MMORPG Bot Reverse Engineering and Tracking
ฝัง
- เผยแพร่เมื่อ 8 ก.พ. 2018
- A friend told me that a GW2 trading bot implemented a dumb API. We are going to find and use it to track the bot.
Play Guild Wars 2:
account.arena.net/register
Fiddler: www.telerik.com/fiddler
.NET Reflector: www.red-gate.com/products/dot...
HxD: mh-nexus.de/en/hxd/
IDA Free: www.hex-rays.com/products/ida...
Windows VM: developer.microsoft.com/en-us...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#ReverseEngineering
Bonus video with the analysis of the collected data will come within the next 24h.
TL;DR summary: If you are a Guild Wars 2 player, don't worry about bots like that. It's child's play. Don't request ArenaNet to waste any resources on it.
great work
you mean: "learn how to speak English properly"?
What's wrong with his way of speaking? He (and most Germans) speaks English better than many people in the world, including me. And I'm pretty good!
As bad as yours?
We all understand the video in English, you need global awareness education, English is not the main language of the world and should not be enforced because someone said so
I just wanna say that I have watched several tutorials on reverse engineering binaries and I REALLY enjoyed your video because you not only showed what you did to find certain bits of information, but you explained your entire thought process AND you told us the things you did that didn't actually work. 99% of tutorials -- even the good ones -- often leave out explanations of the dead end roads they went down. And the reason that's so important is it helps people who are trying to learn reverse engineering the mindset/thought process they should have when approaching the subject. It's easy to mirror something you watch in a video and think you understand it only to try it on something else and quickly realize you don't really know where to begin or how to approach it. This is the first video I've come across of yours and I'm definitely checking out more after I write this, but I'm really hoping that you take this approach in all of your videos. If not, you should. This is super helpful and you're definitely onto something with this style of talking about a subject. Sorry for the long comment, but I just had to say this. Cheers!
3:31 Sending login credentials over HTTP? Oh boy...
Well there's an endpoint that returns all users and their api keys.. HTTPS is a detail here, lol
lmao
George Gougoudis I left this comment before I saw the end, the logged in users endpoint is unbelievable!
Phishy...
these are no real login credentials.
great documentation of your workflow. thanks
I don't even play GW2, yet this was utterly fascinating. You're a goddamn wizard.
GW2 has the single least toxic most helpful community I have ever met. Like srsly, its an amazing mmorpg.
do more bot videos on popular mmos, this is interesting stuff
@ID3301 only really counts for online games tbh
Hearing that makes me think of someone I used to watch, but yeah this is very interesting
The way that you talk through your way of thinking is so good. Makes it so easy to follow your thought process and your reasons for doing things.
Your strings are wide which is why IDA didn't notice them. You just need to tell IDA to include wide strings in the strings window (right click and configure)
thanks I'll keep that in mind
@@inx1819 What are you debugging?
I love these videos. As large a python application developer, getting to explore more about this very unknown world (at least, to me) is super interesting. Keep the videos coming!
I would like to see more game related reverse engineering videos. Keep it up.
Your videos are very informative. It's almost like you have to play detective to discover what you did. Of course, having the right tools under your tool belt also helps ;) Keep up the great videos!
Great video. i really enjoy you reverse engineering these types of MMO bots, i would love you try doing it for more bots as its also very educational :D
Super interessting! And crazy how it was possible to extract such valueable and private information. I bet there's thousands of other companies doing something similar.
You showed me nothing I didn't already know, except how to put what I know to use! I appreciate the candor of narration as you work through the problem. That is one of the most important things for people to see, it's OK if you don't know precisely what they next thing you click on is going to do, that's how you learn. Great video, thank you.
Really cool video, I like how you went the extra step and tracked thos bot users for data
This guy could get employed by Microsoft Apple Google and Amazon all by himself and save these companies trillions ... He is mind-blowing smart. I use computers since i'm a kid and have strong knowledge about pretty much every computer related stuff but in this video I quickly realised how much of a noob I was. This video made me humble so bad. I'm shocked. Wow.
One of the best channels about reversing on youtube. Thanks for the video
Awesome video as always.
Guild Wars 2 is a great game, as well.
How didn't I know about fiddler earlier? I love it and constantly mess around with it now! Danke dir
This is just... WOW. Dude you're awesome. Keep it up!
Very good video about deep programming knowledge, without getting complex.
It helped me!
You're so awesome. I love your videos so much! So much to learn, and I really like the way you present the information.
Just found your channel. Seems to be educative and I believe I will learn a lot. Keep up the good work.
Very cool my friend, subscribed - wish there was more content like this!
By the way, you can just load the memory dump into ida see the disassembly of whatever they tried to obfuscate/encrypt. Ida can also find strings in there, no need to do it manually.
Andre Taulien It's cooler that way
so many Lithuanians in the comment section, damn
You deserve so many more subscribers. Please keep this content going :D
Thanks for this amazing video, you never fail to deliver :D
Really interresting video.... I'm subscribing to see what's next :) And i will come back on your videos to see what else you have to teach.
Thanks for the share, keep on the good work, keep giving us your taught process (mostly why i subscribed!)
Good luck on TH-cam
Super interesting. Thank you for this.
Couple tips for Windows executable reverse engineering.
1) There are many programs you can use to check how an executable is compiled and packed, couple of my favorites are Detect it easy and peId.
2) You can use Process Hacker 2 to find strings in memory of an executable.
Great video btw!
I don't think there is a single video of yours that hasn't had a #MindBlown moment for me. I know you think this is a bit mundane, but like all your work, yet again opening a whole world to my view.
Thanks, keep up the great work!
WoW, That is really amazing. It's inspiring.
I learned a lot today, thank you for this video :)
This is some impressive work man!
Super cool video, and absolutely hilarious that such a simple request gave you the bot user's account APIs. Talk about a botch job from the bot developer!
Dein Video ist Gold wert, konnte dadurch echt viel lernen, danke^^
You've inspired me to get back in GW2 after almost a year of not playing it, thanks
I enjoyed this video!
I will watch more of your videos :)
Just awesomely crazy... Good job.
Thanks for the video, very interesting!
Your a boss man! This made me happy to watch.
0_0 I don't know how I ended up here but I couldn't stop watching. This reminds me of how many different programs I find myself using from start to end with making game assets.
WoW nice Love this video, thanks for showing me something new :D
Excellent video! Best reverse engineering channel!
I love your channel so, so much
Very interesting.
Good job
I would have never thought to reverse engineer the bot program to get all the api calls to their server. that's awesome.
For string searching I like ProcessHacker 2 - double click on the process>Memory>[Strings...]>Set the settings>Optionally filter output.
As the bot requires validation to work, you can remove it by checking for strings related to the login page on IDA, the newr adresses will be the validation ones, then you just need to make it return true
I love this video. Please make more videos like this xD
Man!!I wanna be able to do all this. You're a genius
Continue watching the channel, check a few other data forensic channels, check out the free online universities for Computer Forensic courses and you'll be a good way on the way to be able to do all these things.
There are a few hacker conventions that also give good info on how it all works, with videos freely available here on TH-cam. Check out things like DefCon.
It's not about being genius. Everyone can learn that just not everybody wants to.
morphman86 can you please suggest me any of those universities? Thank you
Udemy is a good one as well as nullbytes own university. I believe its skill stack. some of the packages you can find are like....idk 16$ for 100s of lectures and online classes. You arnt bound to them like a real college or university. There's no tests, no quizzes, no grades. Its all just based on you learning material. Access anywhere, any time.
Exactly my thoughts, and even the comment 'I do not know how this works so I fiddle with it'; made me feel aware that this guy is good in being resilient and really good in self teaching.
Thanks for the video! you big helped
You could open the memdump (Yes it's a full memory dump) in IDA and let it automatically find/analyze the binary.
Ich habe keine Ahnung von GW2 und auch nicht vom Programmieren, aber es ist interessant und einigermaßen verständlich für mich.
Dankeschön. =)
I love your videos, i just got into the security market and i'm learning from 0 your videos will surely help a lot i've always wanted to make bots for games for the sake of it but never did it. I would love if you could make a video about android apps pen testing
Subbed! Awesome videos ;) GW2 reddit brought me here!
wow what a great content, subscribed
This is amezing thank you so much for beautifull video
Super awesome Sir.
I legit spit my coffee out watching this at 7:30 in the morning when I saw you replay and edit the request to get the online users.
Far, far above my level of knowledge and interest, however well explained and interesting to see what you discovered, even if I could not emulate this myself.
Hello LiveOverflow,
Like you I have analyse two bots from an other game, but in fidler the first bot use https and the second encrypted packet (TCP or UDP). My question is, how to decrypt these packets ? Thank you :)
You should do more of these documentary's where you reverse engineer a program in the wild.
Awesome topic
Nice, I'm always learning something ;)
And I'm always a bit suprised to read german Text. Well, I already know you live in Germany, but your englisch is perfect. BTW: I'm German too
I think the developers of the trading bot are german. that's why the text was german in the TOS
LiveOverflow Well, some of youre programms are german too, aren't they?
craaazy stuff ...i have no clue about programming but this is crazyy :)
This is amazing !! Great!! Get more on mmorpg ;]
Very interesting. I used to make wallhacks for Soldier Front and aimbots for Gunbound when I was younger... much profits. These videos make me want to get back into it.
I'd love it if someone posted this video on the site where the bot was sold.
I don't think they'd be all to happy with it if they found out it just spits your API keys out on request.
Very awesome and inspiring
you are my favorite channel ☺
you are awsome , fan from Egypt :)
I'd love to see tutorials on somehow recreating a private game server for a game that has been long since died and has no official servers or any servers.
BEST CHANNEL EVER IN THE HISTORY OF TH-cam AND HUMAN CIVILIZATION
I can recommend ILSpy
Smartscreen primarily checks code signing certificate of the program (see the Publisher) - not much of hashes and how many are using it. To avoid the smartscreen you must supply your app (with certificate) to Microsoft.
Visual Studio should be able to open the memory dump, and also let you step thru it if you want. (I really hope this is available in the community version)
Okay.. I didn't like the video until you got the entire list of users.. and then geeked out graphing some data.. You earned my like.. Thumbs up clicked :P
If the memory contains non-obfuscated data you could have easily debugged using some tools like OllyDbg or even Cheat Engine (even if OllyDbg provides a list of strings really similar to the IDA one)
you are defo in the top 5 Comp Sci/Software Eng/Hacking channels.
i love reversing . you are my 2nd hero . +rep :)
2nd hero? Who is first!!??!?!??
LiveOverflow someone named zonz he teach me how to reverse
it's hard to really stop injection from happening, when it comes to the mouse clicks you have to rely on the system flag to tell if the clicks are authentic, these need to come from certified drivers (although you can also just patch whatever checks for the flag on the client)
a bit late you probably know it: there's also hardware route of custom usb hardware and external hardware OCR, best way is always in game design
amazing, thx
I just realized that I had watched this video before, not knowing about GW2 and I'm quite intrigued by how games' economy works, but not the games itself (since I'm not MMORPG kind of player)
Then two years later I've already addicted to it and then stumbled this video again browsing GW2 economy subreddit
How the table have turned... I'm gonna watch it again
That was so interesting and fun to watch! The thing is, if I had attempted to do this kind of research, I would have given up after the first 5 minutes, because I know nothing about the workflow and how to interpret findings and outputs of these various programs (even most of the shown programs I did not know). So can you give a short explanation of how you collected this mass of knowledge over time?
Ps: Schland :D
guess how many times I attempted projects like this and gave up? Every time you do that, you learn a tiny little bit more. and at some point you succeed.
yeah good job explaining your approach, and what tools you used.
You earned a subscriber, don’t let me down
I have no idea whats going on and yet i am going to watch part 2
DUDE YOU ARE A FUCKING BOSS. I'm super inspired to try some of these tools. Thank you so much. Love your channel.
The mouse key hook actually uses Windows API to intercept and maybe send raw input, no injection required.
Very nice, I am now maybe a bit too old, in my youth somebody used a hex editor to modify some values within a fairly old mmo client-side and he got through, ofc he was banned and that thing patched in next maintenance and obviously storing important data client-side is a no-no and it was their fault that they got burned... But yea little by little I am getting the picture now. Thanks.
I have no idea what is going on or where I am but I like this video, even though I understood none of it. I found it enjoying and your voice soothing. Keep making videos, 4am me is out & won't remember this comment :)
I actually understood what is happening. May god I learned some stuff last few years :D
Im in college and watching every single video of yours so that i able to solve any ctf challenges thanks men: ∆
your intro is awesome
send the graph to data is beautiful.
Fun fact: You just gave pirates a head start in pirating the bot.
so it can be pirated
Fun Fact: he just gave the devs a free access key to ban all those players too....
I'm more interested on unpacking that binary files. The crazy thing, I did some reversing on a private server of a game launcher back then, what I didn't expect after unpack the binary was that the launcher uses somekind of remote sql to fetch the login data. I can even see the database and it's password for connecting to remote server.
Nice video! Awesome reverse engineering...
Man this is crazy shit! Nice video
I'm glad you waited for the service to shut down before doing this, a buddy of mine found this issue and showed me how to perform it ages ago. We always used to mess with those filthy cheaters. >:)
Alter, wie geil du einfach bist :D Verdienst auf JEDEN Fall mehr Abonnenten!
Garkolym gib ich dir recht!