Table of Contents
Ethics and Security in Gaming
Virtual Economies
Game Hacking
Advanced Gaming Hack-Fu
Random Numbers and Security
Lawyers and Legalese
Ethics and Security in Gaming
Why do we cheat?
Why do we break things?
How do game companies protect their intellectual property?
The stakes are extraordinarily high, especially with MMORPGs. Why?
The “trinity of trouble:”
connectivity, complexity, and extensibility
MMORPGs have pushed the limits of computing and gaming
> 12,000,000 players worldwide; > 500,000 users simultaneously on 6 continents
> 7,000,000 players on World of Warcraft
about $14 (average monthly subscription) * 7M = 98M * 12 (months) = $1.176 Bil / year.
This does not include the client or add-ons.
In other words, a lot of money to be made.
Virtual Economies
Exchange rates exist between in-game currency and real money.
See
Internet Gaming Entertainment
.
The market is in the $billions of dollars.
In October 2005, a player paid $100,000 for the “Asteroid Space Resort” in Project Entropia (now
Entropia Universe
)
The
Gold farming
industry have been noted.
Sweatshops
Laborers alleged to work long hours doing mundane game tasks, and sometimes even run bots
Game Hacking
ROM hacking
Console modding
Modding characters and levels (this can be perfectly legal)
Game server manipulation
Advanced Gaming Hack-Fu
Gold duplication
Macros
Scripting
Bots
Reverse engineering the client:
break it apart ⇒ find any software bugs and flaws ⇒ perhaps even fix the user interface ⇒ take advantage of what you find
Manipulating memory
Injecting new code into the client via DLL injection
For online games, reading network packets via sniffer or proxy
Random Numbers and Security
Critical for games that require randomness (e.g., games of chance, including Poker and Blackjack)
java.util.Random is insecure ⇒ predictable based on the usual RNG seed that is used (i.e. the current time)
Generating secure random numbers in Java: java.security.SecureRandom - provides a cryptographically strong pseudo-random number generator (PRNG)
An analysis of how to cheat in online poker (from Cigital, Inc.):
http://www.cigital.com/papers/download/developer_gambling.php
Lawyers and Legalese
Piracy and privacy
End Use License Agreements (EULA) – vast majority do not know what they are agreeing to
Terms of Use (i.e., how to get banned)
Digital Millennium Copyright Act of 1998 and the Induce Act (prohibits reverse engineering of software)
Spyware and rootkits
Example: “The Warden” in World of Warcraft
Purpose: combat cheating
Read all sorts of data from the gamer's PC, including the title bar of every open window, running processes, URLs, etc.
Ran about every 15 seconds; sent information back to Blizzard
The Governor, a program written by Greg Hoglund - A program that identified what exactly the Warden was doing.