1 / 22

463.0.2 Class Project

463.0.2 Class Project. UIUC CS463 Computer Security. Outline. Online games Game Hacking 101 Project Schedule. Online Games. Exceedingly popular Excellent examples of massively distributed systems Push the limits of software technology Time and state are big issues

sancho
Download Presentation

463.0.2 Class Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 463.0.2 Class Project UIUC CS463 Computer Security

  2. Outline • Online games • Game Hacking 101 • Project Schedule

  3. Online Games • Exceedingly popular • Excellent examples of massively distributed systems • Push the limits of software technology • Time and state are big issues • Cheating pays off in MMORPGs

  4. Basic Architecture of MMOs

  5. Internal Architecture

  6. Managing State • Clients have to manage state • The internet is too slow to allow game state to reside on the server • Allowing the client to manage state is a security risk

  7. Game Hacking 101

  8. Two kinds of cheating • “Exploits” • Taking advantage of program bugs • Race conditions • Seeing things you aren’t supposed to see • Bots • Both AFK and non-AFK • Building something that controls the game for you

  9. Hacking the game • Going over the game • Getting in the game • Getting under the game • Standing way outside the game

  10. Going over the game • Controlling the user interface • Botting is about going over the game • This happens because parts of the game are boring • Grinding • Farming • Can also make gaming easier • “Stupid Warlock Button” • Automated combat

  11. Getting in the game • Manipulating the data in the game • Finding registers and changing them • Change your coordinates to “teleport” around the game

  12. Getting Under the game • Games rely on DLLs and video cards • You can inject your own DLLs that effect game rendering • Wall Hack

  13. Standing Way Outside the Game • Manipulating communication between client and server • This is often difficult because encryption is used on the wire

  14. Countermeasures • The Warden • Monitors the processes on a machine • Prevents users from running bots etc. that are separate from the main process • Also looks at calls to DLLs • Is this crossing the line? • Account banning

  15. Resources • Book: Exploiting Online Games by Greg Hoglund and Gary McGraw • http://www.exploitingonlinegames.com/ • Gary McGraw’s lecture available • Chapters 2 and 6 available

  16. Your Project

  17. 4 Phases • Analysis of an existing game • Propose a new architecture for your chosen game • Build a prototype • Analyze someone else’s project

  18. Phase 1 • Choose a partner or 2 (you have to work in teams of 2-3) • Choose an MMORPG (World of Warcraft is off limits) • Learn about the architecture of the game and the hacks, and cheats available • Also, what countermeasures are in place • A 15 to 20 page paper for this phase is due Feb. 15th

  19. Phase 2 • Propose a new architecture for your chosen game • Discuss tradeoffs between security and performance that you had to make • Also talk about how you counter the known hacks • Define the scope of your prototype • A 15 page paper is due Feb. 29th

  20. Phase 3 • Build part of your proposed architecture • Prepare a demo • More details on demo prep to come • This is due April 18th

  21. Phase 4 • Your papers and demo will be handed over to another team • Your job will be to analyze how they stand up to known hacks for their chosen game • Your score won’t be lowered based on a negative peer review • Due May 2

  22. Calendar • Project stage 1 (analysis): Friday, February 15. • Project stage 2 (proposed architecture fixes): Friday, February 29. (We will plan on providing feedback by March 7.) • Project stage 3 (demo): Friday, April 18. • Project stage 4 (peer review): Friday, May 2.

More Related