220 likes | 234 Views
Online Game Security - Quake III and its Hacks -. (related paper: A Systematic Classification of Cheating in Online Games , Jeff Yanand and Brian Randell. Submitted 2004) Speaker: S. F. Yeung. Flow of this Presentation. What is Game Hacks? How do Hacks Work? What can Hacks Do?
E N D
Online Game Security- Quake III and its Hacks - (related paper: A Systematic Classification of Cheating in Online Games, Jeff Yanand and Brian Randell. Submitted 2004) Speaker: S. F. Yeung
Flow of this Presentation • What is Game Hacks? • How do Hacks Work? • What can Hacks Do? • How to Fight Against Them? • How Hackers Fight back ? • So, What’s Now? • Possible Solutions
What is Game Hacks (or cheats)? • A program that alters a game’s performance • Enhancing the abilities of the hacker (or cheater) • Giving an unfair edge over the other players
What Hacks can/cannot Do ? • Hacks can • Reveal hidden information on the client side • Assist your mouse/keyboard control • Enhance your visibility or remove unwanted visual effect • Hack cannot • Reveal information not exist in client side • Alter the rules and logics of the game • Alter the performance of other players
How do Hacks Work? • Hard Coded • Modify the game code • External • Retrieve information from the game indirectly and alter the control of the game indirectly • Driver Hack • Modify the video driver to gain special visual effect • Client Hook • Inject code into the game’s memory in runtime
How do Hacks Work? • Hard Coded • Modify the game code directly and permanently • Easily to be blocked Game Server Game Program DATA Hack
How do Hacks Work? • External • Reside outside the game program • Limited functionality Game Server Game Program Windows Graphic Display Interface Hack DATA Color Model Windows Mouse Control
How do Hacks Work? • Driver Hack • Modify the OpenGL driver so that objects (including walls) become semi-transparent • Difficult and dangerous to install Game Server Game Program Hacked Video Driver Display DATA
How do Hacks Work? • Client Hook • The most advanced and popular today • Inject code into the game’s memory in runtime • Alter and control the game directly in runtime Game Server Client Hook Game Running DATA
What can Hacks Do ? • Wall Hack • See other players through walls • Aimbot (aiming robot) • Lock your crosshair on other players automatically • Firebot (fire robot) • Fire your weapon automatically once your crosshair hover over another player • ESP (extrasensory perception) • Reveal and display hidden information
What can Hacks Do ? • Wall Hack • Driver Hack • Make everything semi-transparent, you can see others through walls, but everything become semi-transparent may not be good somehow • Client Hook • Only show certain objects through walls, very effective
Full transparency Partial transparency
What can Hacks Do ? • Aimbot and Firebot • External • Colored object model • Scan the screen to locate target • Interfere your control via Windows message • Not very intelligent and inaccurate • Client hook • Access the game engine in memory, obtain target position and take over your control directly • Perfect accuracy if low network latency
What can Hacks Do ? • ESP • Client Hook • Radar ESP and Map ESP • Shows the location of enemies • Text ESP • Shows other players’ name, weapon, armor and other variables
How to Fight Against Hacks? • Pure Server Environment • Server will check against all game files, players joining the server must have the same config file, object models, sound files, etc. • Effective against hard-coded hacks and external hacks
How to Fight Against Hacks? • 3rd Party Anti-cheating Software • For example: • PunkBustered (Quake III, RTCW) • UT Pure (Unreal Tournament) • VAC (Counter Strike) • Players must install the anti-cheating software in order to join a anti-cheating enabled server • Acts like a virus scanner • Auto updates with the new hack patterns • Capture and send screenshots regularly • Banns your serial number if any hack found
How Hackers Fight back? • Anti-cheating Software Proof Hacks • Cracks the anti-cheating software binary • Alters the behavior of the anti-cheating software • Automatically disable the hacks each time the anti-cheating software takes a screen shot
So, What’s Now? • An update competition • Most hacks will be banned several days after public release • Major hacks will have new version few weeks after the previous one get banned
Possible Solutions • Use secure network protocol • Add checksum between every packets, makes insertion or modification of packets difficult • Encrypt all important variables • Encrypt variables so that cheats cannot reveal information from the memory • Push all computation to the server side • The client side only responsible for user input and display rendering thus the cheats have no way to alter the state or outcome of the game