Mobile Game Security - Hacking Protection

This post is a follow-up to the ( ‘Mobile Game Security - Hacking Types’)which will cover the appropriate response by type of hacking.

If you look at the changing trend of mobile game hacking, it is characterized by indiscriminately hacking using automated hacking tools since the early days when only popular games are hacked.
Generally, with the exception of the large game developers (companies with limited funding available outside game development), most of the time security is planned when certain profits occur after the game is released.

But, if the number of users in game services gathers more than a certain number of users, the development of the amount work increases, which means that you lose the timing to apply security and then try to secure after understanding the entire structure of the game to hackers. However, because hackers have already completed understanding of the app structure, additional hacking attempts can be led frequently.
So, it is important to do it from the beginning, even with very little security.

Below are appropriate defense measures for each type of game hacking.

(1) MEMORY SEARCHING
(2) REPACKING
(3) HACKING TOOL
(4) ROOTING, VIRTUAL MACHINE

Memory Searching

For known hacking tools or ‘custom hack tool’ developed by hackers, it is essential to attach to the game app memory in order to falsify the specific address of the game app in the virtual memory system currently used by mobile devices.

In order for hacking tools to access the game app memory, they will often use the API provided by the system OS or directly access the memory file of the game app process.

Defensive methods

1. To protect against memory searching and modulation, the ability to detect and block hacking tools from accessing the app’s memory through the API or game app process’s memory file access is required.
- See LIAPP Memory Protection

2. The effects of these functions also enable us to protect against to understand the flow of important information and dumping to be able to take important memory information within the app.

Repacking

Repacking is divided into two types.

Source code tampering
Resource tampering

[ Source code tampering ]
By tampering the core source code that drives the game, the hacker achieves the goal they wants.

1. Java’s Source code or UNITY’s Source code currently used in game apps is a language that has been developed primarily for device portability, so it is relatively easy to identify and tampering structures.

2. In the case of Unreal engine, it was not BYTE CODE, such as JAVA and UNITY. However, hackers who are familiar with hacking only need more time and are able to understand and tampering structures.

[ Resource tampering ]
Resource tampering modifies non-source code files that are required to run within an app package to achieve the goal a hacker wants.

1. Early in the game, there are many things to worry about in order to implement the function of the game itself, so you may define important files in the resource file in the package and use to reference.
Sometimes these files are unintentional, but due to carelessness or due dates on the open date, game-important/critical DATA can be distributed as defined within the app package.

Defensive methods

1. Integrity detection
Integrity detection is a function that determines whether an app file is a file distributed by the developer or tamper by another person.
Integrity detection helps prevent unauthorized Source code tampering and Resource tampering in game apps.

- You can prevent hacking of resource tampering by checking whether the currently running app has been tampered by a hacker or if the files released by the developer are correct.

- Sometimes, if an ad in the game is removed and replaced by a hacker, the developer must protect it through integrity detection, as all advertising revenue could be stolen.

2. Protects the Source code
- JAVA CODE PROTECTION , UNITY CODE PROTECTION
The protection of the UNITY CODE for apps developed by JAVA CODE and UNITY that form the basis of Android APP is essential.
Because it identifies and is able to attack the game through tampering, it must be protected through encryption and obfuscation to be unable to analyze the source code easily.

- Unreal Engine, cocos
In the case of Unreal Engine and cocos, the important source code of game apps has a .so file in the lib-folder in the package file.
Protection must be made so that the structure of the file cannot be determined as well as even if you make modifications, you must protect them to be normally used in game apps.

Integrity detection and protection of source code play a key role in protecting game apps.
The above functions make it essential to build secure gaming services.

- See LIAPP Anti-Tamper
- See LIAPP Native Library Protection

Hacking tools

Hacking by hacking tools is the most common and the most common method of hacking among the total number of hacking attacks.
In order to effectively defend the hacking tool, effective defense is only possible when both of the following cases are considered;

Detects known hacking tools
Blocks access from unknown hacking tools

In addition, prevention of the typical functions provided by hacking tools is necessary in order to effectively protect the hacking tool.

Memory Modulation
Speed Hack
bypass in-app purchase

Defensive methods

Statistics show that hacking tools are mostly used for memory modulation and speed hack purposes.

1. For memory modulation and speed nuclear, it is possible to defend against known and unknown hacking tools by blocking access to the game app process mentioned in the ‘Memory Searching’ method.

2. Also, for known hacking tools, it is important to check if the hacking tool is currently running, to detect and block it.
- See LIAPP Hacktools Detection

Sometimes, you don't know if the apps you've received are the tools used for hacking. For these users, if the hacking tool installed prevents the game from being blocked, it can lead to complains, which can be caused by the user's departure.
If the hacking tool is detected, the user can minimize inconvenience by checking whether the hacking tool is executed during the process without checking the installation status of the hacking tool.

3. For bypass in-app purchase, the game app sends the in-app payment receipt issued at the time of payment to the Game Server to check the validity of the receipt.

(Rooting, Virtual Machine)

[ Rooting ]
Rooting means obtain administrator privileges by changing your mobile device. Administrator rights have full access to the mobile device system so you can use it to falsify game apps or access memory and processes.
To detect the rooting, you must combine detection of files that can be converted to administrator rights and detection of custom rom, it mean efficient detection.
However, game apps often allow routing in consideration of user inflows, and unconditional blocking of routing can prevent users from entering game services.

From a secure perspective, the blocking policy of the rooted device is efficient, or game apps can provide protection against sensitive hacking with functions such as memory signing, integrity detection and hacking tool detection.

[ Virtual Machine ]
Virtual machines are programs that support your PC's mobile environment to help you enjoy mobile games on your PC.
The reason why virtual machines are important for hacking is that most virtual machines support rooting and the same powerful hacking tools used in PCs can be used in mobile.
But like rooting, many game apps don't recommend users using virtual machines at the beginning of game app launch because they also want to enter valuable users.
However, if there are many users of game apps unlike rooting, virtual machine detection is also an important factor to consider.

Defensive methods

- See LIAPP Rooting Detection
- See LIAPP Virtual Machine Detection

LIAPP-enabled strategies to protect mobile game apps

The essential functions and the optional functions to prevent hacking into game apps are followings:

[ Essential points ]
Protects the source code (Class Protection)
Prevent App Modulation (Anti-Tamper)
Memory Protection
Block Debugging (Anti-Debugging)
unity code protection (Unity Protection)
Prevent Repacking (Anti-Repackaging)
Unreal, cocos Engine Protection (Native Library Protection)

[ Expansion ]
Hacktools Detection
Virtual Machine Detection
Rooting Detection

Recommend that at the beginning of launching game apps, it is necessary to use the LIAPP ONSITE ticket (apply LIAPP one time) or LIAPP ONSITE Monthly (apply LIAPP unlimitedly until its expiration)to meet and distribution essential defense requirements.
And recommend that you use LIAPP BUSINESS Monthlyto meet the elements that correspond to the expansion during the medium-term when users of game apps increase.
If the service of the game app has been recruited with an explosive increase in users or a certain level of users, the effective strategy is to use LIAPP for Game to protect both iOS and Android, set policies and control the user.







#android packer #application protection #Anti-Tampering #mobile security #game security #code obfuscation #app security #LIAPP ONSITE #LIAPP BUSINESS #LIAPP for Game