Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Defense Against
the Dark Arts of
Mobile Game
Hacking
James Ahn
Founder and CEO
INKA Entworks, Inc.
About Me
• Founder and CEO of INKA Entworks
• 17+ Years contents security experts
• Inventor of DRM interoperability
• Wor...
About INKA and AppSealing
• Founded in 2000, HQ in Seoul and office in Mumbai and USA (2018)
• Leading DRM tech. company w...
Today we will discuss
1. Landscape of Mobile Game Black Ecosystem and its impact
2. Hacking technologies
3. Technical guid...
Mobile Game Black Ecosystem
• Cheating app developers/publishers
• 100+ cheating apps being used
• 80% from China
• Profes...
Modding Service
6
On Demand Repository
Service • On-demand modding
• Paid service (20-30$)
• modded games repository
• Fre...
In-Game Currency Hacking Service
• Process
• Access mobile url
• Name/email
• Start hacking
• Human authorization
• Mobile...
Copycat/Clone Games : Clash Royale
8
Copycat/Clone Games : Lilith vs uCool
9
Hacked Western Game in China
10
360 Mobile Assistant Games Front Page
Source: Oniix
Hacking Preference by Genre
11
Source: AppSealing.com
Top 10 Cheating Tools
12
Source: AppSealing.com
Hacking Methods
13
Source: AppSealing.com
Damage Of Mobile Game Black Ecosystem
• Game balance disruption
• Lost monetization
• Lowered ratings & downloads
• Exodus...
Results of Anti-Hacking Incorporation
15
RPG RPG
RPG RPG Action Casual
Shooting Casual
Casual RPG ActionRPG
Source: AppSea...
How Mobile Games Are Hacked
16
Start Run game Debugging
Analyze action and log
message
Alter code
and make mod
Analyze cod...
Reversing Tools (Decompile & Tampering)
17
JADX-GUI
JD-GUI
DEX (or JAVA)
dnSpy
.NET Reflector
(/w reflexil)
ILSpy
DLL (or ...
Defending Against Hacking and Cheating Tools
• Anti-debugging and anti-tampering
• Compiling option to hide symbols
• Chec...
Google’s Guidance
• Best practice for secure IAB from Google
• http://developer.android.com/google/play/billing/billing_be...
Summary
• Legitimate (especially paying) players prefer fair competition
• Hacking is not only a matter of revenue loss bu...
21
Thank you !
James Ahn (james@inka.co.kr)
CEO/ INKA Entworks, AppSealing
https://www.appsealing.com
Upcoming SlideShare
Loading in …5
×

of

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 1 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 2 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 3 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 4 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 5 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 6 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 7 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 8 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 9 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 10 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 11 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 12 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 13 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 14 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 15 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 16 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 17 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 18 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 19 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 20 Mobile Game Hacking: Defense Against the Dark Arts | James Ahn Slide 21
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

2 Likes

Share

Download to read offline

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

Download to read offline

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

  1. 1. Defense Against the Dark Arts of Mobile Game Hacking James Ahn Founder and CEO INKA Entworks, Inc.
  2. 2. About Me • Founder and CEO of INKA Entworks • 17+ Years contents security experts • Inventor of DRM interoperability • Worked as board member of DMP • CEO of AppSealing service 2
  3. 3. About INKA and AppSealing • Founded in 2000, HQ in Seoul and office in Mumbai and USA (2018) • Leading DRM tech. company with 200+ clients and partners worldwide • AppSealing : subsidiary launched 2015, providing mobile app security SaaS • Currently 100+ mobile games being protected 3
  4. 4. Today we will discuss 1. Landscape of Mobile Game Black Ecosystem and its impact 2. Hacking technologies 3. Technical guidance to prevent hacking 4
  5. 5. Mobile Game Black Ecosystem • Cheating app developers/publishers • 100+ cheating apps being used • 80% from China • Professional hacking service • On-demand modding service (VIP) • Repository for modded games • In-game currency hacking service • Copycat/Clone games 5
  6. 6. Modding Service 6 On Demand Repository Service • On-demand modding • Paid service (20-30$) • modded games repository • Free download Business Model • Monthly subscription • Online Ad • Free to download • Online Ad Providers • androidrepublic.org (226 modded games) • sbenny.com • androidthaimod.com • ACMarket • Hackerbot • Modsapk.com (3,695 games) • revdl.com • modapkdown.com • apkdlmod.com • apklover.net
  7. 7. In-Game Currency Hacking Service • Process • Access mobile url • Name/email • Start hacking • Human authorization • Mobile games download • No rooting needed • BM : Ad based service • Providers • cheatmyway.com • apkcare.com • cheatstrick.com 7
  8. 8. Copycat/Clone Games : Clash Royale 8
  9. 9. Copycat/Clone Games : Lilith vs uCool 9
  10. 10. Hacked Western Game in China 10 360 Mobile Assistant Games Front Page Source: Oniix
  11. 11. Hacking Preference by Genre 11 Source: AppSealing.com
  12. 12. Top 10 Cheating Tools 12 Source: AppSealing.com
  13. 13. Hacking Methods 13 Source: AppSealing.com
  14. 14. Damage Of Mobile Game Black Ecosystem • Game balance disruption • Lost monetization • Lowered ratings & downloads • Exodus of free & paying users • Shortened game lifecycle • Competition with copycat/clone games 14
  15. 15. Results of Anti-Hacking Incorporation 15 RPG RPG RPG RPG Action Casual Shooting Casual Casual RPG ActionRPG Source: AppSealing.com
  16. 16. How Mobile Games Are Hacked 16 Start Run game Debugging Analyze action and log message Alter code and make mod Analyze code Dump memory Hook API DecompilingUnpack APK
  17. 17. Reversing Tools (Decompile & Tampering) 17 JADX-GUI JD-GUI DEX (or JAVA) dnSpy .NET Reflector (/w reflexil) ILSpy DLL (or IL) IDA (/w Hex-Rays) Shared Object APK Unpack/Pack APKTool
  18. 18. Defending Against Hacking and Cheating Tools • Anti-debugging and anti-tampering • Compiling option to hide symbols • Check APK signature/hash value of “classes.dex”, native libraries • Obfuscation • Proguard, Dexguard, Crypto obfuscator etc., • Obfuscation can be reversed • Hide value/data of variables • Encode data with base64 • Separate variables into “for store” and “for display” • Encrypt data on the device • Best practice is not to store data on the device • If needed, encrypt data stored on the device • Cheating Tools • Set blacklist of cheating tools, and detect while game is running • Use HTTPS for server and client communication 18
  19. 19. Google’s Guidance • Best practice for secure IAB from Google • http://developer.android.com/google/play/billing/billing_best_practices.html • LVL (Licensing Verification Library) • https://developer.android.com/google/play/licensing/index.html 19
  20. 20. Summary • Legitimate (especially paying) players prefer fair competition • Hacking is not only a matter of revenue loss but affects entire life cycle of the game • User acquisition cost VS Hacking prevention cost • Basic anti-hacking technical measures help somewhat • Consider a robust professional app security solution 20
  21. 21. 21 Thank you ! James Ahn (james@inka.co.kr) CEO/ INKA Entworks, AppSealing https://www.appsealing.com
  • DhruvRana16

    Apr. 17, 2020
  • alexandersalas1

    Mar. 1, 2020

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

Views

Total views

1,330

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

4

Shares

0

Comments

0

Likes

2

×