Skip to main content

This post is from the Arxan blog and has not been updated since the original publish date.

Last Updated Sep 19, 2018 — Application Security expert

Arr Matey, Hear a Tale about Cyber-Piracy

Application Security

It’s Talk Like A Pirate Day. The one day a year we all brush up on pirate-speak and can be forgiven for saying things like Arr Matey! It’s also a nice excuse for cybersecurity companies to tell tales about adversaries who, like the pirates of old, are out to plunder, pillage and loot.

Pirating Games for Fun & Profit

Especially in the gaming industry, piracy is still the order of the day. Today’s software pirates range from lone wolves looking for notoriety to organized cyber criminals looking for booty...er, profit. No matter the objective, the losers are the game studios, especially independent ones who have limited titles with which to pay the bills. When gamers find themselves cheated out of points, gameplay, and even money when virtual objects are stolen, they inevitably quit playing the game – thereby costing revenue, players and momentum for the studio.

Battling Pirates Has Gone Virtual

Just like the world’s oceans provided yesteryear’s pirates a large attack surface, so do today’s games deliver countless ways to plunder, pillage and loot. The battles used to be a physical battle between a country’s shipping economy and high seas pirates, now it’s a virtual battle between game studios and an unseen enemy. Unlike old-time pirates, today’s cybercriminals are invisible, highly motivated, in some cases well-financed, and know no borders. Whether it’s the latest MMOG (massively multiplayer online game), console or single-player PC-based game, gaming software is extremely vulnerable to attacks on the client and/or server.

Reverse Engineering Is the Cyber-Pirate's Cutlass

The primary attack strategy for today’s online pirates is to reverse-engineer game protocols to steal intellectual property (IP) or inject malware, modify code to enable piracy or cheating, and even clone back-end servers for independent game operation. These attacks can result in substantial revenue loss, illicit app usage, or cloning of client or server applications to affect gameplay.

Instead of canons and cutlasses, today’s pirates attack games by:

  • Tampering to cheat – the biggest threat to the popularity and value of a game. Attackers tamper with game functionality to unfairly benefit the attacker.
  • Piracy tampering – the biggest threat to game profitability. Since hacks are often released within hours of new game titles, versions, or other virtual world assets, they decimate new revenue streams from games in their most vulnerable stage. Attackers enable piracy by tampering with a PC game to deactivate, spoof or bypass license management.
  • Game reverse-engineering – for PC games and the client portions of online and mobile games, attackers can gain complete control of game code – and with commonly available tools can unravel internal logic and client-server communication. They can then exploit vulnerable code with cheats, clone clients or issue commands.
  • Back-end server reverse-engineering clone attack – attackers can model a back-end server by analyzing client communications with the server and internal client operations. This enables a “clone” of the back-end server to be created and independently run outside of the game operator, allowing subscription revenue theft.
  • Reverse engineering communication – as the client and server, or two peers, communicate in the virtual world, attackers can inspect data traffic to reverse-engineer protocols. Subsequently, simple tools can be used to block packets and produce a negative effect on a player, or to replay packets that produce benefits for the attacker.

Thwarting Game Piracy

Arxan can help protect your game, your revenues and your players. Integrated at the binary and source code level, Arxan prevents attacks where they happen. The approach is multi-layered:

  • Application Hardening – implementing a system of guards after code is finished deters reverse engineering and tampering, which can lead to breaches and app data theft
  • Data and Key Encryption – using white-box cryptography to stop API compromises, theft of intellectual property or personally identifiable information
  • Real-Time Threat Visibility and Analytics – enabling each protected app to “phone home” with vital security data, allows teams to stay on top of emerging threats and vulnerabilities and optimize defensive strategies

Once Arxan protections are integrated within your games, they can be automatically applied to each new revision, greatly reducing the effort required when updating apps for re-release.

By hardening networked, PC and mobile gaming apps against vulnerabilities, safeguarding data and encryption keys, and providing real-time threat intelligence, Arxan Application Protection helps several of the largest game studios thwart today’s pirating threat.

More from the Blog

View more
Feb 14, 2021

Reflecting on the 20th anniversary of the Agile Manifesto

Enterprise Agile Planning
Over the past 20 years, it’s been amazing to watch an idea from ...
Read More
Feb 08, 2021

How does agile apply to an entire organization?

Enterprise Agile Planning
Before we dive into the main subject of this blog post, it is importan ...
Read More
Feb 03, 2021

It took a pandemic to realize why digital transformation actually matters

Enterprise Agile Planning
Before anyone had ever heard of COVID-19, businesses across the globe ...
Read More
Jan 27, 2021

Improve visibility, reduce costs, and take back control of your scaled out container and cloud deployments with the latest releases of Digital.ai Agility and DevOps solutions

Enterprise Agile Planning
We’re thrilled to announce the latest releases of our Digital.ai Agili ...
Read More
Contact Us