Hacker News new | ask | show | jobs
by shalzuth 593 days ago
I wrote a short blog post about my thought process on how I reverse engineer video games and build tools that enable me to do security testing on them. It’s a bit brief on purpose, as reading the code is expected. Let me know your thoughts and what would make it better.
4 comments
Joel_Mckay 589 days ago
"build tools that enable me to do security testing on them"

I gather you write cheat exploits... and if public... eventually the players account/GPU/IMEI risks getting permanently banned/flagged.

It is always easier to break something, than to build something stable. People may focus resources on better content, game-play, and performance. Or play wack-a-mole with hostile Desktop/Mobile users...

Thus, some folks won't ever patch exploits... just shadow-ban the users running them...

Have a nice day =3

link
njbooher 589 days ago
As someone who does security testing for video game service backends, I benefit significantly from all the reverse engineering and tools the hobbyists and cheaters build, and always enjoy reading more stuff.
link
Joel_Mckay 582 days ago
Unfortunately, most security research boils down to 18/23 classes of problem that haven't changed in 30 years, or human behavior which hasn't significantly altered in thousands of years.

Indeed, the secure machines were not as popular as cheap consumer solutions, and despotic political posturing. =3

link
johnisgood 589 days ago
Yeah and you end up with one of the worst client-server architectures that RDR2 has.
link
Joel_Mckay 589 days ago
"client-server architectures"

Actually, public-key-signed object-p2p exchange systems allow for all sorts of fun. Even if people fiddle with the state exchange, the time+last_event indices can flag lag switchers, and signature audits detect memory patchers...

My point was, one doesn't need to lock the door if you own a alligator farm. =3

link
shipscode 590 days ago
Thanks for the write up! This is really interesting and a great piece of knowledge to have out there. Funnily it similar to mobile app reverse engineering workflows.
link
Levitating 590 days ago
I love the briefness of your post. Your code and method are clearly conveyed.
link
caporaltito 589 days ago
Very interesting
link