Summary: The video discusses a presentation by a reverse engineer at Hexacon, who shares insights on vulnerabilities found in older video games, specifically focusing on the multiplayer aspects of Neverwinter Nights. The speaker introduces old game bugs, describes how these vulnerabilities can lead to arbitrary code execution, and explains the technical details involved in their exploitation.
The speaker is a reverse engineer with five years of experience in cybersecurity, specializing in video game vulnerabilities.
Presentation covers classic video game concepts, old bugs in games, and vulnerabilities in Neverwinter Nights.
Old video games often have security flaws due to insecure coding practices and lack of modern mitigations.
Specific examples of vulnerabilities include stack buffer overflows in games like Gates of St and DLE SA LS.
Discusses the evolution of re-released games, which may retain original vulnerabilities despite added updates.
Neverwinter Nights, released in 2002 and updated in 2018, is examined for its multiplayer attack surface and vulnerabilities.
Protocol for matchmaking in Neverwinter Nights involves unencrypted packets, which can be manipulated for attacks.
Attack vectors discovered include integer overflow and inadequate bounds checking in the game’s networking code.
The speaker outlines a method to exploit these vulnerabilities to achieve arbitrary code execution through crafted messages.
Modding communities are valuable resources for security researchers, providing tools and insights into game vulnerabilities.
The risks posed by legacy code in games can potentially be mitigated by modern security technologies like Intel Control-flow Enforcement Technology.
The speaker reflects on the need for ongoing research and attention to vulnerabilities in re-released games, with recent security patches noted.
Keypoints:
Youtube Video: https://www.youtube.com/watch?v=bWPSyPyIH1g
Youtube Channel: Hexacon
Video Published: 2024-11-06T09:03:45+00:00