I wrote a short blog post about my thought process on how I reverse engineer video games and build tools that enable me to do security testing on them. It’s a bit brief on purpose, as reading the code is expected. Let me know your thoughts and what would make it better.
Thanks for the write up! This is really interesting and a great piece of knowledge to have out there. Funnily it similar to mobile app reverse engineering workflows.
I love the briefness of your post. Your code and method are clearly conveyed.
Very interesting
"build tools that enable me to do security testing on them"
I gather you write cheat exploits... and if public... eventually the players account/GPU/IMEI risks getting permanently banned/flagged.
It is always easier to break something, than to build something stable. People may focus resources on better content, game-play, and performance. Or play wack-a-mole with hostile Desktop/Mobile users...
Thus, some folks won't ever patch exploits... just shadow-ban the users running them...
Have a nice day =3
As someone who does security testing for video game service backends, I benefit significantly from all the reverse engineering and tools the hobbyists and cheaters build, and always enjoy reading more stuff.
Yeah and you end up with one of the worst client-server architectures that RDR2 has.
"client-server architectures"
Actually, public-key-signed object-p2p exchange systems allow for all sorts of fun. Even if people fiddle with the state exchange, the time+last_event indices can flag lag switchers, and signature audits detect memory patchers...
My point was, one doesn't need to lock the door if you own a alligator farm. =3
I had a wonderful app MS-DOS resident (TSR) on my PC that when pressing a key would do a snapshot of the whole memory (or specific area) to disk, to a file. So if you play a game, and lose a live, or HP points, you keep on pressing this, and then there were tools to do the diff.
There was one game that was storing the lifes as actual text - Ninja or something....
So last year my son was hacking some games, and nowadays there is a similar tool too - also based on diffs - though with me back then it was only 640KB, and nowadays we are looking towards 8-16GB if not more!
Somehow this technique still works for some games, but with way more gotchas...
CheatEngine (80mb) is very widely used nowadays and does memory dumps and comparisons. A very useful tool not only for game reverse engineering.
That's a broad use of "nowadays", haha. Following step-by-step Cheat Engine tutorials to use game hacks (MapleStory and Gunbound) was my first brush with coding/system internals when I was a child. This must have been around 2006 and it was already the most popular tool back then, though I remember there were loads of forks to bypass what must have been primitive anticheat systems that scanned for whether Cheat Engine was running.
Used to do this in my childhood with save files. Save the game in Alone in the Dark, shoot the shotgun, save, shoot again, save, then proceed to look for the differences.
I remember using CWCheat on PSP in the WWE games to create my own custom modes, adding ladders to Royal Rumble etc. Great fun
>but since the game is built on Unity, it was relatively easy to bypass these restrictions and enable system proxies. There are many others that do il2cpp mod tutorials, and I recommend those, with the key part being hooking HttpClientHandler.SendAsync.
I could only find il2cpp tutorials that I could not get them to work. What is the non-il2cpp way? This should be a separate post and a new submission to HN.
Which il2cpp tutorial works?
> The game monetizes through pay-to-win microtransactions
IAP fests are not games. Let's start using "gacha" or something for them.
Addiction-based exploitation. Perhaps the word "garbage" applies well to it. Or in a good reality, "criminal".
From the end user perspective "let's game it out" is a must see YouTube channel.
It's really interesting to see people enjoying/more interested in breaking a game vs playing the game.
You should check out Tool-Assisted Speedruns om tasvideos.org, then. They use some of these techniques to do RNG manipulation, among other things, to improve game times.
[flagged]
In most cases, in the US, reverse engineering is not illegal.
[flagged]
Terms of service breaches are not typically a criminal manner in the USA. Perhaps it could be a civil matter if you create financial damages. Even in that area, the cases are usually decided in the courts on a case-by-case basis.
Generally, code is free speech, and the right to free speech protects this in America.
Are you under the belief that terms of service can dictate or supersede US law? Thankfully that is not the case.
My PC my choice.
Microsoft violated the NAP by forcing me to update and greying out the "remind me later" button.
You are free to not use their products, however.
why are you larping a lawyer, bro
[flagged]
In the third sentece of the piece, it says:
> "This exploration is purely for educational purposes."
for the hell of it?
and even if it was unethical, unethical !== illegal.
[flagged]
This is overly defensive. They never said that Unity was the only engine that exposes intermediate code, just that it was an attack vector because the game was built with Unity. It's a perfectly valid thing to point out. You didn't come to the defence of Lua just because they decompiled some Lua scripts.
Brand new account + strange overreaction = maybe bot?