Let's Secure Mobile Apps!
Protect Your Mobile Game App! - Part 1

Protect Your Mobile Game App! - Part 1

Did you make your mobile game app? Now it's time to protect.

Team LIAPP's photo
Team LIAPP
·

4 min read

If you look at the changing trend of mobile game hacking, it is characterized by indiscriminately hacking using automated hacking tools since the early days when only popular games are hacked. Generally, with the exception of the large game developers (companies with limited funding available outside game development), most of the time security is planned when certain profits occur after the game is released.

But, if the number of users in game services gathers more than a certain number of users, the development of the amount work increases, which means that you lose the timing to apply security and then try to secure after understanding the entire structure of the game to hackers. However, because hackers have already completed understanding of the app structure, additional hacking attempts can be led frequently. So, it is important to do it from the beginning, even with very little security.

Below are appropriate defense measures for each type of game hacking.

  1. MEMORY SEARCHING
  2. REPACKING
  3. HACKING TOOL
  4. ROOTING, VIRTUAL MACHINE

1. MEMORY SEARCHING

For known hacking tools or ‘custom hack tool’ developed by hackers, it is essential to attach to the game app memory in order to falsify the specific address of the game app in the virtual memory system currently used by mobile devices.

In order for hacking tools to access the game app memory, they will often use the API provided by the system OS or directly access the memory file of the game app process.

Defensive methods

  1. To protect against memory searching and modulation, the ability to detect and block hacking tools from accessing the app’s memory through the API or game app process’s memory file access is required.

  2. The effects of these functions also enable us to protect against to understand the flow of important information and dumping to be able to take important memory information within the app.

2.REPACKING

Repacking is divided into two types.

  • Source code tampering
  • Resource tampering

[ Source code tampering ] By tampering the core source code that drives the game, the hacker achieves the goal they wants.

  1. Java’s Source code or UNITY’s Source code currently used in game apps is a language that has been developed primarily for device portability, so it is relatively easy to identify and tampering structures.

  2. In the case of Unreal engine, it was not BYTE CODE, such as JAVA and UNITY. However, hackers who are familiar with hacking only need more time and are able to understand and tampering structures.

[ Resource tampering ] Resource tampering modifies non-source code files that are required to run within an app package to achieve the goal a hacker wants.

  1. Early in the game, there are many things to worry about in order to implement the function of the game itself, so you may define important files in the resource file in the package and use to reference. Sometimes these files are unintentional, but due to carelessness or due dates on the open date, game-important/critical DATA can be distributed as defined within the app package.

Defensive methods

  1. Integrity detection Integrity detection is a function that determines whether an app file is a file distributed by the developer or tamper by another person. Integrity detection helps prevent unauthorized Source code tampering and Resource tampering in game apps.

  2. You can prevent hacking of resource tampering by checking whether the currently running app has been tampered by a hacker or if the files released by the developer are correct.

  3. Sometimes, if an ad in the game is removed and replaced by a hacker, the developer must protect it through integrity detection, as all advertising revenue could be stolen.

  4. Protects the Source code

  5. JAVA CODE PROTECTION , UNITY CODE PROTECTION The protection of the UNITY CODE for apps developed by JAVA CODE and UNITY that form the basis of Android APP is essential. Because it identifies and is able to attack the game through tampering, it must be protected through encryption and obfuscation to be unable to analyze the source code easily.

  6. Unreal Engine, cocos In the case of Unreal Engine and cocos, the important source code of game apps has a .so file in the lib-folder in the package file. Protection must be made so that the structure of the file cannot be determined as well as even if you make modifications, you must protect them to be normally used in game apps.

Integrity detection and protection of source code play a key role in protecting game apps. The above functions make it essential to build secure gaming services.

-

In the next post, we will discuss about 3. HACKING TOOL and 4. ROOTING, MACHINE. If you wish to protect your mobile app and mobile game app, come and visit LIAPP!

Mobile Developmentapp developmentGame DevelopmentSecurity