
A Call of Duty exploit - danso
https://momo5502.com/blog/?p=34
======
movover
Interesting read - This is actually how a ton of game trainers/bots are made
(especially ones used by Chinese gold farms in MMORPGs), along with private
servers (except the other way around, where you send packets to the client).
For some games, the bots are advanced enough where they can interact with all
of the game's network protocol and behave similarly to a human, all while just
being a 'terminal' for the game that sends custom packets. Hacking games via
packet manipulation is nothing new either - I remember one of the big MMOs ~10
years ago having an exploit which would allow anyone to delete anyone else's
in-game guild, and similarly, log into any user's account under some specific
conditions.

~~~
arca_vorago
On the opposite end, I have used a program that does image recognition called
sikuli to a act as much like a human as possible instead of doing the low
level thing.

My favorite hack I feel responsible for was the wow zeppelin hack (zeppling
fly points were stored client side ) so you could change them and the zepplin
would take you somewhere else!

~~~
Mononokay
> My favorite hack I feel responsible for was the wow zeppelin hack (zeppling
> fly points were stored client side ) so you could change them and the
> zepplin would take you somewhere else!

Wait, really? I'm surprised I hadn't heard of this.

~~~
arca_vorago
It was back in the vanilla wow days. I was active over at some german run wow
hacking forum, did some reverse engineering, and posted about finding the
values being stored client side in ram. A few months later someone did it...
and then it was patched almost immediately. It's entirely possible they
weren't related and whoever did it found the values themselves, but that's not
as fun a story to tell myself or others so I stick to my version.

Now you have me feeling all nostalgic for the day wow went from beta to
live... and those early vanilla days of 40 man raids.

~~~
Mononokay
So weird that they're bringing back Vanilla servers - maybe that'll be
possible again?

------
gsich
On the Steam Forums they deleted all threads regarding this.

------
vectorEQ
a lot of work is done in game hacks to inject network packets, but they
usually rely on packets not being sanitized and just injecting other values.
Like for instance in some mmorpg you can edit packets that are sent, to add
extra skill points on leveling up or other edits in the binary information.
Encrypting would help against this.

I haven't seen them exploiting clients with malicious packets. This kind of
thing is a little scary, for instance, what if you let their game install some
known hack into itself? Then you would be able to get all playes VAC bans,
which are permanent in any case i think as VAC cannot decern if the hack was
inject by another player or the player who was victim of this install. if you
would do that in matches, you could get adversaries banned from tournaments
etc.

~~~
tokyodude
it's far far worse than that. you can inject arbitrary code to all opponents
so install a root kit and read their Bank account or install a cyberlocker
ransomware or turn their machine into a bot net.

Windows and Mac (and Linux) really need to switch to as sandboxed systems and
deprecate the 1980s style of code execution. The threats have changed and it's
completely unacceptable how much access desktop apps have

~~~
Flow
Apple tried sandboxing everything from the Mac App Store. Developers hated it.

Was it just the execution of the Mac App Store processes or the limitations of
that particular sandbox implementation that was bad or are desktop apps
incompatible with sandboxing because of the historical freedom they enjoyed?

~~~
pvg
Why 'tried'? It's still there and OS X itself is progressively making it less
trivial for random unauthenticated code to do whatever it wants in general.

------
icebraining
It's missing the actual exploit, no?

~~~
taspeotis
“As the vulnerability has been patched, the code is available on GitHub.”

~~~
gsich
Well patched, they downgraded the game to an older build with other problems.

