Interesting read - This is actually how a ton of game trainers/bots are made (especially ones used by Chinese gold farms in MMORPGs), along with private servers (except the other way around, where you send packets to the client). For some games, the bots are advanced enough where they can interact with all of the game's network protocol and behave similarly to a human, all while just being a 'terminal' for the game that sends custom packets. Hacking games via packet manipulation is nothing new either - I remember one of the big MMOs ~10 years ago having an exploit which would allow anyone to delete anyone else's in-game guild, and similarly, log into any user's account under some specific conditions.
On the opposite end, I have used a program that does image recognition called sikuli to a act as much like a human as possible instead of doing the low level thing.
My favorite hack I feel responsible for was the wow zeppelin hack (zeppling fly points were stored client side ) so you could change them and the zepplin would take you somewhere else!
> My favorite hack I feel responsible for was the wow zeppelin hack (zeppling fly points were stored client side ) so you could change them and the zepplin would take you somewhere else!
Wait, really? I'm surprised I hadn't heard of this.
It was back in the vanilla wow days. I was active over at some german run wow hacking forum, did some reverse engineering, and posted about finding the values being stored client side in ram. A few months later someone did it... and then it was patched almost immediately. It's entirely possible they weren't related and whoever did it found the values themselves, but that's not as fun a story to tell myself or others so I stick to my version.
Now you have me feeling all nostalgic for the day wow went from beta to live... and those early vanilla days of 40 man raids.
Is it though? This exploit causes a buffer overflow by sending malicious packages, giving full remote code execution. Trainers and bots just send normal packages.
a lot of work is done in game hacks to inject network packets, but they usually rely on packets not being sanitized and just injecting other values. Like for instance in some mmorpg you can edit packets that are sent, to add extra skill points on leveling up or other edits in the binary information. Encrypting would help against this.
I haven't seen them exploiting clients with malicious packets. This kind of thing is a little scary, for instance, what if you let their game install some known hack into itself? Then you would be able to get all playes VAC bans, which are permanent in any case i think as VAC cannot decern if the hack was inject by another player or the player who was victim of this install. if you would do that in matches, you could get adversaries banned from tournaments etc.
If network packets are being sent, doesn't that then mean that some amount of computation is happening on the client and in theory then any encryption of data from the client to the server is moot because the user can simply perform the injection in the process prior to the encryption (and vice versa, encryption to the client is moot because that data must be decrypted in order to be operated on, at which point the user can alter it)?
Admittedly I have very little experience with game hacking, so I could be misunderstanding something.
Yes, encryption is essentially pointless because it only delays the discovery of a hack by a few days. The goal of an MMORPG network protocol designer is to make the official client the easiest/fastest way to train levels and kill monsters, so that writing a custom client doesn't give you much benefit over it.
it's far far worse than that. you can inject arbitrary code to all opponents so install a root kit and read their Bank account or install a cyberlocker ransomware or turn their machine into a bot net.
Windows and Mac (and Linux) really need to switch to as sandboxed systems and deprecate the 1980s style of code execution. The threats have changed and it's completely unacceptable how much access desktop apps have
Apple tried sandboxing everything from the Mac App Store. Developers hated it.
Was it just the execution of the Mac App Store processes or the limitations of that particular sandbox implementation that was bad or are desktop apps incompatible with sandboxing because of the historical freedom they enjoyed?
Why 'tried'? It's still there and OS X itself is progressively making it less trivial for random unauthenticated code to do whatever it wants in general.
Sandboxing and app storification are separate things - one is a security measure and one is a grant of veto over all software on the platform to a single company.
I'm not an Objective-C developer--everything I ever wrote using the Mac App Store was in Java, of all things!--but I found it really not a problem at all.
There are some applications that were incompatible for one design reason or another with the OS X sandbox, but I still to this day think a lot of it was "this is harder than I am used to, therefore no."
I wouldn’t be willing to pay even a 3% performance penalty for iproved security on my gaming machine. However, I would be ok with booting in a gaming mode where I might even gain performance because all unnecessary services are switched off (in an extreme version you could imagine some kind of OS hybrid with a windows kernel and a minimal OS layer baked directly onto the game). To avoid negative consequences of this OS being less secure one could ban it from seeing data other than on a special game drive.
I guess this kind of makes the machine start in an Xbox mode, which would make perfect sense.
