• throwawaymmo 12 days ago
    Slightly off-topic and throwaway for legal reasons.

    While reverse engineering the network protocol for Genshin Impact, I found at least a couple ways to cause memory access violations. It's really a pity most PC games aren't well sandboxed.

    • mikevm 12 days ago
      And then you have people claiming that security/safety in game engine code is not important, therefore Rust has no benefits over C++ for games. Nonsense!
      • Ygg2 12 days ago
        Reminds me when Morrowind caused file corruption issues.
        • kuroguro 12 days ago
          Reminds me when EVE Online deleted boot.ini and bricked player computers.
          • rowanG077 11 days ago
            That's not what bricked means. These PCs could be trivially fixed by anyone who can follow simple instructions. A brick means a device is beyond repair. A literal brick that has no function
            • kuroguro 11 days ago
              Yes, I picked a strong word to poke fun at them :)

              That being said I've mostly seen the word used in the context of bad firmware updates or ROM flashes. However that's nothing booting into recovery or a JTAG won't fix.

        • AnIdiotOnTheNet 10 days ago
          Many games are single player and don't have any network protocol to fuzz.
        • Craighead 12 days ago
          Its a stolen game engine, not much in the way of confidence towards anything they do.
        • pknflx 12 days ago
          Even the big games suffer from network-related vulnerabilities. One such example is GTA V. Exploits designed to crash people's games are widely used and accessible to pretty much anyone, and I wouldn't be surprised if one such exploit could have lead to a RCE in the past.
          • kuroguro 12 days ago
            In GTA's case it may be even worse, as the p2p nature of the network may make it wormable.
            • pknflx 12 days ago
              I really don't know what they were thinking tbh. Their poor choices made the game unplayable.
          • bruce343434 12 days ago
            The unchecked bounds example was just sad - I mean how hard is it to use common sense? Assume the entire packet is always tainted because it comes from an external source!
            • kevincox 11 days ago
              Any developer will say they do this. But very few, if any, can do this perfectly for every line of code that they write. Humans are terrible at doing things all of the time. Expecting developers to remember to do bounds check is setting yourself up for failure.
              • bruce343434 11 days ago
                You can calloc the array instead of have a fixed size. You can validate the packet for <16.

                The person who wrote this consciously thought to themselves "here's 16 slots I can fill, here is an external source that comes in with how many slots it wants to fill." at which point the server-authoritative-model senses should have started tinkling, as well as the experienced-c-programmer-who-has-been-bitten-by-out-of-bounds-memory-accesses-before senses.

            • dm3 12 days ago
              This reminds me of a pair of episodes on Darknet Diaries - Manfred[1] - ep. 7/8. Opened my eyes to how insecure games actually are (were?) and how the economy of virtual item trading moved from E-Bay to in-game transactions:

              [1]: https://darknetdiaries.com/episode/7/

              • fulafel 12 days ago
                wtf seems great. It seems Windows soecific, is there something similar for other targets?