Presentation is loading. Please wait.

Presentation is loading. Please wait.

Swords and shields: A study of Mobile Game Hacks and existing defenses

Published byDoreen Sanders Modified over 6 years ago

Similar presentations

Presentation on theme: "Swords and shields: A study of Mobile Game Hacks and existing defenses"— Presentation transcript:

1 Swords and shields: A study of Mobile Game Hacks and existing defenses
INTRODUCTION LANDSCAPE MOTIVATIONS HACKING TOOLS INEXPERIENCED USERS GENERAL TOOLS SPECIFIC TOOLS ANALYSIS TECHNIQUES TRAFFIC ANALYSIS DECOMPILERS DEBUGGERS PROTECTION MEASURES LOCAL RESOURCES NETWORK OBFUSCATION NATIVE CODE COMPILATION CLIENT-SERVER SYNC STUDY RESULTS CRITICISMS PROS CONS Swords and shields: A study of Mobile Game Hacks and existing defenses Presented by Jarrod van den heuvel Hi Im jarrod an I will be presenting SWORDS and Shields: A study of mobile game hacks an dexisting defences.

2 Introduction Landscape
Recently the mobile game industry has boomed with 41% of video games being mobile in 2015 Overall revenue for mobile games in 2015 is $34.8 billion – that is 85% of mobile app revenue Mobile games can make money in various ways: Advertisement, microtransactions, purchasing the app etc. Dean Takahashi. Mobile games hit 34.8B in mobile-games-hit-34-8b-in-2015-taking-85-of-all-app-revenues/. SuperData Research. Worldwide digital games market. us-digital-games-market/.

3 Introduction Motivations
Microtransactions allow a the user to purchase in game items using real money. Mobile games allow users to compete – PVP or High Scores. These parts of the game should be secure otherwise: Players stop using the app Developers lose profits The study analyses the top 100 mobile games from the android store in order to identify vulnerabilities to show how apps can improve their protection measures. Microtransaction – Microtransactions are a business model that apps employ in order to make money by allowing the user to purchase items in game with real money to help them perform better in the game. Mobile Games allow users to compete with each other in various ways ranging from simply having a high scores leaderboard to players competing with each other directly where their actions affect the other players actions. These are the most import parts of mobile games that should be secure – When hackers can falsify their scores or hack the game to give them an edge over their opponent this can deter legitimate users from using the app. This will negatively affect the developers profits. If hackers are able to attain paid items for free, this will also impact the developers profits.

4 HACKING TOOLS – INEXPERIENCED USERS
There are two types of hacking tools in which users don’t require prior experience with hacking and programming in order to use. These are: general hacking tools and specific hacking tools. GENERAL HACKING TOOLS These are not game specific and can be categorized into memory editing and local file editing tools Memory Editing – GameKiller, GameCIH, GameGuardian – Search for the addresses of sensitive variables (High Score) and modify them during gameplay. Local File Editing – CheatDroid – Allow user to check local files to view and edit sensitive variables There are two types of hacking tools in which users don’t require prior experience with hacking and programming in order to use. They are general hacking tools and specific hacking tools. General hacking tools are flexible and can be used in a variety of games with the purpose of modifying in game variables to suit what the user wants. They can be categorized into memory editing tools and local file editing tools Memory Editing tools work in a way such that the user provides a value of a sensitive variable such as their score so the tool can determine the candidate addresses – they then play the game for a bit while the tool narrows down and eventually locates the address of their score. Once the address is located the user can edit it to whatever they want in memory File Editing tools allow the user to look into local files for the game and edit sensitive variables there.

5 HACKING TOOLS – INEXPERIENCED USERS
GENERAL HACKING TOOLS – GameKiller New Coins Initial Coins

6 HACKING TOOLS – INEXPERIENCED USERS
SPECIFIC HACKING TOOLS These are tools designed for specific games developed by skilful hackers Xmodgames provides modified versions of popular games. These mods are repackaged mobile games without protections. Users can install these games and enjoy benefits they otherwise would not have Specific hacking tools are tools designed for specific games developed by skilful hackers. One such tool is xmodgames which provides modified versions of popular games. These are repackaged versions of the original games except the protections have been removed. The user can then install these games and enjoy the benefits of the game with the protections removed

7 HACKING TOOLS – ANALYSIS TECHNIQUES
TRAFFIC ANALYSIS Used when sensitive information such as scores are being sent over a network Attackers can use HTTP proxies to intercept, view and edit data being sent over a network before it reaches its destination server. Can change your score before it reaches the server. Problems that might arise when using a proxy tool: App bypasses the global proxy settings Traffic may be encoded Traffic contains advertisement and analytics that’s needs filtering out Analysis techniques are used by hackers who are more experienced with hacking methods and have a better understanding of software. Traffic analysis can be used effectively when sensitive data is being sent over a network, this is because attackers can set up an HTTP proxy to intercept and edit sensitive variables in the traffic before they reach the server. Hackers using proxies may face some issue when doing this The app could bypass the global proxy settings in which case they would have to somehow force the app to use the proxy The traffic being sent may be encoded so the hacker would have to decode this info before using it The traffic may contain ads and analytics that could clutter the traffic and make it less understandable – hacker should find a way to filter out this data.

8 HACKING TOOLS – ANALYSIS TECHNIQUES
DECOMPILERS & DEBUGGING TOOLS These can be used in order to understand the logic of an app. Existing decompiling tools – dex2jar, ILSpy, JD-GUI – Enable the hacker to decompile the code and analyse its logic. Debugging tools such as GDB can help the attacker to perform dynamic analysis to figure out the logic at runtime. Attackers can use the results of static and dynamic analysis to determine the games protections and then bypass them. Decompilers and Debugging tools are used to perform static and dynamic analysis on an app. There are existing decompilers which can be used to decompile the code in order to view the source code to understand its logic. There are also debugging tools which can analyse the code at runtime to figure out logic that couldn’t be determined using a decompiler. Attackers can use these tools to figure out the protections that an app uses so that they can bypass these protections more easily.

9 Protection Measures – LOCAL RESOURCE PROTECTION
Basic Memory Protection This is to encrypt local variables Stops general hacking tools from searching for variables by value Local File Protection This is to encrypt variables before saving them to files or even encrypting the entire file Stops hackers from editing the variables in the local files (could be save game data) Both of the above protections must be implemented to ensure local resource protection There are two types of protections that need to be implemented to achieve local resource protection – Basic Memory Protection and Local File Protection. This protects against general hacking tools that were mentioned earlier. Basic memory protection involves the encryption of local variables in order to prevent general hacking tools such as game killer from searching for a variable in memory based on the variables value since the value in game that the user would initially provide to the tool wont match its value in memory. Local file protection is similar in that it involves encryption however the encryption occurs in local files like saved game data. Variables can be encrypted before being saved or the entire save file could be encrypted. This prevents hackers from opening the save file in an editor and changing the variable values as they will be invalid when they get decrypted. Both local file and basic memory protection should be implemented to ensure local resource protection – only implementing one without the other would be pointless and too trivial to break.

10 Protection Measures – Network Protection
Basic HTTPS – This allows the user to send encoded data over a network. It is vulnerable to HTTPS proxies however. HTTPS with Additional Protections Certificate pinning for HTTPS to block unauthorized users and to encrypt payload Maintain hardcoded certificate list in apk Message Signing – An app can sign its messages being sent over a network with a signing key Custom Communication Protocol – The app uses a non standard protocol for sending data over a network Basic HTTPS is fairly weak – it provides a layer of encoding to messages being passed over a network – these can easily be intercepted and edited by HTTPS proxies HTTPS with additional protections is more effective for protecting against proxy attacks – One option is to pin certificates to the HTTPS and block unauthorized certificates as well as using it to encrypt the payload Another option is to maintain a server certificate list in the apk and refuse communication with any other servers(proxies) that don’t have one of the stored certificates. Message signing - an app can sign the messages that it sends over a network using a key to prevent a proxy from being able to make changes to the data being sent that will be accepted. The vulnerability in this is that once the signing key can be determined by the hacker then they will be able to sign changes they make to the data correctly so it will be accepted. Custom Communication Protocol – Some apps use a non standard non HTTP protocol for sending data over a network – the developers can choose the message format and the encoding type so that HTTPS proxies wont be able to interpret the data packets sent.

11 Protection Measures – OBFUSCATION & NATIVE CODE COMPILATION
The purpose of obfuscation is to make decompiled code hard to understand by making its logic hard to follow using different techniques: Class and Variable name obfuscation Dynamic Library downloading NATIVE CODE COMPILATION This is another technique for making decompiled code hard to understand. Most compile time information is lost. Obfuscation and native code compilation are used for the purpose of making decompiled code harder to understand so that a hacker needs to put much more effort into manipulating the game code for their purposes. It also helps make data sent over networks harder to understand. Obfuscation is when the game code is made more sophisticated and less human readable using a number of techniques. These include: Naming classes and variables in such a way that their names don’t give away their purpose in the code. Downloading libraries at runtime so that hackers don’t know from looking at the decompiled code that they are using certain libraries unless they find the point in the code that downloads these libraries. Native code compilation is another way to make decompiled code harder to understand. Java is a very easy decompile language however code can also be compiled into native code so that variable names and types are lost. Native code is much harder to convert to source code.

12 Protection Measures – CLIENT-SERVER SYNC
Client-Server Synchronization is the strongest and most expensive protection method for mobile games Partial Client-Server Sync Some computations are performed on the server side and the client is left to do some computations. Can be vulnerable if a game for example still does score calculations on the client side – the game could still be hacked Full Client-Server Sync This is the most secure protection for mobile games - all computations are done server side. The client is essentially just a renderer. Client server synchronisation is the strongest protection method for mobile games but is also the most expensive. It is very secure as the games logic is done server side so the hacker does not have access to the code on the server and the client must be synchronized with the server in order to be validated. This is the most expensive protection measure since at least one server is required to be maintained for the game to work. Partial Client-Server sync is when not all computations are done on the server side and the client is left to perform some computations. A vulnerability here is if a game is still calculating the score on the client side then the clients game can be hacked to change that score illegally without the server knowing. Full client server sync is the most secure protection for mobile games as all computations are done on the server side and the client is essentially just a renderer of the data computed on the server based on client inputs. An example of this is first person shooter games where all the players have to join a server.

13 STUDY RESULTS - Summary
Of the top 100 mobile games in the app store – 77 were able to be hacked successfully. The study created a categorization to rank the apps in terms of their protection strength. Of the top 100 mobiles games in the google play store, the researchers were able to successfully hack 77 of the mobile games. After doing this they developed a 5 level protection strength categorization for all of the apps they attempted to hacks – these levels are further explained in the next slide The table is a summary of the different types of protections and development platforms the mobile games used where the numbers are the IDs of the mobile games from 1 to 100.

14 STUDY RESULTS – The 5 levels of protection
LEVEL 1 – This is the lowest level of protection. General tools can be used to hack these games as they don’t implement local resource protection properly. (52/52) LEVEL 2 – Able to resist general hacking tools – vulnerable to traffic analysis. (13/13) LEVEL 3 – Can resist traffic analysis – requires decompilation to understand. (5/5) LEVEL 4 – Requires manual debugging to hack. (8/13) LEVEL 5 – Invulnerable – Uses full Client-Server synchronization. (0/18) Level one is the lowest level of protection – apps in this level had no local resource protections or local resource protections that weren’t implemented correctly meaning general hacking tools could be used and that any other protection measures used do not matter. 52 of the apps studied were in this level and all were successfully hacked. Level two is stronger than level one as it implements local resource protection or partial client server synchronization. However it is still vulnerable to being hacked using traffic analysis. 13 games were in level 2 and all were successfully hacked. Level three games at this level can resist traffic analysis using the techniques explained for network protection. Games at this level need to be decompiled to understand the logic in order to find a way to get around the network protection techniques used. 5 games used this protection and all 5 were hacked Level four Games at level four required both decompilation and then manual debugging(dynamic analysis) in order to understand logic and figure out things like keys used for signing. 13 games were at this level and 8 were successfully hacked. Level five Games at this level were considered invulnerable to hacking and they all implemented full client-server synchronization. 18 games were at this level and none were able to be hacked.

15 STUDY RESULTS – The 5 levels of protection
Level one is the lowest level of protection – apps in this level had no local resource protections or local resource protections that weren’t implemented correctly meaning general hacking tools could be used and that any other protection measures used do not matter. 52 of the apps studied were in this level and all were successfully hacked. Level two is stronger than level one as it implements local resource protection or partial client server synchronization. However it is still vulnerable to being hacked using traffic analysis. 13 games were in level 2 and all were successfully hacked. Level three games at this level can resist traffic analysis using the techniques explained for network protection. Games at this level need to be decompiled to understand the logic in order to find a way to get around the network protection techniques used Level four Games at level four required both decompilation and then manual debugging(dynamic analysis) in order to understand logic and figure out things like keys used for signing. 13 games were at this level and 8 were successfully hacked. Level five Games at this level were considered invulnerable to hacking and they all implemented full client-server synchronization. 18 games were at this level and none were able to be hacked.

16 CRITICISMS - PROS Those doing the study are clearly experts in their field Their study results will help developers to improve their mobile game security A high number of apps were tested – statistically meaningful results can be obtained Those who carried out the study are clearly experts in their field and were able to successfully hack most of the games as well as offering interesting explanations as to how they hacked the games. Their study results are useful as they can be used by developers to help make their mobile games more secure. Because a high number of apps were tested (100) the results of the study are statistically meaningful and give a more accurate representation of the mobile game markets security.

17 CRITICISMS - CONS There was no analysis of iOS games
There was no comparison with PC game protections Of the games that weren’t level 5, 5 apps couldn’t be hacked – no explanation The researchers did not mention hacking techniques once for iOS apps so the study is not as useful for iOS app developers There was no comparison of mobile protections to protections used on PC games like anti cheat tools such as punkbuster and Valves anti cheat engine OF the games that weren’t considered invulnerable there were 5 apps that weren’t successfully hacked and there was no explanation of why.

18 CRITICISMS – PRO AND CON
While it is good that real world examples of mobile games were used this is also bad - no mention of developers being contacted before study was released While it is good that real world examples of mobile games were used. This is also a bad thing as there was no mention of the developers being contacted before the researchers released the study results. This highlights the vulnerabilities in the apps. Hackers could use these results to hack the games tested easily. Overall the study helps developers to protect against hackers but also it inadvertently teaches people how to hack mobile games as well.

19 THANKYOU FOR LISTENING Any QUESTIONS?
While it is good that real world examples of mobile games were used. This is also a bad thing as there was no mention of the developers being contacted before the researchers released the study results which highlight the vulnerabilities in the apps. Hackers could use these results to hack the games tested easily. Overall the study helps developers to protect against hackers but also it inadvertently teaches people how to hack mobile games as well.

Download ppt "Swords and shields: A study of Mobile Game Hacks and existing defenses"

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Online Game Security - Quake III and its Hacks - (related paper: A Systematic Classification of Cheating in Online Games, Jeff Yanand and Brian Randell.

Online Game Security - Quake III and its Hacks - (related paper: A Systematic Classification of Cheating in Online Games, Jeff Yanand and Brian Randell.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Object Oriented Databases by Adam Stevenson. Object Databases Became commercially popular in mid 1990’s Became commercially popular in mid 1990’s You.

Object Oriented Databases by Adam Stevenson. Object Databases Became commercially popular in mid 1990’s Became commercially popular in mid 1990’s You.
Introduction www.kalmstrom.com With TimeCard users can tag SharePoint events with information that converts them into time sheets. This way they can report.

Introduction With TimeCard users can tag SharePoint events with information that converts them into time sheets. This way they can report.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Outline Overview Video Format Conversion Connection with An authentication Streaming media Transferring media.

Outline Overview Video Format Conversion Connection with An authentication Streaming media Transferring media.
POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.

POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Making Good Code AKA: So, You Wrote Some Code. Now What? Ray Haggerty July 23, 2015.

Making Good Code AKA: So, You Wrote Some Code. Now What? Ray Haggerty July 23, 2015.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.

Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.
Authentication 802.11 has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Information Systems Design and Development Security Precautions Computing Science.

Information Systems Design and Development Security Precautions Computing Science.
Cheaters Gonna Cheat Battling Fake High Scores Nataly Eliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015.

Cheaters Gonna Cheat Battling Fake High Scores Nataly Eliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015.
Benefits of Mobile Responsive Website Design https://www.bluesoap.com.au.

Benefits of Mobile Responsive Website Design
What mobile ads know about mobile users

What mobile ads know about mobile users

Similar presentations

Ads by Google