This talk (based on a book of the same title co-authored by Greg Hoglund) frankly describes controversial security issues surrounding MMORPGs such as World of Warcraft. This no-holds-barred approach is fully loaded with code examples, debuggers, bots, and hacks, of interest whether you are a gamer, a game developer, a software security person, or an interested bystander.
It's illegal to crack, but it's not illegal to cheat. This is largely because the law is so woefully behind the online world.
Software companies know that the law is behind, so they try to stuff onerous things in EULAs.
Blizzard's EULA allow monitoring. Their agent is called the Warden. The Governor was written to control the Warden.
Somebody wrote a virus. It had a EULA. Many, many people authorized it.
Some guy in China was playing a game. In the game world, he had a sword he really liked. He let his friend play the game while he went to the store. His friend sold his sword. When he returned from the store, he killed his friend. He's now serving a life sentance in Shanghai.
There is real crime in online games—there are people who do nothing but run around and take other people's stuff. In other words, just like in real life, there are virtual thieves.
One guy found a dupe bug in Star Wars Galaxies. He made $700,000 using it. He lives in Canda. He built a house with the profits. If you go to his house, and ring his doorbell, and it plays the Star Wars theme.
If you find an exploit, document it well, and sell it to the gold farmers, you can make a lot of money—on the order of $10k to $20k for a single exploit.
Some games allow you to write macros; some don't. Some people think that macros are cheating; some don't.
MMORGs have monitors to look for obvious bots. So, unless your bot can pass the Turing test, it'll be really easy to catch. One guy actually wrote an SMS interface into his bot so that it would relay questions from a monitor to him via his mobile phone, and reply to the monitor with his SMS replies.
The first technique was thead hijacking, but any non-lame games will detect these hacks almost instantly nowadays.
The state of the art for rootkit hacking has been pushed significantly—injection techniques now use hardware breakpoints, that trap to cloaked code, perform injections, re-cloak, and then execute a hardware resume.
Software developers need to learn to think like attackers when they're designing their products. Good software security requires a white hat and black hat, 'cause if you don't have an evil bone, you're not going to be able to anticipate how black hats think.
look at www.cigital.com/justiceleague
no-nosense monthly security column by Gary McGraw
Gary really likes the Security & Privacy magazine. Gary does a podcast for them called The Silver Bullet. His Exploiting Online Games book comes out in July.
Here's a simple network-based attack: IM somebody while you're fighting them. This gives you their IP address, which you can then DoS to lag them out and kill them.
It might work for a while, but there's no way to prevent a process from being able to discover that it's virtualized.
You can go to the index of my Usenix notes.