Blog: How Tos
From Minecraft to Metasploit. Game hacking could start your cyber security career
Human beings are curious. Give a computer game to a kid and it’s only a matter of time before they get bored with the constraints of the gameplay and start trying novel things. This is encouraged by a lot of game developers by hiding Easter eggs in hard to reach locations.
Once the confines have been explored thoroughly, the entertainment on offer can be extended through cheats. Infinite lives, infinite ammo, reversing the tracks in a racing game, or spawning in items and enemies. The options are nearly limitless.
But even this gets boring after a while, and self-imposed challenges start to creep in.
What do those challenges look like?
The Games Done Quick (GDQ) events are a personal guilty pleasure. These biannual events are the major players in the speed running community. Completing Mario Bros in under 5 minutes is an incredible thing to watch.
What caught my eye though, were the TASbot entries.
TAS is an acronym for Tool-Assisted Speedrun, and these remove the player entirely. A computer controls the input to a generally unmodified games console or PC and frame-perfect inputs are made. This means jumping at the exact right time to miss an enemy by one pixel or threading the eye of the needle to shoot an enemy at the exact right moment.
This started as a way of proving how fast a game could be completed with the fallible human element removed, but combined with cheats, memory corruption, and a bit of ingenuity led to all sorts of interesting shenanigans. At one point the little robot used 4 control pads to corrupt memory to the point where a copy of Super Mario Bros for the NES is injected into Super Mario World on a stock Super Nintendo.
Why do I care about that?
The reason this was interesting to me as a penetration tester, was that I saw a lot of parallels between what these gamers were doing, and some of the skills required on a pen test. The mindset of these gamers, and the skill-sets employed really could be suited for finding cyber security issues. Whilst I have no proof, I strongly suspect that it might even be more lucrative given some of the bug bounty programs running at the moment.
Minecraft started as a Java Applet run in the browser (I miss infdev) and spiraled into a global hit, netting Mojang $2.5 Billion. The huge player base and interest in this game led to a massive modding community. It’s since spun into various versions, but the modding community originally heavily relied on hand-editing Java code to add, remove, and change elements of the game. Those that progressed from reading tutorials to handwriting their own mods were learning the ins and outs of Java.
Java is used extensively in Android applications. So, someone well versed in Minecraft modifications may find they have a knack for finding bugs and exploits in mobile apps.
We regularly decompile Java applications to find poorly implemented cryptographic functions, hard coded secrets, or just logic flaws leading to vulnerabilities.
Hacking the game
Back to TASBot. This little device controlled Mario in Super Mario World on the Super Nintendo. By picking up certain items, dropping them in frame perfect positions, standing in specific locations, and performing the exact commands required, it was possible for the team to exploit bugs in the game to write in to the Nintendo’s memory in an arbitrary and unexpected way.
They’ve repeated this on several games on several platforms. All of which take advantage of manipulating memory in just the right way to achieve unintended consequences.
These skills are incredibly important in vulnerability research and development. Finding a buffer overflow in a major product can net an inquisitive hacker hundreds of thousands through popular bug bounty programs. Admittedly the memory layout on a Super Nintendo is slightly simpler than a modern system running ASLR, but the core principals are the same.
Be scared of your hacker offspring! …or not
We recently saw The West Midlands Regional Organized Crime Unit (WMROCU) inform the public that if their child was on Discord or used Kali Linux then they might be a master hacker and that you should be very scared.
I wanted to take the opportunity to say that if your child or teenager is showing signs of poking at the limitations of their computer or games console, then encourage them, but make sure they understand they can only affect their own systems unless they have permission from the owner and within the terms laid out by the games developer.
Whilst on a NES or C64 you are only affecting your own systems, teenagers will have access to systems that use MMORPG that are cloud connected, plus we have seen many gamers get banned from games or building things to cheat the system. We shouldn’t be encouraging that as that is not within the boundaries of what is ethical, but modding Minecraft running on your own server for your mates to use is fine, as is making your own mods for use on a modded server. What it is not is hacking games on public platforms to give yourself a competitive edge or to steal virtual currency or items.
A curious mind, pointed in the right direction, and given the right support could have an incredible career in cyber security.
…and that is exactly what we need right now.