Exploiting Games

Introduction

A lot of people really liked my articles on the game cheat development introduction and deeper dive into external game cheat development. But what I myself have noticed when reading over those articles is I did not really include a section on the types of vulnerabilities on the deeper end and how those vulnerabilities inside of a game are exploited. This article will talk about that exactly. How hackers exactly exploit games, how they get the data they need to write cheat codes, the different methods, and the different processes. This article will also talk about the game cheat industry, the market and how in depth game cheating can go.

If you have not already I highly suggest you read my intro to game cheats seen here.

Game hacking and cheat development

A introduction to the world of game cheating

The game cheating world is SUPER large, and has a ton of people in it. You would not think that the game cheat world is huge but have you ever done good in deep digging as to how everything works such as the markets, trading, organizations and processes? Most people view game cheaters as stupid, a waste of skill etc. However do you really understand what goes behind this world? Most of the game cheaters you come across in a game such as COD who is dropping 30–60 kills a game is yes a moron who chose to waste their money on a game cheat to watch people rage. However what about the brains, where does the brains and the people who develop this come from? Well the truth is the people who develop these cheats might be smarter than you think. Exploiting games, building the cheats, trading and selling them is more than just your average trade. Making game cheats on its own is a tedious process but getting people to buy them from a non popular cheat organization is another one. Think about organizations like Microsoft who would compete in selling product to people such as cricket wireless, look at the major size difference between the two corporations. Most of your game cheat developers go through the same difficult process of battling with better more skilled and trusted programmers in order to take their cheats and their product to the top. The game cheat world consist of two main environment’s, public and private cheats. The public game cheat realm is way more competitive, way more bigger, way more expensive, and way bigger. Most of your public game cheats are companies or organizations that have been in the game cheating industry since the early to mid 2000’s, people that have been pushing product for years and years on end and are very trusted by their buyers. This also breaks down into the different parts of an organization. Organizations that develop many cheats and will charge 100’s of bucks for one month keys are typically bigger cheat development teams which consist of a whole organization of each job within the group. Say you have SFXCHEATS ( not a real cheat brand just an example ) and they are a large public distributor and development team for game cheats consisting of your mainstream games such as Apex Legends, Fortnite, CSGO, COD and so on. SFXCHEATS may actually run an entire operation and dedicate tons of people to a specific job such as

• Authentication Development
• Code Security
• Reverse Engineer
• Low end developer ( ring 0 / kernel dev )
• UX designer ( User Experience )
• Cheat developer

This is why these cheats may run so expensive, because they include massive amounts of cheats such as xray, aimbot, esp, no recoil, scan, auto kill, data loggers, user loggers, auto kickers and even AC (Anti Cheat) bypass. Most of these processes can be done in days with the amount of developers some companies and cheat organizations have. But why does code security matter if you are selling it to people who obviously have no experience in the process of game cheats? Well the point of security should not be who you are handing it to but rather who may be after you. With the competitive world that some game cheaters experience such as the public game cheat realm you MUST protect you and your teams reputation at all costs and your code. When some people buy your cheats or get them from someone else who had the cheat they may use that as leverage to exploit your code and run whats called a crack. When hackers crack a program they exploit it and reverse engineer it to either gain source code or evade things such as authentication systems. In this case if a public cheat code is not written correctly and it is unstable such as the game itself a hacker will exploit that code and bypass the cheats authentication system and may even inject their own code into that cheat. This not only can ruin the programmers or companies reputation but it can also kill revenue. Once that code is exploited that same company or organization will have to think of something fast to make sure all of their other code is not vulnerable or develop something bigger than the cheat that was exploited to prevent their reputation from going bad. Another major thing within that sense is going to be weather or not the game cheat is detectable. Once a game cheat becomes detectable that will and can also hurt the development teams or organizations reputation, which means another loss of revenue.

What about private cheats? Private cheats are not always this big, most of your private cheats are either cheap or free handouts from single hand or small hand development teams. You will typically find public game cheat teams develop smaller kits which will only have limited features such as the simple cheats and maybe even a more detectable cheats. Not all private game cheats are like this, some of them are actually quite insane and go full out but its more rare than your cheaper lower end cheats. These cheat developer teams are again typically small and also does not contain a lot of competition. Despite there being a lot less competition that does not mean they do not have some.

General game cheating, how exactly is it done?

Game hacking comes in many forms such as different shapes, prices, sizes, uses, games, platforms, languages and even down to the quality. The game cheating world is more than people imagine, it can range from shooting through walls to stealing game coins from a online game such as Fortnite. Game vulnerabilities can be detrimental to not only the reputation of a company or development team deterring people from actually running a game. But why exactly do game cheats happen, and why are they so common? As you should know if you are reading this most game hackers develop intense conversion algorithms and even their own injection and exploitation frameworks to take advantage of a vulnerability within a game. These vulnerabilities can range from simple reading and writing to the process to DLL injection and API hacking, yes API hacking in games. Most games will take advantage of API’s developed by Microsoft and even frameworks listed here on their website. When programmers use API’s or frameworks to develop applications such as games and need to use intense algorithms to develop the code, typically this does not create a problem. That is until the developers of that API find a vulnerability or a hacker finds a vulnerability within that API, soon enough every app that uses that API is now has that same vulnerability. Other games that do not use API’s will use other peoples code, or recycle code from their previous applications and ignore warnings. When developers like the developed of COD or CSGO ignore warnings from the code, or do not dump memory well or manage the memory of the application, then you get the result which is a vulnerability. This vulnerability alone can be known as Process Injection. This is a vulnerability caused within the program that reads, uses, allocates or has anything to do with memory where the developer just did not write it correct. Most modern IDE’s such as Microsoft Visual Studio Code will catch these errors, or warnings but others do not especially when the directory is so big or large. The last most common vulnerability within games is known as DLL injection, this is also why most of your game cheats are written for windows or operating systems that use DLL’s ( Dynamic Link Libraries). Most games such as CSGO will forget to do something within the process of creating the DLL weather or not that is due to not dumping the memory correctly or forgetting a very important process when securing and running a DLL. Most of your standard game cheat developers go through a horrid process of exploiting the game through a process known as reverse engineering to grab the proper data for the cheat and doing things such as mapping out the games internal functions.

How does anti cheat work and how do hackers bypass it?

There are like game cheats many different forms of anti cheat systems, that work on all different levels such as the individual protection rings of a system. If you do not know what the protections rings are of a system, in short protection rings are mechanisms that are implemented within a program to protect the data/memory/code of a program from faults and malicious behavior such as remote code execution or PROC injection. Most anti cheat systems in todays world will run on the 3rd or 2nd ring of the system rather than ring0 (kernel) of the system. Anti cheats such as Riot-GamesAC ( Anti Cheat ) runs on ring0, but for some people this is actually causing suspicion. The lower and more access a anti cheat system has to a players device the more accurate it will be such as game cheats, the more access they have to the games source code and the closer it is to the game the more accurate the game cheat will be. Lets take a second to discuss youtubers and a common controversy inside of the game cheating world. A lot of people think that game cheaters and anti cheat is not doing a good enough job to ban cheaters or protect the game from game cheats but it seems as if these people really do not understand what happens with game cheats and how they even work. These same people who complain beg the game companies such as riot games to build in an anti cheat powerful enough to ban and detect any cheater automatically and initiate a hardware ban. But when the game developers make a move to those requests and demands instead of love and support they get instant hate. Coming from personal experience anti cheat is in most cases hard to develop while also managing to satisfy the consumer as well. In a way this is like a love hate relationship because when gamers complain about it, it is only when they know they died from a cheater and it seems like its just out of rage rather than a actual request. Moving on, outside of ring0 most anti cheat systems will measure data coming in and out of the program on an application level which is why most people are not banned immediately. When you look at process injection most anti cheat systems will look for a process that gets instantly written to then instantly dropped. When a hacker builds a exploit or cheat for a game typically in order to make the cheat constant and never stop until the user stops the program they use what is known as a for or while loop. Mostly under this loop that is infinite the program will read and write the memory addresses from and back to the game. Most of these loops will write to the memory approximately a few hundred thousand times within a few seconds ( that is if the thread or program is not made to sleep on a thread ). When a loop like this is made in a program it makes it easy for anti cheat to detect it, one way to bypass this is create intervals within the cheat program and a limiter for how much data is read, written and accessed within the process at once. Another way anti cheat may detect a game cheat is through AI and the use of pre trained models. Recently there has been a breaking outload of AI based game cheats which are undetectable by most of your standard but popular games since really a player is not playing but rather a game is being played by a pre trained AI. Most of these anti cheat systems can NOT pick these types of game cheats up as of right now but there are some other AI trained systems out there that can protect against this however the solutions are super hard to rebuild or pay for from what is publicly known. Lets look at DLL injection, during the process of DLL injection a hacker injects code into a game which typically if they are really good programmers can bypass the anti cheat, but how exactly is anti cheat bypassed? Most anti cheat systems as said will search for how much memory is being read and written to within a program or abnormal behavior within a users gameplay, but how exactly do game cheats such as internal game cheats that are thrown into or injected into the game detected. Mainly these get detected by the same thing such as PROC injection but instead of reading and writing to the memory it looks for errors that may happen within the code that could be caused due to another process or unwanted DLL that was injected into the game itself. When hackers want to bypass anti cheat they have to go through a whole process of recon and understanding of how the games anti cheat system actually works. There are a few things that a hacker must know about a anti cheat system before hacking into it such as

• What type of checks it does such as signature based checks, process checking, memory checks, debugger checks and so on
• What level the anti cheat system operates on EX:(ring 0)
• How the anti cheat operates with hooks and functions

There are many many more we can list here but here are the few. Most hackers when you get started in the world of game hacking will tell you to NOT STEAL CODE, stealing code from other people is one of the most unsecure methods you can do. You can always look at peoples source code to understand how it works and how exactly some game cheats are made but never just copy and paste someone else’s source code and use it in your own cheat. Remember how we were just talking about code security within game cheating? Yeah well that does not just apply to a business perspective but also will apply to the game cheat itself and bypassing anti cheat. If you use copy and pasted code or code that is well known and out there then you most likely will be caught for cheating because of the anti cheat that is known to that cheat. If you ever took a trip or look into intrusion detection systems anti cheat works the same way, some have a database filled of known activity from known cheats and others have templates and certain signatures to look for within code. Most hackers also will use certain evasion techniques to inject say a DLL file into the game to avoid the triggering of the anti cheat system. Anti cheat can also be spoofed which is more common for hackers to do and way easier, if a hacker manages to spoof the checks of the anti cheat that means that their cheats most likely are less detectable and will be missed by the anti cheat.

Summary

To sum up most hackers use advanced techniques and practicies to evade and exploit games, it should not be all one two and three steps to exploit a game. Sure some processes are easier than others but that does not mean the topic in general is not hard to execute since it very much is in most cases. Lots of people within the game cheating community recycle code but if you do this it can pose a risk to the hackers reputation and even increasing the risk for anti cheat to bypass it. In short make sure your code is written by you and purely by you, do not just modify a few variables and go on, write the modules and the files all by yourself or make sure your team is not re using code. And if they do but manage to modify this code make sure they are ensuring that the code is secure and is not easy to hook or reverse engineer. This sums up this article, I plan to add more and more as the days go on within this whole game cheat journey / segment of my articles but I certainly hope you enjoyed it and if you did give me a follow!