The First Line Of Defense - GameSentry

Sentinels are the first line of defense to guard security, constantly monitoring every corner where foreign enemies may infiltrate. NetEase's GameSentry, as a "sentry" on the game security battlefield, always stands on the first line of defense of game security, detects risks in advance, and cooperates with other security tools to jointly protect game security and fairness.

invisible enemy

According to the "2021 NetEase Yidun Game Security Annual Report" statistics:


Yidun detected a total of 9.63 billion game security risks throughout the year, a year-on-year increase of 29%.

98.47% of hacking behaviors occurred in risky operating environments. The high incidence of cheating is still concentrated in July, August and October.

  • There were about 1.82 billion external threats, a year-on-year increase of 42%.
  • Environmental threats were about 6.37 billion, a year-on-year increase of 14%.
  • Other security threats were about 1.445 billion, a year-on-year increase of 274%.

Yidun detected more than 2.1 million studio accounts of black and gray production throughout the year, and the studio is accelerating its development in the direction of scale, differentiation and specialization.

  • Role-playing, strategy, and card categories are the hardest hit areas for security risks, accounting for more than 90% of the total.
  • Yidun analyzed 800+ plug-in samples throughout the year and found that the customization of plug-ins showed a significant upward trend, the update iteration speed was accelerated, and the functions were more complete.
  • The cumulative detection data of content compliance problems in the game industry of Yidun exceeds 11 billion, and the suspected risk data is nearly 500 million.

In the face of changing market demand, increasing game security risks, and rampant game production, game manufacturers have gradually shifted from mass production of games to high-quality development, extending the life cycle of games, maintaining a healthy ecosystem of games, and retaining users. more important.

At present, the industry's existing traditional game security tools such as anti-plugging and reinforcement are very mature and effective, and can fight against plug-ins in real time and with high intensity.

 @startmindmap
* 游戏安全风险
** 破解
*** 游戏包破解
*** 注入破解
*** 协议破解
** 外挂
*** 内存修改挂
*** 变速挂
*** 自动点击挂
@endmindmap

baa295b88643a680a551aee1ce217fe0.jpg
Existing plug-in types

At present, the common game protection methods are as follows, which provide a basic guarantee for game security.


Strengthen server-side verification:

For the value changes generated by the client, compare the server behavior log to check whether the values on both sides are consistent, so as to prevent the client value from being maliciously tampered with.

Code obfuscation:

Disrupting the code logic makes it impossible for attackers to find the logic mapping, increasing the difficulty of cracking.

encryption:

For game code, in-game resource files, archive files, and client-server communication protocols, use custom encryption algorithms to improve security strength. If an attacker wants to obtain source code information or code logic, he needs to crack the custom decryption logic first. The confrontation of encryption and decryption also increases the cost of cracking.

Packer:

By shelling the game engine and shelling the engine, attackers can be prevented from analyzing and obtaining the real code, thereby increasing the cost of analysis and cracking.


Be prepared for a rainy day

Through communication with a number of game companies, we learned that performance testing and compatibility testing are routinely conducted before the game is launched, but only a few project teams will test the security of the game.

At present, the security tests commonly used in the industry are generally carried out in three directions: game protocol vulnerabilities, server robustness, and plug-in simulation.

Ordinary security testing requires testers to have a higher level of reverse engineering and higher technical requirements for personnel. For result-oriented testing, although reversing is essential, it is time-consuming and labor-intensive, and the quality of testing has little to do with the level of reversing. Therefore, a tool is needed to make the work content no longer focus on technologies such as reverse engineering, Hook, Lua modification, etc., but directly focus on the logic of the game.

For results-oriented testing, although the level of reversal is not as demanding, reversing is time-consuming and labor-intensive, and it is not acceptable to every team.

NetEase Yidun has faced the pain points of different game types in more than 20 years of first-line actual combat experience, accumulated a lot of experience and methodology, and built a mature set of tools based on this.

NetEase Yidun GameSentry, mainly through the analysis of game protocol content, game function logic and corresponding addresses, part of the code hot update, automated Hook and other functions to achieve the purpose of lowering the threshold of in-depth security testing. It can simplify the complicated operations of APK reverse, Hook writing, script modification, and script dump in the process of memory testing and protocol testing, which greatly reduces the threshold for testers to get started and reverse work.

From the perspective of practical effect, GameSentry's design idea is to reversely analyze and crack the game from the attacker's point of view, actively discover and mine weaknesses, technical defects and security loopholes in the system, and carry out defect amplification and risk assessment. Expose the potential security risks of the game, so that the security team can prepare a vulnerability repair plan before the damage occurs, which can minimize the cost of post-event hacking damage and hacking.

ccd4e8fe8705b2fa9d05d6512042ccdf.png

NetEase Yidun GameSentry Officially Open Source

In March this year, NetEase Smart Enterprise "Easy+" open source program was officially launched. In March and May, the "NetEase Conference Component" open source project and the "NetEase Yunxin Low Latency Live Broadcast" open source project were launched. It has always been the expectation of NetEase Zhiqi to continue to open source some of NetEase Zhiqi's technologies and feed back industry innovation.

f05448dfdb4bd384b8ca28d13f5ad684.png

Following the trend, taking advantage of the trend, at a time when the game is developing rapidly and game security is particularly important, NetEase Yidun "GameSentry Tool" is officially open source!

f8080d6a8e9155a8950e9be59fca1c43.jpg

As an open project, we believe that making the project open source is also conducive to promoting product iteration. For example, there are many versions of Unity, and il2cpp changes frequently, which faces huge challenges in compatibility. Open source not only allows everyone to enjoy the collective wisdom, but also facilitates the testing work of game developers. It can also cover more compatible engine versions through the contribution of the community, improve the overall efficiency of the industry, and not repeat the creation of wheels.

More importantly, NetEase Yidun hopes that by reducing the complexity of security testing, game companies can discover and perceive vulnerabilities and risks in advance, build a more mature security system, reduce game risks, extend game life cycle, and improve user experience. Give back to players for their love for the game!

Looking forward to working hand in hand with more game lovers and game developers in the future to share the ecology.

At present, the source code of NetEase Yidun GameSentry open source version has been uploaded to Github, click [read the original text] or scan the code to experience it immediately.

0ae99a4c70943de766ea1a820f784a8d.png

Everyone is gathering firewood and the flame is high. Welcome everyone to create and build with us, and participate in the feedback and improvement of the GameSentry tool.

NetEase Yidun GameSentry, as part of the open source game security testing tool, bears the brunt of providing the first security line for game developers. In the future, NetEase Smart Enterprise will continue to expand the radiation scope of game security and open source co-creation, and continue to escort game security.

"Fast alone, far away". NetEase Intelligence's "Easy+" open source plan has received the attention and support of many developers. We look forward to open source more high-quality technologies in the future, continue to contribute to the industry ecology, and contribute to NetEase Intelligence.

Welcome to the NetEase Intelligence "Easy+" open source program exchange group:


网易数智
619 声望139 粉丝

欢迎关注网易云信 GitHub: