Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cheaters Gonna Cheat Battling Fake High Scores Nataly Eliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015.

Published byLawrence Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "Cheaters Gonna Cheat Battling Fake High Scores Nataly Eliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015."— Presentation transcript:

1 Cheaters Gonna Cheat Battling Fake High Scores Nataly Eliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

2 Intro – About Me Freelance Game Developer (NatalyCreates) Indie Card Game and Video Game Designer Technological Unit Army Service Background in Security and Reverse Engineering nataly@natalycreates.com CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

3 What we’ll talk about Back and forth between developer and hacker Approaches and considerations for the developer Think like a hacker CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

4 Step 1 – Naive Score Saving Developer POV Save the score locally Use Player Preferences Hacker POV Rooted phone Use tool – Player Preferences Editor CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

5 Edit Preferences CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

6 Step 2 – Manipulate the Score Developer POV Encode the score (base64 / hex / custom encoding) Math manipulations Hacker POV Blackboxing Guessing Find the Pattern CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

7 Step 3 – Encrypt the Score Developer POV Encode the score (base64) Encrypt the score with a secret key (a string) Also: use an obfuscator on the compiled apk Hacker POV Decompile the apk, rename functions and organize code Find the encryption code to see which algorithms is used Find the string for the encryption key Decrypt and encrypt your own scores CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

8 Decompile APK CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

9 Decompile APK CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

10 Decompile APK CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

11 Step 4 – Non-standard encryption Developer POV Encode the score (base64) Encrypt the score with a secret key (a string) Change the code of the encryption function to non standard implementation Hacker POV Previous method fails! Score isn’t saved correctly with your script Read the encryption code Look for the differences from the standard implementation Alternative – use dynamic debugging CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

12 Step 5 – Server side Developer POV Encode the score (base64) Call a function on the server to encrypt and decrypt the score Secret key is no longer in the apk Always Online issue! Hacker POV Attack the server, look for loopholes Alternative - Use dynamic debugging, change the score in memory before it’s sent to the server CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

13 The Heuristics Approach Recognize suspicious scores Is the score possible in the amount of time the player played? Patterns in the score (apple = 5 points, banana = 3 points) Send constant updates on player status in the game CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

14 To Sum Up With enough determination, the hacker will always win But - if cheating at your game is really hard, most people won’t bother Going always online helps make it much harder to cheat, but at a cost for the majority of players Choose the most cost-effective solution depending on your game CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

15 Questions? Contact me: nataly@natalycreates.comnataly@natalycreates.com Facebook: Nataly Eliyahu Twitter: @NatalyEliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015

Download ppt "Cheaters Gonna Cheat Battling Fake High Scores Nataly Eliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015."

Similar presentations

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.
FUTURICE. FUTURICE: 3 TOPICS Mikko Viikari 2007-09-18.

FUTURICE. FUTURICE: 3 TOPICS Mikko Viikari
Cheat-Proof Playout for Centralized and Distributed Online Games By Nathaniel Baughman and Brian Levine (danny perry)

Cheat-Proof Playout for Centralized and Distributed Online Games By Nathaniel Baughman and Brian Levine (danny perry)
Intro to Quantum Cryptography Algorithms Andrew Hamel EECS 598 Quantum Computing FALL 2001.

Intro to Quantum Cryptography Algorithms Andrew Hamel EECS 598 Quantum Computing FALL 2001.
Anti-Cheating Mechanisms for Computer Games Michael Rudolph Jason Cook.

Anti-Cheating Mechanisms for Computer Games Michael Rudolph Jason Cook.
Computer Science 101 Data Encryption And Computer Networks.

Computer Science 101 Data Encryption And Computer Networks.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
Web Site Manual. The LDYSL Web Site Overview The LDYSL will rely extensively on their web site to operate We need all teams to play their part in keeping.

Web Site Manual. The LDYSL Web Site Overview The LDYSL will rely extensively on their web site to operate We need all teams to play their part in keeping.
Department of Computer Science University of the West Indies.

Department of Computer Science University of the West Indies.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.

Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
Video Streaming in Flash CSCI 4220 – Network Programming Kacper Harabasz.

Video Streaming in Flash CSCI 4220 – Network Programming Kacper Harabasz.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
Secure Poker Post PC project 2002. Motivation Games have been pushing computer industry Many people carry gadgets, but hardly a pack of cards. (even during.

Secure Poker Post PC project Motivation Games have been pushing computer industry Many people carry gadgets, but hardly a pack of cards. (even during.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.

Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.
Introduction to HASP ® Software DRM Solutions, Products, Benefits All Rights Reserved © 2005. Aladdin Knowledge Systems.

Introduction to HASP ® Software DRM Solutions, Products, Benefits All Rights Reserved © Aladdin Knowledge Systems.

Similar presentations

Ads by Google