[DevDay 2016] Anti hacking on game development - Speaker: Khanh Le – Programmer Project Lead at Gameloft
2 likes775 views
The document discusses various anti-hacking measures including reverse engineering, memory attacks, and network communication attacks. It emphasizes the importance of encryption and careful input control to protect applications from vulnerabilities such as buffer overflow and SQL injection. Additionally, it suggests methods for hacking detection using hash verification and user data tracking.
![{
"data": {
"app_id": 138483919580948,
"application": "Social Cafe",
"expires_at": 1352419328,
"is_valid": true,
"issued_at": 1347235328,
"metadata": {
"sso": "iphone-safari"
},
"scopes": [
"email",
"publish_actions"
],
"user_id": 1207059
}
}
18](https://image.slidesharecdn.com/antihacking-160414034041/85/DevDay-2016-Anti-hacking-on-game-development-Speaker-Khanh-Le-Programmer-Project-Lead-at-Gameloft-18-320.jpg)
[DevDay 2016] Anti hacking on game development - Speaker: Khanh Le – Programmer Project Lead at Gameloft
- 1. 1 Anti HackingAnti Hacking By Le Van Khanh
- 2. 2 BSA GLOBAL SOFTWARE SURVEY June 2014
- 3. 3
- 4. 4 “Hacking vs Anti-hacking is the never-ending war”
- 5. 5 We focus on programming solution
- 6. 6
- 7. 7
- 8. Reverse Engineering 8 Any programming languages / any platforms can be attacked by Reverse Engineering The most common targets are bypass license, cheat values in game Solutions: Any text visible to user should be encrypted Strings/text should be load from encrypted files instead of assign directly in your code Avoid log printing if it was not necessary
- 9. 9
- 10. 10
- 11. 11
- 12. Memory attack 12 Buffer overflow attack Memory Value Editing Solutions: Control input carefully Any critical value should be encrypted
- 13. 13
- 14. 14
- 15. Network communication attack 15 Many tools allow us analysis network packet (Wireshark, Cytoscape,...) Hackers can use it to extract information transmitted from your application They can also simulate the destination / the responses to your application Solutions: Encrypt your packets Using SSO
- 16. 16 queryString = "username=xxxx&passworld=yyyy"; Instead of plain text encryptedQuery = "p=" + encode(queryString) + "&encrypted=1"; hash = sha256_hash(queryString); secureQuery = "p=" + encode(queryString) + "&encrypted=1&h="+ hash ; We use encrypted query string or more secure than
- 18. { "data": { "app_id": 138483919580948, "application": "Social Cafe", "expires_at": 1352419328, "is_valid": true, "issued_at": 1347235328, "metadata": { "sso": "iphone-safari" }, "scopes": [ "email", "publish_actions" ], "user_id": 1207059 } } 18
- 19. Other attack techniques 19 SQL injection Save Game Editing Time Hack De-Compilation …
- 20. Hacking Detection 20 Use the hash used (MD5,SHA256,...) to verify your code/library/execute files (*.dylib, *.so, *.exe) Tracking your user’s process/data to detect unexpected changes
- 21. Thanks for your attention! 21 Thanks for your attention!