Game Data Security
Part 1. Memory
TimNew
Game Cheat Tools
History
Game Master
金山游侠
FPE 2000
FPE DOS
Game Wizard 32
Game Buster
Game Cheat Tools
Mobile
烧饼修改器
http://sbgamehacker.com/
What we can see
- Game Cheating started on Mobile
- Still basic Scan & Compare
- User interaction is as hard as old times
- Envolves FAST
Game Cheat Tools
Nowaday
Cheat Engine
cheatcc.com
https://code.google.com/p/cheat-engine/
Bit Slicer
https://github.com/zorgiepoo/Bit-Slicer
Evolution Trend
-
As powerful as Debugger
-
Breakpoints
-
Hooks
-
Dynamic Code Injection
-
Assembly
-
C/C++
-
-
-
Community based
-
A group of hackers
-
Game Data Security
-
Memory Security
-
Storage Security
-
Network Security
-
Source Code Security
Past
Today
- Local Offline Game
- Beat Computer
- Sell Game Copy
- Only Impact Game Experience
- Online Game
- Hurt only human player
- Sell Items
- Impact on revenue
V.S
Why it matters
This is the
Battle
betweens
Players & Hackers
Game Developers & Hackers
Game Company & Hacker Community
We should be prepared
How MemCheater Works
- Snapshot
- Scan
- Compare
- Freeze
Scan-Compare Loop
Dynamic Code Injection is not considered here
What we can Do
- Security Permission
- Hide
- Fuzz
- Snapshot
- Scan & Compare
- Freeze
- Data Type
- Encryption
- Decoy
- Hash & Verify
- Pointer Depth
Hide
Fuzz
Impact on
Code & Design
Data Type
-
Long Int
-
Byte
-
Float
Anti-Scan
Game Object Modeling
-
Static Variable vs Singleton
-
Boot Squence
Anti Frozen
Single Access
- Good Object Design
- Vulnerable to Scan
Pro & Cons
Impact on Code
- Display Value
- Temporary State
Impact on Design
- Prioritize Models
- Data flows as waterfall
- Hash & Verify when needed
Anti scan and frozen
Encryption
Hidden Int
Anti scan and frozen
- Encrypt data with key
- Only trusts Encrypted Data
- Change key by time period
- Change key every time the value is read
Applied in Forest Mania series
Found in Harvest: Massive Encounter
Q & A
Thanks
Game Data Security - Memory
By timnew
