SlideShare uma empresa Scribd logo

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

Transferir como PPTX, PDF
Jessica Tams
Jessica Tams

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

Software
1 de 21
Defense Against the Dark Arts of Mobile Game Hacking James Ahn Founder and CEO INKA Entworks, Inc.
About Me • Founder and CEO of INKA Entworks • 17+ Years contents security experts • Inventor of DRM interoperability • Worked as board member of DMP • CEO of AppSealing service 2
About INKA and AppSealing • Founded in 2000, HQ in Seoul and office in Mumbai and USA (2018) • Leading DRM tech. company with 200+ clients and partners worldwide • AppSealing : subsidiary launched 2015, providing mobile app security SaaS • Currently 100+ mobile games being protected 3
Today we will discuss 1. Landscape of Mobile Game Black Ecosystem and its impact 2. Hacking technologies 3. Technical guidance to prevent hacking 4
Mobile Game Black Ecosystem • Cheating app developers/publishers • 100+ cheating apps being used • 80% from China • Professional hacking service • On-demand modding service (VIP) • Repository for modded games • In-game currency hacking service • Copycat/Clone games 5
Modding Service 6 On Demand Repository Service • On-demand modding • Paid service (20-30$) • modded games repository • Free download Business Model • Monthly subscription • Online Ad • Free to download • Online Ad Providers • androidrepublic.org (226 modded games) • sbenny.com • androidthaimod.com • ACMarket • Hackerbot • Modsapk.com (3,695 games) • revdl.com • modapkdown.com • apkdlmod.com • apklover.net
In-Game Currency Hacking Service • Process • Access mobile url • Name/email • Start hacking • Human authorization • Mobile games download • No rooting needed • BM : Ad based service • Providers • cheatmyway.com • apkcare.com • cheatstrick.com 7
Copycat/Clone Games : Clash Royale 8
Copycat/Clone Games : Lilith vs uCool 9
Hacked Western Game in China 10 360 Mobile Assistant Games Front Page Source: Oniix
Hacking Preference by Genre 11 Source: AppSealing.com
Top 10 Cheating Tools 12 Source: AppSealing.com
Hacking Methods 13 Source: AppSealing.com
Damage Of Mobile Game Black Ecosystem • Game balance disruption • Lost monetization • Lowered ratings & downloads • Exodus of free & paying users • Shortened game lifecycle • Competition with copycat/clone games 14
Results of Anti-Hacking Incorporation 15 RPG RPG RPG RPG Action Casual Shooting Casual Casual RPG ActionRPG Source: AppSealing.com
How Mobile Games Are Hacked 16 Start Run game Debugging Analyze action and log message Alter code and make mod Analyze code Dump memory Hook API DecompilingUnpack APK
Reversing Tools (Decompile & Tampering) 17 JADX-GUI JD-GUI DEX (or JAVA) dnSpy .NET Reflector (/w reflexil) ILSpy DLL (or IL) IDA (/w Hex-Rays) Shared Object APK Unpack/Pack APKTool
Defending Against Hacking and Cheating Tools • Anti-debugging and anti-tampering • Compiling option to hide symbols • Check APK signature/hash value of “classes.dex”, native libraries • Obfuscation • Proguard, Dexguard, Crypto obfuscator etc., • Obfuscation can be reversed • Hide value/data of variables • Encode data with base64 • Separate variables into “for store” and “for display” • Encrypt data on the device • Best practice is not to store data on the device • If needed, encrypt data stored on the device • Cheating Tools • Set blacklist of cheating tools, and detect while game is running • Use HTTPS for server and client communication 18
Google’s Guidance • Best practice for secure IAB from Google • http://developer.android.com/google/play/billing/billing_best_practices.html • LVL (Licensing Verification Library) • https://developer.android.com/google/play/licensing/index.html 19
Summary • Legitimate (especially paying) players prefer fair competition • Hacking is not only a matter of revenue loss but affects entire life cycle of the game • User acquisition cost VS Hacking prevention cost • Basic anti-hacking technical measures help somewhat • Consider a robust professional app security solution 20
21 Thank you ! James Ahn (james@inka.co.kr) CEO/ INKA Entworks, AppSealing https://www.appsealing.com

Recomendados

Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
Michel Schudel
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Jeff Horwitz
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
Julien Pivotto
 
Integration using Apache Camel and Groovy
Integration using Apache Camel and GroovyIntegration using Apache Camel and Groovy
Integration using Apache Camel and Groovy
Claus Ibsen
 
JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
snyff
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
Amazon Web Services
 
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitInfrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Amazon Web Services
 

Recomendados

Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
Michel Schudel
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Jeff Horwitz
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
Julien Pivotto
 
Integration using Apache Camel and Groovy
Integration using Apache Camel and GroovyIntegration using Apache Camel and Groovy
Integration using Apache Camel and Groovy
Claus Ibsen
 
JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
snyff
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
Amazon Web Services
 
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitInfrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Amazon Web Services
 
Best Practices for Certificate Management
Best Practices for Certificate ManagementBest Practices for Certificate Management
Best Practices for Certificate Management
AppViewX
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 
[AWS Builders] 클라우드 비용, 어떻게 줄일 수 있을까?
[AWS Builders] 클라우드 비용, 어떻게 줄일 수 있을까?[AWS Builders] 클라우드 비용, 어떻게 줄일 수 있을까?
[AWS Builders] 클라우드 비용, 어떻게 줄일 수 있을까?
Amazon Web Services Korea
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
Chris Mague
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
Shiu-Fun Poon
 
Goroutine stack and local variable allocation in Go
Goroutine stack and local variable allocation in GoGoroutine stack and local variable allocation in Go
Goroutine stack and local variable allocation in Go
Yu-Shuan Hsieh
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
Anthony Ikeda
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
Denis Kolegov
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
Alex Schoof
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
Cigital
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
Michael Boelen
 
Gateway deepdive
Gateway deepdiveGateway deepdive
Gateway deepdive
Shiu-Fun Poon
 
AWS CDK introduction
AWS CDK introductionAWS CDK introduction
AWS CDK introduction
leo lapworth
 
AWS 신규 데이터 분석 서비스 - QuickSight, Kinesis Firehose 등 (양승도) :: re:Invent re:Cap ...
AWS 신규 데이터 분석 서비스 - QuickSight, Kinesis Firehose 등 (양승도) :: re:Invent re:Cap ...AWS 신규 데이터 분석 서비스 - QuickSight, Kinesis Firehose 등 (양승도) :: re:Invent re:Cap ...
AWS 신규 데이터 분석 서비스 - QuickSight, Kinesis Firehose 등 (양승도) :: re:Invent re:Cap ...
Amazon Web Services Korea
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Jannis Kirschner
 
DevSecOps - Workshop do Bem
DevSecOps - Workshop do BemDevSecOps - Workshop do Bem
DevSecOps - Workshop do Bem
Bruno Dantas
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
Sophos Benelux
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
ClubHack
 

Mais conteúdo relacionado

Mais procurados

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
Michael Boelen
 

Mais procurados (20)

Best Practices for Certificate Management
Best Practices for Certificate ManagementBest Practices for Certificate Management
Best Practices for Certificate Management
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
 
[AWS Builders] 클라우드 비용, 어떻게 줄일 수 있을까?
[AWS Builders] 클라우드 비용, 어떻게 줄일 수 있을까?[AWS Builders] 클라우드 비용, 어떻게 줄일 수 있을까?
[AWS Builders] 클라우드 비용, 어떻게 줄일 수 있을까?
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
Goroutine stack and local variable allocation in Go
Goroutine stack and local variable allocation in GoGoroutine stack and local variable allocation in Go
Goroutine stack and local variable allocation in Go
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
 
Gateway deepdive
Gateway deepdiveGateway deepdive
Gateway deepdive
 
AWS CDK introduction
AWS CDK introductionAWS CDK introduction
AWS CDK introduction
 
AWS 신규 데이터 분석 서비스 - QuickSight, Kinesis Firehose 등 (양승도) :: re:Invent re:Cap ...
AWS 신규 데이터 분석 서비스 - QuickSight, Kinesis Firehose 등 (양승도) :: re:Invent re:Cap ...AWS 신규 데이터 분석 서비스 - QuickSight, Kinesis Firehose 등 (양승도) :: re:Invent re:Cap ...
AWS 신규 데이터 분석 서비스 - QuickSight, Kinesis Firehose 등 (양승도) :: re:Invent re:Cap ...
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
DevSecOps - Workshop do Bem
DevSecOps - Workshop do BemDevSecOps - Workshop do Bem
DevSecOps - Workshop do Bem
 

Semelhante a Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Shakacon
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
apps4allru
 
(ISC)2 Kamprianis - Mobile Security
(ISC)2 Kamprianis - Mobile Security(ISC)2 Kamprianis - Mobile Security
(ISC)2 Kamprianis - Mobile Security
Michalis Kamprianis
 
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
CODE BLUE
 

Semelhante a Mobile Game Hacking: Defense Against the Dark Arts | James Ahn (20)

Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
DevCon Summit 2014 #DevelopersUnitePH: Klab Cyscorpions
DevCon Summit 2014 #DevelopersUnitePH: Klab CyscorpionsDevCon Summit 2014 #DevelopersUnitePH: Klab Cyscorpions
DevCon Summit 2014 #DevelopersUnitePH: Klab Cyscorpions
 
Cracking the Mobile Application Code
Cracking the Mobile Application CodeCracking the Mobile Application Code
Cracking the Mobile Application Code
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 
Cracking the mobile application code
Cracking the mobile application codeCracking the mobile application code
Cracking the mobile application code
 
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
 
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhones
 
The art of android hacking
The art of android hackingThe art of android hacking
The art of android hacking
 
The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)The art of android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)
 
(ISC)2 Kamprianis - Mobile Security
(ISC)2 Kamprianis - Mobile Security(ISC)2 Kamprianis - Mobile Security
(ISC)2 Kamprianis - Mobile Security
 
Resume_Sharvani
Resume_SharvaniResume_Sharvani
Resume_Sharvani
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...
 
Say hello to the new PlayFab!
Say hello to the new PlayFab!Say hello to the new PlayFab!
Say hello to the new PlayFab!
 

Mais de Jessica Tams

Mais de Jessica Tams (20)

You Only Pitch Once – Getting Game Pitches Right The First Time | Gregan Dunn
You Only Pitch Once – Getting Game Pitches Right The First Time | Gregan DunnYou Only Pitch Once – Getting Game Pitches Right The First Time | Gregan Dunn
You Only Pitch Once – Getting Game Pitches Right The First Time | Gregan Dunn
 
Insights You Need to Win in Mobile Gaming | Herman Lee
Insights You Need to Win in Mobile Gaming | Herman LeeInsights You Need to Win in Mobile Gaming | Herman Lee
Insights You Need to Win in Mobile Gaming | Herman Lee
 
Zero to 60: Building A Successful Games Studio Within A Hollywood Media Compa...
Zero to 60: Building A Successful Games Studio Within A Hollywood Media Compa...Zero to 60: Building A Successful Games Studio Within A Hollywood Media Compa...
Zero to 60: Building A Successful Games Studio Within A Hollywood Media Compa...
 
Succeeding in the Maturing Mobile Gaming Market | Tuyen Nguyen, Owen O’Donoghue
Succeeding in the Maturing Mobile Gaming Market | Tuyen Nguyen, Owen O’DonoghueSucceeding in the Maturing Mobile Gaming Market | Tuyen Nguyen, Owen O’Donoghue
Succeeding in the Maturing Mobile Gaming Market | Tuyen Nguyen, Owen O’Donoghue
 
Staying on Top of Your Game: Engaging and Converting Players in an Evolving L...
Staying on Top of Your Game: Engaging and Converting Players in an Evolving L...Staying on Top of Your Game: Engaging and Converting Players in an Evolving L...
Staying on Top of Your Game: Engaging and Converting Players in an Evolving L...
 
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
 
The rise of the regulators | Paul Gardner
The rise of the regulators | Paul GardnerThe rise of the regulators | Paul Gardner
The rise of the regulators | Paul Gardner
 
Why the Games Industry Needs Initiatives Like Putting The G Into Gaming | Liz...
Why the Games Industry Needs Initiatives Like Putting The G Into Gaming | Liz...Why the Games Industry Needs Initiatives Like Putting The G Into Gaming | Liz...
Why the Games Industry Needs Initiatives Like Putting The G Into Gaming | Liz...
 
Epic Team Principles | Roman Zorin
Epic Team Principles | Roman ZorinEpic Team Principles | Roman Zorin
Epic Team Principles | Roman Zorin
 
10 Years of Angry Birds | Stephen Porter
10 Years of Angry Birds | Stephen Porter10 Years of Angry Birds | Stephen Porter
10 Years of Angry Birds | Stephen Porter
 
Game Changers: Three Business Disruptions Upon Us | Eric Goldberg
Game Changers: Three Business Disruptions Upon Us | Eric GoldbergGame Changers: Three Business Disruptions Upon Us | Eric Goldberg
Game Changers: Three Business Disruptions Upon Us | Eric Goldberg
 
Understanding Mobile Game Players | Saad Hameed
Understanding Mobile Game Players | Saad HameedUnderstanding Mobile Game Players | Saad Hameed
Understanding Mobile Game Players | Saad Hameed
 
Soft Launch Planning and Management | Dylan Tredrea
Soft Launch Planning and Management | Dylan TredreaSoft Launch Planning and Management | Dylan Tredrea
Soft Launch Planning and Management | Dylan Tredrea
 
1 Million Years of Audience Watch Time | James Beaven
1 Million Years of Audience Watch Time | James Beaven1 Million Years of Audience Watch Time | James Beaven
1 Million Years of Audience Watch Time | James Beaven
 
Accessible Reality | Trevor Blom
Accessible Reality | Trevor BlomAccessible Reality | Trevor Blom
Accessible Reality | Trevor Blom
 
Maximizing App Monetization: 5 Uncommon Tips | Rémy Cottin
Maximizing App Monetization: 5 Uncommon Tips | Rémy CottinMaximizing App Monetization: 5 Uncommon Tips | Rémy Cottin
Maximizing App Monetization: 5 Uncommon Tips | Rémy Cottin
 
Do You Have What it Takes? What VCs are Looking For in Esports Investments | ...
Do You Have What it Takes? What VCs are Looking For in Esports Investments | ...Do You Have What it Takes? What VCs are Looking For in Esports Investments | ...
Do You Have What it Takes? What VCs are Looking For in Esports Investments | ...
 
Commercial and Contractual Stability in Esports | Adam Whyte
Commercial and Contractual Stability in Esports | Adam WhyteCommercial and Contractual Stability in Esports | Adam Whyte
Commercial and Contractual Stability in Esports | Adam Whyte
 
Playtika's growth by change | Boaz Levin
Playtika's growth by change | Boaz LevinPlaytika's growth by change | Boaz Levin
Playtika's growth by change | Boaz Levin
 
Only the Best is Good Enough: How LEGO is Transforming its Approach to Videog...
Only the Best is Good Enough: How LEGO is Transforming its Approach to Videog...Only the Best is Good Enough: How LEGO is Transforming its Approach to Videog...
Only the Best is Good Enough: How LEGO is Transforming its Approach to Videog...
 

Último

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Último (20)

WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

  • 1. Defense Against the Dark Arts of Mobile Game Hacking James Ahn Founder and CEO INKA Entworks, Inc.
  • 2. About Me • Founder and CEO of INKA Entworks • 17+ Years contents security experts • Inventor of DRM interoperability • Worked as board member of DMP • CEO of AppSealing service 2
  • 3. About INKA and AppSealing • Founded in 2000, HQ in Seoul and office in Mumbai and USA (2018) • Leading DRM tech. company with 200+ clients and partners worldwide • AppSealing : subsidiary launched 2015, providing mobile app security SaaS • Currently 100+ mobile games being protected 3
  • 4. Today we will discuss 1. Landscape of Mobile Game Black Ecosystem and its impact 2. Hacking technologies 3. Technical guidance to prevent hacking 4
  • 5. Mobile Game Black Ecosystem • Cheating app developers/publishers • 100+ cheating apps being used • 80% from China • Professional hacking service • On-demand modding service (VIP) • Repository for modded games • In-game currency hacking service • Copycat/Clone games 5
  • 6. Modding Service 6 On Demand Repository Service • On-demand modding • Paid service (20-30$) • modded games repository • Free download Business Model • Monthly subscription • Online Ad • Free to download • Online Ad Providers • androidrepublic.org (226 modded games) • sbenny.com • androidthaimod.com • ACMarket • Hackerbot • Modsapk.com (3,695 games) • revdl.com • modapkdown.com • apkdlmod.com • apklover.net
  • 7. In-Game Currency Hacking Service • Process • Access mobile url • Name/email • Start hacking • Human authorization • Mobile games download • No rooting needed • BM : Ad based service • Providers • cheatmyway.com • apkcare.com • cheatstrick.com 7
  • 8. Copycat/Clone Games : Clash Royale 8
  • 9. Copycat/Clone Games : Lilith vs uCool 9
  • 10. Hacked Western Game in China 10 360 Mobile Assistant Games Front Page Source: Oniix
  • 11. Hacking Preference by Genre 11 Source: AppSealing.com
  • 12. Top 10 Cheating Tools 12 Source: AppSealing.com
  • 14. Damage Of Mobile Game Black Ecosystem • Game balance disruption • Lost monetization • Lowered ratings & downloads • Exodus of free & paying users • Shortened game lifecycle • Competition with copycat/clone games 14
  • 15. Results of Anti-Hacking Incorporation 15 RPG RPG RPG RPG Action Casual Shooting Casual Casual RPG ActionRPG Source: AppSealing.com
  • 16. How Mobile Games Are Hacked 16 Start Run game Debugging Analyze action and log message Alter code and make mod Analyze code Dump memory Hook API DecompilingUnpack APK
  • 17. Reversing Tools (Decompile & Tampering) 17 JADX-GUI JD-GUI DEX (or JAVA) dnSpy .NET Reflector (/w reflexil) ILSpy DLL (or IL) IDA (/w Hex-Rays) Shared Object APK Unpack/Pack APKTool
  • 18. Defending Against Hacking and Cheating Tools • Anti-debugging and anti-tampering • Compiling option to hide symbols • Check APK signature/hash value of “classes.dex”, native libraries • Obfuscation • Proguard, Dexguard, Crypto obfuscator etc., • Obfuscation can be reversed • Hide value/data of variables • Encode data with base64 • Separate variables into “for store” and “for display” • Encrypt data on the device • Best practice is not to store data on the device • If needed, encrypt data stored on the device • Cheating Tools • Set blacklist of cheating tools, and detect while game is running • Use HTTPS for server and client communication 18
  • 19. Google’s Guidance • Best practice for secure IAB from Google • http://developer.android.com/google/play/billing/billing_best_practices.html • LVL (Licensing Verification Library) • https://developer.android.com/google/play/licensing/index.html 19
  • 20. Summary • Legitimate (especially paying) players prefer fair competition • Hacking is not only a matter of revenue loss but affects entire life cycle of the game • User acquisition cost VS Hacking prevention cost • Basic anti-hacking technical measures help somewhat • Consider a robust professional app security solution 20
  • 21. 21 Thank you ! James Ahn (james@inka.co.kr) CEO/ INKA Entworks, AppSealing https://www.appsealing.com