Our Properties: Gamasutra GameCareerGuide IndieGames Indie Royale GDC IGF Game Developer Magazine GAO
My Message close
Contents
Book Excerpt: Exploiting Online Games
 
Page 1
Page 2
Page 3
Page 4
Page 5
 
Printer-Friendly VersionPrinter-Friendly Version
 
Latest News
spacer View All spacer
 
February 10, 2012
 
Road to the IGF: Lucky Frame's Pugs Luv Beats
 
Analyst questions validity of unusual January NPD results [10]
 
Blizzard opposes Valve Dota name registration
spacer
Latest Jobs
spacer View All     Post a Job     RSS spacer
 
February 10, 2012
 
CCP - North America
Animation Director
 
Toys for Bob / Activision
Senior Programmer
 
Toys for Bob / Activision
Lead Programmer
 
Vicarious Visions / Activision
FX Artist-Vicarious Visions
 
Vicarious Visions / Activision
Tools Engineer-Vicarious Visions
 
Treyarch / Activision
Lighting Artist, Cinematic
spacer
Latest Features
spacer View All spacer
 
February 10, 2012
 
arrow Virtual Goods - An Excerpt from Social Game Design: Monetization Methods and Mechanics
 
arrow Principles of an Indie Game Bottom Feeder [20]
 
arrow Postmortem: CyberConnect 2's Solatorobo: Red the Hunter [1]
 
arrow Jerked Around by the Magic Circle - Clearing the Air Ten Years Later [41]
 
arrow Building the World of Reckoning [4]
 
arrow SPONSORED FEATURE: TwitchTV - How to Build Community Around Your Game in 2012 [13]
 
arrow Happy Action, Happy Developer: Tim Schafer on Reimagining Double Fine [9]
 
arrow Building an iOS Hit: Phase 1 [11]
spacer
Latest Blogs
spacer View All     Post     RSS spacer
 
February 10, 2012
 
Audio Passes: Success Through Layering
 
What the current RPG can learn from Diablo 1
 
Double Fine's Kickstarter Windfall: Will Patronage Supplant Traditional Game Publishing? [9]
 
The Principles of Game Monetization
 
Did DoubleFine Just break the publishing model for good? [15]
spacer
About
spacer Editor-In-Chief/News Director:
Kris Graft
Features Director:
Christian Nutt
Senior Contributing Editor:
Brandon Sheffield
News Editors:
Frank Cifaldi, Tom Curtis, Mike Rose, Eric Caoili, Kris Graft
Editors-At-Large:
Leigh Alexander, Chris Morris
Advertising:
Jennifer Sulik
Recruitment:
Gina Gross
 
Feature Submissions
 
Comment Guidelines
Sponsor
 Features
  Book Excerpt: Exploiting Online Games
 by Greg Hoglund, Gary McGraw [Book Excerpts]
Post A Comment Share on Twitter Share on Facebook RSS
 
 
August 10, 2007 Article Start Page 1 of 5 Next
 

[This chapter excerpt is printed with permission of Addison-Wesley Professional from the book Exploiting Online Games by Gary McGraw and Greg Hoglund. Please note that Gamasutra itself presents this excerpt as a service to professional game developers wanting to learn about exploitation techniques, and does not advocate using the below techniques to exploit games.]

Data, Data, Everywhere


Two kinds of things can be altered in a software program—the code itself and the data that the code interacts with. (Just to complicate matters, the code itself is, of course, a form of stored data.) Ultimately, everything is just data—a sea of perfectly choreographed 1s and 0s. This insight has huge ramifications for the online game hacker.

Any data that are sent to a game client can be accessed or modified. Once data exist in the game client, they are yours for the taking (and yours for manipulating)—even data you’re not supposed to see. For example, if the game client knows the location of a hidden secret potion, those data must exist in the game client somewhere even if the data are not apparent to you in the user interface. Making this even more fun, many times these game data can be manipulated and changed. For example, if the hidden magic potion is too far away, perhaps you can alter its location coordinates so that it conveniently ends up on the ground right in front of you!

Game clients display information to the game player through the user interface. However, the interface displays only part of the information that the client software possesses—the part that the player is supposed to see. There is often plenty more information under the hood. Assume that there is a magic potion, and that the potion has properties including strength, power, and duration. Under the hood, a software program is managing the magic potion. In our example, if the strength of the magic potion is greater than 100, you get an extra bonus. When you click the Drink button, the potion’s strength will be checked by the software and a bonus may be applied (but only if the condition is met).

As we noted earlier, at the deepest layer of the game client, everything is just data. Even the software itself is stored as data. The software that makes the potion decision is stored in one location, and the data that represent the potion’s strength are stored in a different location. This is typically how it is—executable software bytes are stored in a special area away from the rest of the data. To complete our example and see how all of this matters, if you wanted to fool this game into giving you a bonus, you could go into memory and alter the data that control the potion’s strength. If you set the potion strength data to a number greater than 100, then when the software executes (after you click the Drink button), it will give your character a bonus. You might do this with a fault injection engine or a debugger, or maybe just by poking a value into memory by hand.

The user interface displays only part of what the client software knows. Sometimes you’re supposed to see only pieces of what the software knows as part of the game. In this case, more information about the magic potion is available in the program than is ever displayed to the user. We can look at the software and the data to learn more.

This begs the question of how hard it really is to find out where the potion’s strength is stored. This may sound a bit like a needle-in-a-haystack problem. There are in many cases millions of bytes of data in a single running program. Simply taking a stroll around in the data without a guide turns out to be not very useful. You need some kind of guide to show you what kind of data you’re looking at, and even more specifically, how the data are used. Fortunately, a number of tools and techniques are at your disposal.

First, and most important, data get used. Data are either code or data operated on by code (and in some more complicated cases, both!). If the bits are code, they will be loaded into the CPU at some point and executed. Most disassemblers can find this code and mark it as code, and they’ll subsequently show you the instructions that the code translates to in assembly language. Figure 6–7 shows what assembly language looks like once binary has been through a disassembler.


Figure 6–7 - A disassembler takes binary code and creates assembly code that looks like this. The numbers in the left column are the memory locations where the machine code is located. The corresponding assembly language is in the right column.

But what about normal data? If you have disassembled the code, the code can provide hints as to the location of data. Figure 6–8 shows the code accessing a data location at 0001F574. Because of the way the code is structured, we now know that memory location 0001F574 stores some kind of data. As it turns out, most code contains volumes of information like this to help us find data of interest.


Figure 6–8 - Data are accessed by previously disassembled code, as shown here.

 
Article Start Page 1 of 5 Next
 
Comments

none
 
Comment:
 


Submit Comment


UBM Techweb
Game Network
Game Developers Conference | GDC Europe | GDC Online | GDC China | Gamasutra | Game Developer Magazine | Game Advertising Online
Game Career Guide | Independent Games Festival | Indie Royale | IndieGames

Other UBM TechWeb Networks
Business Technology | Business Technology Events | Telecommunications & Communications Providers

Privacy Policy | Terms of Service | Contact Us | Copyright © UBM TechWeb, All Rights Reserved.