Summary
Game Hacking Fundamentals aims to introduce the tools and essential techniques used while hacking video games.
The module starts by covering theories on approaching game hacking and an introduction to the de facto standard Game Hacking toolkit, Cheat Engine. The second section covers a lot about video games in memory and how to find and modify game values, the most common approach to Game Hacking. The third section will look at identifying data structures in memory and using them to identify related data in memory. The fourth and final section will look at debugging a video game, as well as changing how the video game functions at a core level.
Overall outcomes from the module:
- How to formulate an approach to a target and execute a series of actions to achieve a goal
- Understanding how video games and programs exist in program memory and how to locate and modify values to affect the game
- How to debug a video game and inject your own code
- How to identify a data structure in memory as well as how to dissect the data structure
Important Requirements:
- This module is paired with a video game; you
will require
a laptop or a desktop computer with a GPU (Graphics Card). TheIntel HD 4600
,AMD HD 6570
orGeForce 9600GT
should be considered the bare minimum to get playable performance out of the game. You can try resizing the game to smaller dimensions if you are experiencing crippling performance. - If you want to run it in a Virtual Machine, VMWare Player is preferred over VirtualBox for Virtualization on Windows and Linux and Parallels on ARM Macs. Be sure to enable
GPU Acceleration
in the VM settings where applicable.
The Intro to Assembly Language Module is an incredible module. Before embarking on this module, we highly recommend going through that module to understand what assembly is and how programs function at a low level. If you dont want to do the whole module, we recommend giving a quick read through the Registers
part in the Registers, Addresses, and Data Types section, as well as the Basic Instructions and Control Instructions sections. You do not need to understand how to code in assembly, but understanding what registers are and how the assembly instruction set functions will be critical to the Game Hacking process.
Introduction
A new type of content for HackTheBox (HTB) Academy, the big question that many of you might ask is, "Why Game Hacking?". The simple answer is that it is a highly accessible pathway into the world of information security. The more detailed explanation is that there is an incredible amount of overlap between techniques, information and tools you are exposed to via Game Hacking and the far more intimidating infosec world. Because of this goal, these modules will focus on specific techniques and tools that apply to infosec and will not be a general 'how-to hack video games' path.
A great example is utilising memory searching techniques to look for a health value in a video game. Once you find it, you can modify it to become immortal, for instance. Extrapolate the same technique to find unprotected flags in HTB challenges, leading to a possible unintended method for solving them. Looking at a real-world example, how about extracting privileged information from memory, such as passwords or credit card information?
How about intercepting and modifying data sent between a video game and a server using an extremely well-known tool, Burp Suite, using the same techniques that will be used when pen-testing virtually every website?
Those are the types of overlaps we are talking about. What you learn from these modules will stand you in good stead when moving into the wider world of information security.
This, and future modules, will focus heavily on the Windows Operating System. Windows has, by far, the most mature and established Game Hacking environment and still dominates the PC gaming market by OS share. The games provided with each module and/or section should be runnable within a virtual machine if Windows is not your primary operating system.
It should be noted that there are a few requirements
though:
-
You will require a laptop or a desktop computer with a GPU (Graphics Card). The Intel HD 4600 Integrated Graphics, AMD HD 6570 or GeForce 9600GT should be considered the bare minimum to get playable performance out of the game. You can try resizing the game to smaller dimensions if you are experiencing crippling performance, by grabbing and dragging the corners of the running process.
-
If you want to run it in a Virtual Machine, VMWare Player is preferred over VirtualBox for Virtualization on Windows and Linux and Parallels on ARM Macs. Be sure to
enable GPU Acceleration
in the VM settings where applicable and installVMWare Tools
if using VMWare Player.
What is Game Hacking
Game hacking is a process that involves modifying a game's code, data, or mechanics to gain an unfair advantage over other players or to access content that is not ordinarily available. While some people engage in game hacking for fun or as a hobby, others use it to cheat and gain an advantage in online multiplayer games, which can ruin the experience for other players.
This can include cheating tools such as aimbots, wallhacks, and speed hacks, which allow players to automatically aim at opponents, see through walls or move faster than expected. Other forms of game hacking may involve modifying the game's code to create custom mods or to remove limitations imposed by the game's developers.
Game hacking can be considered a subset of information security (infosec), specifically in offensive security or "red teaming." In this context, game hacking is used to identify vulnerabilities in a game's code and can help game developers improve the security of their software.
In addition, some game developers employ security experts to help identify and prevent cheating in their games, which can be seen as information security. Furthermore, as online gaming becomes increasingly popular, game hacking can significantly threaten the security and privacy of players' personal information.
Therefore, game hacking is one aspect of the broader field of information security, as it involves identifying and exploiting vulnerabilities in software systems.