Category: Hardware Hacking

Why the eSport is a security fail ?

Today I will talk about one of my favourite domain, the electronic sport competitions and the underground activities behind.

I will try to explain why the eSport is a security fail, I’m a old counter-strike player (CS:GO actually) so I will take this sample.

I watched many professionnals players, I followed the eSport scene many years and when I watched movies or streams directly, I was like “wow they are really strong”.

But something was wrong, some players was god like, I don’t considere myself like bad at counter-strike, I did some lan tournaments, I was global elite on the game (highest level actually) etc…

So I started to introduce myself under another nickname on a cheat community (unknowncheats forums).

I started to create some cheats on a really well know game (I will not share the name here because they decided to arrest some cheats developers recently), not to share or sell them, only for my own knowledge to learn new things about the reverse engineering (my weakness in the computer security).

And the game surprised me, there is no anticheat, only some anti-debuggers on the last version of the game (IsDebuggerPresent and some first-time exceptions that you can disable with xdbg).

To inject in the game process, you can use a simple LoadLibrary method, some guys use a manual mapping method but injections methods are mostly not considered.

Like you probably know, there is two type of cheats, internals (dll injection) and externals (actions on the game process without injections).

This game surprised me again when I tried a simple WriteProcessMemory on the online mode, you can enable the god mode, run faster, jump or fly like superman and you will be never detected because the game work in p2p mode and trust everything from the client, you can kick or crash the others players remotely.

There is also some kernel methods for the paranoid cheaters, you can use a vulnerable driver to be ring0 and avoid some anticheats:

https://github.com/Zer0Mem0ry/KernelBhop

After few months, I finally created a fully functionnal cheat for this game with ImGui included etc… I was able to execute all the game internal functions with some hashes (the game use a sort of custom virtual table where all game functions was registered with a hash, so the solution between the updates was to create an array with the old hashes and the new hashes, call the old hash, use a custom translator to call the new hash from the old one).

Now I will talk about CS:GO (yes I use the real name here but you will probably understand why).

CS:GO is one of the most game played on steam, the objective of this game is to be a counter-terrorist in a team of 5 players and kill the terrorists (5 players also in the competitive matches).

The game is actually protected by the Valve Anti-Cheat (VAC) system and an overwatch system (you can watch the game of a suspect and decide to voteban him or not).

To be honest with you, the VAC system is weak but the overwatch system is a good method, most of cheaters are banned with the overwatch method because you can’t really hide a powerful cheat (like an aimbot) but if you are smart, you can avoid to be banned if you hide your cheat (try to play with your wallhack without watch the ennemy behind a wall, play smart etc…).

There is also private cheats, a CS:GO player has been recently disqualified and banned from the FPL (Faceit Pro League), the FPL is the CS:GO Professionnal League (cash prizes are actually huge during the official tournaments) like you can see here:

https://www.esportsearnings.com/games/245-counter-strike-global-offensive/largest-tournaments

day0s was qualified in a month while some professional players had to play a few years to get there.

His cheat used the game scoreboard, actually in the game, when you press “TAB” you can see your scoreboad and use your mouse to click on a player name to recommand him, mute him etc…

But like you see in this movie, the cheat use the scoreboard to move the mouse cursor where the enemy is, day0s was able to know the exact position of his enemy each time he pressed TAB.

But this is only one the private cheats used by the CS:GO players, you can found some interesting projects on unknowncheats (like some hardware sonar cheats or sound based cheats):

Some players were accused and the main question was “how they cheated in lan where you can’t use your own computer and your own hardware ?” the answer is really simple:

Steam workshop allowed to use pictures with zipped file content, some players used a custom mouse with a cheat included, some players used their smartphone in usb directly on the lan computers etc…

There is also illegal sellers available on internet: http://hardwarecheats.com/

And finally here is an interview of supex0, the KQLY and Sf‘s custom cheats developer (two french CS:GO pro players banned few years ago):

Cash prizes is the main problem of the eSport scene and a real challenge for the anti-cheats industry.

I just presented the basic stuff here but there is also a cheats industry with advanced methods like you can see here:

Here is the details about the DMA leaks :

http://blog.frizk.net/2019/02/remote-live-memory-analysis-with-memory.html
https://github.com/EngineOwningSoftware/pcileech-webradar

Physical Hacking Diary

Hello folks,

Today, I am going to write an article about physical hacking and talk about my own configuration. I will keep it up to date as soon as I have new things.

The main goal of this article is to have a backpack to be ready to do some real red-team pentests (don’t do illegal things with that please).

I will write a list of tools that I own here with a brief description, why I need them and for what.

In a first time, a backpack with enough pockets is important for me, I decided to buy a Mil-Tec backpack like this one:

You can buy it here: https://www.amazon.fr/Mil-Tec-Military-Tactical-Rucksack-Backpack/dp/B004LSBYR0/ref=asc_df_B004LSBYR0/

A smartphone if you want to check the Bluetooth Low Energy devices around, I recommand nRF Connect on android to do that, or quite simply do some social engineering, take some pictures, note something and use it like external hard-drive (choose a decent smartphone).

A computer, I personnally use my 15inch laptop:

A lighter if you need to burn something like some wires:

A lockpicking kit, I use a basic set from OKPOW like this one:

You can buy it here: https://www.amazon.fr/LockPicking-OKPOW-Crochetage-Transparent-Professionnels/dp/B071QYGFTJ/ref=sr_1_1_sspa

But I suggest you to use a better kit like the southord or the majestic kits.

You can also use a pickgun to be faster like this one (not recommanded because pickguns leaves traces in the locks):

You can buy it here: https://www.amazon.fr/Godlock-verrouillage-électrique-maintenance-lutilisation/dp/B06ZZJ57K4/ref=sr_1_5

An ACR122U RFID Reader & Writer like this one:

You can buy it here: https://www.amazon.fr/Gwendoll-Professional-ACR122U-Reader-IEC18092/dp/B07G75X7CQ/ref=sr_1_8

And some chinese UID alterable cards: https://www.amazon.fr/OBO-HANDS-Changeable-13-56MHz-Contrôle/dp/B0794V3XB8/ref=asc_df_B0794V3XB8/

Or better a proxmark3:

https://www.amazon.fr/Proxmark-Proxmark3-Development-Kit-v3-0/dp/B07DKT9KDC/ref=sr_1_1

A Lan Turtle:

Explainations: https://www.youtube.com/watch?v=l8YpTOv7Q2A
You can buy it here: https://shop.hak5.org/products/lan-turtle

An endoscope for your android like this one:

I recommand this one because you have a magnet arm so you can catch some keys behind a door (this is a sample).

You can buy it here: https://www.amazon.fr/OWSOO-lentille-Endoscope-Inspection-Compatible/dp/B06X19LTX7/ref=sr_1_8?th=1

I recommand some thin sheets of metal with a chisel to unlock some doors (be imaginative).

I use a rtl-sdr also (rtl2832u) like this one :

You can buy it here: https://www.amazon.fr/Andoer-Portable-Digital-RTL2832U-Récepteur/dp/B013Q97J8W/ref=sr_1_7

I suggest you to buy an hackRF like this one if you want a larger band:

You can buy it here: https://www.amazon.fr/HackRF-Logiciel-Défini-Adaptateur-Dantenne/dp/B01K1CCHR0/ref=sr_1_1_sspa

A yellow vest like this one:

You can buy it here: https://www.amazon.fr/NK-Gilet-secours-réfléchissant-jaune/dp/B0791KS6XN/ref=sr_1_8

If you use it you will probably not be considered like hostile (you can use some clothes like that).

A bloc note with some pens like this one:

You can buy it here: https://www.amazon.fr/ECMQS-Plastique-Bloc-Notes-Document-Transparent/dp/B07H6JS4MB/ref=sr_1_27

Some wires and adapters (USB, Ethernet, Ethernet to USB etc…):

A wifi pine apple:

You can take a look here on the Hak5 website: https://shop.hak5.org/products/wifi-pineapple?variant=81044992

A rubber ducky from Hak5 or a Cactus WHID:

You can find the different informations and buy it here: https://github.com/whid-injector/WHID

A raspberry pi with a battery extension pack:

Raspberry pi: https://www.amazon.fr/Raspberry-Pi-3-Modèle-B-Carte-mère/dp/B07BDR5PDW/ref=asc_df_B07BDR5PDW/

Battery extension pack: https://www.banggood.com/fr/Geekworm-Power-Pack-Pro-V1_1-Lithium-Battery-Power-Source-UPS-HAT-Expansion-Board-For-Raspberry-Pi-p-1205973.html?gmcCountry=FR&currency=EUR&createTmp=1&utm_source=googleshopping&utm_medium=cpc_elc&utm_content=zouzou&utm_campaign=pla-fr-ele-diy-pc&gclid=EAIaIQobChMIiaKx6f-X3gIVEZQYCh2R4wGqEAkYASABEgKxzPD_BwE&cur_warehouse=CN

An usb soldering iron:

You can buy it here: https://www.amazon.fr/Blanko-Fer-souder-Pointe-durable/dp/B00HUGOPLC/ref=asc_df_B00HUGOPLC/

A foldable keyboard:

You can buy it here: https://www.amazon.fr/Mobility-LAB-Waterproof-enroulable-Compatible/dp/B004VU7NAU/ref=sr_1_13

A screwdriver with several tips available, some clamps:

A wire cutter:

Touchscreen gloves (to protect your fingers and to be able to use your smartphone anyway):

A mesureing tape (check the third video):

I suggest you to watch different videos to learn some tips and avoid the famous “Red Team Field Manual”, this is a good book but your own experience is better: