1435938770 Exploiting Online Games: Cheating Massively Distributed Systems - Game Programming - Books - Books - GameDev.net
• Create Account

### Share:

I remember around 1995 some engineers released a UNIX-based scanning tool called SATAN (Security Administrator's Tool for Analyzing Networks) that was designed to break in to servers by exploiting several known vulnerabilities. I also remember the tool causing an uproar because it was clearly designed for hackers to destroy websites, although I expect nowadays more people would be upset about it for the name.

What the tool's detractors didn't realize was that the SATAN tool was actually a terrific tool for improving your own security. Rather than try to break into other peoples' sites, you could run the tool on your own server and see where your own vulnerabilities were. If SATAN broke into your site, it'd log how it did it, thus giving you a chance to fix the vulnerability yourself before someone else with less noble intentions decided to do the same.

And that's the placement of a book like Exploiting Online Games: Cheating Massively Distributed Systems. While there will certainly be people exclaiming that this is a how-to book on cheating in an online world (which it is), this is really more useful as a book for system builders to find out the most common methods for cheating so they can head these cheats off before they happen. The old canard of "Those who do not learn from history are doomed to repeat it" applies in this case.

And a manual on cheating in games is a well-chosen topic, mainly because the stakes are usually lower with games than with other things. Imagine the reception of a how-to manual on exploiting the vulnerabilities of online banks or how to harvest Paypal passwords!

And the book does a good job of showing all the common techniques, like intercepting TCP/IP packets, faking keyboard and mouse-events, taking advantage of random number generators that aren't sufficiently random, etc. Exploiting Online Games: Cheating Massively Distributed Systems is fairly programmer-centric, although there's some higher level stuff, like some short sidebar interviews with successful "black hat" game-exploiters. There's no shortage of code in the book. Some of it's in bot-script, but much of it is in C and is used to illustrate how to exploit a game at a fairly low level. The reason for this is simple – if you can, using the published techniques in this book, successfully packet-swap yourself to guaranteed victory in your own game, then you know you need to do a little more work on your security.

Mind you, this book can't be the final authority on exploiting a game, as exploits are a moving target. Much like those OS exploits that are constantly being patched, every patch just guarantees that the exploit-er is going to find a new way in.
And if a book like this can help you plug a single security hole in your game, then it has already more than paid for itself.

The book finishes starts and finishes at a fairly high level, with a checklist of action-items that you should try before you release your hopefully-as-secure-as-you-thought MMORPG to the world. While this won't stop your security headaches (see that aforementioned moving target mention), it'll at least do enough to keep out the game-exploiters who aren't as smart as you.

As for the game-exploiters who are smarter than you, maybe you can just bribe 'em into helping you [lol]

PARTNERS