Finding and Exploiting Bugs in Multiplayer Game Engines
Conference: Defcon 28
2020-08-01
Summary
The presentation discusses the discovery of bugs in multiplayer game engines, specifically Unreal Engine 4 and Unity3D, and the potential security risks they pose.
- The popularity of game engines means that many games share the same bugs, which is made worse by the fact that games don't usually receive security patches after release.
- Unreal Engine 4 and Unity3D are the most popular game engines, with Unreal Engine 4 being used by larger teams and Unity3D being used by solo developers or small teams.
- The focus of multiplayer protocols is on increasing performance and moving trust away from the client to prevent hacking, but these goals can sometimes conflict.
- The presentation discusses the evolution of movement hacking and how it has become more difficult as game engines have become more complicated.
- The speaker discovered more than 10 remotely exploitable bugs while looking at Unreal Engine 4 and Unity3D, and discusses four of them in the presentation.
Abstract
Unreal Engine 4 and Unity3D dominate the multiplayer gaming landscape. They're also complicated pieces of software written in C and C++. In this talk, Jack will share the results of months of bug hunting in multiplayer game networking protocols. Be prepared for memory disclosures, speedhacks, and WONTFIX vulnerabilities.
Materials:
Tags: