Warning! This particular article is written purely for educational purposes and the author(s) has no intention to use the knowledge for any undoings.
We have all probably heard about e-Sports - how playing PC / Console games is now a professional occupation, so just a thought that it might be worthwhile to write an article about game hacking/tweaking which is a fun piece of nerdy knowledge that I've learnt since High School. Who knows if there might be implications for this in the future ?
Applications uses RAM / Memory to store data variables - You can access and manipulate these data in realtime.
In this article we will attempt to "hack" applications / data that runs locally on our PCs. To understand this better here's a quick summary of how Apps / RAM works:
Say you've started a Game application on your PC. OS has allocated a chunk of memory addresses for it. We can have another program (with sufficient system accesses + codes to communicate with OS) that access and modify data stored under these memory addresses.
Lets find a simple Browser-based game to try this out.
Browser-based game - Alien Complex
Most Web Browser games actually runs locally the PC. Here's a link to the game. We will try and hack this simple Top-down shooting game.
The hacking software we use here is Cheat Engine, a popular free software with functions to access/modify memory addresses for running Apps. It is commonly used for cheating in PC games =)
After installation, the first step is to select the application you want to manipulate. Firefox runs Flash games in a "plugin-container process", so we "select" this process from Cheat Engine.
Memory scanning - Locate correct memory address.
Now lets try to manipulate the Ammo for the Gun in the game. On the bottom-right-hand corner of screen, it says there are 28 ammos left. So how does Cheat Engine "CE" locate the Memory address holding the value "28" ?
One of the crucial function is Memory Scanning, which does this: "Given all the memory addresses for the App, please help to locate address holding value of 28"
73,630 addresses were found holding value 28, we wouldn't know which is the real address for the Ammo variable.
CE allows you to make immediate changes to the value on the address. We can guess and make some changes, but randomly changing addresses may Crash the application!.
CE has a cool function to keep track of address values over time. So in theory, when Ammo value changes, addresses that does not follow the delta can be ignored. End result is leaving the only 1 correct address representing the Ammo value.
With the memory address located for the Ammo value, we can manipulate the value and cheat on the game! Check out the following video. We gave it a value of 100 and locking it.. In game, shooting will make it drop the 99 but not any further.
Interesting Fact to NoteWhy does it show 99 on screen, but not 100 ?? This is probably because of game code sequence:
In summary we have seen how local memory data can be easily hacked. It is important to that in all software solutions, we must safeguard sensitive information stored locally. There are obfuscation coding and encryption methodologies to mask variables and prevent memory scans. These techniques comes with computation / performance cost, but for critical applications security is way more important.