Game Exploit Retrospective

I recently dedicated some time to explore the software security space and gain some hands-on experience through exercises like developing game exploits. I decided to write an exploit for Valve Software’s extremely popular Counter-Strike: Global Offensive primarily because of the availability of existing information.

• Source code leak from 2013 for reference.
• Lots of existing exploit examples.

Approach

When taking on projects with lots of unknown elements - I like to focus on a “steel-thread” implementation.

• Exploit functionality to be simplest proof of concept.
• Exploit managed from an external process.
• Exploit uses the standard Win32 API.

Outcome

I spent a significant amount of time reading existing code to which I based mine. There has been a proliferation of open-source code available through sites like github.com. I’m finding more and more; I use github.com code search similarly to stackoverflow.com to solve programming problems. The exploit code I created can be found here.

The problem with leveraging “prior-work” is that I wasn’t sure how much I had learnt vs copied. As an extension to the exercise, I decided to extract the generic exploit functionality into a shared library. This helped solidify my understanding. The library code can be found here.

Testing proved difficult because the exploit depends on compatibility with a 3rd party binary. As a result, I also spent a lot of the time creating stub binaries to test different failure modes. This was paid back when it came to refactoring. In contrast, I found it much easier to write contrived tests for the library.

I used this exercise to write something material with Golang which I have little experience. Despite Golang being a general-purpose programming language - I found several blog posts worth of issues with its Windows implementation. If you import "unsafe" prepare for segfaults.