processing<\/li><\/ul><ul><li>Encryption<\/li><\/ul><ul><li>Client \u2013 Server Architecture<\/li><\/ul><\/li><li>Extensive sanity checks<ul><li>Consider performance and impact<ul><li>Extensive logging<ul><li>Keep history!<\/li><\/ul><\/li><\/ul><ul><li>Don\u2019t trust the client!\nAuthoritative server<\/li><\/ul><\/li><\/ul><\/li><\/ul>\n\n\n\n<p>How do we protect the game!<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Protect the game data \/ executable<ul><li>Make it harder to unpack<\/li><\/ul><ul><li>Make it harder to extract\noffsets (obfuscation)<\/li><\/ul><ul><li>Make it harder to identify\nfunctionality<\/li><\/ul><ul><li>Find the balance between\nperformance \/ protection<\/li><\/ul><\/li><li>Obfuscation!<ul><li>Use client side checks as fake<\/li><\/ul><ul><li>Leave bypasses open to gather bans<\/li><\/ul><ul><li>Fake the detections when needed<\/li><\/ul><ul><li>Use ban waves<\/li><\/ul><ul><li>Use delayed bans<\/li><\/ul><ul><li>D<\/li><\/ul><\/li><li>False positives<ul><li>They do happen<\/li><\/ul><ul><li>Customer support<\/li><\/ul><ul><li>Be mindful<\/li><\/ul><ul><li>Better be safe than sorry<\/li><\/ul><\/li><li>Banning (how &amp; why)<ul><li>Time based bans \/ Permanent bans<\/li><\/ul><ul><li>License based bans \/ game content bans<\/li><\/ul><ul><li>HWID \/ License \/ IP bans<ul><li>Griefers and repeated offenders<\/li><\/ul><\/li><\/ul><\/li><\/ul>\n\n\n\n<p>Who\nneeds to get involved?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Legal<ul><li>Taking down the sites offering the cheats<\/li><\/ul><ul><li>Tax Fraud<\/li><\/ul><\/li><\/ul>\n\n\n\n<p>Personal Harrasment<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>DDOS attacks<ul><li>Make focusing on your game inconvenient for creators and let them\nmove on.<\/li><\/ul><\/li><li>Production<ul><li>Hire dedicated staff<\/li><\/ul><ul><li>Programmers, Community managers and cheaters<\/li><\/ul><ul><li>Involve the community through reporting<\/li><\/ul><\/li><li>Dedicated staff<ul><li>Programmers<ul><li>Focus on network\/controller, authoritative client&lt;server\narchitecture<\/li><\/ul><\/li><\/ul><\/li><li>Community managers<ul><li>Infiltrate the hack provider sites<\/li><\/ul><ul><li>Infiltrate hacking forums<\/li><\/ul><ul><li>Infiltrate private community<\/li><\/ul><\/li><li>Community<ul><li>Make friends!<\/li><\/ul><ul><li>Public reward systems<ul><li>Focus on the creative cheaters<\/li><\/ul><ul><li>Get them payed for find the exploits<\/li><\/ul><\/li><\/ul><ul><li>Public report systems<ul><li>Reporting exploits\/cheats\/cheaters<\/li><\/ul><\/li><\/ul><\/li><li>Lessons to be learned<ul><li>Try not to make it personal<\/li><\/ul><ul><li>Don\u2019t retaliate<\/li><\/ul><ul><li>Don\u2019t taunt<\/li><\/ul><ul><li>Be aware of the repercussions <\/li><\/ul><\/li><\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How they cheat (analysis) Memory manipulation and library injection \u2013 reading and writing to a memory Common base Dedicated application \/ driver Direct memory manipulation Abusing gameplay script Patching the data and executable Gameplay exploits Bypassing the protection Finding the right offsets Finding execution methods for gameplay script Combination with exploits and gameplay logic What&hellip;&nbsp;<a href=\"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">How hackers cheat (analysis)<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[11,4,1],"tags":[],"class_list":["post-329","post","type-post","status-publish","format-standard","hentry","category-hacking","category-security","category-uncategorised"],"aioseo_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How hackers cheat (analysis) - Me Website!<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How hackers cheat (analysis) - Me Website!\" \/>\n<meta property=\"og:description\" content=\"How they cheat (analysis) Memory manipulation and library injection \u2013 reading and writing to a memory Common base Dedicated application \/ driver Direct memory manipulation Abusing gameplay script Patching the data and executable Gameplay exploits Bypassing the protection Finding the right offsets Finding execution methods for gameplay script Combination with exploits and gameplay logic What&hellip;&nbsp;Read More &raquo;How hackers cheat (analysis)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/\" \/>\n<meta property=\"og:site_name\" content=\"Me Website!\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-26T14:31:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-25T10:39:29+00:00\" \/>\n<meta name=\"author\" content=\"Ismail Lawal\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@system_error\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ismail Lawal\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How hackers cheat (analysis) - Me Website!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/","og_locale":"en_US","og_type":"article","og_title":"How hackers cheat (analysis) - Me Website!","og_description":"How they cheat (analysis) Memory manipulation and library injection \u2013 reading and writing to a memory Common base Dedicated application \/ driver Direct memory manipulation Abusing gameplay script Patching the data and executable Gameplay exploits Bypassing the protection Finding the right offsets Finding execution methods for gameplay script Combination with exploits and gameplay logic What&hellip;&nbsp;Read More &raquo;How hackers cheat (analysis)","og_url":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/","og_site_name":"Me Website!","article_published_time":"2020-01-26T14:31:11+00:00","article_modified_time":"2020-04-25T10:39:29+00:00","author":"Ismail Lawal","twitter_card":"summary_large_image","twitter_site":"@system_error","twitter_misc":{"Written by":"Ismail Lawal","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/#article","isPartOf":{"@id":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/"},"author":{"name":"Ismail Lawal","@id":"https:\/\/system-error-message.com\/#\/schema\/person\/844011d32230e728967d53a2fe77ebe8"},"headline":"How hackers cheat (analysis)","datePublished":"2020-01-26T14:31:11+00:00","dateModified":"2020-04-25T10:39:29+00:00","mainEntityOfPage":{"@id":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/"},"wordCount":402,"commentCount":0,"publisher":{"@id":"https:\/\/system-error-message.com\/#\/schema\/person\/d9e7ed7a395faa8bf46774b481a162f5"},"articleSection":["Hacking","Security","Uncategorised"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/","url":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/","name":"How hackers cheat (analysis) - Me Website!","isPartOf":{"@id":"https:\/\/system-error-message.com\/#website"},"datePublished":"2020-01-26T14:31:11+00:00","dateModified":"2020-04-25T10:39:29+00:00","breadcrumb":{"@id":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/system-error-message.com\/index.php\/how-hackers-cheat-analysis\/2020\/01\/26\/amp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/system-error-message.com\/"},{"@type":"ListItem","position":2,"name":"How hackers cheat (analysis)"}]},{"@type":"WebSite","@id":"https:\/\/system-error-message.com\/#website","url":"https:\/\/system-error-message.com\/","name":"Me Website!","description":"Me Website! Me Website! Whats with Me Website!","publisher":{"@id":"https:\/\/system-error-message.com\/#\/schema\/person\/d9e7ed7a395faa8bf46774b481a162f5"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/system-error-message.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/system-error-message.com\/#\/schema\/person\/d9e7ed7a395faa8bf46774b481a162f5","name":"System Error Message","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/system-error-message.com\/#\/schema\/person\/image\/","url":"https:\/\/system-error-message.com\/wp-content\/litespeed\/avatar\/f0ab140f6781b50fc34de4aa56f1f5e7.jpg?ver=1776871737","contentUrl":"https:\/\/system-error-message.com\/wp-content\/litespeed\/avatar\/f0ab140f6781b50fc34de4aa56f1f5e7.jpg?ver=1776871737","caption":"System Error Message"},"logo":{"@id":"https:\/\/system-error-message.com\/#\/schema\/person\/image\/"},"description":"Im a programmer and cyber security enthusiast, ex-hacker and interested in optimisation","sameAs":["http:\/\/system-error-message.com","https:\/\/x.com\/system_error","https:\/\/www.youtube.com\/channel\/UCIi4ErD_5A0Q9BNX1mrr-cw\/"]},{"@type":"Person","@id":"https:\/\/system-error-message.com\/#\/schema\/person\/844011d32230e728967d53a2fe77ebe8","name":"Ismail Lawal","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/system-error-message.com\/#\/schema\/person\/image\/","url":"https:\/\/system-error-message.com\/wp-content\/litespeed\/avatar\/49c4fd94b56c1d44efa5f5726cf18704.jpg?ver=1776878844","contentUrl":"https:\/\/system-error-message.com\/wp-content\/litespeed\/avatar\/49c4fd94b56c1d44efa5f5726cf18704.jpg?ver=1776878844","caption":"Ismail Lawal"}}]}},"_links":{"self":[{"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/posts\/329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/comments?post=329"}],"version-history":[{"count":1,"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/posts\/329\/revisions"}],"predecessor-version":[{"id":330,"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/posts\/329\/revisions\/330"}],"wp:attachment":[{"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/media?parent=329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/categories?post=329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/system-error-message.com\/index.php\/wp-json\/wp\/v2\/tags?post=329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}