Hacking Games in a Hacked Game presented at Infiltrate 2015

by Jordan Wiens, Rusty Wagner,

Summary : For the last two years, the Ghost in the ShellCode Capture the Flag (CTF) has done something unique -- built a series of CTF challenges inside of a custom MMO. Given that many in security research got their start cracking software or hacking games, we thought it fitting to merge game hacking with more traditional CTF-style challenges. The first half of the talk covers the bigger picture perspective of both game hacking as well as the current state of the CTF scene. It turns out there's a surprising amount of back-and-forth between real-world research and CTF 'games' (and not always in the direction you'd expect). Additionally, as reverse engineering skills and toolsets develop, they're increasingly domain-specific. Much like exploits that are specific to a single target or family of targets, so too are interesting pockets of reverse engineering expertise being applied to specific problems. We'll cover some of the tools and techniques coming out of the game-hacking world as well as those coming out of the CTF scene that you might not be aware of. One particular tool, Binary Ninja was written by Rusty for CTFs for quick analysis and patching of binaries in attack-defense techniques, and has some of the best features of both IDA and a powerful hex editor to allow quick binary modifications when battling live opponents in an attack-defense CTF. We'll also focus on some of the specific hacks we were most entertained by during our two years of running an intentionally-hackable-MMO. These include custom wireshark dissectors, LD_PRELOAD hooking, custom DirectX overlays, and many others. The majority of the techniques were developed over the course of a weekend CTF and demonstrate the breadth of techniques available for run-time modification.