Vuln Research in VIDEO GAMES?!?!
Vložit
- čas přidán 27. 08. 2024
- 🔥 Learn How To Do Vuln Research in Video Games With Patch Analysis
👨💻 Buy Our Courses: guidedhacking....
💰 Donate on Patreon: / guidedhacking
❤️ Follow us on Social Media: linktr.ee/guid...
🔗 Links:
GH Article: guidedhacking....
Freedroid Source: gitlab.com/fre...
Freedroid on Steam: store.steampow...
Original Research: logicaltrust.n...
Video Creator: stigward
📜 Video Description:
Today, we're going to share our findings from a curious journey through the open-source video game, FreeDroid RPG. More significantly, we'll illuminate a skill that has been instrumental in advancing our vulnerability research capabilities: bug spotting. Getting good at bug spotting will help you in vuln research.
Our adventure with FreeDroid RPG began when we were perusing the National Vulnerability Database (NVD) for video game-related bugs and discovered two CVEs from 2020 related to this game: CVE-2020-14938 and CVE-2020-14939. Both CVEs involved ways to maliciously manipulate the save game data-each fascinating in their own right. As we looked into the technical details of this original research from LogicalTrust, we noticed anomalies in the patches that were meant to address these vulnerabilities, sparking a deeper investigation
📝 Timestamps:
0:00 Intro to Bug Spotting
1:01 Static Code Review
1:17 FreeDroid Bugs
1:55 Lua Command Injection
2:24 Lua Sandbox Implementation
3:07 Bypassing Lua Patch
4:01 Heap Overflow Vulnerability
4:31 Analyzing Save Games
5:21 Patching Heap Overflow
6:00 Integer Overflow Issue
7:33 Crafting Payload for Overflow
8:29 Demonstrating Exploit
8:50 Conclusion
🙏Music Credits
- www.epidemicso...
- www.epidemicso...
✏️ Tags:
#vulnerability #exploitdevelopment #androidhacks
In the fascinating world of video game security, there's a constant evolution of challenges and opportunities, especially for those skilled in reverse engineering games, a process that uncovers the underlying mechanics of how games operate. This skill is also valuable in reverse engineering Android apps, where understanding the code can lead to significant improvements or customizations. At GuidedHacking, we specialize in these areas, providing comprehensive tutorials and resources to master these skills. Our expertise extends to general reverse engineering as well, where dissecting software helps in understanding its functionality and identifying potential security gaps. Bug hunting is another critical aspect, where we meticulously search for glitches or security vulnerabilities in software. This goes hand in hand with vulnerability research, where we analyze software to identify weaknesses that could be exploited. Static code review is a key process in our workflow, enabling us to scrutinize the code without executing it, often revealing hidden issues. CVE analysis is also integral to our approach, as it involves examining publicly disclosed cybersecurity vulnerabilities. For those interested in game modding, understanding Lua sandbox, used in many games for scripting, is essential. Heap overflow is another concept we cover, a type of buffer overflow attack that can be particularly damaging. We also delve into the intricacies of arbitrary file write exploit, demonstrating how such vulnerabilities can be exploited. Integer overflow vulnerability is yet another critical area, where numerical values exceed the maximum capacity and cause unexpected behavior. Our content also includes patch analysis, where we examine updates to software to understand what vulnerabilities they address. FreeDroid RPG bugs, for example, offer a practical case study in game security, showing how even complex games can have exploitable flaws. Lastly, we focus on vuln research, a continuous process of investigating and understanding vulnerabilities to enhance security in software and applications. Through these diverse areas, we aim to equip our learners with the knowledge and skills needed to excel in the dynamic field of software security. CVE-2020-14938
Bug Hunting
Vulnerability Research
Static Code Review
CVE Analysis
Lua Sandbox
Heap Overflow
Arbitrary File Write Exploit
CVE-2020-14938
Integer Overflow Vulnerability
Patch Analysis
guidedhacking
reverse engineering
game vulnerabilities
Bug Hunting
Vulnerability Research
Static Code Review
CVE Analysis
Lua Sandbox
Heap Overflow
Arbitrary File Write Exploit
Vuln Research
Integer Overflow Vulnerability
Patch Analysis
FreeDroid RPG Bugs
game security
vuln research
video game security
reverse engineering games
reverse engineering android app
video game bug hunting
bug hunting in video games
Vuln Research
vuln research in video games
