cheaters gonna cheat - battling fake high scores
TRANSCRIPT
Cheaters Gonna CheatBattling Fake High Scores
Nataly Eliyahu
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 1/15
About Me• Background in Security
and Reverse Engineering• Army Service in
Technology Units• Today - Freelance Game
Developer• [email protected]
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 2/15
What we’ll talk about• Back & forth between
developer and hacker• Approaches and
considerations for a developer• Think like a hacker!
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 3/15
Step 1 – Naive Score Saving
Developer POV• Save the score locally• Use Player Preferences
Hacker POV• Rooted phone• Edit Preferences
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 4/15
Edit Preferences
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 5/15
Step 2 – Manipulate the Score
Developer POV• Encode the score
(base64 / hex / custom encoding)• Math manipulations
Hacker POV• Blackboxing• Guessing• Find the Pattern
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 6/15
Step 3 – Encrypt the ScoreDeveloper POV• Encode the score (base64)• Encrypt the score with a
secret key (a string)• Use obfuscator on the
compiled apk
Hacker POV• Decompile apk, rename
functions, organize code• Find the encryption code -
see which algorithms is used• Find the string for the
encryption key• Decrypt and encrypt your
own scoresCASUAL CONNECT
TEL AVIV19 – 21 OCTOBER
2015Slide: 7/15
Decompile APK
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 8/15
Decompile APK
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 9/15
Decompile APK
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 10/15
Step 4 – Non-standard encryptionDeveloper POV
• Encode the score (base64)• Encrypt the score with a
secret key (a string)• Change code of
encryption function to non-standard implementation
Hacker POV• Previous method fails!
Score isn’t saved correctly with your script• Read the encryption code• Look for the differences
from the standard implementation• Alternative – use dynamic
debuggingCASUAL CONNECT
TEL AVIV19 – 21 OCTOBER
2015Slide: 11/15
Step 5 – Server sideDeveloper POV• Encode the score (base64)• Call a function on the
server to encrypt and decrypt the score• Secret key is no longer in
the apk• Always Online issue!
Hacker POV• Attack the server, look for
loopholes• Alternative - Use dynamic
debugging, change the score in memory before it’s sent to the server
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 12/15
The Heuristics Approach• Recognize suspicious scores• Is the score possible in the
amount of time the player played?• Patterns in the score • Send constant updates to
server about player status
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 13/15
To Sum Up• With enough determination, the
hacker will always win• If cheating at your game is really
hard, most people won’t bother• Going always online helps makes it
much harder to cheat, but at a cost for the majority of players• Choose the most cost-effective
solution depending on your game
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 14/15
Questions? Feel free to contact [email protected]: Nataly EliyahuTwitter: @NatalyEliyahu
Slides: bit.ly/1ORclQV
CASUAL CONNECT TEL AVIV
19 – 21 OCTOBER 2015
Slide: 15/15