Sign in to follow this  
Sylon

MMORPG Security from hacks?

Recommended Posts

Sylon    126
Hi. I don't know code, sorry, I'm an artist. But I have a question, it might be dumb, but that'll just prove that I don't know code, I guess. Haha. Obviously securing an MMORPG 100% remains a problem for the developers of any MMORPG in this age because hackers are skilled and can basically break into anything and screw the fun up for everyone. First of all I don't know how they do it but I assume they access the source code somewhere and then re-type the code somehow right? Offline, they do this and write programs so that in-game over the 'net their own copy of the game will code their packets specially according to how they've re-programmed their copy. Am I right? Assuming I am (I hope), is there a way for the developers of any MMORPG game to just make it so the source code, once completed, is TRANSFORMED into a different language like Japanese or Russian or something, before the game gets publicly distributed, so when the hacker opens up the source code he can't read it??! Wouldn't that be hilariously funny for the pathetic hackers??! Maybe there is a way to do that and lock it so that the hackers can't find a way to convert it back to English? Maybe there is also a way to convert numerical symbols into zany symbols like $, *, or û, too? I remember reading Ignacio Perez Gil's "Isomot" help document, and Isomot is source code for an isometric game. Anyway, he said "Isomot has a multilingual interface; Spanish and English are the languages actually supported (this doc is about the English interface). Adding new languages is very easy, if you want to make the interface for another one, just e-mail me and I'll tell you how." So I assume converting source code to a different language can be done for a program! I do realize this idea may be a little too simple to think of, and that maybe it has been thought of numerous times but not implemented only because it...can't be done or won't work anyway. But I wanted to ask anyway because I have no idea. OH! And if this question should be posted elsewhere, directed towards another field of coders, not for you networking coders, I'm sorry I wasted yer time! If so, could you tell me where to post it? [Edited by - Sylon on March 16, 2006 7:31:56 PM]

Share this post


Link to post
Share on other sites
Guest Anonymous Poster   
Guest Anonymous Poster
When a program is compiled, the source code is converted from whatever language it was written in (c++, c, pascal, etc..) to machine code. a bunch of ones and zeros. This machine code is the only language a computer can understand, each code represents a specific instruction, and it's arguments represent specific memory locations.

When a hacker modifies a program, he does not modify the source. he disassembles the machine code into assembly language (this is usually during runtime with a program like softice). So the hacker is not working with source code at all, but with this disassembled code (which has no comments, or variable names, or anything).

So what you are suggesting isn't really plausible.

One thing that software CAN do, however, is modify it's own machine code. This means that when a program runs, it can re-write itself, and verify that the machine code looks like it should. This makes it very hard to find all the places that need to be changed in code, as not to trigger the protection in the self modifying code.

self modifying code is useful because it makes it almost impossible to modify the program on disk, the hacker must track down all the functions that are built at runtime, where they are built, how they are built, etc..

But it's still not a perfect fix, because someone with enough determination WILL find all of the places to make changes, and will modify the program to generate code that performs the hack.

not to mention, many online hacks occur outside of the game excutable, in kernel drivers. These hacks intercept and modify the network traffic, and replace data with hacked data, or extract data from the stream that the game client doesn't show.

It's a really hard problem to track down.

Share this post


Link to post
Share on other sites
Sylon    126
OHHHH okay, right, the ASCII language or whatever the acronym is.

Wow your post was really helpful. Thanks! Darn though I thought I was onto something!! Heheheee!

Man. I dream of the day when MMOs can't be hacked into.

Here's a question then. What about console games, and further, CARTRIDGE-based console games? Let's say a cartridge game ("ROM"?) is placed into a console and is played as an MMO like those games played through XBOX Live and PS3 online or whatever.

How do hackers break into code of console games? The kernel thing couldn't work there could it?--because they can only access the kernel program through their home computer. So then if the console game was a disc, maybe they could only break into the disc with weird computer software as they pop it into a computer and modify the software. But then what if the console game was a cartridge? They couldn't use an external kernel thing OR modify the software, right? Because they can't pop it into a computer and perform zany experiments with their evil CD-reconstructive software.

I mean, they'd basically have to invent some sort of...ROM de-coder thingy machine to insert the cartridge into (emulator?). They'd have to be some kind of electrical engineer or something to do that, right? Unless they could get their hands on the actual machine that transferred the computer files into the ROM chip that sits inside the cartridge.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster   
Guest Anonymous Poster
The options are more limited here, but they still exist.

"cheat" devices that give you extra lives and such by entering codes can be used (Gameshark, action replay, etc..)

The codes that you enter into these devices are actually encoded memory locations and data. So they are basically modifying the machine code while it's still in memory. So when you enter a code into an action replay, it is changing that place in memory where your number of lives are stored.

As newer generation consoles are released, they are using technologies like cryptographically signed binaries to limit the amount of cheating that is possible (xbox has been fairly successful with xbox live, as the system can detect the presence of a mod-chip, or modified bios. And the only way to play a modified game on the xbox is to change your bios so that it doesn't try to detect the cryptograhic signature. So far, (as far as i know) no one has found a workaround for this. But consoles have a hardware components to their security, which is tightly controlled by the console manufacturers. (The boxes themselves have tamperproof keys in them, and cryptographic circuits, etc...)





Share this post


Link to post
Share on other sites
BradSnobar    232
Another interesting thing that cheaters can do on a networked console game is to have their network traffic pass through their desktop computer before it reaches the intended destination on the internet. This way they can still play around with the network traffic that is passing by.

Of course there are ways to help protect against this kind of interference, but a lot of times the correct precautions are not taken, and even so there will always be a method of breaking whatever precuations that are created.

Share this post


Link to post
Share on other sites
Overseer    162
Most of the hacks in online games anyway have absolutely nothing to do with the objects in the game, but instead are done client-side with the extra information that is transmitted to the client, that it would just discard if it was working correctly. Like a monster hiding in a shadow, the monsters position is transmitted becuase it is technically in the field of view, but it should be covered up by the shadow and thus not seen. But if the player isn't displaying any shadows anywhere, they will see it no problem. The same goes for seeing players through walls and aim-hacks in online FPS games [position is transmitted, just lock the cursor on the head and spray away]. The key is, and always has been to isolate all the actual game-stuff on the server running the game, and just perform really detailed rule checks, and limiting the information sent to clients to the bare minimum [ maphack in diablo 2 anyone?, wow was that a lot of info sent way too earily, or wall hacks in fps games? how about inventory scanners in MMO's, all cases of too much stuff sent to users].

Most of the actual exploits, like duplicating items and such, comes with just the sheer volume of users and the quantity of time they spend fiddling with stuff. People will find bugs, and making a really complicated pile of code [like an MMO] absolutely bullet-proof is very very difficult.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this