Skip to content

Latest commit

 

History

History
94 lines (79 loc) · 14.4 KB

README.md

File metadata and controls

94 lines (79 loc) · 14.4 KB

A curated list of tutorials/resources for hacking online games!

From dissecting game clients to cracking network packet encryption, this is a go-to reference for those interested in the topic of hacking online games. I'll be updating this list whenever I run across excellent resources, so be sure to Watch/Star it! If you know of an excellent resource that isn't yet on the list, feel free to submit it for consideration via creating an issue or pull request for this repository, or email it to me.

General Information

Title/Link Description
EFF FAQ on Reverse Engineering Legalities This FAQ details information that may help reverse engineers reduce their legal risk. Use this information as a guide, not actual legal advice.
Cheating in Online Games: Overview of Approaches and Consequences This Wikipedia page offers a good 10,000-foot view of the landscape of hacking online games.

Blog Posts, Articles, and Presentations

Title/Link Description
Hack.lu 2017: (Workshop) Reverse Engineering a MMORPG This workshop covers the basics of reverse engineering a (M)MORPG. The target is Pwn Adventure 3, an intentionally-vulnerable MMORPG developed by Vector35.
Hack the Vote 2016 CTF "The Wall" Solution A write-up for a 2016 CTF challenge involving the multiplayer, open source Minecraft clone, Minetest.
How to Hack an MMO An article from 2014 providing general insight into hacking an online game.
Reverse Engineering Online Games - Dragomon Hunter An in-depth tutorial showing how to reverse engineer online games via the game Dragomon Hunter.
Hacking/Exploiting/Cheating in Online Games (PDF) A presentation from 2013 that delves deeply into hacking online games, from defining terminology to providing code examples of specific hacks.
Hacking Online Games A presentation from 2012 discussing various aspects of hacking online games.
For 20 Years, This Man Has Survived Entirely by Hacking Online Games A hacker says he turned finding and exploiting flaws in popular MMO video games into a lucrative, full-time, job.
Hackers in Multiplayer Games A Reddit post discussing hacking in multiplayer games.
Reverse Engineering Network Protocols A very helpful comment from a Reddit post inquiring about reversing network protocols.
Deciphering MMORPG Protocol Encoding An informative discussion from a question on Stack Overflow.
Reverse Engineering of a Packet Encryption Function of a Game An informative discussion from a question on StackExchange.
Fuzzing Online Games This is the slide deck used for the DEFCON 20 talk linked in the videos section below. Click here for the main presentation page.
Kartograph (Game Hacking Tool) This is the slide deck used for the DEFCON 18 talk linked in the videos section below. Click here for the main presentation page, and click here for an extended version of this slide deck [Back-up Link].
Adding Multiplayer Functionality to Torchlight (A Single-Player, Closed-Source Game) Torchlight is chosen as a real-world target application for adding multiplayer functionality to the otherwise single-player, closed-source game.
Exploiting Game Engines for Fun and Profit This slide deck shows you methods to exploit game engines, effictively discovering attack vectors that will work across multiple games using the same engine.
How to Hack an MMO This is an old article, but a good cursory overview of some of what's involved in attacking an MMO game client.
Introduction to Server Side Emulation An old but still relevant document for those interested in building their own emulated server (useful for things like reintroducing multiplayer functionality into a dead game).
Reversing Path of Exile's Protocol A three-part series of blog posts detailing one individual's approach to reverse engineering Path of Exile's network protocol).

Videos

Title/Link Description
How to Hack Local Values in Browser-Based Games with Cheat Engine This video teaches you how to find and change local values (which might appear as server-based values) in browser-based games.
Reverse-Engineering a Proprietary Game Server with Erlang This talk details advantages Erlang has over other languages for reverse engineering protocols and analyzing client files. A live demo showcasing some of these tools and techniques is also given.
DEF CON 16: Gaming - The Next Overlooked Security Hole This talk discusses the growing number of attack vectors presenting themselves in the form of games, from engines to mods to middleware and more.
DEF CON 17: Fragging Game Servers From hardware interaction to network protocols, this talk presents the inner workings of the Source Dedicated Server (used for games like Left 4 Dead and Team Fortress 2). Also discussed are some of the weaknesses in these game engines, as well as ways they're exploited in the wild.
DEF CON 17: Subverting the World Of Warcraft API This talk discusses MMO hacks related to the World of Warcraft API.
DEF CON 18: Securing MMOs - A Security Professional's View from the Inside Gold farmers. Cheaters. Beleaguered programmers. All ingredients in a recipe for an unstable, fun-sapping game. This talk takes a look at the security problems plaguing the MMO industry and how modern engineers are taking the fight to cheaters and hackers in MMOs.
DEF CON 18: Kartograph - Applying Reverse Engineering Techniques to Map Hacking Using games like Civilization IV, Age of Empires III, and Anno as targets, this talk teaches memory forensic techniques you can use to hack online games. Be sure to watch the accompanying Kartograph demo video.
DEF CON 19: Hacking MMORPGs for Fun and Mostly Profit This talk presents a pragmatic view of both threats and defenses in relation to hacking online games.
DEF CON 20: Fuzzing Online Games This talk discusses interesting techniques you can consider using to fuzz online games.
DEF CON 23: Shall We Play A Game This talk shows how playing on custom game servers and community-created maps could easily lead to exploitive code execution on our machines that bypass mitigation techniques. Targets include CryEngine 3, Dota 2, Garry's Mod, ARMA3 and Digital Combat Simulator.
DEF CON 25 - Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits This presentation, presented by Manfred, technically analyzes some of the virtual economy-devastating, low-hanging-fruit exploits that are common in nearly every MMORPG released to date. Mirror 1
Motherboard Livestream Archive: Researcher Cracks Elder Scrolls Online, Dark Age of Camelot, and Wildstar Adrian Bednarek, better known as "Manfred", demonstrates the MMORPG hacks he wanted to show but couldn't during his DEF CON 25 presentation. This is a rare glimpse into the tools, thoughts, and approaches of a professional online game hacker!
Black Hat Europe 2014 - Next Level Cheating and Leveling Up Mitigations This presentation outlines two practical attacks against one of the most popular anti-cheat engines and demonstrates the implications of a successful attack against anti-cheat software.
Cyber Necromancy - Reverse Engineering Dead Protocols This presentation talks about bringing a multiplayer game whose servers have shut down, back to life. The game is Metal Gear Online on the PS2 and PS3.
32C3 - How Hackers Grind an MMORPG: By Taking it Apart! In this presentation, Runes of Magic, a long-dead MMORPG, is used to demonstrate how to reverse engineer network protocols.
ARMA 3 - Reverse Engineering on IDA Pro & Reclass 2015 A 45-minute tutorial demonstrating how to hack ARMA 3 using IDA Pro and ReClass.
Let's Play/Hack - Pwn Adventure 3: Pwnie Island A video series of 21 parts on hacking the intentionally vulnerable MMORPG Pwn Adventure 3.

Podcasts/Audio

Title/Link Description
Darknet Diaries Ep. 7: Manfred Part 1: Hacking Online Video Games for Fun "Manfred" has privately been hacking online games for the past 20 years. In this episode, he tells stories of some of the unbelievable ways he's hacked games--all in the name of fun.
Darknet Diaries Ep. 8: Manfred Part 2: Hacking Online Video Games for Profit "Manfred" found a way to turn his passion for video games and reverse engineering into a full time business. He exploited video games and sold virtual goods and currency for real money. This was his full time job. In this episode, he explains exactly how he did this.

Books

Title/Link Description
Game Hacking Game Hacking shows programmers how to dissect computer games and create bots.
Attacking Network Protocols Attacking Network Protocols is a deep-dive into network vulnerability discovery.
Practical Packet Analysis, 3rd Edition Practical Packet Analysis, 3rd Ed. teaches you how to use Wireshark for packet capture and analysis.
Exploiting Online Games: Cheating Massively Distributed Systems This book takes a close look at security problems associated with advanced, massively distributed software in relation to video games.

Online Game Hacking Forums

Title/Link Description
Guided Hacking Discussion of multiplayer and single-player game hacks and cheats.
UnKnoWnCheaTs Forum Discussion of multiplayer game hacks and cheats.
MPGH (Multi-Player Game Hacking) Forum Discussion of multiplayer game hacks and cheats.
ElitePVPers Discussion of MMO hacks, bots, cheats, guides and more.
OwnedCore An MMO gaming community for guides, exploits, trading, hacks, model editing, emulation servers, programs, bots and more.

Open Source and Safe-to-Hack Multiplayer Games

Title/Link Description
Pwn Adventure 2 A custom 3D MMOFPS based on the Unity game engine. The game includes several quests that are only solvable by modifying the game client.
Pwn Adventure 3: Pwnie Island A first-person, open-world MMORPG developed specifically to be hacked! You might also be interested in Pwn Adventure 2, which is Unity-based.
Minetest An open source, multiplayer voxel-based game and game engine. (A Minecraft clone, basically.)
Xonotic An open source, arena-style multiplayer FPS.
Nexuiz The open source, multiplayer FPS game Xonotic is based on.
AssaultCube An open source, multiplayer, FPS.
List of Open Source Games A large list on Wikipedia of open source games, both single-player and multiplayer.