Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[DevDay 2016] Anti hacking on game development - Speaker: Khanh Le – Programmer Project Lead at Gameloft

412 views

Published on

In our time, games are no longer just for entertainment, it’s a real bombing industry. If gamers are willing to invest their time and money in those leaderboards, they want security for their investment. They would not want to be kicked out by hackers who don’t spend time or money to play. That is why it’s crucial for game producers to take the matter of security more serious, in order to keep their customers in the game longer.

Come and join us to discover advanced techniques to protect your game from hacking.

———

Speaker: Khanh Le – Programmer Project Lead at Gameloft

Published in: Software
  • Be the first to comment

[DevDay 2016] Anti hacking on game development - Speaker: Khanh Le – Programmer Project Lead at Gameloft

  1. 1. 1 Anti HackingAnti Hacking By Le Van Khanh
  2. 2. 2 BSA GLOBAL SOFTWARE SURVEY June 2014
  3. 3. 3
  4. 4. 4 “Hacking vs Anti-hacking is the never-ending war”
  5. 5. 5 We focus on programming solution
  6. 6. 6
  7. 7. 7
  8. 8. Reverse Engineering 8  Any programming languages / any platforms can be attacked by Reverse Engineering  The most common targets are bypass license, cheat values in game Solutions:  Any text visible to user should be encrypted  Strings/text should be load from encrypted files instead of assign directly in your code  Avoid log printing if it was not necessary
  9. 9. 9
  10. 10. 10
  11. 11. 11
  12. 12. Memory attack 12  Buffer overflow attack  Memory Value Editing Solutions:  Control input carefully  Any critical value should be encrypted
  13. 13. 13
  14. 14. 14
  15. 15. Network communication attack 15  Many tools allow us analysis network packet (Wireshark, Cytoscape,...)  Hackers can use it to extract information transmitted from your application  They can also simulate the destination / the responses to your application Solutions:  Encrypt your packets  Using SSO
  16. 16. 16 queryString = "username=xxxx&passworld=yyyy"; Instead of plain text encryptedQuery = "p=" + encode(queryString) + "&encrypted=1"; hash = sha256_hash(queryString); secureQuery = "p=" + encode(queryString) + "&encrypted=1&h="+ hash ; We use encrypted query string or more secure than
  17. 17. Single sign-on (SSO) 17
  18. 18. { "data": { "app_id": 138483919580948, "application": "Social Cafe", "expires_at": 1352419328, "is_valid": true, "issued_at": 1347235328, "metadata": { "sso": "iphone-safari" }, "scopes": [ "email", "publish_actions" ], "user_id": 1207059 } } 18
  19. 19. Other attack techniques 19  SQL injection  Save Game Editing  Time Hack  De-Compilation  …
  20. 20. Hacking Detection 20  Use the hash used (MD5,SHA256,...) to verify your code/library/execute files (*.dylib, *.so, *.exe)  Tracking your user’s process/data to detect unexpected changes
  21. 21. Thanks for your attention! 21 Thanks for your attention!

×