I wrote a short blog post about my thought process on how I reverse engineer video games and build tools that enable me to do security testing on them.
It’s a bit brief on purpose, as reading the code is expected.
Let me know your thoughts and what would make it better.
"build tools that enable me to do security testing on them"
I gather you write cheat exploits... and if public... eventually the players account/GPU/IMEI risks getting permanently banned/flagged.
It is always easier to break something, than to build something stable. People may focus resources on better content, game-play, and performance. Or play wack-a-mole with hostile Desktop/Mobile users...
Thus, some folks won't ever patch exploits... just shadow-ban the users running them...
Have a nice day =3
As someone who does security testing for video game service backends, I benefit significantly from all the reverse engineering and tools the hobbyists and cheaters build, and always enjoy reading more stuff.
Unfortunately, most security research boils down to 18/23 classes of problem that haven't changed in 30 years, or human behavior which hasn't significantly altered in thousands of years.
Indeed, the secure machines were not as popular as cheap consumer solutions, and despotic political posturing.
=3
Yeah and you end up with one of the worst client-server architectures that RDR2 has.
"client-server architectures"
Actually, public-key-signed object-p2p exchange systems allow for all sorts of fun. Even if people fiddle with the state exchange, the time+last_event indices can flag lag switchers, and signature audits detect memory patchers...
My point was, one doesn't need to lock the door if you own a alligator farm. =3
Thanks for the write up! This is really interesting and a great piece of knowledge to have out there. Funnily it similar to mobile app reverse engineering workflows.
I love the briefness of your post. Your code and method are clearly conveyed.
I had a wonderful app MS-DOS resident (TSR) on my PC that when pressing a key would do a snapshot of the whole memory (or specific area) to disk, to a file. So if you play a game, and lose a live, or HP points, you keep on pressing this, and then there were tools to do the diff.
There was one game that was storing the lifes as actual text - Ninja or something....
So last year my son was hacking some games, and nowadays there is a similar tool too - also based on diffs - though with me back then it was only 640KB, and nowadays we are looking towards 8-16GB if not more!
Somehow this technique still works for some games, but with way more gotchas...
CheatEngine (80mb) is very widely used nowadays and does memory dumps and comparisons. A very useful tool not only for game reverse engineering.
That's a broad use of "nowadays", haha. Following step-by-step Cheat Engine tutorials to use game hacks (MapleStory and Gunbound) was my first brush with coding/system internals when I was a child. This must have been around 2006 and it was already the most popular tool back then, though I remember there were loads of forks to bypass what must have been primitive anticheat systems that scanned for whether Cheat Engine was running.
Used to do this in my childhood with save files. Save the game in Alone in the Dark, shoot the shotgun, save, shoot again, save, then proceed to look for the differences.
I remember using CWCheat on PSP in the WWE games to create my own custom modes, adding ladders to Royal Rumble etc. Great fun
> The game monetizes through pay-to-win microtransactions
IAP fests are not games. Let's start using "gacha" or something for them.
Addiction-based exploitation. Perhaps the word "garbage" applies well to it. Or in a good reality, "criminal".
>but since the game is built on Unity, it was relatively easy to bypass these restrictions and enable system proxies. There are many others that do il2cpp mod tutorials, and I recommend those, with the key part being hooking HttpClientHandler.SendAsync.
I could only find il2cpp tutorials that I could not get them to work.
What is the non-il2cpp way? This should be a separate post and a new submission to HN.
Which il2cpp tutorial works?
It's really interesting to see people enjoying/more interested in breaking a game vs playing the game.
You should check out Tool-Assisted Speedruns om tasvideos.org, then. They use some of these techniques to do RNG manipulation, among other things, to improve game times.
From the end user perspective "let's game it out" is a must see YouTube channel.