Confidence - (25-26.05 2010 Krakow)
Language: polski | engish

Michal Wiczynski

Michal “Wheelq Troublemaker” Wiczynski – all types of security hobbyist; Monthy Python’s fan

Topic of Presentation: Hacking games for fun and profits

Language: English

Abstract: The aim of this presentation is to show both sides of the games mirror. We plan to present how a user can hack flash on-lines games in which authors set up real prices for winners (cash, geek gifts etc). As an example we are going to present couple of online games that we were able to hack into. Some of them are free of charge, and in some of them we could win a prize. So we will show how to change the score values in order to win the prize. We will also show, how hard it’s to make the games safer than they are.

Moving to the fun part, we will show how to apply simple game memory modification in order to increase player stats/cash/ammo etc. Moving along we want to present a view that standalone games, written in native languages are nothing more but regular applications which we can exploit in variety of ways, for example searching for well known vulnerabilities like buffer overflows and crafting own shellcodes.

The final part of the talk will be dedicated to gaining various profits from using games as an attack vector. We will show how ‘lazy Friday’ at corporate environment can be exploited by malicious worker, in order to gain his/her evil goals. ‘Lazy Friday’ is a catchphrase describing day on which users try to have some fun playing flash games during working hours on miniclip/joemoster etc … As one of examples we will also present how an after work activity such as game party can end with domain credentials leakage.