Reverse Engineering a (M)MORPG
This workshop will cover the basics of reverse engineering a (M)MORPG: * Reverse engineer the network protocol * Build a Wireshark disector * Build an asynchronous proxy (python) * Reverse engineer the binary to unveil secret * Reverse engineer the binary to find vulnerabilities * Patch the binary for hacks * Hook the library (Linux) for hacks
Most of the course material has been already published here: https://www.slideshare.net/AntoninBeaujeant/reverse-engineering-a-mmorpg
This workshop will cover the basics of reverse engineering a (M)MORPG (Pwn Adventure 3 from Vector35). While reversing a video game might not seem interesting for some security professionals, the techniques and methodologies we will cover are similar to what we see in a penetration test of a client-server application. Below is a summary of the different chapters:
Reverse Engineering Network Protocol: We will go through the methodology used to reverse engineering unknown binary protocol. Like most of RE task, it is based on the ability of the analyst to raise accurate assumption. Once the assumptions raised, we need to find a way to isolate the data and analyze the changes in the network traffic to identify where it is located. Once identified, we need to understand how the data is represented (integer, string, little-endian, etc).
Building Wireshark Parser: Now that we have reversed most of the network protocol, we will build a Wireshark dissector plugin in Lua. In the end, we will have a complete parser to analyze the custom protocol.
Asynchronous Proxy in Python: We will build an asynchronous proxy in python in order to intercept/inject the network traffic. We will be able to get any weapon, manipulate the spawn location, etc.
Reverse Engineering Binary: In the next part of the workshop, we will reverse engineering the client/server logic in order to highlight “secret” to finish quests and identify vulnerabilities in the game.
Binary Patching: We will manually patch the binary to become a Superman (running faster, jumping higher). We will then create a patcher in python with Capstone and Keystone.
Library Hooking: Finally, we will hook the library in order to hack the game “on the fly”.
Who should attend this training?
- Penetration testers
- Junior reverse engineers
- Reverse Engineering enthusiasts
This is a hands-on training where you will be asked to install tools (game, wireshark, python, libraries, etc). Therefore, if you would like to participate in the exercises, don’t forget to bring a laptop with administrative privileges and make sure you can install and play “Pwn Adventure 3” on you computer (Windows, macOs or Linux). The game is available here: http://pwnadventure.com.