Security Of Computer Game Code

[thestemmer]

Just a random question for all you coders out there. I'm an undergraduate student taking a course in computer programming for the first time, and after having studied Java for a semester I'm now being introduced to C for the first time. Recently I was struck by one of the professor's demonstrations, in which he showed how a poorly written C program could be easily used to access parts of the hard drive that should be beyond its security privileges. Naturally, I understood almost none of what he was doing, but I got the basic idea of what he was trying to prove.

 

It made me start thinking, though, are modern computer games secure enough to protect against malicious use of their code? With the huge influx of very complex but shoddily programmed games into the market (games like this one come to mind), are we taking a risk installing games onto our systems? I don't know the first thing about how computer game code works, but is it possible that somebody could create a virus that takes advantage of the coding vulnerabilities of specific games? Big things like the Windows OS get updated for security vulnerabilities all the time, but I've never heard of a security update for a specific computer game. Should I be worried?

Edited December 15, 2005 by thestemmer

[Domarius]

The poorly written code that you saw deomonstrated is the exact thing that hackers look for to write viruses that will exploit those faults.

 

However, games don't really do anything useful enough for a hacker - access textures, load maps... so hackers can't fool the game into doing anything nasty to your system because its not doing anything that interesting in the first place.

 

Now your OS on the other hand does a lot more interesting things - write directly to RAM, directly to HDD...

 

 

 

I dont' specifically know about the HDD access, but as for accessing memory it shouldn't - a poorly written app won't be allowed to mess up your RAM directly and cause a crash that way - each program is allocated one or more pages, and they can be as badly written as they want and mess up those pages all they want - as soon as they attempt to write outside their allocated pages, windows says "This program has performed an illegal operation and will be shut down", and it terminates the program and blanks the pages. Now you know what that error generally means.

[thestemmer]

Now you know what that error generally means.

Hot damn, Domarius, because of that statement I have just crossed mystery of the universe #7 out of 10 off my list. Now if only I could figure out what a "stack overflow" is...

[sparhawk]

It made me start thinking, though, are modern computer games secure enough to protect against malicious use of their code?

 

No. That's why there are constant security updates and exploits. But this has nothing to do with modern games or not, because you always have that risk.

 

With the huge influx of very complex but shoddily programmed games into the market (games like this one come to mind), are we taking a risk installing games onto our systems?

 

You always run that risk. Not only with games, but anytime you run some code. Installing the operating system already introduces that risk, even if you wrote it yourself.

 

I don't know the first thing about how computer game code works, but is it possible that somebody could create a virus that takes advatantage of the coding vulnerabilities of specific games?

 

That happens all the time.

 

Big things like the Windows OS get updated for security vulnerabilities all the time, but I've never heard of a security update for a specific computer game. Should I be worried?

 

Games are security updated the same as OSes.

[sparhawk]

However, games don't really do anything useful enough for a hacker - access textures, load maps... so hackers can't fool the game into doing anything nasty to your system because its not doing anything that interesting in the first place.

 

Which is of course WRONG! As soon as a hacker can introduce his own code it doesn't matter what the original code did.

 

I dont' specifically know about the HDD access, but as for accessing memory it shouldn't - a poorly written app won't be allowed to mess up your RAM directly and cause a crash that way - each program is allocated one or more pages, and they can be as badly written as they want and mess up those pages all they want - as soon as they attempt to write outside their allocated pages, windows says "This program has performed an illegal operation and will be shut down", and it terminates the program and blanks the pages. Now you know what that error generally means.

 

Which is also wrong. If a virus will perform such an action it is poorly written. A properly written exploit wouldn't even be noticed. That's the whole point of it. In fact, one of the bigger viriis these days (don't remember which one it was) was caught red-handed because of this. The author forgot a condition on some systems which caused them to crash. And Windows allows you all kind of manipulations of memory, so you don't really need to crash the system.

[Domarius]

Okay I mis understood. Well the real security is that games are a poor target for a hacker, operating systems are more widespread.

 

Yes I was wrong I just remembered the real reason virus code can run - you cause the program to overflow into ram its not supposed to, put your code there, so that it will run your code. That's what I remember from my programming lecturer saying.

[sparhawk]

Actually it works like this.

 

You try to cause a stack overflow. The overflow must be done in such a way that enough data is on the stack to match what was before there. The original function proceeds like normal. When it returns it will clear up the stack and discards all the data that you put there. The last value on the stack, before the function actually returns, is the address where it is originaly called from. Since you put enough data on the stack, of course the address doesn't point to the original caller, but to the new code that should be executed. So when the original function tries to return, it will not return to the original caller, but to the address that it is now pointing to. This code typically is rather small and will download additional stuff and run it. Any assembly programmer should be able to do this, and must know this, because knowledge of how the stack works should be naturally to them.

In fact I used such a technique on the Commodore 64 because the CPU didn't have big jumptables. It was limited to 256 btyes, but with this technique you could create jumptables that were as big as you needed them. The technique itself is not anything new or sophisticated, it is simply applying assembly language programming knowledge.

[OrbWeaver]

There is also the far less refined technique where you overwrite as much memory as possible with a chain of NOPs followed by your code, with the hope that at some point in the future, one of the NOPs will be the jump target of a function call which will lead to your code being run.

[sparhawk]

Yup. That's also possible. It's easier to code and probably safer.

[thestemmer]

Games are security updated the same as OSes.

That's very interesting. I don't remember ever seeing information about a security update in the readme file for any patch I downloaded, though. Are they just not normally listed? Perhaps to prevent potential hackers from exploiting code vulnerabilities?

 

Also, you said that there are viruses out there that target specific games. That surprised me, I've never heard of such a thing. Could you give an example? The thought of somebody using my downloaded version of Pacman to gain backdoor entry into my system is frightening. I'd imagine that this could be particularly problematic for things like business network systems, where people would have reason to want access to restricted files and incentive to custom-tailor a program to do so.

[sparhawk]

I don't know about the policy of how games companies handle this, but I know that one of the bigger games had a big problem. I think it was battlefield or unreal tournament. I haven't followed this though because I was not interested in this game. I don't really know if viriis use games as a target, but then again I would be very surprised if hackers would ignore games. Sure it's a much smaller user base then targeting an OS, but then if you can hack 50.000 machines, it still pays off and for the bigger games, I think it could easily reach much higher numbers. Don't know though how the rates are, so maybe 50.000 machines is not much worth.

[OrbWeaver]

I can see massively popular games like World of Warcraft becoming attack vectors for malware, but smaller games aren't going to be of much interest when stuff like IE still exists with its multitude of vulnerabilities. There is no point in writing a Doom 3 worm when you can write an IE or email version which will infect many more computers.

[Dram]

yeah, i think spar forgot to mention the malicious code we're including to take over all your systems. He lovingly called it "DarkMode"