-
Notifications
You must be signed in to change notification settings - Fork 0
Security Camp 2017 Introduction of game security
Install dnSpy on your computer. https://github.com/0xd4d/dnSpy https://ci.appveyor.com/project/0xd4d/dnspy/branch/master/artifacts
Download the game from the following URL. https://1drv.ms/u/s!ApYX-BnkUapSgn5WJXimDkruijNl
Find the method to process player's damage and death by reversing/analyzing an algorithm of the game downloaded in A-2.
Hint: Assembly-CSharp.dll/BlueIce/PlayerHealth
Modify the game file(downloaded in A-2) that a player never die against attack of penguin(enemy). After that, check the game file if the modification has been applied by playing it.
Download/Install "IDA Demo" from the following URL. https://1drv.ms/u/s!ApYX-BnkUapSgwtHUaBY_wXQIa8w
Set up "Python" to be able to use in "IDA Demo". As a reference, check "How to use this script on IDA Demo" in https://github.com/kenjiaiko/unity_metadata_loader or https://gist.github.com/jaybosamiya/951193ae774dfc127b513a93795a46c7
A string would be printed in DebugLog after download and execute the apk from the following URL. There two patterns of the string. Find the address where conditional branch is done. Also find the name of Class/Method of it. https://1drv.ms/u/s!ApYX-BnkUapSgwCM5cy7TGjgGn4w
Hint1: lib\armeabi-v7a\libil2cpp.so
Hint2: 00401344
Download from the following game. Check up what happens if it exceeds 1000 combos. Also specity/identify name of Class/Method and address of the routine. https://1drv.ms/u/s!ApYX-BnkUapSgwHlQUC-7jAiIJc1
The following project(metadata_loader) is only ARM supported. Rewrite unity_loader_v23.py and also support x86. https://github.com/kenjiaiko/unity_metadata_loader
Achieve over 1000 combo in this game. http://cedec.seccon.jp/camp2017/ http://www.challenge3.shop/ https://1drv.ms/u/s!ApYX-BnkUapSgwbhEQQ0Z0Sq0rzc
This is the DLL of a game to been built for Windows Store(Universal10). Check up what happens if it exceeds 1000 combos. Also specity/identify address of the routine. https://1drv.ms/u/s!ApYX-BnkUapSgwNnAuzpWvm6-g0M
This program is built by Unreal Engine. If you'd like to terminate the program, press Esc. Set "Score" to 9 by modifying the game file. https://1drv.ms/u/s!ApYX-BnkUapSgwSxJIJ8ZwutfGAJ
Hint: .pak: 00112496
These game saves the encoded "score" on memory. How is the score encoded? https://1drv.ms/u/s!ApYX-BnkUapSgwpqjIFLvjgeNmlY https://1drv.ms/u/s!ApYX-BnkUapSgwiYSEyY8cbh9FSf
Decrypt Assembly-CSharp.dll. https://1drv.ms/u/s!ApYX-BnkUapSgwl4Q6DGFMZt_YOH
Decrypt Assembly-CSharp.dll. https://1drv.ms/u/s!ApYX-BnkUapSgwesjc7eZ1jultzU
Think about a way to make the program downloaded in A-2 more secure. ex: encrypt *.dll. ex: https://1drv.ms/u/s!ApYX-BnkUapSgwysIzWYT-5FTvm-