Ведущие: Роман Казанцев, Максим Вафин и Андрей Сомсиков
Разработка чит-кодов к различным сетевым играм со временем превратилась в прибыльный бизнес. С помощью внедренных чит-кодов можно анализировать данные памяти и собирать статистику об игроках. На примерах из игры Unreal Tournament 4 докладчики расскажут о методах борьбы с подобным читерством, основанных на запутывании кода.
2. 2
Why do People Love Cheating in Online Games?
Have a fun;
Become a gamestar;
Earn money;
Love freebie.
3. 3
Game publishers can loose their fans and
subscribers (~subscription fee);
eSport organizations (tournaments) …
Newcomers never return to busy-cheat
game;
Gamers want a fair play.
Motivations to fight with cheating?
4. 4
3D-Skins to Display of Tank Modules;
Removal of trees, leaves and bushes or
change transparency (see on the
pictures);
Script for automated use of manually
activated equipment.
Cheating in World of Tanks
5. Cheating in Dota 2
5
Script that automatically explodes the
exact number of mines to kill.
6. Cheating in Call of Duty
6
Aimbot that automatically points a
weapon to a target;
2D/3D radars that are useful to monitor
locations of insight and hidden
opponents to be ready to shooting;
7. “If you are from the
following list you may
not access this website”
Terms of service
Who are the Light Side?
7
8. Scan for cheat activity
Detect Dll injection
Anti debug measures
etc.
Replay game on server
Workaround anti-cheat
Hide DLL injection
Ring 0 tricks
…
“Visual” cheats
Cheat less but efficient
Catch Me if You Can
8
10. Server-side Anti-cheat. Are they worth?
Looks smart:
Track player statistics
Replicate playback on server
… But no access to game client:
Cheat smart, do not cross the line
Render the game you need
False-positive bans => dissatisfaction
11. Local Anti-cheat
Looks powerful:
Scans kernel
Pretend to be an anti-virus
Take screen pictures and send them away
That scares not only Me
User privacy is the main issue
12. Hacks local game copy, do not work on
multiplayer games.
What it does:
Search for values in the memory
Change or/and freeze found values
Examples:
Artmoney
Cheat Engine
Game Guardian (Android)
Simple Cheating Technique
12
13. What it does:
Shows to player things he
must not see (for example
other players, pickups
locations)
Helps player to aim, to
trigger, to move
Advanced Cheating Technique
PickUps Enemy insight Hidden enemy2D radar
HealthBounds
Distance
Head
Name
13
14. Process Monitor and IDA Pro
Cheat uses anti-debug and it shut downs after it notices Process Monitor
Cheat is obfuscated and IDA Pro was not helpful
14
15. Could not find WinAPI
functions cheat uses to inject
itself.
Only the fact that cheat gets
direct access to kernel32.dll
API Monitor
15
17. Appeared differences are in
relocation sections only. It is
normal for any application
and do not reveal the fact
that memory is hacked.
HEX Analysis of Memory Dumps
17
18. How It Works?
Uses DLL injection to run its code
within the address space of game
process.
One part of the cheat running in a
process separate from the game injects
code into the game process and
creates a new thread to execute the
injected code.
Step 1
AttachCheat process Game code and data
Allocate MemoryCheat process Game code and data
Copy codeCheat process Game code and data
Injected cheat code
ExecuteCheat process Game code and data
Injected cheat code
Game code and data
Cheat Thread
Step 2
Step 3
Step 4
18
19. Protection Idea A
Sign non-writable memory of the game and check its integrity during runtime.
Have not worked, cheat have not modified the memory that we signed.
19
21. Encrypted Information
Minimum data to encrypt:
Camera coordinates (x, y, z) of the player
Additional data that was encrypted:
Camera coordinates and rotation of all players
Health of all players
Names of all players
Bounds of all players
21
22. We Got Banned
Cheat has Terms Of Use, where it is stated that you can not try to use your
account to hack cheat, which we were doing. Here is extract of that Terms Of
Use:
22
23. 23
Protects games against a simple cheat.
How anti-cheat works:
1. Function working with critical data
requests trusted authentication module
to update or verify signed data;
2. Trusted authentication module verifies
by what function is it called to update or
verify signed data;
3. The authentication module updates data
along with signature or verifies data
integrity using a key.
Data Integrity Verification Based Anti-cheat
Key
Game
Signed
data
Data
Trusted Integrity
Verification Module
obfuscated
Key
24. 24
Protects games against simple and
advanced cheats.
How anti-cheat works:
1. Function working with critical data
requests trusted encryption module to
encrypt or decrypt data;
2. Trusted encryption module verifies by
what function is it called;
3. The encryption module encrypts or
decrypts data using a key.
Data Encryption Based Anti-cheat
Key
Game
Encrypted
data
Data
Trusted Encryption
Module
obfuscated
Key
25. 25
Pros and Cons of our Anti-cheat
Pros:
Triggers no false positives;
Has no conflicts with anti-virus software;
Does not affect user privacy;
Cons:
Requires code refactoring.
26. Back to Future
SW measures are only piece in a puzzle
HW-based protections become available
Superior robustness
… but gamers care of HW for graphics, not for anti-cheat
Cheat resistant game engines
26