quote:Original post by Cipher3DOnly with journalists, the general public and other idiot types.
hacking has a negative connotation these days
There are several approaches to hacking, which work for different applications based on the structure/architecture of said app, thus causing there to be no hacking "how-to".
1. Hex editing
Number is an abstract concept. The number you know as "2" doesn''t refer to the quantity or magnitude of anything in particular; it just is - a scalar value. For most counting systems using Arabic numerals we represent it as "2", but in binary (base 2) we represent it as "10". In Hexadecimal (16) base it''s still "2", but to distinguish it from decimal "2" we either append an "h" or prefix with "0x". The fourth common number base in computing is octal, base 8, indicated by a "0" prefix. In any base, there is no digit with a value equal to the base; the highest digit value is base - 1 (15 for hex, 9 for decimal, 7 for octal, 1 for binary).
Yes, this is obvious. What may not be so obvious is that displaying the same data in hex takes up less space than it would in binary. Hexadecimal number display is dense. It also translates easily to binary, as 1 hex digit represents a 4-digit binary number. Consequently, editors for examining and altering a programs values display data in hex. The data is typically displayed in 2-digit groupings, which maps perfectly to 32-bit system word size (older hex editors from 16-bit DOS days had no grouping - just pages and pages of hex digits; prior to 16-bit microprocessors, hex editors didn''t really make much sense since they displayed more than a system word).
Grab a hex editor and open up a simple "Hello, world!" application. You''re not going to see anything familiar in pure hex view, but since we''re often looking for strings modern hex editors juxtapose both hex and ASCII views of the data. This means that, jumbled in with random numerical values and odd letters, you''ll see the words "Hello, world!" in the application binary. Now change it to something else of the same length, save the file and run the application. Wonder as different text is displayed.
Congratulations, you''ve just (been) hacked.
2. Variables
Changing static text isn''t particularly useful for much. What you want is to locate particular data - HP, for instance. You need a slightly different kind of hex editor now, one that can examine arbitrary regions of memory. The objective is to monitor the RAM allocated by the application to determine what address-values change consistently with whatever stat you wish to track. Here''s a tip: the offset of that address from the beginning of the block of memory allocated by the application will be constant for each invocation of the application. It will not be constant overall, so you need to know where the memory allocation for your target program begins. Typically, you will want to start your memory examination program before the target app to determine this offset.
Once you''ve located this value, try changing it while the program is running. Unless there is some verification routine in the code, you should see changes commensurate to your actions in the application.
Congratulations, you can now inflate HP, freeze timers, etc on a local application.
3. Messages (Windows)
Microsoft Visual C++ (and, of course, Visual Studio) comes with an interesting little application called Spy++. Spy++ allows you to focus any application window and examine the message pump, seeing (and optionally logging) the messages sent to the window. It also displays the execution threads, which can be individually examined for their message queues. Intercepting a message destined for a particular message queue is known as hooking. Search the web for detailed information on Windows hooks.
4. Networks
The glorious days of hacking networked games are over. Any game worth the price on the box does all the simulation server-side, only taking user input from and sending rendering information to the local machine. If you can find an older application that is still vulnerable, then you can install a packet sniffer on your own machine (please, please, please only target the sniffer at your own machine; targeting random addresses on the Internet can get you into massive trouble - including retaliation from a blackhat in the wild). You''ll need a portscanner to determine what port the application uses to connect to the ''net. Point your sniffer at this port on IP address 127.0.0.1 (or whatever IP your machine is broadcasting to the ''net).
Side note: If all you do is observe and log the traffic over a port for the purpose of interpreting it yourself, then you are merely reverse engineering the network application. This is the basis of many of the alternative MSN, Yahoo! and AOL Instant Messengers clients out there. Hacking the application requires sending bogus data back to the application, causing it to do unexpected (though not necessarily harmful) things. An example would be making your character impervious to bullets.
I''m tired. This post is getting too long. And I was just about to explain buffer overrun/overflow exploits...
