"This patch created a honeypot: a section of data inside the game client that would never be read during normal gameplay, but that could be read by these exploits. Each of the accounts banned today read from this "secret" area in the client, giving us extremely high confidence that every ban was well-deserved."
Well done! :) Really curious how this would be implemented. with some struct.secret_fields or an actual data section in the executables involved, or some other methods. Also how they trace this access, done via self-debugging or some custom data access helper which tracks what data is accessed? Especially on the last part I'd be curious about how it works as in my mind performance is tricky in games, and adding data fields, sections and especially tracing access to them can eat some of those nanoseconds needed so much in modern games.
Anyone have some insights? Not looking for specifics, but honestly, more software should secure itself from tampering and track bad behaviors or intent better. Information on how to properly do that is largely proprietary and can be quite difficult to reason about and test thoroughly unless you have an active user base targeting your software for exploitation already (games,browsers,system services?).
Well done! :) Really curious how this would be implemented. with some struct.secret_fields or an actual data section in the executables involved, or some other methods. Also how they trace this access, done via self-debugging or some custom data access helper which tracks what data is accessed? Especially on the last part I'd be curious about how it works as in my mind performance is tricky in games, and adding data fields, sections and especially tracing access to them can eat some of those nanoseconds needed so much in modern games.
Anyone have some insights? Not looking for specifics, but honestly, more software should secure itself from tampering and track bad behaviors or intent better. Information on how to properly do that is largely proprietary and can be quite difficult to reason about and test thoroughly unless you have an active user base targeting your software for exploitation already (games,browsers,system services?).