![]() ![]() ![]() In face-to-face, ordinary social activities are ‘‘accountable,’’ that is, people use a variety of kinds of observational information about what others are doing in order to make sense of others’ actions and to tightly coordinate their own actions with others. However, despite these achievements in the visual realism of virtual game worlds, they are much less sophisticated when it comes to modeling face-to-face interaction. Game developers have made great strides in achieving game worlds that look and feel increasingly realistic. Defensics is a generational fuzzer, which means it creates test cases based on a detailed model of the input data.To date the most popular and sophisticated types of virtual worlds can be found in the area of video gaming, especially in the genre of Massively Multiplayer Online Role Playing Games (MMORPG). The result: test cases that are very realistic but messed up in some way. This technique is highly effective in burrowing into different control paths in the target and revealing vulnerabilities. Subjectively speaking, the test cases have high quality. The disadvantage of generational fuzzing is that somebody has to create the data model for the inputs you are fuzzing. Luckily, Defensics already has an impressive array of prebuilt test suites, more than 250 of them, that cover many common network protocols and file formats. It’s like one of those expansive diner menus where you can order everything from scrambled eggs to moo shu pork.Įven so, you will sometimes have to test a piece of software that Defensics does not already have an appropriate test suite for. Maybe it is a proprietary protocol or something relatively obscure. Regardless, the Defensics SDK allows you to harness the power of Defensics to create test suites for any type of data. In this article, I’ll walk through how easy it is to create such a test suite. I won’t cover the basics of setting up and using the Defensics SDK. For that information, consult the documentation. This article will highlight how to start modeling a custom protocol. Our target: bzfsįor this example, our target software will be the server component of an open source tank battle game, BZFlag. BZFlag supports multiplayer games, where all players connect to a central server, bzfs. It is well known that BZFlag has serious security flaws in its design. In particular, BZFlag clients are given much of the power in determining the course of gameplay. For example, the BZFlag client is responsible for reporting when it has been hit by a bullet and has blown up. Obviously, modified BZFlag clients can cheat widely and creatively. By modifying the source code, it is possible to create tanks that never die, tanks that hop like frogs, and more. Our investigation here is not about application design vulnerabilities. Instead, we will focus on how the clients and game server communicate: via a proprietary network protocol carried on top of standard TCP connections and UDP datagrams. We won’t worry about the UDP messages during gameplay but will instead focus on the TCP-based negotiation when BZFlag clients join a server. The protocol is documented on a page that loudly proclaims its own inaccuracy. Here is part of a conversation between a client (red) and a server (blue): However, between this page and a capture of actual network traffic, we have enough information to model part of the protocol with the Defensics SDK. After the client establishes a TCP connection to the server, it sends a client hello message and expects a server hello in response. This is simple to model in BNF: CR = 0x0D # US-ASCII CR, carriage return (13)LF = 0x0A # US-ASCII LF, linefeed (10)CRLF = (CR LF)ClientHello = ('BZFLAG' CRLF CRLF) The client hello is simply the string “BZFLAG” followed by two sets of carriage return and line feed. The server responds with a hello message containing a four-digit version number. It’s not clear what terminates the server hello the protocol page says 0xFF, but the network capture shows a 0x00. We’ll build the model to handle either terminator.A real-time strategy game of ancient warfareĠ A.D. Is a real-time strategy (RTS) game of ancient warfare. ![]()
0 Comments
Leave a Reply. |