Fuzzing Modern UDP Game Protocols with Snapshot-Based Fuzzers

38 points9
dm31 hour ago

This reminds me of a pair of episodes on Darknet Diaries - Manfred[1] - ep. 7/8. Opened my eyes to how insecure games actually are (were?) and how the economy of virtual item trading moved from E-Bay to in-game transactions:


bruce3434343 hours ago

The unchecked bounds example was just sad - I mean how hard is it to use common sense? Assume the entire packet is always tainted because it comes from an external source!

throwawaymmo5 hours ago

Slightly off-topic and throwaway for legal reasons.

While reverse engineering the network protocol for Genshin Impact, I found at least a couple ways to cause memory access violations. It's really a pity most PC games aren't well sandboxed.

mikevm3 hours ago

And then you have people claiming that security/safety in game engine code is not important, therefore Rust has no benefits over C++ for games. Nonsense!

Ygg22 hours ago

Reminds me when Morrowind caused file corruption issues.

Craighead4 hours ago

Its a stolen game engine, not much in the way of confidence towards anything they do.