Game Exploit Retrospective
I recently dedicated some time to explore the software security space and gain some hands-on experience through exercises like developing game exploits. I decided to write an exploit for Valve Software’s extremely popular Counter-Strike: Global Offensive primarily because of the availability of existing information.
- Source code leak from 2013 for reference.
- Lots of existing exploit examples.
When taking on projects with lots of unknown elements - I like to focus on a “steel-thread” implementation.
- Exploit functionality to be simplest proof of concept.
- Exploit managed from a simple external process.
- Exploit uses the standard Win32 API.
I spent a significant amount of time reading existing code to which I based mine. There has been a proliferation of open-source code available through sites like github.com. I’m finding more and more; I use github.com code search similarly to stackoverflow.com to solve programming problems. The exploit code I created can be found here.
The problem with leveraging “prior-work” is that I wasn’t sure how much I had learnt vs copied. As an extension to the exercise, I decided to extract the generic exploit functionality into a shared library. This helped solidify my understanding. The library code can be found here.
Testing proved difficult because the exploit depends on compatibility with a 3rd party binary. As a result, I also spent a lot of the time creating stub binaries to test different failure modes. This was paid back when it came to refactoring. In contrast, I found it much easier to write contrived tests for the library.
I also used this exercise to write something material with Golang which I have little experience. Despite Golang being a general-purpose programming language - I found several blog posts worth of issues with its Windows implementation.
- Golang Windows executables and DLLs are binary incompatible:
- Standard library bugs with Windows syscalls:
My most significant learning is the moment you
import "unsafe" you’ve forfeited the intended Go experience.