You are previewing Exploiting Online Games: Cheating Massively Distributed Systems.
O'Reilly logo
Exploiting Online Games: Cheating Massively Distributed Systems

Book Description

"Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.

"The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys."

--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University

"Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be."

--Cade Metz
Senior Editor

PC Magazine

"If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge."

--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University

"Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.

"Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge."

--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force

"Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.

"With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today."

--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University

"If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk."

--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of
Secure Programming with Static Analysis

"This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!"

--Pravir Chandra
Principal Consultant, Cigital
Coauthor of
Network Security with OpenSSL

If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.

From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of Warcraft and Second Life®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.

This book covers

  • Why online games are a harbinger of software security issues to come

  • How millions of gamers have created billion-dollar virtual economies

  • How game companies invade personal privacy

  • Why some gamers cheat

  • Techniques for breaking online game security

  • How to build a bot to play a game for you

  • Methods for total conversion and advanced mods

Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.

Table of Contents

  1. Copyright
    1. Dedication
  2. Advance Praise for Exploiting Online Games
  3. Addison-Wesley Software Security Series
  4. Foreword
  5. Preface
    1. Why Are We Doing This?
    2. Where Do We Draw the Line?
    3. What’s in the Book?
    4. The Software Security Series
    5. Contacting the Authors
  6. Acknowledgments
    1. Greg’s Acknowledgments
    2. Gary’s Acknowledgments
  7. About the Authors
  8. 1. Why Games?
    1. Online Games Worldwide
    2. The Lure of Cheating in MMORPGs
      1. Cheat Codes
      2. Criminal Cheating
      3. Turning Bits into Cash: From Exploits to Items
    3. Games Are Software, Too
      1. Basic Game Architecture
      2. The Game Client
      3. Client-Side State
      4. Analogies to Other Applications
    4. Hacking Games
      1. Who Hacks Games?
      2. Why Hack Games?
        1. Cheating Philosophy
      3. How to Hack Games
      4. How Much Game Hacking Happens?
    5. The Big Lesson: Software as Achilles’ Heel
  9. 2. Game Hacking 101
    1. Defeating Piracy by Going Online
    2. Or Not . . .
    3. Tricks and Techniques for Cheating
      1. Building a Bot: Automated Gaming
      2. Using the User Interface: Keys, Clicks, and Colors
      3. Operating a Proxy: Intercepting Packets
      4. Manipulating Memory: Reading and Writing Data
      5. Drawing on the Debugger: Breakpoints
      6. Finding the Future: Predictability and Randomness, or How to Cheat in Online Poker
    4. The Bot Parade
      1. Combat Macro Bots
      2. Aimbots
      3. Poker Bots
    5. Lurking (Data Siphoning)
      1. Online Statistics
      2. Poker Statistics
      3. Auction Manipulation
    6. Tooling Up
      1. AC Tool: Macro Construction
    7. Countermeasures
      1. Spyware
      2. The Warden: Defeating Cheaters by Crossing the Line
      3. The Governor
      4. Where Do You Stand?
      5. Cheating
  10. 3. Money
    1. How Game Companies Make Money
      1. Poker
    2. Virtual Worlds: Game Economics and Economies
      1. Connections to the Real Economy
      2. Middlemen
      3. Playing for Profit
      4. Thottbot
    3. Criminal Activity
  11. 4. Enter the Lawyers
    1. Legality
    2. Fair Use and Copyright Law
    3. The Digital Millennium Copyright Act
    4. The End User License Agreement
      1. Sony BMG’s EULA: Rootkits Galore
      2. Blizzard’s EULA: All Your Memory Are Belong to Us
      3. Gator’s EULA: A Permanent Unwelcome Visitor
      4. Microsoft FrontPage 2002’s EULA: Be Nice, Because You Have To
      5. A Virus with a EULA: Malware Gets Legal
      6. Apple Computer’s EULA: To Infinity and Beyond
      7. The EULA Parade
      8. Forbidding Reverse Engineering
      9. Forbidding Game Hacking
      10. Property Rights
    5. The Terms of Use
      1. The Ban
      2. Being Sued != Breaking the Law
    6. Stealing Software versus Game Hacking
  12. 5. Infested with Bugs
    1. Time and State Bugs in Games
      1. How to Game for Free
      2. Using Bugs to Confuse State Boundaries
      3. Using Botnets to Lag a Game Server
      4. Using Bugs to Change Character States
    2. Pathing Bugs in Games
      1. Using Bugs to Travel in Interesting Ways
    3. Altering the User Interface
    4. Modifying Client-Side Game Data
    5. Monitoring Drops and Respawns
    6. Just Show Up
    7. And in Conclusion
  13. 6. Hacking Game Clients
    1. Malicious Software Testing (Enter the Attacker)
      1. QA Tools and Techniques
        1. Decompilers
        2. Disassemblers
        3. Debuggers
        4. Coverage Tools
        5. Fault Injection Engines
        6. Virtual Machine Simulators
    2. Countermeasures against Reverse Engineering
      1. Packing
      2. Anti-Debugging
        1. Altering Data in the PEB
        2. Forwarding Exceptions
        3. Single-Step Timing
    3. Data, Data, Everywhere
      1. Data Exposure and Countermeasures
      2. Data at Rest, Data in Motion
      3. Looking Elsewhere for Data
    4. Getting All Around the Game
    5. Going Over the Game: Controlling the User Interface
      1. Controlling Keystrokes
      2. Using Magic Key Sequences
      3. Controlling Mouse Droppings
      4. Sampling Pixels
      5. Countermeasures against Macro Bots
        1. Hiding from Process Lists
        2. Changing Window Names
        3. Wielding Rootkits for Stealth
      6. Generating Windows Messages
    6. Getting In the Game: Manipulating Game Objects
      1. The Problem of Moveable Memory
      2. Rounding Up the Usual Suspects
        1. Player Data Structures
      3. Reading the File from Disk
      4. Parsing the PE Header
      5. Looking Around for Stuff
        1. Player Character Corpse Identification
        2. Placing an NPC Breakpoint
        3. Uncovering the Player Character Camera Angle
        4. Finding the Player Character Block
        5. Locating Player Character Data
      6. Building a WoW Decompiler
      7. Reading and Writing Process Memory
    7. Getting Under the Game: Manipulating Rendering Information
      1. 3D = X Y Z
      2. Wall Hacking
      3. DLL Injection
        1. Pondering Attacker-in-the-Middle DLLs
        2. Direct3D, DirectX Specifics
      4. Hiding Injected DLLs
    8. Standing Way Outside the Game: Manipulating Network Packets
      1. Encryption on the Wire
    9. The Ultimate in Stealth: Taking Client Manipulation to the Kernel
      1. Memory Cloaking
    10. Clients Make Great Targets
  14. 7. Building a Bot
    1. Bot Design Fundamentals
      1. Event-Driven Design
      2. State Machines
      3. Moving the Player Character
        1. Calculating Distance
        2. Calculating Direction
        3. Telehacking
        4. Ping-Ponging
      4. Making a Player Character Fight
      5. Looting the Mob
      6. Mob Selection and Blacklisting
      7. Managing Agro
    2. Bot as Debugger
      1. A Basic Debugging Loop
      2. SetProcessKillOnExit
      3. SetDebugPrivilege
      4. Breakpoints
      5. Snagging Samples from Context
      6. Siphoning with Breakpoint Samples
    3. The Wowzer Botting Engine
    4. Advanced Bot Topics
      1. Bots and Kernels
        1. General Architecture of a Kernel-Assisted Bot
      2. A New Bot Paradigm: Combat Assist Bots
      3. Bot User Interface
        1. Integrating 3D Rendering
        2. The OGRE 3D Rendering Library
    5. Bots for Everyone
  15. 8. Reversing
    1. Taking Games Apart
      1. The Reverse Engineering Process
      2. Function Imports and Exports
      3. Strings
      4. Static Tracing
      5. Dynamic Tracing
    2. Code Patterns in Assembly
      1. Basic Data Movement
        1. Global Values
      2. Basic Logic
        1. Compare Operations
        2. TEST Operations
        3. True/False Test on a Function Call
        4. Branching Operation: if
        5. Branching Operation: if else
        6. Logical Operators
      3. Parsing and Strings
        1. Looping and Incrementing Pointers
        2. String Copy
        3. String Comparisons
        4. Parsing—Scanning for a Metacharacter
      4. Functions
        1. Prologue
        2. Epilogue
        3. Calling Conventions
        4. Intrinsic Functions
        5. Inline Functions
        6. Function Chunking
        7. Frame Pointer Omission
        8. Variable Reuse
      5. C++ Objects
        1. ECX as this Pointer
        2. C++ vtables
      6. Exception Handling
        1. Frame-Based Exception Handlers
      7. Switch Statements
        1. Table Switch Statements
        2. Switch Trees
    3. Self-Modifying Code and Packing
    4. Reversing Concluded
  16. 9. Advanced Game Hacking Fu
    1. Conversions and Modding
      1. Total Conversions
      2. Rewriting the Client
      3. Rewriting the Server
      4. Client Rendering Options
      5. Model Construction
        1. Stand-ins
      6. Textures
        1. Artistic Angles
      7. Terrain
    2. Media File Formats
    3. Emulation Servers (Private Servers)
      1. Protocol Emulation
        1. Exercise: Hooking the Packet Engine
        2. Decrypting Warcraft Packets
      2. Steps Required to Get into the World
    4. Legal Tangles
  17. 10. Software Security Über Alles
    1. Building Security In for Game Developers
      1. Software Security Touchpoints
      2. Black Hats and White Hats
    2. Security for Everyday Gamers
    3. Exploiting Online Games