Skip to main content
Application Security padlock icon

This post is from the Arxan blog and has not been updated since the original publish date.

Last Updated Sep 19, 2018 — Application Security expert

Arr Matey, Hear a Tale about Cyber-Piracy

Application Security

It’s Talk Like A Pirate Day. The one day a year we all brush up on pirate-speak and can be forgiven for saying things like Arr Matey! It’s also a nice excuse for cybersecurity companies to tell tales about adversaries who, like the pirates of old, are out to plunder, pillage and loot.

Pirating Games for Fun & Profit

Especially in the gaming industry, piracy is still the order of the day. Today’s software pirates range from lone wolves looking for notoriety to organized cyber criminals looking for, profit. No matter the objective, the losers are the game studios, especially independent ones who have limited titles with which to pay the bills. When gamers find themselves cheated out of points, gameplay, and even money when virtual objects are stolen, they inevitably quit playing the game – thereby costing revenue, players and momentum for the studio.

Battling Pirates Has Gone Virtual

Just like the world’s oceans provided yesteryear’s pirates a large attack surface, so do today’s games deliver countless ways to plunder, pillage and loot. The battles used to be a physical battle between a country’s shipping economy and high seas pirates, now it’s a virtual battle between game studios and an unseen enemy. Unlike old-time pirates, today’s cybercriminals are invisible, highly motivated, in some cases well-financed, and know no borders. Whether it’s the latest MMOG (massively multiplayer online game), console or single-player PC-based game, gaming software is extremely vulnerable to attacks on the client and/or server.

Reverse Engineering Is the Cyber-Pirate's Cutlass

The primary attack strategy for today’s online pirates is to reverse-engineer game protocols to steal intellectual property (IP) or inject malware, modify code to enable piracy or cheating, and even clone back-end servers for independent game operation. These attacks can result in substantial revenue loss, illicit app usage, or cloning of client or server applications to affect gameplay.

Instead of canons and cutlasses, today’s pirates attack games by:

  • Tampering to cheat – the biggest threat to the popularity and value of a game. Attackers tamper with game functionality to unfairly benefit the attacker.
  • Piracy tampering – the biggest threat to game profitability. Since hacks are often released within hours of new game titles, versions, or other virtual world assets, they decimate new revenue streams from games in their most vulnerable stage. Attackers enable piracy by tampering with a PC game to deactivate, spoof or bypass license management.
  • Game reverse-engineering – for PC games and the client portions of online and mobile games, attackers can gain complete control of game code – and with commonly available tools can unravel internal logic and client-server communication. They can then exploit vulnerable code with cheats, clone clients or issue commands.
  • Back-end server reverse-engineering clone attack – attackers can model a back-end server by analyzing client communications with the server and internal client operations. This enables a “clone” of the back-end server to be created and independently run outside of the game operator, allowing subscription revenue theft.
  • Reverse engineering communication – as the client and server, or two peers, communicate in the virtual world, attackers can inspect data traffic to reverse-engineer protocols. Subsequently, simple tools can be used to block packets and produce a negative effect on a player, or to replay packets that produce benefits for the attacker.

Thwarting Game Piracy

Arxan can help protect your game, your revenues and your players. Integrated at the binary and source code level, Arxan prevents attacks where they happen. The approach is multi-layered:

  • Application Hardening – implementing a system of guards after code is finished deters reverse engineering and tampering, which can lead to breaches and app data theft
  • Data and Key Encryption – using white-box cryptography to stop API compromises, theft of intellectual property or personally identifiable information
  • Real-Time Threat Visibility and Analytics – enabling each protected app to “phone home” with vital security data, allows teams to stay on top of emerging threats and vulnerabilities and optimize defensive strategies

Once Arxan protections are integrated within your games, they can be automatically applied to each new revision, greatly reducing the effort required when updating apps for re-release.

By hardening networked, PC and mobile gaming apps against vulnerabilities, safeguarding data and encryption keys, and providing real-time threat intelligence, Arxan Application Protection helps several of the largest game studios thwart today’s pirating threat.

More from the Blog

View more
adoption boom
Oct 25, 2021

Remote work fueled an agile adoption boom in 2020

Enterprise Agile Planning
The COVID-19 pandemic was a catalyst for major changes — not only in t ...
Read More
practicing agile
Oct 21, 2021

How are organizations practicing agile in the year 2021?

Enterprise Agile Planning
We've talked about the boom in the adoption of agile concepts and prac ...
Read More
non tech
Oct 07, 2021

Agile spreads beyond IT: How IT benefits "non-tech" enterprise departments

Enterprise Agile Planning
As a result of COVID-19 forcing worldwide office closures, by mid-Apri ...
Read More DevOps Value Stream Delivery for SAFe®
Sep 27, 2021 announces first end-to-end, AI-driven solution for the Scaled Agile Framework (SAFe)

Enterprise Agile Planning
The DevOps Value Stream Delivery for SAFe®, one of the only ...
Read More
Contact Us