1493481177 Exploiting Online Games: Cheating Massively Distributed Systems - Game Programming - Books - Books - GameDev.net

Jump to content

Game Development Books

  • You cannot edit this book

Exploiting Online Games: Cheating Massively Distributed Systems ****-

Exploiting Online Games: Cheating Massively Distributed Systems By Greg Hoglund, Gary McGraw
Published July 2007
List Price: $54.99, Your Amazon.com Price: $30.35

Amazon.com Sales Rank: 1,301,453
Availability: Usually ships in 24 hours

If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.

From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of Warcraft and Second Life. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.

This book covers

* Why online games are a harbinger of software security issues to come
* How millions of gamers have created billion-dollar virtual economies
* How game companies invade personal privacy
* Why some gamers cheat
* Techniques for breaking online game security
* How to build a bot to play a game for you
* Methods for total conversion and advanced mods

Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.

Buy it now:

  • You cannot edit this book


Sep 13 2007 07:03 AM
I remember around 1995 some engineers released a UNIX-based scanning tool called SATAN (Security Administrator's Tool for Analyzing Networks) that was designed to break in to servers by exploiting several known vulnerabilities. I also remember the tool causing an uproar because it was clearly designed for hackers to destroy websites, although I expect nowadays more people would be upset about it for the name.

What the tool's detractors didn't realize was that the SATAN tool was actually a terrific tool for improving your own security. Rather than try to break into other peoples' sites, you could run the tool on your own server and see where your own vulnerabilities were. If SATAN broke into your site, it'd log how it did it, thus giving you a chance to fix the vulnerability yourself before someone else with less noble intentions decided to do the same.

And that's the placement of a book like Exploiting Online Games: Cheating Massively Distributed Systems. While there will certainly be people exclaiming that this is a how-to book on cheating in an online world (which it is), this is really more useful as a book for system builders to find out the most common methods for cheating so they can head these cheats off before they happen. The old canard of "Those who do not learn from history are doomed to repeat it" applies in this case.

And a manual on cheating in games is a well-chosen topic, mainly because the stakes are usually lower with games than with other things. Imagine the reception of a how-to manual on exploiting the vulnerabilities of online banks or how to harvest Paypal passwords!

And the book does a good job of showing all the common techniques, like intercepting TCP/IP packets, faking keyboard and mouse-events, taking advantage of random number generators that aren't sufficiently random, etc. Exploiting Online Games: Cheating Massively Distributed Systems is fairly programmer-centric, although there's some higher level stuff, like some short sidebar interviews with successful "black hat" game-exploiters. There's no shortage of code in the book. Some of it's in bot-script, but much of it is in C and is used to illustrate how to exploit a game at a fairly low level. The reason for this is simple – if you can, using the published techniques in this book, successfully packet-swap yourself to guaranteed victory in your own game, then you know you need to do a little more work on your security.

Mind you, this book can't be the final authority on exploiting a game, as exploits are a moving target. Much like those OS exploits that are constantly being patched, every patch just guarantees that the exploit-er is going to find a new way in.
And if a book like this can help you plug a single security hole in your game, then it has already more than paid for itself.

The book finishes starts and finishes at a fairly high level, with a checklist of action-items that you should try before you release your hopefully-as-secure-as-you-thought MMORPG to the world. While this won't stop your security headaches (see that aforementioned moving target mention), it'll at least do enough to keep out the game-exploiters who aren't as smart as you.

As for the game-exploiters who are smarter than you, maybe you can just bribe 'em into helping you [lol]