I play as part of the team that placed 2nd this year, Samurai, and all of us were in awe at how well put together the problems were, and how great the experience was overall.
Here's a link to a writeup I did of one of the quests, that involved reverse engineering a massive circuit, then using it to open a locked door: https://medium.com/@shanewilton/ghost-in-the-shellcode-2015-...
The official website for the CTF is here: http://ghostintheshellcode.com/
Edit: If you enjoyed that writeup, here is a (In my opinion), much more interesting writeup I did of a similar problem last year: https://medium.com/@shanewilton/9447-ctf-2014-hellomike-writ...
Depending on the game you'll learn about binary reversing, executable formats, networking, rendering, x86 assembly, C, JVM bytecode, or more advanced topics. We dove right into hard things because it was fun and there was no one to tell us they were too hard for kids. The end result among my group of friends seems to be several careers in tech with a decided systems and security skew.
I remember Runescape in particular. They applied such an escalating series of obfuscations to the client code and network protocol that we deployed things I now recognize as AST analysis and machine learning to work past them. These days, I really wonder what the view from the Jagex security team was like. Did they have fun constantly coming up with new challenges for bored teenagers?
From AutoRune scripts, to writing bots, to computer vision, all for one game. That turned into an obsession with an industry that had me move half way across the world to work on our own multiplayer virtual worlds.
The community was pretty active, and at one point I was building/hosting the most-used public bots/sites. I can imagine our paths crossed one-way or another at some point!
My contact info is in my profile, it would be cool to see if we ran into each other back then.
I started off writing SCAR scripts for Runescape and then got into development for the Aryan bot and private RS servers (if any of those ring any bells). I remember deobfuscation tools being consistently released and updated, but I left the runescape scene for warcraft before I could that far involved.
I have a friend who worked on anti-cheat technology for a very well known gaming company. He in fact started off selling hacks for said company and was hired to protect against them many years later. It was entertaining because part of his job was to maintain his old aliases and create new ones and frequent all the hacking forums and IRC channels to listen in on all the discussions. He would even sometimes contribute random information as part of his ruse. The best part is when his team would leave secret messages to hack developers (like in the byte patterns of the signature scans or embedded within the anti-cheat modules that were being mapped into memory). They had a great sense of humor and the hacking community picked up on it and loved it.
I think coming from our background and having to work in a security capacity like that would be fun as hell. It's very open-ended and like a never ending cat-and-mouse game. I'm sure the Jagex security team felt a similar drive back in the day.
I wasn't sued but paid for intellectual property counsel to examine how the Ninth Circuit ruling would translate across the US and they didn't exactly tell me to go ahead.
There are plenty of legitimate reasons to extend games, which is why WoW had LUA and many other games are at very least hooked into for parsing capabilities. These kinds of 3rd party parsers are in many cases not legal, so not openly marketable.
So for anyone considering a future for-profit project, hire a lawyer and review all those nasty agreements and see how the DMCA might come back to haunt you before you're too invested in it.
For anyone who's considering it for fun: Just understand that the time you spend on gamehacking probably won't result in a revenue-producing project. If you're looking to learn, gamehacking can teach you a lot about a variety of things like memory (address space/pointers/offsets), rendering, assembly code, geometric and pathfinding algorithms (Dijkstra/A*), pattern matching/signature scanning. Many of those things have real-world applications such as signature scanning for virus definitions. You'll get plenty of hexadecimal math practice. You can learn about DirectX or network traffic. You can have really enjoyable learning experiences working with games at a lower-than-intended level, but keep in mind that any time not learning is only about as well-spent as time playing video games... it's fun but incredibly addictive and they're already at "Pwn Adventure 3" so there's no end in sight!
So in other words I (or the OP) shall sell snake oil to developers? :-(
> Another useful thing could be to sell online c[o]urses about your knowledge.
Even providing real-life examples would probably be of very dubious legality. And building artificial examples would involve building, say, at least half of a game engine - lots of work for artificial, contrived examples. :-(
> And building artificial examples would involve building, say, at least half of a game engine
You could take an existing FOSS game engine, and alter it to have a particular vulnerability, so as to explain how such a vulnerability would then be found and exploited in the resulting product.
Perhaps the permalink to the current version will work:
Edit: yep works.
Wikipedia will also accept without any parameters so just adding an ampersand to the end should work:
We need more games like this!
It was also somewhat mitigated by the fact that the game was deployed on AWS instances just for that weekend and it was easy to bring up new instances any time we needed it, so someone cracking the server could certainly cause trouble, but there really wasn't any long-term damage they could do.
1) it's not a government server or data.
2) pretty sure they've authorized you to access the server.
3) see 1)
4) no fraud involved.
5) playing the game (as intended) is not causing damage.
6) no commerce involved.
7) no extortion involved.
Given that the explicit, stated purpose of these types of challenges (of which there are many, many other examples (https://ctftime.org/)) is to be backed, it'd be pretty weird to think someone could be charged under CFAA for it.
Some day i should do a writeup about the man in the middle thing i had to build to make this possible
Never thrust the client!
And in Minecraft it's not really a problem, because the game is more cooperative than competitive.
Anything comparable out today with a community?
Consider this: Imagine a fighting game which is unbalanced. 'Unbalanced', here, means that one character is so inherently better that using it is a victory condition in itself; maybe it can spam a really effective move without giving the opponent a chance to retaliate. Whatever the details, the person who chooses that character is guaranteed a victory assuming they play to win.
In that case, the community of people who play that game would effectively ban the character to make the game as it is played more balanced. Anyone who picks that character would be unable to find opponents, and everyone else would restrict themselves to the characters which offer both players a chance to win.
My point is, in that not-entirely-contrived scenario, doing something the game software allows is cheating because it is something the game community has agreed to be cheating. Cheating has little to do with what the un-hacked code allows. In fact, in this case, hacking the code to remove the unbalanced character (or, more likely, to make that character unavailable on the selection screen) would remove a possible cheat, making the hacked version less amenable to cheating.
David Sirlin wrote a book called "Playing To Win" which touches on a lot of what I just talked about. He was actually lead designer of Street Fighter HD Remix, Puzzle Fighter HD Remix, and Kongai: