Exploiting Online Games Review

| | Comments (0)
Publisher: Pearson Education
Authors: Greg Hoglund and Gary McGraw

Details: Paperback, 329 pages

"MMORPGs are made of very sophisticated software built around a massively distributed client-server architecture. Because these games push the limits of software technology... they are particularly interesting as a case study in software security. In fact, MMORPGs are a harbinger of technical software security issues to come."

Kyle Ackerman

Popular massively multiplayer online games regularly ban tens of thousands of accounts for cheating – for exploits that give certain players an unfair advantage, let them steal account information, harvest resources for real-world sales or just ruin the experience for others. The most dangerous hackers, however, are presumably undetected and unbanned. Whether you're a game programmer looking to brush up on your security skills, a student eager to learn about the security issues that online games face or simply an avid gamer wondering how people manage to cheat the system, Exploiting Online Games will give you an overview of how hackers do what they do, explaining the basics that have led to everything from all those Stones of Jordan in Diablo II to the aimbots in first-person shooters and the speed hacks that nearly every MMOG has suffered through.

Of course, the issue of exploits isn't just a matter of other players being able to see through walls. Large MMOGs like World of Warcraft aren't just big business for game companies. Despite terms of service to the contrary, these games are sometimes populated by millions of players, and are a very easy place to convert ill-gotten digital assets into real-world cash. To give game developers the tools to deal with exploits, Exploiting Online Games provides an overview of those exploits, complete with plenty of specific examples.

A Code and a Counter for Every Approach

Keep in mind that while cheats and exploits can be exceptionally technologically sophisticated, they don't have to be. The authors point out that all it takes to cheat in online poker is a friend and a phone. In the same vein, someone who watches you type in your account password on your computer can steal that account as easily as a packet sniffer. Exploiting Online Games comprehensively and comprehensibly takes readers through the full gamut of exploits, ranging from basic social engineering through injecting DLLs.

There are superb examples of how hackers operate on every level. The chapter on exploiting bugs and other systemic exploits cover code exploits, but also note the types of cheats that many players use without necessarily being conscious of their own exploits. For example, players take advantage of pathing bugs to strike at monsters where the player can't be harmed or rely on services like Thottbot that are, effectively, a tolerated exploit that tracks the locations of in-game objects. The book also reports on exploits of billing systems that use the realities of such systems to allow players to access games for free.

I particularly enjoyed the book's occasional "White Hat Corner" and "Black Hat Corner" moments that give specific examples from the perspective of friendly and hostile hackers. Along those lines, it should be mentioned that Greg Hoglund, one of the authors, is credited with bringing the Warden (the World of Warcraft program that searches a client PC for cheats) to the attention of the player community, and also created the Governor (a program that tracks the Warden's activities).

Less EULA, More Macros

The book feels a little out of its depth when it gets into issues of End-User License Agreements, the Digital Millenium Copyright Act and copyright law. The authors clearly have a chip on their shoulders concerning EULAs, and I can't blame them, as all software users should be aware of the broad reach claimed by EULAs. The authors are correct to raise the alarm, but these sections stray excessively from the core purpose of the book, covering material that would be better left for another text or the Electronic Frontier Foundation's site. But to be fair, the authors are only trying to give an overview of these issues, and quickly return to their strong emphasis on building and breaking game code.

The second half of Exploiting Online Games is where the book really shines, offering extensive and specific examples of code to implement (and potentially counter) game exploits. A long section details the construction of bots that play the game for you, with other sections that discuss how to emulate game servers and hack the game client. The book even goes into great detail concerning reverse engineering and the approaches companies take to try to prevent such reverse engineering.

Exploiting Online Games focuses heavily on World of Warcraft because it is the big MMOG on the block, but the text implies that both authors are also fans and players. Still, it's a fascinating read for anyone with a modicum of technical expertise, covering issues broadly applicable to online games. It's a must-read for anyone building an online game or, more importantly, protecting an online game from those who would ruin everyone's experience for personal gain.

Leave a comment

About this Entry

This page contains a single entry by Editor published on August 2, 2007 10:55 PM.

Sword of the New World: Granado Espada Review was the previous entry.

Spyglass Boardgames Review is the next entry.

Find recent content on the main index or look in the archives to find all content.


Add to Technorati Favorites