Cheating protection in MMO games

In Uncategorized

Cheating in games is probably as old as games themselves. That’s certainly the case in computer gaming: Some may remember the time spent inserting POKES – Instructions that allowed us to modify the memory on our old SPECTRUM computers in order to gain infinite lives, invulnerability or other advantages in a game.

Protection against cheats has never been implemented in computer games before: The first protections that emerged, such as TURBO LOAD or ANTIDEBUG, were intended to stop piracy or hinder reverse engineering, but never tried to protect computer games against cheats. Moreover, many games already included the cheats as a feature started by pressing certain key combination.

Cheating, therefore, was not a problem for game developers, until the appearance of the INTERNET and ONLINE gaming. Cheating in MMO games could destabilize the virtual world in which the game takes place, and can be a huge problem.

In MMO games players face each other. They also have to surpass a number of challenges placed in the virtual world. All this increases their level, money or other virtual goods. All of this represents the effort invested by the player, the hours spent on the game, and therefore have a real value outside the virtual world.

Proof of this is that there are sites selling virtual goods in exchange of real money. Some of these busineses obtain virtual goods from compromised game accounts: Using MALWARE to capture user credentials all around the world and then accessing their accounts to steal the virtual money.

MALWARE analyzed at S21SEC LABS which was originally designed to attack online banking customers, started to include the ability to capture not only banking credentials, but also credentials used in MMO games.

Furthermore the gamers have an interest themselves. MMO games have a growing acceptance. Reaching over 11 million subscribers playing WORLD OF WARCRAFT posibly the most popular and prominent MMO… and gamers take the game very seriously.

In WORLD OF WARCRAFT, as in other MMO games, players have to invest many hours and lots of effort in order to gain certain virtual goods. Players consider that having such items is somehow a synonym of a certain status inside of the game.

As we see this is a fertile field for cheating. Failing to protect against cheats may render the whole project to failure. There is the need for some form of protection. [1]

The first and main point in security against cheating is certainly a good game design that prevents the player from misrepresenting the virtual world. In secure programming the rule number one is to “never rely on user input”; The same applied to an MMO design means that all records and calculations should always be server side, in order to avoid manipulation.

Even a basic calculation such as to determine the player position can’t be left to the client: By modifying these computations a player could gain teleport ability inside the game, or for instance the ability to run faster than others.

On the other side we can find the game client, used by players to connect to the game servers and participate. It is available to everyone including HACKERS, and can be analyzed to find ways to break its security.

Cheats on the client side can be of several forms, lets see a few:

[*] WALLHACKING [2]A usual trick used to modify the properties of walls in the game, allowing the cheater to see or pass through them, thus gaining an unfair advantage over other players.

[*] BOTS [3]These are external programs that allow the cheater to automate certain activities in the game. In this way a player can reach achievements and gain virtual goods in the game in an unattended manner.

Messing with the system clock or artificially producing LAG over the network connection are tricks that allow cheaters to change the way others see them inside the game: The target moves faster, or slower, with delayed animations and jumps.

This attack uses a stand alone SOFTWARE which directly connects to the game servers and manipulates them without having to run the original game client. Reverse engineering allows the HACKERS to uncover the communication protocol used between the server and client. This is used to produce a piece of SOFTWARE which is able to connect to the game servers as the original game client does, but which is able to perform not allowed or not controlled actions over the server, giving rise to a whole new series of problems.

There are many other types of cheats, all of them are interesting to study. As interesting as the different techniques and security measures implemented by MMO developers on theirs products in order to protect themselves against them:

This is used to prevent the game from being modified in memory by external programs. The implementation may involve monitoring functions such as WRITEPROCESSMEMORY or using checksums over certain memory areas.

As always, used in order to difficult reverse engineering.

Encryption of everything that’s posible; From the communication between client and server to the game files on disk.

To avoid injection of keystrokes or mouse events in the game from external programs, as those used by BOTS.

Some cheat protection engines are able to enumerate running processes, or list the titles of all windows opened on the desktop. This is used to detect the presence of the most common cheating programs, by either finding their process or their window. In the past this kind of scans caused problems and complaints surrounding the user rights and freedoms [4].

Some of the most advanced engines are even able to detect the MALWARE used by HACKERS to capture game credentials. The code used by these engines is updated every time the player connects to the game server, varying in each run (polymorphic) and even allowing to perform scans on request from the server side, possibly as a response to some sort of alert [5].

All this shows the importance of security in MMO games, which grows as the gaming community does. We have seen how the need to protect games against cheating has led to a specific technology, similar to the one used by ANTIVIRUS software or ROOTKIT detectors.

Some well-known cheat protection engines are:





External references:






Oscar Gallego Sendín
S21sec e-crime

Recommended Posts
Showing 2 comments

Leave a Comment