INTRODUCTION
LANDSCAPE
MOTIVATIONS
SWORDS AND SHIELDS: A STUDY OF
MOBILE GAME HACKS AND EXISTING
DEFENSES
PRESENTED BY JARROD VAN DEN HEUVEL
HACKING TOOLS
INEXPERIENCED USERS
GENERAL TOOLS
SPECIFIC TOOLS
ANALYSIS TECHNIQUES
TRAFFIC ANALYSIS
DECOMPILERS
DEBUGGERS
PROTECTION MEASURES
LOCAL RESOURCES
NETWORK
OBFUSCATION
NATIVE CODE COMPILATION
CLIENT-SERVER SYNC
STUDY RESULTS
CRITICISMS
PROS
CONS
INTRODUCTION
Landscape
•
Recently the mobile game industry has boomed
with 41% of video games being mobile in 2015
•
Overall revenue for mobile games in 2015 is
$34.8 billion – that is 85% of mobile app revenue
•
Mobile games can make money in various ways:
Advertisement, microtransactions, purchasing the
app etc.
Dean Takahashi. Mobile games hit 34.8B in 2015. http://venturebeat.com/2016/02/10/ mobile-games-hit-34-8b-in-2015-taking-85-of-all-app-revenues/.
SuperData Research. Worldwide digital games market. https://www.superdataresearch.com/blog/ us-digital-games-market/.
INTRODUCTION
Motivations
•
Microtransactions allow a the user to purchase in game items
using real money.
•
Mobile games allow users to compete – PVP or High Scores.
•
These parts of the game should be secure otherwise:
• Players stop using the app
• Developers lose profits
•
The study analyses the top 100 mobile games from the
android store in order to identify vulnerabilities to show how
apps can improve their protection measures.
HACKING TOOLS – INEXPERIENCED USERS
There are two types of hacking tools in which users don’t require prior experience with hacking and
programming in order to use. These are: general hacking tools and specific hacking tools.
GENERAL HACKING TOOLS
These are not game specific and can be categorized into memory editing and local file editing tools
•
Memory Editing – GameKiller, GameCIH, GameGuardian – Search for the addresses of
sensitive variables (High Score) and modify them during gameplay.
•
Local File Editing – CheatDroid – Allow user to check local files to view and edit sensitive
variables
HACKING TOOLS – INEXPERIENCED USERS
GENERAL HACKING TOOLS – GameKiller
New Coins
Initial Coins
HACKING TOOLS – INEXPERIENCED USERS
SPECIFIC HACKING TOOLS
These are tools designed for specific games developed by skilful hackers
Xmodgames provides modified versions of popular games. These mods are repackaged mobile
games without protections.
Users can install these games and enjoy benefits they otherwise would not have
HACKING TOOLS – ANALYSIS TECHNIQUES
TRAFFIC ANALYSIS
•
Used when sensitive information such as scores are being
sent over a network
•
Attackers can use HTTP proxies to intercept, view and edit
data being sent over a network before it reaches its
destination server. Can change your score before it reaches
the server.
•
Problems that might arise when using a proxy tool:
• App bypasses the global proxy settings
• Traffic may be encoded
• Traffic contains advertisement and analytics that’s needs filtering out
HACKING TOOLS – ANALYSIS TECHNIQUES
DECOMPILERS & DEBUGGING TOOLS
•
These can be used in order to understand the logic of an app.
•
Existing decompiling tools – dex2jar, ILSpy, JD-GUI – Enable the hacker to decompile the code and analyse
its logic.
•
Debugging tools such as GDB can help the attacker to perform dynamic analysis to figure out the logic at
runtime.
•
Attackers can use the results of static and dynamic analysis to determine the games protections and then
bypass them.
PROTECTION MEASURES – LOCAL RESOURCE
PROTECTION
Basic Memory Protection
• This is to encrypt local variables
• Stops general hacking tools from searching for variables by value
Local File Protection
• This is to encrypt variables before saving them to files or even encrypting the entire file
• Stops hackers from editing the variables in the local files (could be save game data)
Both of the above protections must be implemented to ensure local resource protection
PROTECTION MEASURES – NETWORK PROTECTION
Basic HTTPS – This allows the user to send encoded data over a network. It is vulnerable to
HTTPS proxies however.
HTTPS with Additional Protections
• Certificate pinning for HTTPS to block unauthorized users and to encrypt payload
• Maintain hardcoded certificate list in apk
Message Signing – An app can sign its messages being sent over a network with a signing key
Custom Communication Protocol – The app uses a non standard protocol for sending data
over a network
PROTECTION MEASURES – OBFUSCATION & NATIVE
CODE COMPILATION
OBFUSCATION
The purpose of obfuscation is to make decompiled
code hard to understand by making its logic hard to
follow using different techniques:
• Class and Variable name obfuscation
• Dynamic Library downloading
NATIVE CODE COMPILATION
This is another technique for making decompiled
code hard to understand. Most compile time
information is lost.
PROTECTION MEASURES – CLIENT-SERVER SYNC
Client-Server Synchronization is the strongest and most expensive
protection method for mobile games
Partial Client-Server Sync
Some computations are performed on the server side and the client
is left to do some computations.
Can be vulnerable if a game for example still does score
calculations on the client side – the game could still be hacked
Full Client-Server Sync
This is the most secure protection for mobile games - all
computations are done server side.
The client is essentially just a renderer.
STUDY RESULTS - SUMMARY
• Of the top 100 mobile games in the app store – 77 were able to be hacked successfully.
• The study created a categorization to rank the apps in terms of their protection strength.
STUDY RESULTS – THE 5 LEVELS OF PROTECTION
LEVEL 1 – This is the lowest level of protection. General tools can be used to hack these games as they
don’t implement local resource protection properly. (52/52)
LEVEL 2 – Able to resist general hacking tools – vulnerable to traffic analysis. (13/13)
LEVEL 3 – Can resist traffic analysis – requires decompilation to understand. (5/5)
LEVEL 4 – Requires manual debugging to hack. (8/13)
LEVEL 5 – Invulnerable – Uses full Client-Server synchronization. (0/18)
STUDY RESULTS – THE 5 LEVELS OF PROTECTION
CRITICISMS - PROS
• Those doing the study are clearly experts in their field
• Their study results will help developers to improve their mobile game security
• A high number of apps were tested – statistically meaningful results can be obtained
CRITICISMS - CONS
• There was no analysis of iOS games
• There was no comparison with PC game protections
• Of the games that weren’t level 5, 5 apps couldn’t be hacked – no explanation
CRITICISMS – PRO AND CON
While it is good that real world examples of mobile games were used this is also bad - no mention of
developers being contacted before study was released
THANKYOU FOR LISTENING
ANY QUESTIONS?