Exploiting Online Games

Greg Hoglund has been involved with software security for many years, specializing in Windows rootkits and vulnerability exploitation. He founded the website www.rootkit.com, and has coauthored several books on software security (Exploiting Software: How to Break Code and Rootkits: Subverting the Windows Kernel, both from Addison-Wesley). Greg is a long-time game hacker and spends much of his free time reverse engineering and tooling exploits for new games. Professionally, Greg offers in-depth training on rootkit development and software exploits. He is currently CEO of HBGary, Inc. (www.hbgary.com), building a world-class product for software reverse engineering and digital forensics. Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C., area. He is a globally recognized authority on software security and the author of six best-selling books on this topic. The latest, Software Security: Building Security In, was released in 2006. His other titles include Java Security (Wiley), Building Secure Software (Addison-Wesley), and Exploiting Software (Addison-Wesley). He is the editor of the Addison-Wesley Software Security Series. Dr. McGraw has also written more than 90 peer-reviewed scientific publications, writes a monthly security column for darkreading.com, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the advisory boards of Fortify Software and Raven White. His dual Ph.D. is in cognitive science and computer science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.

Foreword     xvii
Preface     xxi

Why Are We Doing This?     xxii
Where Do We Draw the Line?     xxiii
What's in the Book?     xxiv
The Software Security Series     xxvi
Contacting the Authors     xxvii

Acknowledgments     xxix

Greg's Acknowledgments     xxix
Gary's Acknowledgments     xxix

About the Authors     xxxiii Chapter 1: Why Games?     3

Online Games Worldwide     5
The Lure of Cheating in MMORPGs     7
Games Are Software, Too     9
Hacking Games     12
The Big Lesson: Software as Achilles' Heel     17

Chapter 2: Game Hacking 101     19

Defeating Piracy by Going Online     20
Or Not . . .     20
Tricks and Techniques for Cheating     21
The Bot Parade     31
Lurking (Data Siphoning)     36
Tooling Up     39
Countermeasures     46

Chapter 3: Money     65

How Game Companies Make Money     65
Virtual Worlds: Game Economics and Economies     67
Criminal Activity     73

Chapter 4: Enter the Lawyers     75

Legality     75
Fair Use and Copyright Law     77
The Digital Millennium Copyright Act     78
The End User License Agreement     79
The Terms of Use     88
Stealing Software versus Game Hacking     89

Chapter 5: Infested with Bugs     93

Time and State Bugs in Games     95
Pathing Bugs in Games     104
Altering the User Interface     107
Modifying Client-Side Game Data     108
Monitoring Drops and Respawns     109
Just Show Up     111
And in Conclusion     111

Chapter 6: Hacking Game Clients     113

Malicious Software Testing (Enter the Attacker)     113
Countermeasures against Reverse Engineering     122
Data, Data, Everywhere     126
Getting All Around the Game     132
Going Over the Game: Controlling the User Interface     132
Getting In the Game: Manipulating Game Objects     139
Getting Under the Game: Manipulating Rendering Information     164
Standing Way Outside the Game: Manipulating Network Packets     179
The Ultimate in Stealth: Taking Client Manipulation to the Kernel     180
Clients Make Great Targets     183

Chapter 7: Building a Bot     185

Bot Design Fundamentals     186
Bot as Debugger     208
The Wowzer Botting Engine     224
Advanced Bot Topics     228
Bots for Everyone     244

Chapter 8: Reversing     247

Taking Games Apart     248
Code Patterns in Assembly     264
Self-Modifying Code and Packing     290
Reversing Concluded     291

Chapter 9: Advanced Game Hacking Fu     293

Conversions and Modding     293
Media File Formats     314
Emulation Servers (Private Servers)     315
Legal Tangles     319

Chapter 10: Software Security Über Alles     321

Building Security In for Game Developers     322
Security for Everyday Gamers     327
Exploiting Online Games     328

Index     331